This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/tOFRlY-pCvrh6Y-rJiCJAGk32Bo.roa
File:                     tOFRlY-pCvrh6Y-rJiCJAGk32Bo.roa (raw, json)
Hash identifier:          iS4fsfAEYEUo1JvfCjEoG0SIGOQHZVaAMrY2D/vtJF0=
Subject key identifier:   B4:E1:51:95:8F:A9:0A:FA:E1:E9:8F:AB:26:20:89:00:69:37:D8:1A
Certificate issuer:       /CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
Certificate serial:       019ABF5ED9BD99F7056545818AE3628E44C5
Authority key identifier: 29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/tOFRlY-pCvrh6Y-rJiCJAGk32Bo.roa
Signing time:             Wed 26 Nov 2025 08:54:15 +0000
ROA not before:           Wed 26 Nov 2025 08:54:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49581
IP address blocks:        37.114.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 20:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:bf:5e:d9:bd:99:f7:05:65:45:81:8a:e3:62:8e:44:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
        Validity
            Not Before: Nov 26 08:54:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b4e151958fa90afae1e98fab262089006937d81a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:f1:6e:4e:9d:c3:1c:58:21:d8:56:03:b4:2c:
                    7f:54:fb:e0:8e:c2:cc:16:41:da:80:ea:dc:4b:e7:
                    b1:0a:40:3d:c6:e9:ad:98:98:44:d3:ab:0c:5d:77:
                    89:00:cf:73:21:b9:a4:c2:32:ae:f8:7b:42:e5:6b:
                    af:be:08:ca:4a:d4:e0:9b:64:91:7a:8f:8e:0b:3f:
                    3c:b9:13:9b:63:e8:ec:02:f5:3b:77:bc:6d:72:9d:
                    81:67:44:8d:65:07:ab:b4:16:fa:a9:24:16:11:2f:
                    e1:70:45:82:1f:9b:e9:de:45:1c:2d:8b:8c:73:17:
                    56:51:e6:4c:f6:c6:f0:ac:c2:77:5f:f9:07:b6:3f:
                    e6:8e:f4:6c:c5:d0:74:60:37:b8:85:9f:f2:98:8e:
                    5a:85:af:aa:af:7d:e0:24:87:62:9c:16:59:5f:49:
                    fb:32:69:52:2d:cf:aa:f8:49:38:48:02:ad:c5:6e:
                    86:72:6d:bb:19:2a:97:d0:1e:26:af:76:d6:ae:2a:
                    7e:46:83:98:86:80:2d:7b:72:b9:15:55:55:cb:c7:
                    80:58:18:8c:84:6f:41:2c:42:4d:ee:30:8a:de:6f:
                    ac:47:fa:1d:cf:9f:0d:be:85:9c:f1:12:04:10:d8:
                    5e:c1:80:c8:b2:17:46:70:3b:d6:5c:07:d8:07:70:
                    fd:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:E1:51:95:8F:A9:0A:FA:E1:E9:8F:AB:26:20:89:00:69:37:D8:1A
            X509v3 Authority Key Identifier:
                keyid:29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/tOFRlY-pCvrh6Y-rJiCJAGk32Bo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.114.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c3:c6:8f:88:ee:67:81:2b:f8:d7:a9:99:d5:ff:b7:c5:c0:ad:
         ba:33:61:27:d7:cb:03:e5:a1:47:48:27:0c:bb:18:94:ce:d1:
         4c:06:95:d0:64:9d:93:2b:d0:ad:93:5c:9c:7b:15:0c:8f:7a:
         d2:6e:d4:43:22:63:71:17:03:19:f4:eb:ca:b7:c6:94:58:0a:
         7b:a0:02:80:63:13:2f:62:24:d7:83:df:a6:ca:1b:ec:6d:40:
         0a:50:29:9a:88:61:d4:9f:e0:85:86:c4:3b:60:cb:2a:d7:e1:
         17:b6:10:3b:bc:f9:1d:05:38:8d:88:f1:55:9e:c3:6f:e4:34:
         03:45:bd:d0:47:f3:95:7b:36:74:ba:b4:c6:4d:44:0c:41:90:
         ea:ea:79:d0:26:19:fb:cb:90:ac:33:47:6b:0c:85:c8:ed:08:
         6c:05:82:a7:a0:c9:7d:6a:73:aa:12:8f:35:fa:8b:03:8d:0f:
         88:3e:26:ab:eb:71:5b:ab:2d:ea:48:1f:9c:e6:4f:dc:bc:a8:
         26:c5:61:bd:83:d3:c0:a9:4e:5e:0a:22:e8:75:d0:a9:01:eb:
         ac:f4:48:2f:19:1c:0b:3a:a3:72:52:31:da:5d:12:9d:44:98:
         39:60:67:92:20:02:23:b7:72:19:d4:fa:31:a1:58:49:20:b1:
         04:7a:c3:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZq/Xtm9mfcFZUWBiuNijkTFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NjU5M2I3NDdlNzZhNTY0OTI1MTFiYjM2MTJlNGQ1ZTRj
YmU3ZWMwHhcNMjUxMTI2MDg1NDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGUxNTE5NThmYTkwYWZhZTFlOThmYWIyNjIwODkwMDY5MzdkODFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/FuTp3DHFgh2FYDtCx/VPvgjsLM
FkHagOrcS+exCkA9xumtmJhE06sMXXeJAM9zIbmkwjKu+HtC5WuvvgjKStTgm2SR
eo+OCz88uRObY+jsAvU7d7xtcp2BZ0SNZQertBb6qSQWES/hcEWCH5vp3kUcLYuM
cxdWUeZM9sbwrMJ3X/kHtj/mjvRsxdB0YDe4hZ/ymI5aha+qr33gJIdinBZZX0n7
MmlSLc+q+Ek4SAKtxW6Gcm27GSqX0B4mr3bWrip+RoOYhoAte3K5FVVVy8eAWBiM
hG9BLEJN7jCK3m+sR/odz58NvoWc8RIEENhewYDIshdGcDvWXAfYB3D9oQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLThUZWPqQr64emPqyYgiQBpN9gaMB8GA1UdIwQY
MBaAFCllk7dH52pWSSURuzYS5NXky+fsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMt
MWI3Y2JiMDhkNzNmLzEvdE9GUmxZLXBDdnJoNlktckppQ0pBR2szMkJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMtMWI3Y2JiMDhkNzNm
LzEvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJXIgMA0G
CSqGSIb3DQEBCwUAA4IBAQDDxo+I7meBK/jXqZnV/7fFwK26M2En18sD5aFHSCcM
uxiUztFMBpXQZJ2TK9Ctk1ycexUMj3rSbtRDImNxFwMZ9OvKt8aUWAp7oAKAYxMv
YiTXg9+myhvsbUAKUCmaiGHUn+CFhsQ7YMsq1+EXthA7vPkdBTiNiPFVnsNv5DQD
Rb3QR/OVezZ0urTGTUQMQZDq6nnQJhn7y5CsM0drDIXI7QhsBYKnoMl9anOqEo81
+osDjQ+IPiar63Fbqy3qSB+c5k/cvKgmxWG9g9PAqU5eCiLoddCpAeus9EgvGRwL
OqNyUjHaXRKdRJg5YGeSIAIjt3IZ1PoxoVhJILEEesO2
-----END CERTIFICATE-----