This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/d29fe7-8c22-4aaa-b8d6-660f39f64316/1/WNTolADIm9VNsoqCozxJi_Sdj1g.roa
File:                     WNTolADIm9VNsoqCozxJi_Sdj1g.roa (raw, json)
Hash identifier:          dbLLv/tU+oB7TYkA/M9m2Fdt/qMi9LlERRpEMvrtzNg=
Subject key identifier:   58:D4:E8:94:00:C8:9B:D5:4D:B2:8A:82:A3:3C:49:8B:F4:9D:8F:58
Certificate issuer:       /CN=1da81713853c9b18d410d4ff3099ab668e69b3f5
Certificate serial:       019B7D5D3A5B843CF7803CD12FB4A3FA1F60
Authority key identifier: 1D:A8:17:13:85:3C:9B:18:D4:10:D4:FF:30:99:AB:66:8E:69:B3:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HagXE4U8mxjUENT_MJmrZo5ps_U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/d29fe7-8c22-4aaa-b8d6-660f39f64316/1/WNTolADIm9VNsoqCozxJi_Sdj1g.roa
Signing time:             Fri 02 Jan 2026 06:20:20 +0000
ROA not before:           Fri 02 Jan 2026 06:20:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        193.131.114.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/d29fe7-8c22-4aaa-b8d6-660f39f64316/1/HagXE4U8mxjUENT_MJmrZo5ps_U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/d29fe7-8c22-4aaa-b8d6-660f39f64316/1/HagXE4U8mxjUENT_MJmrZo5ps_U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HagXE4U8mxjUENT_MJmrZo5ps_U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5d:3a:5b:84:3c:f7:80:3c:d1:2f:b4:a3:fa:1f:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1da81713853c9b18d410d4ff3099ab668e69b3f5
        Validity
            Not Before: Jan  2 06:20:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=58d4e89400c89bd54db28a82a33c498bf49d8f58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:0f:a8:aa:ec:49:ea:9c:c7:ec:86:c7:50:4f:
                    ed:3e:4f:7e:69:ad:a7:ca:ff:10:db:88:d5:88:43:
                    81:51:f1:77:35:44:74:21:8e:64:5d:64:05:e1:32:
                    94:27:e5:22:83:27:94:bc:c9:41:bd:52:b9:4f:0f:
                    9b:ac:42:40:98:62:8b:76:22:86:b4:6b:b3:88:e7:
                    91:e2:a0:23:1a:e1:04:8d:14:1b:78:9c:28:e7:00:
                    5f:cf:20:47:3f:c3:57:0a:f8:a0:cd:87:0e:cb:41:
                    3b:9b:d2:c4:6f:7c:9a:81:e8:dc:c6:3a:ce:a4:68:
                    6e:70:16:44:14:e1:47:4c:ee:c5:50:82:bc:e9:49:
                    50:ad:fc:6e:77:c9:0d:15:0e:07:52:18:ca:1e:45:
                    da:11:2a:ef:ba:c3:f6:ec:0a:29:8f:5d:3e:23:35:
                    66:dd:aa:f0:ae:e0:e3:5b:dd:83:97:fc:86:5b:cf:
                    0c:90:46:21:0d:d2:bd:a1:f0:14:61:c8:e8:a1:c7:
                    aa:d1:5f:2b:2a:34:6b:1f:9d:00:55:3b:4a:5c:0f:
                    a2:5f:f8:30:3a:3c:39:64:92:5b:ce:1b:1b:dc:f1:
                    b6:60:07:54:57:e7:ca:4d:1a:8d:c3:e7:8f:88:fb:
                    5a:28:8d:54:b8:dc:e5:4c:03:9b:dc:36:c9:3d:38:
                    96:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:D4:E8:94:00:C8:9B:D5:4D:B2:8A:82:A3:3C:49:8B:F4:9D:8F:58
            X509v3 Authority Key Identifier:
                keyid:1D:A8:17:13:85:3C:9B:18:D4:10:D4:FF:30:99:AB:66:8E:69:B3:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HagXE4U8mxjUENT_MJmrZo5ps_U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/d29fe7-8c22-4aaa-b8d6-660f39f64316/1/WNTolADIm9VNsoqCozxJi_Sdj1g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/d29fe7-8c22-4aaa-b8d6-660f39f64316/1/HagXE4U8mxjUENT_MJmrZo5ps_U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.131.114.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c4:96:17:31:d1:d9:09:30:99:bc:2f:2f:5d:f2:c2:90:18:14:
         74:40:5a:b3:60:73:eb:7e:98:2d:e8:c3:a2:66:6a:cf:33:5c:
         75:ad:ee:80:b9:33:47:b0:52:3f:fa:8d:b2:cc:cb:e5:92:44:
         74:84:dc:24:ed:1f:21:ff:11:9b:ba:89:fb:be:89:b3:e7:76:
         20:21:55:57:b2:72:ec:56:f0:8a:a0:35:f8:0f:7f:0c:66:7e:
         5f:23:33:6a:8f:bf:82:cb:8f:78:d1:9a:ea:00:f0:de:42:54:
         c7:cf:c9:87:c5:18:76:04:66:63:95:86:91:06:a6:41:65:60:
         24:4d:80:5c:e4:42:5a:9f:06:53:1e:d2:ea:6b:aa:1c:2c:7e:
         60:f9:e4:5c:85:4b:33:1e:3c:97:b9:28:76:1d:93:4c:03:00:
         2e:cb:f2:22:1f:dd:51:81:86:c5:73:9e:5c:f8:4d:b0:86:8b:
         ef:3e:7b:57:4f:b4:14:12:bb:ab:4a:c3:36:c9:9a:3d:d3:0c:
         33:10:44:67:d5:07:b7:f7:0d:ba:82:43:2f:df:b0:cf:80:c1:
         67:1f:0c:2f:2a:cc:d1:2d:5a:70:42:f3:d3:9d:7a:2e:c0:71:
         ba:fe:69:16:fe:eb:86:a1:8e:e3:8c:7c:50:ed:fe:d3:29:31:
         95:1c:9d:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XTpbhDz3gDzRL7Sj+h9gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkYTgxNzEzODUzYzliMThkNDEwZDRmZjMwOTlhYjY2OGU2
OWIzZjUwHhcNMjYwMTAyMDYyMDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGQ0ZTg5NDAwYzg5YmQ1NGRiMjhhODJhMzNjNDk4YmY0OWQ4ZjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsA+oquxJ6pzH7IbHUE/tPk9+aa2n
yv8Q24jViEOBUfF3NUR0IY5kXWQF4TKUJ+UigyeUvMlBvVK5Tw+brEJAmGKLdiKG
tGuziOeR4qAjGuEEjRQbeJwo5wBfzyBHP8NXCvigzYcOy0E7m9LEb3yagejcxjrO
pGhucBZEFOFHTO7FUIK86UlQrfxud8kNFQ4HUhjKHkXaESrvusP27Aopj10+IzVm
3arwruDjW92Dl/yGW88MkEYhDdK9ofAUYcjooceq0V8rKjRrH50AVTtKXA+iX/gw
Ojw5ZJJbzhsb3PG2YAdUV+fKTRqNw+ePiPtaKI1UuNzlTAOb3DbJPTiW9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFjU6JQAyJvVTbKKgqM8SYv0nY9YMB8GA1UdIwQY
MBaAFB2oFxOFPJsY1BDU/zCZq2aOabP1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGFnWEU0VThteGpVRU5UX01KbXJabzVwc19VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My9kMjlmZTctOGMyMi00YWFhLWI4ZDYt
NjYwZjM5ZjY0MzE2LzEvV05Ub2xBREltOVZOc29xQ296eEppX1NkajFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My9kMjlmZTctOGMyMi00YWFhLWI4ZDYtNjYwZjM5ZjY0MzE2
LzEvSGFnWEU0VThteGpVRU5UX01KbXJabzVwc19VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwYNyMA0G
CSqGSIb3DQEBCwUAA4IBAQDElhcx0dkJMJm8Ly9d8sKQGBR0QFqzYHPrfpgt6MOi
ZmrPM1x1re6AuTNHsFI/+o2yzMvlkkR0hNwk7R8h/xGbuon7vomz53YgIVVXsnLs
VvCKoDX4D38MZn5fIzNqj7+Cy4940ZrqAPDeQlTHz8mHxRh2BGZjlYaRBqZBZWAk
TYBc5EJanwZTHtLqa6ocLH5g+eRchUszHjyXuSh2HZNMAwAuy/IiH91RgYbFc55c
+E2whovvPntXT7QUErurSsM2yZo90wwzEERn1Qe39w26gkMv37DPgMFnHwwvKszR
LVpwQvPTnXouwHG6/mkW/uuGoY7jjHxQ7f7TKTGVHJ14
-----END CERTIFICATE-----