This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/d20c0e-6385-4ab7-b5ff-d15bdb886c6d/1/WJTr2Tk1_nZlSZj0AI0um0QiPjI.roa
File:                     WJTr2Tk1_nZlSZj0AI0um0QiPjI.roa (raw, json)
Hash identifier:          mYhezBwJPYjVc5I7W3f+glCZHfaPOouHpLS/423/Sw8=
Subject key identifier:   58:94:EB:D9:39:35:FE:76:65:49:98:F4:00:8D:2E:9B:44:22:3E:32
Certificate issuer:       /CN=0bd64fe7f438782ec8afa9eef5487b5db80e4dea
Certificate serial:       019B7BA335FDD09D1EE031B3D5755A6ECB52
Authority key identifier: 0B:D6:4F:E7:F4:38:78:2E:C8:AF:A9:EE:F5:48:7B:5D:B8:0E:4D:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C9ZP5_Q4eC7Ir6nu9Uh7XbgOTeo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/d20c0e-6385-4ab7-b5ff-d15bdb886c6d/1/WJTr2Tk1_nZlSZj0AI0um0QiPjI.roa
Signing time:             Thu 01 Jan 2026 22:17:32 +0000
ROA not before:           Thu 01 Jan 2026 22:17:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49556
IP address blocks:        194.32.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/d20c0e-6385-4ab7-b5ff-d15bdb886c6d/1/C9ZP5_Q4eC7Ir6nu9Uh7XbgOTeo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/d20c0e-6385-4ab7-b5ff-d15bdb886c6d/1/C9ZP5_Q4eC7Ir6nu9Uh7XbgOTeo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C9ZP5_Q4eC7Ir6nu9Uh7XbgOTeo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:35:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:35:fd:d0:9d:1e:e0:31:b3:d5:75:5a:6e:cb:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bd64fe7f438782ec8afa9eef5487b5db80e4dea
        Validity
            Not Before: Jan  1 22:17:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5894ebd93935fe76654998f4008d2e9b44223e32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:45:ea:0c:1f:fd:af:1c:6a:a5:95:1f:65:38:
                    34:01:ba:45:75:11:a9:5c:27:fe:8e:5a:6b:c1:d7:
                    94:9f:66:1b:35:41:1c:01:a2:57:3e:6d:2c:79:bc:
                    72:27:6b:21:1c:14:38:46:de:8d:50:2b:2e:0f:f6:
                    6e:08:ce:65:92:fc:3e:46:96:d8:29:91:99:97:c9:
                    c0:7e:09:77:1f:cc:16:cf:7b:dc:2f:16:25:0c:49:
                    28:bc:ba:40:63:7d:cf:9d:2a:d2:25:39:e3:05:6a:
                    62:3b:5f:f9:ae:8f:6a:8d:6c:ba:a2:9a:5a:f6:82:
                    1a:c2:3f:b9:4d:4d:49:f4:63:c6:60:d2:0d:72:af:
                    ba:b0:21:2b:91:1f:fe:ab:c8:b2:3c:30:d3:dc:df:
                    c2:45:87:88:ba:51:55:2a:56:6e:f9:45:47:40:f3:
                    f2:e8:f6:2c:f5:71:47:05:70:1d:9e:6e:f4:81:f7:
                    bc:1a:29:2e:eb:61:55:82:4c:38:7b:2c:81:5b:fc:
                    53:af:bf:88:2c:7f:c2:a1:22:42:cb:1f:a6:8c:6d:
                    59:1b:19:cc:0f:ad:60:93:18:fd:fc:b0:09:7d:2f:
                    6d:61:07:a8:fe:13:c7:12:30:f2:3d:a4:aa:62:22:
                    ec:5e:3b:c8:72:05:0e:a8:7a:92:dc:90:a3:6f:15:
                    6c:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:94:EB:D9:39:35:FE:76:65:49:98:F4:00:8D:2E:9B:44:22:3E:32
            X509v3 Authority Key Identifier:
                keyid:0B:D6:4F:E7:F4:38:78:2E:C8:AF:A9:EE:F5:48:7B:5D:B8:0E:4D:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C9ZP5_Q4eC7Ir6nu9Uh7XbgOTeo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/d20c0e-6385-4ab7-b5ff-d15bdb886c6d/1/WJTr2Tk1_nZlSZj0AI0um0QiPjI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/d20c0e-6385-4ab7-b5ff-d15bdb886c6d/1/C9ZP5_Q4eC7Ir6nu9Uh7XbgOTeo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.32.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:ab:c9:c9:ef:9b:c6:a2:c8:52:3b:cb:dd:34:09:d8:e9:ac:
         3a:ae:6d:9d:28:16:76:f5:88:ac:ec:5b:8f:52:61:55:9e:d2:
         a0:b0:b3:b3:c6:a0:db:20:b6:6f:a6:13:f6:c9:37:4e:c6:03:
         c2:3b:ad:a9:85:a7:8b:0c:e0:b2:1f:12:3d:53:8d:cc:0c:88:
         81:10:a5:15:97:29:b7:8f:49:9f:6e:76:81:d7:c5:e0:12:de:
         ce:67:54:b8:1c:13:41:09:e1:fb:38:bc:ae:51:da:f5:83:f7:
         dc:df:f3:38:35:75:0d:01:51:7b:59:45:d8:06:ec:4b:7c:d1:
         b1:c2:8f:3a:12:9a:33:b9:0f:e4:00:c3:26:15:c3:12:2e:8a:
         01:91:4a:a2:5f:ea:33:3d:cd:c0:d1:9c:8a:b8:f7:9e:e9:5e:
         04:5b:c5:cf:5c:9e:83:86:e1:99:a1:c7:8c:ea:53:70:da:03:
         cb:82:68:15:8c:fd:cf:a5:91:e5:28:b7:6c:04:ae:41:3b:20:
         c6:2b:8d:2e:15:91:49:c1:89:5e:ec:31:17:19:46:7e:07:a4:
         1e:5d:a7:d3:20:59:38:41:04:81:76:b4:61:ac:0d:5e:aa:51:
         29:5d:43:00:83:98:a2:08:7b:45:95:d3:04:d1:ea:87:ea:85:
         56:6f:23:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7ozX90J0e4DGz1XVabstSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiZDY0ZmU3ZjQzODc4MmVjOGFmYTllZWY1NDg3YjVkYjgw
ZTRkZWEwHhcNMjYwMTAxMjIxNzMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODk0ZWJkOTM5MzVmZTc2NjU0OTk4ZjQwMDhkMmU5YjQ0MjIzZTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp0XqDB/9rxxqpZUfZTg0AbpFdRGp
XCf+jlprwdeUn2YbNUEcAaJXPm0sebxyJ2shHBQ4Rt6NUCsuD/ZuCM5lkvw+RpbY
KZGZl8nAfgl3H8wWz3vcLxYlDEkovLpAY33PnSrSJTnjBWpiO1/5ro9qjWy6oppa
9oIawj+5TU1J9GPGYNINcq+6sCErkR/+q8iyPDDT3N/CRYeIulFVKlZu+UVHQPPy
6PYs9XFHBXAdnm70gfe8Giku62FVgkw4eyyBW/xTr7+ILH/CoSJCyx+mjG1ZGxnM
D61gkxj9/LAJfS9tYQeo/hPHEjDyPaSqYiLsXjvIcgUOqHqS3JCjbxVsyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFiU69k5Nf52ZUmY9ACNLptEIj4yMB8GA1UdIwQY
MBaAFAvWT+f0OHguyK+p7vVIe124Dk3qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzlaUDVfUTRlQzdJcjZudTlVaDdYYmdPVGVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9kMjBjMGUtNjM4NS00YWI3LWI1ZmYt
ZDE1YmRiODg2YzZkLzEvV0pUcjJUazFfblpsU1pqMEFJMHVtMFFpUGpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9kMjBjMGUtNjM4NS00YWI3LWI1ZmYtZDE1YmRiODg2YzZk
LzEvQzlaUDVfUTRlQzdJcjZudTlVaDdYYmdPVGVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiDVMA0G
CSqGSIb3DQEBCwUAA4IBAQBMq8nJ75vGoshSO8vdNAnY6aw6rm2dKBZ29Yis7FuP
UmFVntKgsLOzxqDbILZvphP2yTdOxgPCO62phaeLDOCyHxI9U43MDIiBEKUVlym3
j0mfbnaB18XgEt7OZ1S4HBNBCeH7OLyuUdr1g/fc3/M4NXUNAVF7WUXYBuxLfNGx
wo86EpozuQ/kAMMmFcMSLooBkUqiX+ozPc3A0ZyKuPee6V4EW8XPXJ6DhuGZoceM
6lNw2gPLgmgVjP3PpZHlKLdsBK5BOyDGK40uFZFJwYle7DEXGUZ+B6QeXafTIFk4
QQSBdrRhrA1eqlEpXUMAg5iiCHtFldME0eqH6oVWbyPZ
-----END CERTIFICATE-----