This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/c1da06-198e-44bb-b33f-13e333e1fa17/1/tsIXIQRuUDBV02rdPLj6XJnzDl4.roa
File:                     tsIXIQRuUDBV02rdPLj6XJnzDl4.roa (raw, json)
Hash identifier:          +5zk1WdRPKPJfJvtpk3tr0u9W43LZvbEvy4wGv4JI08=
Subject key identifier:   B6:C2:17:21:04:6E:50:30:55:D3:6A:DD:3C:B8:FA:5C:99:F3:0E:5E
Certificate issuer:       /CN=5547b17ed7dcc9d1ec2a3fc7d5e792b591ea6280
Certificate serial:       019BFA5B712EFC46555F00B1A41F7963A975
Authority key identifier: 55:47:B1:7E:D7:DC:C9:D1:EC:2A:3F:C7:D5:E7:92:B5:91:EA:62:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VUexftfcydHsKj_H1eeStZHqYoA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/c1da06-198e-44bb-b33f-13e333e1fa17/1/tsIXIQRuUDBV02rdPLj6XJnzDl4.roa
Signing time:             Mon 26 Jan 2026 12:50:55 +0000
ROA not before:           Mon 26 Jan 2026 12:50:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3209
IP address blocks:        194.173.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/c1da06-198e-44bb-b33f-13e333e1fa17/1/VUexftfcydHsKj_H1eeStZHqYoA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/c1da06-198e-44bb-b33f-13e333e1fa17/1/VUexftfcydHsKj_H1eeStZHqYoA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VUexftfcydHsKj_H1eeStZHqYoA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 12:50:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:fa:5b:71:2e:fc:46:55:5f:00:b1:a4:1f:79:63:a9:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5547b17ed7dcc9d1ec2a3fc7d5e792b591ea6280
        Validity
            Not Before: Jan 26 12:50:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b6c21721046e503055d36add3cb8fa5c99f30e5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:a4:b8:d9:bc:7c:33:28:6a:4b:a2:53:f6:f1:
                    20:0e:2f:7e:38:d8:6e:f8:64:1c:51:6c:5f:7b:96:
                    a6:9c:1e:4e:50:8a:d0:5f:01:19:65:5b:ab:9a:c1:
                    02:1b:69:bd:0d:d4:cf:f1:82:10:b5:ce:f0:7c:91:
                    90:33:ea:04:94:ba:e7:0e:6b:fa:42:0f:ae:e1:06:
                    ca:cb:6d:eb:5d:df:ae:8f:ed:5d:5d:75:7c:b0:af:
                    b8:e6:76:6e:32:83:05:26:45:a0:e4:75:52:b3:6f:
                    2b:d7:17:a0:24:6c:eb:37:68:21:5b:14:1e:8e:57:
                    dd:67:3c:02:f3:a2:17:d4:57:67:23:6e:a1:1b:31:
                    c4:53:de:2d:9a:5d:24:8b:f4:23:81:7f:d0:73:f9:
                    0a:e5:70:d4:8c:20:0c:91:06:93:20:91:af:c3:67:
                    3d:54:17:b8:69:6d:5b:b1:dd:25:ed:dc:20:6c:bc:
                    98:ad:a0:a3:8f:3f:f1:6b:a3:de:60:f9:8f:9f:4a:
                    93:ee:d5:36:43:43:d2:d8:86:f8:42:50:92:27:c8:
                    ff:70:e0:eb:1e:8a:da:6e:e7:fb:72:34:6d:e2:92:
                    98:ca:78:be:58:c9:79:72:39:be:3a:a4:d1:9d:a1:
                    96:5d:a5:97:09:d3:2d:be:9f:6e:0d:56:46:40:96:
                    8f:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:C2:17:21:04:6E:50:30:55:D3:6A:DD:3C:B8:FA:5C:99:F3:0E:5E
            X509v3 Authority Key Identifier:
                keyid:55:47:B1:7E:D7:DC:C9:D1:EC:2A:3F:C7:D5:E7:92:B5:91:EA:62:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VUexftfcydHsKj_H1eeStZHqYoA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/c1da06-198e-44bb-b33f-13e333e1fa17/1/tsIXIQRuUDBV02rdPLj6XJnzDl4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/c1da06-198e-44bb-b33f-13e333e1fa17/1/VUexftfcydHsKj_H1eeStZHqYoA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.173.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:64:e2:b5:34:e7:31:2f:69:25:5b:b4:8c:56:f0:e2:27:55:
         28:d9:a2:39:7f:9e:cc:7a:b1:ac:52:5e:cf:61:84:80:de:ce:
         c8:87:45:a1:99:a1:7d:21:2b:01:b5:43:d2:c2:78:d0:8c:5f:
         ca:a3:25:7b:90:79:dc:f9:33:5e:c2:ca:9d:0d:23:10:dd:86:
         01:98:59:1a:99:d3:95:54:1a:ad:4e:ff:f8:bc:e4:5f:47:96:
         37:31:50:4c:97:f7:45:9d:aa:5a:1a:ca:ab:26:76:2b:9f:7b:
         7e:6c:67:01:c7:e5:d5:63:a9:46:8f:c8:08:95:59:08:b0:61:
         83:82:3c:66:f3:c9:a1:5b:ad:71:e9:2a:0d:c5:68:b8:da:27:
         58:59:7f:dd:3b:9f:c7:20:cc:ad:4c:95:e3:69:c0:e1:0b:89:
         76:dd:db:c1:1e:10:00:19:1d:7c:e6:25:be:66:e9:c0:f0:8c:
         94:b6:3a:1f:5d:97:6b:69:95:75:81:39:66:98:41:a5:95:17:
         7f:2b:5a:1b:15:9c:c3:3b:41:55:c6:15:1e:29:31:fc:4e:3b:
         b7:44:d8:39:4c:a2:a7:4e:a4:7c:db:b0:42:09:1d:0e:75:4e:
         14:08:ca:56:f8:39:91:76:e3:f3:01:91:ad:92:f3:18:5a:80:
         8d:cb:8e:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZv6W3Eu/EZVXwCxpB95Y6l1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1NDdiMTdlZDdkY2M5ZDFlYzJhM2ZjN2Q1ZTc5MmI1OTFl
YTYyODAwHhcNMjYwMTI2MTI1MDU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmMyMTcyMTA0NmU1MDMwNTVkMzZhZGQzY2I4ZmE1Yzk5ZjMwZTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyKS42bx8MyhqS6JT9vEgDi9+ONhu
+GQcUWxfe5amnB5OUIrQXwEZZVurmsECG2m9DdTP8YIQtc7wfJGQM+oElLrnDmv6
Qg+u4QbKy23rXd+uj+1dXXV8sK+45nZuMoMFJkWg5HVSs28r1xegJGzrN2ghWxQe
jlfdZzwC86IX1FdnI26hGzHEU94tml0ki/QjgX/Qc/kK5XDUjCAMkQaTIJGvw2c9
VBe4aW1bsd0l7dwgbLyYraCjjz/xa6PeYPmPn0qT7tU2Q0PS2Ib4QlCSJ8j/cODr
Horabuf7cjRt4pKYyni+WMl5cjm+OqTRnaGWXaWXCdMtvp9uDVZGQJaPowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLbCFyEEblAwVdNq3Ty4+lyZ8w5eMB8GA1UdIwQY
MBaAFFVHsX7X3MnR7Co/x9XnkrWR6mKAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlVleGZ0ZmN5ZEhzS2pfSDFlZVN0WkhxWW9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9jMWRhMDYtMTk4ZS00NGJiLWIzM2Yt
MTNlMzMzZTFmYTE3LzEvdHNJWElRUnVVREJWMDJyZFBMajZYSm56RGw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9jMWRhMDYtMTk4ZS00NGJiLWIzM2YtMTNlMzMzZTFmYTE3
LzEvVlVleGZ0ZmN5ZEhzS2pfSDFlZVN0WkhxWW9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwq1GMA0G
CSqGSIb3DQEBCwUAA4IBAQAwZOK1NOcxL2klW7SMVvDiJ1Uo2aI5f57MerGsUl7P
YYSA3s7Ih0WhmaF9ISsBtUPSwnjQjF/KoyV7kHnc+TNewsqdDSMQ3YYBmFkamdOV
VBqtTv/4vORfR5Y3MVBMl/dFnapaGsqrJnYrn3t+bGcBx+XVY6lGj8gIlVkIsGGD
gjxm88mhW61x6SoNxWi42idYWX/dO5/HIMytTJXjacDhC4l23dvBHhAAGR185iW+
ZunA8IyUtjofXZdraZV1gTlmmEGllRd/K1obFZzDO0FVxhUeKTH8Tju3RNg5TKKn
TqR827BCCR0OdU4UCMpW+DmRduPzAZGtkvMYWoCNy452
-----END CERTIFICATE-----