This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/a6d124-04e6-4def-a16b-d652368299d5/1/tK1_7kYoh8HPJEz9gt6VcaD4nUE.roa
File:                     tK1_7kYoh8HPJEz9gt6VcaD4nUE.roa (raw, json)
Hash identifier:          S18bPoeACVyQQ3iZwMpVkRKWBkpl4d3ZgQ7DJM72ZW8=
Subject key identifier:   B4:AD:7F:EE:46:28:87:C1:CF:24:4C:FD:82:DE:95:71:A0:F8:9D:41
Certificate issuer:       /CN=d408cf09b6ab005ba933b2a7a4a6d27ea6bb72ca
Certificate serial:       019B7C110F8E7D131860D1B781D2026AA403
Authority key identifier: D4:08:CF:09:B6:AB:00:5B:A9:33:B2:A7:A4:A6:D2:7E:A6:BB:72:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1AjPCbarAFupM7KnpKbSfqa7cso.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/a6d124-04e6-4def-a16b-d652368299d5/1/tK1_7kYoh8HPJEz9gt6VcaD4nUE.roa
Signing time:             Fri 02 Jan 2026 00:17:31 +0000
ROA not before:           Fri 02 Jan 2026 00:17:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213066
IP address blocks:        193.163.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/a6d124-04e6-4def-a16b-d652368299d5/1/1AjPCbarAFupM7KnpKbSfqa7cso.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/a6d124-04e6-4def-a16b-d652368299d5/1/1AjPCbarAFupM7KnpKbSfqa7cso.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1AjPCbarAFupM7KnpKbSfqa7cso.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Feb 2026 00:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:11:0f:8e:7d:13:18:60:d1:b7:81:d2:02:6a:a4:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d408cf09b6ab005ba933b2a7a4a6d27ea6bb72ca
        Validity
            Not Before: Jan  2 00:17:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b4ad7fee462887c1cf244cfd82de9571a0f89d41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:53:9c:05:6e:e3:bb:9f:aa:3a:36:7c:ce:99:
                    11:f4:21:e4:dd:da:d5:b8:36:d4:03:15:4d:17:f6:
                    5a:f4:2f:f9:6e:23:cc:f4:e6:70:42:2f:e2:9a:af:
                    a6:30:0e:e6:68:37:e5:dc:f2:45:05:fa:fc:e3:9e:
                    9e:7c:4d:d3:97:2b:2e:86:5a:9f:d3:41:99:1d:7c:
                    92:c5:e2:e8:11:e6:68:5e:7b:cb:56:9d:c6:c9:9d:
                    68:d7:31:a9:58:c5:65:24:eb:18:05:de:5e:2f:ce:
                    e8:82:d1:a5:07:7f:d4:30:d4:52:ef:aa:66:57:be:
                    30:51:94:b2:96:6e:9e:62:f9:42:84:fa:15:0d:e9:
                    88:16:ad:f7:0f:b7:58:51:de:4f:ba:77:96:43:c5:
                    30:c9:b3:fc:0c:ad:db:9c:4f:61:4a:0d:7d:08:29:
                    7b:1b:cd:c1:01:13:ff:89:b6:46:e7:2f:33:fa:3d:
                    51:7f:fb:7e:b0:74:b9:7c:3e:e2:64:a2:4f:43:3f:
                    44:08:87:5e:9d:10:51:a1:dd:69:9d:36:2c:28:9d:
                    62:0b:7f:e5:b7:93:39:5e:1d:61:9f:37:0f:c9:cc:
                    1e:d0:78:23:e9:8c:09:ba:7f:17:82:6d:c7:97:3f:
                    81:e8:72:40:30:b2:92:07:d9:45:6a:be:f9:e6:cc:
                    b2:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:AD:7F:EE:46:28:87:C1:CF:24:4C:FD:82:DE:95:71:A0:F8:9D:41
            X509v3 Authority Key Identifier:
                keyid:D4:08:CF:09:B6:AB:00:5B:A9:33:B2:A7:A4:A6:D2:7E:A6:BB:72:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1AjPCbarAFupM7KnpKbSfqa7cso.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/a6d124-04e6-4def-a16b-d652368299d5/1/tK1_7kYoh8HPJEz9gt6VcaD4nUE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/a6d124-04e6-4def-a16b-d652368299d5/1/1AjPCbarAFupM7KnpKbSfqa7cso.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:2f:d9:cc:46:0b:d3:ff:75:6b:13:e8:b5:de:c7:28:c5:47:
         ad:ae:73:12:8f:d1:71:30:85:dd:5e:4d:39:ad:ce:76:c0:f1:
         fc:13:ce:38:3d:13:3d:7d:c8:13:66:88:de:1e:f7:67:5c:ce:
         dd:1f:7d:a6:dd:87:f9:fb:87:10:47:77:45:6d:69:31:a7:c2:
         03:8b:98:b9:a3:11:28:e7:c7:d5:0c:7a:54:c3:39:c1:bb:34:
         91:99:97:db:f3:e2:23:0e:b6:d2:c2:0c:6d:cf:40:dd:33:8c:
         48:27:49:fc:72:a0:32:b7:74:9d:18:5b:44:18:8a:eb:19:0d:
         5f:96:58:12:85:49:70:a4:1a:09:e5:d2:5a:54:15:42:4e:62:
         83:1e:de:e9:17:ef:96:90:0d:d4:a6:38:63:90:2c:12:d1:14:
         2e:93:cd:1f:26:f0:8e:86:e7:fa:79:84:17:d3:9e:c6:5d:38:
         8f:cc:5d:06:e6:41:2a:c2:85:d4:3d:18:f5:8d:8f:2a:89:0b:
         6a:ca:b5:98:a8:13:40:78:a1:4b:eb:fc:a6:a5:17:a6:80:ac:
         77:e3:ec:ab:37:e1:f8:12:6f:95:ca:d9:b1:71:a3:d7:72:26:
         25:11:fb:b6:9f:b8:e0:33:3d:f8:67:95:40:5b:af:0f:4b:65:
         b6:7e:f9:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EQ+OfRMYYNG3gdICaqQDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0MDhjZjA5YjZhYjAwNWJhOTMzYjJhN2E0YTZkMjdlYTZi
YjcyY2EwHhcNMjYwMTAyMDAxNzMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGFkN2ZlZTQ2Mjg4N2MxY2YyNDRjZmQ4MmRlOTU3MWEwZjg5ZDQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1OcBW7ju5+qOjZ8zpkR9CHk3drV
uDbUAxVNF/Za9C/5biPM9OZwQi/imq+mMA7maDfl3PJFBfr8456efE3Tlysuhlqf
00GZHXySxeLoEeZoXnvLVp3GyZ1o1zGpWMVlJOsYBd5eL87ogtGlB3/UMNRS76pm
V74wUZSylm6eYvlChPoVDemIFq33D7dYUd5PuneWQ8UwybP8DK3bnE9hSg19CCl7
G83BARP/ibZG5y8z+j1Rf/t+sHS5fD7iZKJPQz9ECIdenRBRod1pnTYsKJ1iC3/l
t5M5Xh1hnzcPycwe0Hgj6YwJun8Xgm3Hlz+B6HJAMLKSB9lFar755syyuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLStf+5GKIfBzyRM/YLelXGg+J1BMB8GA1UdIwQY
MBaAFNQIzwm2qwBbqTOyp6Sm0n6mu3LKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUFqUENiYXJBRnVwTTdLbnBLYlNmcWE3Y3NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9hNmQxMjQtMDRlNi00ZGVmLWExNmIt
ZDY1MjM2ODI5OWQ1LzEvdEsxXzdrWW9oOEhQSkV6OWd0NlZjYUQ0blVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9hNmQxMjQtMDRlNi00ZGVmLWExNmItZDY1MjM2ODI5OWQ1
LzEvMUFqUENiYXJBRnVwTTdLbnBLYlNmcWE3Y3NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaMBMA0G
CSqGSIb3DQEBCwUAA4IBAQC3L9nMRgvT/3VrE+i13scoxUetrnMSj9FxMIXdXk05
rc52wPH8E844PRM9fcgTZojeHvdnXM7dH32m3Yf5+4cQR3dFbWkxp8IDi5i5oxEo
58fVDHpUwznBuzSRmZfb8+IjDrbSwgxtz0DdM4xIJ0n8cqAyt3SdGFtEGIrrGQ1f
llgShUlwpBoJ5dJaVBVCTmKDHt7pF++WkA3UpjhjkCwS0RQuk80fJvCOhuf6eYQX
057GXTiPzF0G5kEqwoXUPRj1jY8qiQtqyrWYqBNAeKFL6/ympRemgKx34+yrN+H4
Em+VytmxcaPXciYlEfu2n7jgMz34Z5VAW68PS2W2fvmi
-----END CERTIFICATE-----