This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/rtCZvcnDjssgDm1M5Mw6U_MuaQk.roa
File:                     rtCZvcnDjssgDm1M5Mw6U_MuaQk.roa (raw, json)
Hash identifier:          R1fOJZ69TZqTYVrK6Gl8R5/LkM043G84eXV/p0wdc3o=
Subject key identifier:   AE:D0:99:BD:C9:C3:8E:CB:20:0E:6D:4C:E4:CC:3A:53:F3:2E:69:09
Certificate issuer:       /CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
Certificate serial:       019B7A5AB7406A3395534CA50A1AFF43A52A
Authority key identifier: 29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/rtCZvcnDjssgDm1M5Mw6U_MuaQk.roa
Signing time:             Thu 01 Jan 2026 16:18:44 +0000
ROA not before:           Thu 01 Jan 2026 16:18:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210522
IP address blocks:        37.114.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 19:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:b7:40:6a:33:95:53:4c:a5:0a:1a:ff:43:a5:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
        Validity
            Not Before: Jan  1 16:18:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=aed099bdc9c38ecb200e6d4ce4cc3a53f32e6909
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:7b:5e:e4:b1:99:dc:6e:0f:20:48:ee:9d:f6:
                    2d:6a:2b:75:99:3d:40:d2:6b:37:ea:0d:e1:60:e5:
                    75:35:9f:8d:ba:58:7a:ba:26:bf:fc:2c:96:c8:4a:
                    e8:c2:53:c6:56:d2:8b:0e:d1:a6:0f:34:b2:bc:d1:
                    9b:51:c3:36:3f:61:65:91:aa:c0:61:f2:ee:3b:e5:
                    13:4d:95:67:e7:87:ba:61:c1:25:6c:97:e4:4d:43:
                    4b:bd:bb:a3:f9:54:06:db:df:86:5b:b6:33:07:54:
                    cd:ea:c5:26:be:e1:7c:87:2a:26:68:58:31:12:2d:
                    32:a9:e4:01:67:89:14:47:db:1c:2d:dd:f3:58:18:
                    b5:2f:5f:3c:4f:c2:f6:dd:a1:02:d5:fc:a1:e2:4b:
                    a3:ba:1c:71:ad:c3:b7:f2:3a:3f:c0:f2:49:0e:e1:
                    42:7b:72:db:fe:4e:d4:6a:a9:6f:16:db:6f:07:93:
                    fb:e1:23:19:cd:6c:8d:38:da:7a:f7:21:c2:27:74:
                    f3:bf:66:cb:66:93:23:e0:50:09:84:3a:91:37:5a:
                    3b:5d:ef:06:eb:f2:75:74:3e:2a:d1:e9:97:c8:1c:
                    26:42:98:f7:72:5d:b1:dc:24:eb:5c:50:54:5d:5a:
                    b8:a4:3c:c8:b6:d8:53:0b:96:aa:58:01:c5:86:83:
                    3a:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:D0:99:BD:C9:C3:8E:CB:20:0E:6D:4C:E4:CC:3A:53:F3:2E:69:09
            X509v3 Authority Key Identifier:
                keyid:29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/rtCZvcnDjssgDm1M5Mw6U_MuaQk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.114.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:65:4e:11:fb:9e:96:ad:7f:da:e1:af:21:57:05:2a:e8:f5:
         86:12:81:c5:21:2f:b9:9d:00:e5:82:05:44:88:cb:a2:06:cd:
         9e:57:50:55:cf:3a:70:87:bc:f2:80:2a:ae:3f:01:de:6b:34:
         9c:2c:70:aa:08:1d:07:e3:5e:56:e3:8c:45:2d:5b:8f:47:de:
         06:6d:7e:67:c6:c0:22:31:df:5b:ce:8d:82:94:0a:ca:75:55:
         86:4b:99:45:03:74:bd:18:50:44:9b:8b:5b:09:3f:fc:1c:6b:
         56:74:f9:c2:27:78:bf:b8:01:b1:11:66:96:ef:94:69:4b:05:
         cd:90:4a:b0:9a:69:5c:80:5e:e3:fc:16:5a:f8:72:65:ae:8d:
         d0:32:b9:9e:03:7e:77:7d:6b:1b:63:aa:03:b5:2a:45:d1:4b:
         a1:12:21:e7:04:0b:27:dc:b5:3f:f9:7e:51:05:a8:ba:78:9a:
         85:bf:47:dc:82:64:5a:90:de:e2:fa:38:ba:7a:1a:8c:74:15:
         6d:db:a5:55:fa:f7:0a:d1:fe:25:04:7d:71:4a:2b:68:f5:f5:
         9e:06:91:4a:00:86:df:bc:65:c0:db:4d:d8:55:a0:ee:ce:06:
         7f:19:b8:01:53:9e:b9:54:50:ce:8e:8d:93:26:f0:5b:43:da:
         2a:34:7f:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WrdAajOVU0ylChr/Q6UqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NjU5M2I3NDdlNzZhNTY0OTI1MTFiYjM2MTJlNGQ1ZTRj
YmU3ZWMwHhcNMjYwMTAxMTYxODQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWQwOTliZGM5YzM4ZWNiMjAwZTZkNGNlNGNjM2E1M2YzMmU2OTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnHte5LGZ3G4PIEjunfYtait1mT1A
0ms36g3hYOV1NZ+Nulh6uia//CyWyErowlPGVtKLDtGmDzSyvNGbUcM2P2FlkarA
YfLuO+UTTZVn54e6YcElbJfkTUNLvbuj+VQG29+GW7YzB1TN6sUmvuF8hyomaFgx
Ei0yqeQBZ4kUR9scLd3zWBi1L188T8L23aEC1fyh4kujuhxxrcO38jo/wPJJDuFC
e3Lb/k7UaqlvFttvB5P74SMZzWyNONp69yHCJ3Tzv2bLZpMj4FAJhDqRN1o7Xe8G
6/J1dD4q0emXyBwmQpj3cl2x3CTrXFBUXVq4pDzItthTC5aqWAHFhoM6QQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK7Qmb3Jw47LIA5tTOTMOlPzLmkJMB8GA1UdIwQY
MBaAFCllk7dH52pWSSURuzYS5NXky+fsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMt
MWI3Y2JiMDhkNzNmLzEvcnRDWnZjbkRqc3NnRG0xTTVNdzZVX011YVFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMtMWI3Y2JiMDhkNzNm
LzEvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJXIpMA0G
CSqGSIb3DQEBCwUAA4IBAQA0ZU4R+56WrX/a4a8hVwUq6PWGEoHFIS+5nQDlggVE
iMuiBs2eV1BVzzpwh7zygCquPwHeazScLHCqCB0H415W44xFLVuPR94GbX5nxsAi
Md9bzo2ClArKdVWGS5lFA3S9GFBEm4tbCT/8HGtWdPnCJ3i/uAGxEWaW75RpSwXN
kEqwmmlcgF7j/BZa+HJlro3QMrmeA353fWsbY6oDtSpF0UuhEiHnBAsn3LU/+X5R
Bai6eJqFv0fcgmRakN7i+ji6ehqMdBVt26VV+vcK0f4lBH1xSito9fWeBpFKAIbf
vGXA203YVaDuzgZ/GbgBU565VFDOjo2TJvBbQ9oqNH+U
-----END CERTIFICATE-----