This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/sDzFLWFWjnjwDB0s4FiwnR63uuM.roa
File:                     sDzFLWFWjnjwDB0s4FiwnR63uuM.roa (raw, json)
Hash identifier:          +go4Rvkjelbo++GLMIn1ydGUqWYnv/glBen5MVVmYBY=
Subject key identifier:   B0:3C:C5:2D:61:56:8E:78:F0:0C:1D:2C:E0:58:B0:9D:1E:B7:BA:E3
Certificate issuer:       /CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Certificate serial:       019ABFE0DE8B5963F7C71169D69D0CA0331E
Authority key identifier: 6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/sDzFLWFWjnjwDB0s4FiwnR63uuM.roa
Signing time:             Wed 26 Nov 2025 11:16:16 +0000
ROA not before:           Wed 26 Nov 2025 11:16:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197537
IP address blocks:        213.18.242.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Dec 2025 05:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:bf:e0:de:8b:59:63:f7:c7:11:69:d6:9d:0c:a0:33:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
        Validity
            Not Before: Nov 26 11:16:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b03cc52d61568e78f00c1d2ce058b09d1eb7bae3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:12:96:e2:38:12:3e:0d:e4:a3:9f:43:9f:80:
                    22:64:fa:28:71:85:f9:78:66:c4:4b:da:de:36:42:
                    76:ba:a5:37:33:29:e7:9a:24:8d:f1:2f:16:9b:c7:
                    9b:f5:eb:fb:07:10:d6:ea:80:bc:1b:2e:df:c8:90:
                    fb:e3:b4:81:9b:b4:3f:27:01:3f:2c:0f:b1:02:ac:
                    47:ee:97:bb:c1:f6:c3:75:31:b9:13:c6:75:09:91:
                    12:26:65:51:92:49:16:3c:ec:f5:75:52:8a:59:1a:
                    c0:b1:49:19:dd:e7:20:f7:3c:8a:e5:23:9f:38:66:
                    73:0d:31:e2:62:bb:37:cb:2a:87:65:c2:a6:c4:d0:
                    51:51:4d:35:d6:ae:d6:b6:4d:56:c9:d0:1d:1c:f8:
                    a7:46:fb:40:74:6e:28:f3:bf:a4:ab:f3:cc:df:12:
                    84:fe:01:eb:f2:34:6c:f5:0a:f5:bb:45:26:00:b4:
                    76:ba:f1:f0:7e:72:f4:b1:72:55:a7:a0:cd:a9:59:
                    67:d4:be:71:46:61:0b:cf:fe:0e:95:b4:6e:8d:61:
                    25:5c:89:b5:b7:58:bb:64:00:15:f1:9a:cb:af:2f:
                    e0:7b:c6:88:13:8f:e3:57:10:21:8b:6c:30:75:bb:
                    a6:19:3c:65:8b:8c:3b:07:fa:9d:4c:4f:61:e1:b3:
                    15:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:3C:C5:2D:61:56:8E:78:F0:0C:1D:2C:E0:58:B0:9D:1E:B7:BA:E3
            X509v3 Authority Key Identifier:
                keyid:6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/sDzFLWFWjnjwDB0s4FiwnR63uuM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.18.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         96:13:67:c4:19:38:7f:5d:08:93:5d:33:df:af:79:81:33:7c:
         cc:e0:76:9f:05:f7:08:28:21:36:e2:50:73:9d:b0:0f:0b:7a:
         32:bc:97:ec:e2:93:25:8f:d4:57:01:07:24:55:a0:70:9b:57:
         c6:52:5e:42:0b:67:da:74:1f:27:de:31:ad:74:ab:ef:3d:6b:
         1c:f5:a2:18:5a:a0:ba:72:33:a5:aa:e1:2a:b8:76:4a:6a:03:
         e3:a5:ad:2e:c7:6d:c5:0d:11:5e:38:4a:22:a4:76:e4:11:c8:
         fc:cd:1c:8e:9d:13:13:44:d8:28:01:c8:20:ba:f9:c1:51:6b:
         7d:b6:37:b3:bf:f2:16:d5:5d:a9:a9:90:8b:e8:db:71:f4:87:
         07:45:6c:aa:d6:a0:c2:71:17:f2:a6:76:a8:28:e0:6e:ac:28:
         59:81:5b:f9:ad:9c:85:64:37:f4:7a:2c:a2:79:13:d3:19:f7:
         21:8c:80:f4:bf:27:d2:c6:63:91:cd:52:43:3d:d9:eb:57:44:
         50:7b:a0:ff:0c:a2:ac:ea:dd:ef:f7:cf:72:21:f7:3d:4d:2a:
         26:40:9f:58:51:4c:e0:2e:41:81:01:13:12:c9:ea:0d:ad:db:
         8b:09:54:a9:b6:4f:eb:17:4c:fc:73:f6:2f:91:9a:44:80:4b:
         8f:93:09:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZq/4N6LWWP3xxFp1p0MoDMeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTgzNmRkZTliOWRhZWYzNWE4YTdmNzRkNjMyNmY2YjQy
ZGE3NGQwHhcNMjUxMTI2MTExNjE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDNjYzUyZDYxNTY4ZTc4ZjAwYzFkMmNlMDU4YjA5ZDFlYjdiYWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoxKW4jgSPg3ko59Dn4AiZPoocYX5
eGbES9reNkJ2uqU3MynnmiSN8S8Wm8eb9ev7BxDW6oC8Gy7fyJD747SBm7Q/JwE/
LA+xAqxH7pe7wfbDdTG5E8Z1CZESJmVRkkkWPOz1dVKKWRrAsUkZ3ecg9zyK5SOf
OGZzDTHiYrs3yyqHZcKmxNBRUU011q7Wtk1WydAdHPinRvtAdG4o87+kq/PM3xKE
/gHr8jRs9Qr1u0UmALR2uvHwfnL0sXJVp6DNqVln1L5xRmELz/4OlbRujWElXIm1
t1i7ZAAV8ZrLry/ge8aIE4/jVxAhi2wwdbumGTxli4w7B/qdTE9h4bMVHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLA8xS1hVo548AwdLOBYsJ0et7rjMB8GA1UdIwQY
MBaAFGpYNt3pudrvNain901jJva0LadNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUt
YzE5OTQyNzM3ZTZkLzEvc0R6RkxXRldqbmp3REIwczRGaXduUjYzdXVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUtYzE5OTQyNzM3ZTZk
LzEvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1RLyMA0G
CSqGSIb3DQEBCwUAA4IBAQCWE2fEGTh/XQiTXTPfr3mBM3zM4HafBfcIKCE24lBz
nbAPC3oyvJfs4pMlj9RXAQckVaBwm1fGUl5CC2fadB8n3jGtdKvvPWsc9aIYWqC6
cjOlquEquHZKagPjpa0ux23FDRFeOEoipHbkEcj8zRyOnRMTRNgoAcgguvnBUWt9
tjezv/IW1V2pqZCL6Ntx9IcHRWyq1qDCcRfypnaoKOBurChZgVv5rZyFZDf0eiyi
eRPTGfchjID0vyfSxmORzVJDPdnrV0RQe6D/DKKs6t3v989yIfc9TSomQJ9YUUzg
LkGBARMSyeoNrduLCVSptk/rF0z8c/YvkZpEgEuPkwnW
-----END CERTIFICATE-----