This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/ca4815-0e00-49bf-88f5-caca8b80c91c/1/TfIi7I3WgDvXNjupkEjxzP8GxkI.roa
File:                     TfIi7I3WgDvXNjupkEjxzP8GxkI.roa (raw, json)
Hash identifier:          Qym68UnT2HiOSpZ3+9brbjDLO7IA/zFl9AhYdT/LiLQ=
Subject key identifier:   4D:F2:22:EC:8D:D6:80:3B:D7:36:3B:A9:90:48:F1:CC:FF:06:C6:42
Certificate issuer:       /CN=67c3acf929a22338f2b380180cc852db4779aad0
Certificate serial:       019B7CEE0310339CF96B931364FD2FB5B6BE
Authority key identifier: 67:C3:AC:F9:29:A2:23:38:F2:B3:80:18:0C:C8:52:DB:47:79:AA:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z8Os-SmiIzjys4AYDMhS20d5qtA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/ca4815-0e00-49bf-88f5-caca8b80c91c/1/TfIi7I3WgDvXNjupkEjxzP8GxkI.roa
Signing time:             Fri 02 Jan 2026 04:18:51 +0000
ROA not before:           Fri 02 Jan 2026 04:18:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8075
IP address blocks:        193.43.244.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/ca4815-0e00-49bf-88f5-caca8b80c91c/1/Z8Os-SmiIzjys4AYDMhS20d5qtA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/ca4815-0e00-49bf-88f5-caca8b80c91c/1/Z8Os-SmiIzjys4AYDMhS20d5qtA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z8Os-SmiIzjys4AYDMhS20d5qtA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 06:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ee:03:10:33:9c:f9:6b:93:13:64:fd:2f:b5:b6:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67c3acf929a22338f2b380180cc852db4779aad0
        Validity
            Not Before: Jan  2 04:18:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4df222ec8dd6803bd7363ba99048f1ccff06c642
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:6e:3f:b0:e2:6f:87:21:3a:cd:c2:ec:da:6d:
                    eb:06:f6:4d:69:50:dc:17:1b:4f:bd:37:07:c6:96:
                    65:d8:de:9c:25:4a:75:7a:6a:86:ac:c0:44:ac:53:
                    6b:3c:91:7f:8c:aa:e5:c6:a9:74:c1:4e:47:75:b6:
                    f8:83:f8:f9:af:43:0d:63:97:9c:e6:45:17:39:af:
                    01:d6:69:44:99:20:ec:92:41:57:d1:79:d9:da:22:
                    b0:3b:a1:59:2f:2b:b0:12:8d:22:06:85:e2:c1:2d:
                    90:19:97:0e:2b:a4:c6:00:33:de:3a:64:32:4d:82:
                    e0:db:62:d7:de:eb:fd:e9:cc:93:b7:57:c5:96:3a:
                    1f:e9:8d:df:ca:a1:e7:e4:88:1b:cf:3d:a4:42:76:
                    25:ce:22:c0:10:b4:59:3a:1f:4a:da:ea:eb:4d:b2:
                    e2:72:51:47:4e:33:72:14:99:e0:b9:fe:00:9d:ea:
                    17:e8:a8:bf:d4:b4:19:e0:64:b6:2c:be:af:d9:e6:
                    26:d0:a4:69:e9:c7:a1:20:1b:1b:37:7c:41:60:d6:
                    f9:e7:f7:b7:af:5a:32:8d:b2:68:8c:f0:dc:7f:83:
                    d6:2c:cb:32:2a:bf:e7:fc:cf:8a:2a:42:e9:32:c8:
                    1d:c5:7a:2f:f3:02:fb:1f:42:4c:4f:ab:76:85:00:
                    8c:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:F2:22:EC:8D:D6:80:3B:D7:36:3B:A9:90:48:F1:CC:FF:06:C6:42
            X509v3 Authority Key Identifier:
                keyid:67:C3:AC:F9:29:A2:23:38:F2:B3:80:18:0C:C8:52:DB:47:79:AA:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z8Os-SmiIzjys4AYDMhS20d5qtA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/ca4815-0e00-49bf-88f5-caca8b80c91c/1/TfIi7I3WgDvXNjupkEjxzP8GxkI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/ca4815-0e00-49bf-88f5-caca8b80c91c/1/Z8Os-SmiIzjys4AYDMhS20d5qtA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.43.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         90:00:cb:6a:47:66:da:f6:b9:54:c2:6e:37:7d:df:9e:b2:3f:
         f5:d9:f3:e7:18:1f:e5:ae:95:f9:83:f3:f4:55:c1:76:b0:d8:
         e3:1d:00:61:bc:9f:08:81:8e:e6:7d:c3:c9:d3:15:89:99:c7:
         d0:11:c7:8b:11:79:de:27:aa:0b:2d:07:fd:f5:d9:f0:06:76:
         2a:8e:f0:cc:39:b4:02:d2:21:68:a9:b1:39:34:1a:fe:3f:81:
         e1:35:e4:67:53:2f:b2:8d:16:45:da:86:9b:dd:c8:22:28:6f:
         a0:18:56:b8:87:4c:5d:19:75:65:a3:cd:22:6b:34:22:2c:90:
         1e:a5:1d:5a:f0:b6:ed:9f:6e:af:af:10:be:47:67:1f:c1:0f:
         29:32:a7:9f:a1:09:94:2b:50:23:d3:6a:23:90:c2:8e:57:88:
         03:b0:e9:8a:b6:4c:47:0f:30:3a:2b:99:16:4d:b4:b3:b6:00:
         af:f7:26:dc:b4:bc:3f:c9:ca:16:1a:2e:fb:c9:d8:22:e5:14:
         17:87:c9:5a:04:78:25:76:98:c7:71:11:1a:0a:f4:5a:7b:25:
         4b:47:1e:1e:4b:1a:38:90:ad:0f:45:87:31:49:72:eb:2c:b6:
         f0:dc:c3:a1:c3:9f:4f:b7:c2:60:df:30:ff:8b:0f:a6:6a:44:
         67:a3:8e:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87gMQM5z5a5MTZP0vtba+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3YzNhY2Y5MjlhMjIzMzhmMmIzODAxODBjYzg1MmRiNDc3
OWFhZDAwHhcNMjYwMTAyMDQxODUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGYyMjJlYzhkZDY4MDNiZDczNjNiYTk5MDQ4ZjFjY2ZmMDZjNjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArG4/sOJvhyE6zcLs2m3rBvZNaVDc
FxtPvTcHxpZl2N6cJUp1emqGrMBErFNrPJF/jKrlxql0wU5Hdbb4g/j5r0MNY5ec
5kUXOa8B1mlEmSDskkFX0XnZ2iKwO6FZLyuwEo0iBoXiwS2QGZcOK6TGADPeOmQy
TYLg22LX3uv96cyTt1fFljof6Y3fyqHn5Igbzz2kQnYlziLAELRZOh9K2urrTbLi
clFHTjNyFJnguf4AneoX6Ki/1LQZ4GS2LL6v2eYm0KRp6cehIBsbN3xBYNb55/e3
r1oyjbJojPDcf4PWLMsyKr/n/M+KKkLpMsgdxXov8wL7H0JMT6t2hQCMNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE3yIuyN1oA71zY7qZBI8cz/BsZCMB8GA1UdIwQY
MBaAFGfDrPkpoiM48rOAGAzIUttHearQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjhPcy1TbWlJemp5czRBWURNaFMyMGQ1cXRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC9jYTQ4MTUtMGUwMC00OWJmLTg4ZjUt
Y2FjYThiODBjOTFjLzEvVGZJaTdJM1dnRHZYTmp1cGtFanh6UDhHeGtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC9jYTQ4MTUtMGUwMC00OWJmLTg4ZjUtY2FjYThiODBjOTFj
LzEvWjhPcy1TbWlJemp5czRBWURNaFMyMGQ1cXRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwSv0MA0G
CSqGSIb3DQEBCwUAA4IBAQCQAMtqR2ba9rlUwm43fd+esj/12fPnGB/lrpX5g/P0
VcF2sNjjHQBhvJ8IgY7mfcPJ0xWJmcfQEceLEXneJ6oLLQf99dnwBnYqjvDMObQC
0iFoqbE5NBr+P4HhNeRnUy+yjRZF2oab3cgiKG+gGFa4h0xdGXVlo80iazQiLJAe
pR1a8Lbtn26vrxC+R2cfwQ8pMqefoQmUK1Aj02ojkMKOV4gDsOmKtkxHDzA6K5kW
TbSztgCv9ybctLw/ycoWGi77ydgi5RQXh8laBHgldpjHcREaCvRaeyVLRx4eSxo4
kK0PRYcxSXLrLLbw3MOhw59Pt8Jg3zD/iw+makRno464
-----END CERTIFICATE-----