This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/Rf4lYuQyUdKWGFvk11GcGiQPVTI.roa
File:                     Rf4lYuQyUdKWGFvk11GcGiQPVTI.roa (raw, json)
Hash identifier:          A91UDJrvnOhCCCVtP0O0gksPq4AM3cqtmQ5FJY/qE2E=
Subject key identifier:   45:FE:25:62:E4:32:51:D2:96:18:5B:E4:D7:51:9C:1A:24:0F:55:32
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       019B7F83B7EF5F0ABEA26167815E8396AF5B
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/Rf4lYuQyUdKWGFvk11GcGiQPVTI.roa
Signing time:             Fri 02 Jan 2026 16:21:37 +0000
ROA not before:           Fri 02 Jan 2026 16:21:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207935
IP address blocks:        141.101.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:83:b7:ef:5f:0a:be:a2:61:67:81:5e:83:96:af:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Jan  2 16:21:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=45fe2562e43251d296185be4d7519c1a240f5532
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:e7:bc:a8:da:09:f2:bb:aa:17:3a:ab:c7:cc:
                    18:6c:ef:d2:03:53:e4:6d:ee:67:cf:bf:b3:7f:fa:
                    65:e1:60:70:d7:6e:c6:ce:b8:55:22:3f:bd:16:04:
                    07:3d:29:d8:53:86:60:19:9b:fd:41:11:e4:0f:6a:
                    71:d6:43:b7:d2:26:b0:7f:c9:b0:9b:31:17:17:3d:
                    70:b7:78:c1:6a:23:07:68:ad:5b:97:5c:02:73:23:
                    8e:da:45:a4:c7:12:ed:2d:43:0c:d2:41:2c:de:ca:
                    ee:2c:fb:e4:d2:b3:77:39:89:5c:ce:2a:d6:ae:ae:
                    4f:2a:31:0b:25:6a:d1:a7:d8:53:47:30:fd:f4:69:
                    df:82:63:65:6e:bf:c3:69:42:cb:8b:6b:b6:2e:34:
                    4b:6d:2d:38:09:75:4e:43:e0:8c:7b:8d:a0:5b:89:
                    d6:1c:b2:13:78:7c:f6:20:66:fb:29:d3:5e:1b:f7:
                    0c:1a:07:1d:89:9d:13:ff:ec:e3:7e:83:6c:64:48:
                    0a:21:79:0e:7c:10:8e:ae:38:a9:88:66:29:58:c1:
                    f6:e4:c9:f2:71:8e:16:31:e5:31:7d:d0:58:45:2a:
                    4b:82:49:7d:92:ee:81:2b:31:11:6b:d6:9b:37:08:
                    04:23:a4:ec:60:e4:21:66:1a:fd:b5:76:e0:90:1d:
                    fb:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:FE:25:62:E4:32:51:D2:96:18:5B:E4:D7:51:9C:1A:24:0F:55:32
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/Rf4lYuQyUdKWGFvk11GcGiQPVTI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.101.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:60:75:83:27:2a:f3:9e:e3:ff:73:1a:c8:1c:45:45:8c:a6:
         95:ae:76:63:12:2b:cb:f2:0e:92:80:9b:e6:58:20:39:f0:49:
         a3:b1:59:c5:be:90:65:91:ab:a8:c3:85:a8:f5:0b:5b:5a:a4:
         ed:a1:d7:8a:bf:0a:bb:87:45:a4:e9:21:43:6b:c9:18:7f:22:
         ce:be:b4:d5:9d:9e:da:9f:54:35:f9:f4:1e:e7:ec:bf:db:22:
         c4:41:51:2e:a2:2a:01:fb:20:23:af:09:65:e4:8b:27:17:77:
         58:9b:cb:a0:28:e2:fd:37:b8:de:5a:ff:6d:4b:d7:42:57:38:
         56:c2:ca:fb:7c:0d:f2:a1:0f:b3:ef:55:f5:30:2c:f8:2d:ab:
         d0:4b:e8:09:79:5b:20:9b:56:98:10:e4:8c:d4:48:52:81:7e:
         d4:ed:be:de:d3:19:78:0e:69:cd:61:59:b0:d8:64:64:d7:ff:
         0f:21:3d:5e:30:e3:90:eb:cc:66:ce:21:63:87:77:30:81:9b:
         22:41:24:5a:53:c4:69:c1:0d:d1:bb:47:54:cf:b3:2f:bd:3e:
         d1:dd:98:51:7a:ce:76:30:b7:74:ce:9a:bc:f8:04:6c:df:d0:
         8a:6a:27:39:31:46:9f:70:62:e9:a3:71:1b:6b:c9:a4:eb:21:
         20:02:af:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/g7fvXwq+omFngV6Dlq9bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjYwMTAyMTYyMTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWZlMjU2MmU0MzI1MWQyOTYxODViZTRkNzUxOWMxYTI0MGY1NTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+e8qNoJ8ruqFzqrx8wYbO/SA1Pk
be5nz7+zf/pl4WBw127GzrhVIj+9FgQHPSnYU4ZgGZv9QRHkD2px1kO30iawf8mw
mzEXFz1wt3jBaiMHaK1bl1wCcyOO2kWkxxLtLUMM0kEs3sruLPvk0rN3OYlczirW
rq5PKjELJWrRp9hTRzD99GnfgmNlbr/DaULLi2u2LjRLbS04CXVOQ+CMe42gW4nW
HLITeHz2IGb7KdNeG/cMGgcdiZ0T/+zjfoNsZEgKIXkOfBCOrjipiGYpWMH25Mny
cY4WMeUxfdBYRSpLgkl9ku6BKzERa9abNwgEI6TsYOQhZhr9tXbgkB378QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEX+JWLkMlHSlhhb5NdRnBokD1UyMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvUmY0bFl1UXlVZEtXR0Z2azExR2NHaVFQVlRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjWXdMA0G
CSqGSIb3DQEBCwUAA4IBAQBpYHWDJyrznuP/cxrIHEVFjKaVrnZjEivL8g6SgJvm
WCA58EmjsVnFvpBlkauow4Wo9QtbWqTtodeKvwq7h0Wk6SFDa8kYfyLOvrTVnZ7a
n1Q1+fQe5+y/2yLEQVEuoioB+yAjrwll5IsnF3dYm8ugKOL9N7jeWv9tS9dCVzhW
wsr7fA3yoQ+z71X1MCz4LavQS+gJeVsgm1aYEOSM1EhSgX7U7b7e0xl4DmnNYVmw
2GRk1/8PIT1eMOOQ68xmziFjh3cwgZsiQSRaU8RpwQ3Ru0dUz7MvvT7R3ZhRes52
MLd0zpq8+ARs39CKaic5MUafcGLpo3Eba8mk6yEgAq8M
-----END CERTIFICATE-----