This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/DzxiZJPGgN-L5x8Tmke870uFDps.roa
File:                     DzxiZJPGgN-L5x8Tmke870uFDps.roa (raw, json)
Hash identifier:          1Q/8RulRc2wId3M7Ecllzd6PXaP/uzWVaIi2yt+uHxo=
Subject key identifier:   0F:3C:62:64:93:C6:80:DF:8B:E7:1F:13:9A:47:BC:EF:4B:85:0E:9B
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       019B7BA543C6D3AA2315C78874C6F65D8E4A
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/DzxiZJPGgN-L5x8Tmke870uFDps.roa
Signing time:             Thu 01 Jan 2026 22:19:46 +0000
ROA not before:           Thu 01 Jan 2026 22:19:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198280
IP address blocks:        213.91.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:43:c6:d3:aa:23:15:c7:88:74:c6:f6:5d:8e:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 22:19:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0f3c626493c680df8be71f139a47bcef4b850e9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:d9:66:11:8e:94:60:d4:c2:10:61:ee:d7:2a:
                    94:67:1f:31:87:4b:3e:ae:b0:02:b1:47:ea:a4:c7:
                    d0:1e:d8:79:11:76:e8:66:a5:c8:28:2e:36:7b:13:
                    ee:8d:8f:8e:27:32:4a:77:0e:1f:aa:b9:f6:8f:46:
                    19:b3:1a:49:8a:9b:e4:0c:ac:04:c4:74:88:8c:01:
                    8f:9d:b5:65:9e:ec:56:a3:c6:5e:dc:46:e0:f4:5c:
                    3b:82:72:65:fe:53:4e:92:18:32:86:c5:75:02:47:
                    59:92:17:89:ee:d7:38:f9:21:61:5f:5f:47:7a:b9:
                    1a:a0:45:f5:72:09:c8:fd:1d:92:01:e4:4d:b7:59:
                    b0:28:82:44:a1:84:d5:b6:ff:10:ee:7a:42:d7:57:
                    12:4f:ee:12:ee:7a:89:7f:94:b5:ea:09:02:9b:44:
                    bc:6e:c5:7b:87:72:f1:d3:61:b9:ca:39:20:f8:5d:
                    70:d9:c4:ca:ae:c5:e8:e6:49:22:a1:85:cd:23:4d:
                    63:a5:fd:35:62:be:6d:bb:0b:5a:62:64:f3:20:f3:
                    cb:80:c7:e5:d3:9e:5c:b6:84:2b:6f:1f:92:4a:bd:
                    bd:19:a1:a9:78:cb:a8:0a:72:6d:f3:57:09:52:fa:
                    31:54:58:ea:a2:56:25:b3:37:d3:34:a3:a7:d1:ae:
                    42:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:3C:62:64:93:C6:80:DF:8B:E7:1F:13:9A:47:BC:EF:4B:85:0E:9B
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/DzxiZJPGgN-L5x8Tmke870uFDps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.91.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:c4:a2:be:29:b2:5d:1b:5a:04:23:69:82:29:1a:bf:5d:6f:
         56:96:e9:f5:15:ea:31:e3:56:ad:e3:56:d0:b8:b2:65:09:bd:
         cb:e0:ce:a6:38:b1:ee:af:cf:fc:bb:1d:0b:0b:49:f2:b4:97:
         f6:ff:73:ad:3c:48:2a:04:be:31:b8:89:21:ac:90:d1:32:43:
         0c:92:50:c4:3a:77:f4:f8:b3:5e:c1:8b:76:19:d0:89:3b:de:
         2c:38:f6:f9:bb:ec:dd:96:69:65:fb:61:54:dd:8d:e6:81:ec:
         4b:b8:4e:77:b4:1a:99:0e:a1:ab:37:be:06:59:70:ee:a9:07:
         5f:fb:85:b1:8a:cb:5a:83:2a:8f:b3:7e:1e:bc:d9:6f:dd:c5:
         ff:60:e4:fb:b7:cd:f3:db:f4:c9:f1:cd:48:2c:b3:bb:70:17:
         3f:09:53:fe:19:30:2b:65:37:17:ce:e2:8d:ef:3b:56:a6:08:
         f9:5d:d5:78:4f:f7:bb:7b:91:bb:92:9b:06:76:e3:ef:72:02:
         ee:e9:df:f7:bc:15:61:0b:5d:db:56:07:9e:05:34:f2:4e:8a:
         25:b9:8c:80:3e:11:10:9e:12:ff:1f:1b:6f:6c:97:0f:9a:97:
         81:e1:10:59:31:08:fc:21:0a:a4:23:69:0d:fc:1b:e8:ed:7b:
         dc:48:27:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pUPG06ojFceIdMb2XY5KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjYwMTAxMjIxOTQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjNjNjI2NDkzYzY4MGRmOGJlNzFmMTM5YTQ3YmNlZjRiODUwZTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsNlmEY6UYNTCEGHu1yqUZx8xh0s+
rrACsUfqpMfQHth5EXboZqXIKC42exPujY+OJzJKdw4fqrn2j0YZsxpJipvkDKwE
xHSIjAGPnbVlnuxWo8Ze3Ebg9Fw7gnJl/lNOkhgyhsV1AkdZkheJ7tc4+SFhX19H
erkaoEX1cgnI/R2SAeRNt1mwKIJEoYTVtv8Q7npC11cST+4S7nqJf5S16gkCm0S8
bsV7h3Lx02G5yjkg+F1w2cTKrsXo5kkioYXNI01jpf01Yr5tuwtaYmTzIPPLgMfl
055ctoQrbx+SSr29GaGpeMuoCnJt81cJUvoxVFjqolYlszfTNKOn0a5CtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA88YmSTxoDfi+cfE5pHvO9LhQ6bMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvRHp4aVpKUEdnTi1MNXg4VG1rZTg3MHVGRHBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1VvnMA0G
CSqGSIb3DQEBCwUAA4IBAQBixKK+KbJdG1oEI2mCKRq/XW9Wlun1Feox41at41bQ
uLJlCb3L4M6mOLHur8/8ux0LC0nytJf2/3OtPEgqBL4xuIkhrJDRMkMMklDEOnf0
+LNewYt2GdCJO94sOPb5u+zdlmll+2FU3Y3mgexLuE53tBqZDqGrN74GWXDuqQdf
+4WxistagyqPs34evNlv3cX/YOT7t83z2/TJ8c1ILLO7cBc/CVP+GTArZTcXzuKN
7ztWpgj5XdV4T/e7e5G7kpsGduPvcgLu6d/3vBVhC13bVgeeBTTyTooluYyAPhEQ
nhL/HxtvbJcPmpeB4RBZMQj8IQqkI2kN/Bvo7XvcSCfv
-----END CERTIFICATE-----