This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/DyFprKEgCMCP_9_Be-mhtXu71Jk.roa
File:                     DyFprKEgCMCP_9_Be-mhtXu71Jk.roa (raw, json)
Hash identifier:          ktyPBS12R1087Yo49pjux2WW0LgADp2Ex+bpb97ldjU=
Subject key identifier:   0F:21:69:AC:A1:20:08:C0:8F:FF:DF:C1:7B:E9:A1:B5:7B:BB:D4:99
Certificate issuer:       /CN=3263787fd0f94b37813eef16bc8137423ee3fef3
Certificate serial:       019BB7E804334C9BEB6EDDB8BB6860EE2435
Authority key identifier: 32:63:78:7F:D0:F9:4B:37:81:3E:EF:16:BC:81:37:42:3E:E3:FE:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/DyFprKEgCMCP_9_Be-mhtXu71Jk.roa
Signing time:             Tue 13 Jan 2026 15:09:54 +0000
ROA not before:           Tue 13 Jan 2026 15:09:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9304
IP address blocks:        194.15.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 16 Jan 2026 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:b7:e8:04:33:4c:9b:eb:6e:dd:b8:bb:68:60:ee:24:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3263787fd0f94b37813eef16bc8137423ee3fef3
        Validity
            Not Before: Jan 13 15:09:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0f2169aca12008c08fffdfc17be9a1b57bbbd499
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:03:c9:e1:6b:82:88:14:1f:78:fd:81:1b:bb:
                    37:b9:a6:d7:60:bb:1d:32:39:59:0b:6a:32:a4:b5:
                    da:59:a2:17:5f:1d:b8:d6:a8:f5:7d:c6:df:d1:3a:
                    9b:44:c9:2a:2a:0c:18:5b:60:9b:41:d0:1c:05:04:
                    3a:4d:af:2c:1f:4a:62:6e:a6:2c:db:50:56:1a:d5:
                    b0:17:d7:1e:10:bb:4a:f4:04:64:5f:8a:47:5e:19:
                    0c:3e:30:b5:02:e8:b9:74:82:57:8c:4d:3e:04:98:
                    e7:bf:5c:dc:da:bb:8f:17:a5:33:81:06:4b:20:60:
                    b3:2e:b2:0a:06:93:e5:4c:30:ed:f4:55:1d:86:08:
                    81:1c:6f:fc:a3:cd:bc:f2:2a:ab:45:9b:25:82:75:
                    8f:c6:c2:dc:3b:12:16:2b:01:3e:4a:46:f9:d3:a1:
                    9d:87:56:69:74:e7:71:a5:3e:64:ad:0f:1c:ed:9a:
                    8d:c8:80:a4:a7:ce:85:54:70:58:99:8c:0b:cb:a0:
                    25:8f:de:92:4e:b5:b6:dc:7d:7c:08:58:c9:24:1b:
                    53:1d:5a:11:d0:9c:0a:fa:86:42:af:69:10:48:34:
                    d1:a1:78:de:20:ba:89:15:0e:7e:a5:ec:37:63:5a:
                    ee:70:8b:74:dc:32:ae:cf:41:af:b1:f5:ee:cb:b8:
                    18:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:21:69:AC:A1:20:08:C0:8F:FF:DF:C1:7B:E9:A1:B5:7B:BB:D4:99
            X509v3 Authority Key Identifier:
                keyid:32:63:78:7F:D0:F9:4B:37:81:3E:EF:16:BC:81:37:42:3E:E3:FE:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/DyFprKEgCMCP_9_Be-mhtXu71Jk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.15.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:da:2a:50:39:a1:8e:f0:60:5d:5f:98:c9:ae:83:aa:2e:bb:
         1f:c5:54:3e:ca:2c:0b:08:ef:cb:ce:19:6b:e1:19:7d:6e:c9:
         4a:67:fe:c2:16:a0:37:3b:f6:14:41:2e:18:c4:ac:e7:70:7d:
         72:af:ff:7b:a5:1e:f4:e0:3e:49:70:89:6d:ec:4a:33:5a:42:
         94:c3:10:8d:cd:01:db:41:b9:58:5a:4f:3c:34:90:ba:e7:94:
         f8:25:52:56:f5:8c:27:30:a7:10:e4:5e:4d:ba:05:7e:4b:01:
         da:92:cc:c9:1c:0a:fa:46:22:35:c9:d5:b2:41:2c:ca:8d:2b:
         b9:38:53:b5:81:87:0a:a9:35:70:7e:60:bc:f3:36:2f:fc:bd:
         ac:62:f2:c1:02:44:03:6f:2c:91:6c:a3:60:a8:95:3b:c1:65:
         75:90:a8:fc:63:8d:9c:64:51:9f:df:b0:66:88:2b:b5:0c:35:
         2f:f3:5e:a2:f5:d1:d8:72:67:30:43:77:bc:cd:db:ad:dd:81:
         23:ba:cf:87:fc:cc:e2:ff:81:0c:8f:f8:5d:f2:a2:c2:14:45:
         43:80:e7:24:8c:4d:2b:cc:7e:00:de:53:58:36:cd:50:52:38:
         20:45:e7:7b:28:8e:31:7a:9c:2a:fb:9f:7e:eb:1a:e9:dc:82:
         3f:a7:1d:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZu36AQzTJvrbt24u2hg7iQ1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNjM3ODdmZDBmOTRiMzc4MTNlZWYxNmJjODEzNzQyM2Vl
M2ZlZjMwHhcNMjYwMTEzMTUwOTU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjIxNjlhY2ExMjAwOGMwOGZmZmRmYzE3YmU5YTFiNTdiYmJkNDk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2APJ4WuCiBQfeP2BG7s3uabXYLsd
MjlZC2oypLXaWaIXXx241qj1fcbf0TqbRMkqKgwYW2CbQdAcBQQ6Ta8sH0pibqYs
21BWGtWwF9ceELtK9ARkX4pHXhkMPjC1Aui5dIJXjE0+BJjnv1zc2ruPF6UzgQZL
IGCzLrIKBpPlTDDt9FUdhgiBHG/8o8288iqrRZslgnWPxsLcOxIWKwE+Skb506Gd
h1ZpdOdxpT5krQ8c7ZqNyICkp86FVHBYmYwLy6Alj96STrW23H18CFjJJBtTHVoR
0JwK+oZCr2kQSDTRoXjeILqJFQ5+pew3Y1rucIt03DKuz0GvsfXuy7gYNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA8haayhIAjAj//fwXvpobV7u9SZMB8GA1UdIwQY
MBaAFDJjeH/Q+Us3gT7vFryBN0I+4/7zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTW1ONGY5RDVTemVCUHU4V3ZJRTNRajdqX3ZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS83NzAzZWYtMjQyMi00MzdjLWI5M2Qt
NTk1ZTBiZjVjNjEzLzEvRHlGcHJLRWdDTUNQXzlfQmUtbWh0WHU3MUprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS83NzAzZWYtMjQyMi00MzdjLWI5M2QtNTk1ZTBiZjVjNjEz
LzEvTW1ONGY5RDVTemVCUHU4V3ZJRTNRajdqX3ZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwg8gMA0G
CSqGSIb3DQEBCwUAA4IBAQAv2ipQOaGO8GBdX5jJroOqLrsfxVQ+yiwLCO/Lzhlr
4Rl9bslKZ/7CFqA3O/YUQS4YxKzncH1yr/97pR704D5JcIlt7EozWkKUwxCNzQHb
QblYWk88NJC655T4JVJW9YwnMKcQ5F5NugV+SwHakszJHAr6RiI1ydWyQSzKjSu5
OFO1gYcKqTVwfmC88zYv/L2sYvLBAkQDbyyRbKNgqJU7wWV1kKj8Y42cZFGf37Bm
iCu1DDUv816i9dHYcmcwQ3e8zdut3YEjus+H/Mzi/4EMj/hd8qLCFEVDgOckjE0r
zH4A3lNYNs1QUjggRed7KI4xepwq+59+6xrp3II/px1T
-----END CERTIFICATE-----