This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/ce77b1-1c4d-47b0-a77b-843948cbfb81/1/wFIGK-hJfwnzYHOy-0zpMlYIwX8.roa
File:                     wFIGK-hJfwnzYHOy-0zpMlYIwX8.roa (raw, json)
Hash identifier:          ijX/47c/1yaEzAjtMYS0nchNRSTG2HHJG2gdZxBcrMw=
Subject key identifier:   C0:52:06:2B:E8:49:7F:09:F3:60:73:B2:FB:4C:E9:32:56:08:C1:7F
Certificate issuer:       /CN=45d34fd048b597b3e5f7da89dfe64657697e8ee3
Certificate serial:       019B7C11C5FA0342D7E1F762B32D9B6875B0
Authority key identifier: 45:D3:4F:D0:48:B5:97:B3:E5:F7:DA:89:DF:E6:46:57:69:7E:8E:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RdNP0Ei1l7Pl99qJ3-ZGV2l-juM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/ce77b1-1c4d-47b0-a77b-843948cbfb81/1/wFIGK-hJfwnzYHOy-0zpMlYIwX8.roa
Signing time:             Fri 02 Jan 2026 00:18:18 +0000
ROA not before:           Fri 02 Jan 2026 00:18:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        194.119.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/ce77b1-1c4d-47b0-a77b-843948cbfb81/1/RdNP0Ei1l7Pl99qJ3-ZGV2l-juM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/ce77b1-1c4d-47b0-a77b-843948cbfb81/1/RdNP0Ei1l7Pl99qJ3-ZGV2l-juM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RdNP0Ei1l7Pl99qJ3-ZGV2l-juM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 00:20:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:11:c5:fa:03:42:d7:e1:f7:62:b3:2d:9b:68:75:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45d34fd048b597b3e5f7da89dfe64657697e8ee3
        Validity
            Not Before: Jan  2 00:18:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c052062be8497f09f36073b2fb4ce9325608c17f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:51:bf:c1:20:7e:d1:4a:e6:6c:3c:91:73:35:
                    41:5e:05:c9:75:d1:be:b1:86:55:10:59:91:7a:49:
                    f2:fa:9a:23:a7:aa:b4:2f:57:eb:e2:34:aa:44:47:
                    49:85:de:dd:90:e7:45:e1:b3:0b:d8:4f:9a:17:7a:
                    ab:1f:ae:09:67:1c:10:18:a4:dc:7f:10:85:4b:a3:
                    12:a3:5e:5f:a0:5f:c8:d7:80:ea:23:e0:38:57:5c:
                    e7:6e:35:15:a1:d3:08:06:38:27:10:e6:6e:65:38:
                    02:56:02:22:b8:bb:d8:4b:92:51:ca:5e:67:b8:ac:
                    6c:06:f8:04:ea:e9:56:94:f1:80:5f:ce:99:8f:3a:
                    81:88:56:ca:c9:51:e9:8b:03:94:2c:35:79:95:50:
                    3e:9b:0f:ae:90:8c:ef:67:b3:44:98:80:aa:5c:58:
                    03:42:7e:b2:79:da:d6:a3:d5:e6:5f:6b:fb:29:24:
                    82:6d:4c:07:12:41:71:7b:d2:c2:aa:df:c2:99:b0:
                    84:fd:a7:0d:d6:73:02:95:fe:e2:f3:45:39:32:da:
                    a2:5f:46:2a:21:1c:44:aa:b4:61:bf:19:12:11:8c:
                    9f:bb:e4:c4:df:44:40:8c:18:97:34:0d:0d:90:75:
                    32:f0:63:7d:e0:bd:4b:a3:9e:b8:70:29:f3:7d:39:
                    5e:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:52:06:2B:E8:49:7F:09:F3:60:73:B2:FB:4C:E9:32:56:08:C1:7F
            X509v3 Authority Key Identifier:
                keyid:45:D3:4F:D0:48:B5:97:B3:E5:F7:DA:89:DF:E6:46:57:69:7E:8E:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RdNP0Ei1l7Pl99qJ3-ZGV2l-juM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/ce77b1-1c4d-47b0-a77b-843948cbfb81/1/wFIGK-hJfwnzYHOy-0zpMlYIwX8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/ce77b1-1c4d-47b0-a77b-843948cbfb81/1/RdNP0Ei1l7Pl99qJ3-ZGV2l-juM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.119.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:d4:3f:6b:28:38:02:71:59:c3:64:cf:ef:89:ce:0f:b9:e1:
         56:4f:60:43:bc:d8:83:c5:60:b0:f5:44:ca:00:dc:0a:79:ac:
         67:d3:c6:c3:4c:70:c7:46:de:4f:d6:25:45:45:9d:76:4d:5e:
         d0:b4:1a:6a:98:b3:68:80:9c:24:b6:2e:d1:14:ee:96:f6:85:
         54:89:c4:0b:aa:60:8c:de:ee:f3:8c:90:45:d4:f6:bc:e1:16:
         f4:ca:fc:47:bb:01:22:6b:02:32:c4:1b:21:03:3f:a1:f9:4f:
         84:e2:8e:9b:eb:21:d8:15:9c:0a:bb:53:10:fb:bb:60:31:7c:
         fc:a1:ff:2b:8b:44:76:9a:87:c6:09:05:7c:d3:cd:04:c2:37:
         65:13:99:a5:37:f9:32:79:42:a6:85:a7:05:99:f5:fc:59:ba:
         0e:2a:3d:09:b0:24:b6:a3:9c:53:1e:75:f5:8b:f0:8a:50:b9:
         96:17:27:5b:69:73:ec:c7:3b:f5:8d:94:40:78:21:ea:89:38:
         8d:81:21:47:ca:20:02:4c:12:fc:44:a0:ff:84:d0:33:f6:80:
         a6:00:3f:93:be:ae:b3:d0:aa:f5:1b:3f:5c:d3:3e:db:05:9d:
         16:57:6f:1a:76:25:23:48:5e:d7:10:ae:f5:fc:40:3a:1e:9c:
         03:1d:7e:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EcX6A0LX4fdisy2baHWwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1ZDM0ZmQwNDhiNTk3YjNlNWY3ZGE4OWRmZTY0NjU3Njk3
ZThlZTMwHhcNMjYwMTAyMDAxODE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDUyMDYyYmU4NDk3ZjA5ZjM2MDczYjJmYjRjZTkzMjU2MDhjMTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvVG/wSB+0UrmbDyRczVBXgXJddG+
sYZVEFmRekny+pojp6q0L1fr4jSqREdJhd7dkOdF4bML2E+aF3qrH64JZxwQGKTc
fxCFS6MSo15foF/I14DqI+A4V1znbjUVodMIBjgnEOZuZTgCVgIiuLvYS5JRyl5n
uKxsBvgE6ulWlPGAX86ZjzqBiFbKyVHpiwOULDV5lVA+mw+ukIzvZ7NEmICqXFgD
Qn6yedrWo9XmX2v7KSSCbUwHEkFxe9LCqt/CmbCE/acN1nMClf7i80U5MtqiX0Yq
IRxEqrRhvxkSEYyfu+TE30RAjBiXNA0NkHUy8GN94L1Lo564cCnzfTleNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMBSBivoSX8J82BzsvtM6TJWCMF/MB8GA1UdIwQY
MBaAFEXTT9BItZez5ffaid/mRldpfo7jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmROUDBFaTFsN1BsOTlxSjMtWkdWMmwtanVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9jZTc3YjEtMWM0ZC00N2IwLWE3N2It
ODQzOTQ4Y2JmYjgxLzEvd0ZJR0staEpmd256WUhPeS0wenBNbFlJd1g4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9jZTc3YjEtMWM0ZC00N2IwLWE3N2ItODQzOTQ4Y2JmYjgx
LzEvUmROUDBFaTFsN1BsOTlxSjMtWkdWMmwtanVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwndGMA0G
CSqGSIb3DQEBCwUAA4IBAQB71D9rKDgCcVnDZM/vic4PueFWT2BDvNiDxWCw9UTK
ANwKeaxn08bDTHDHRt5P1iVFRZ12TV7QtBpqmLNogJwkti7RFO6W9oVUicQLqmCM
3u7zjJBF1Pa84Rb0yvxHuwEiawIyxBshAz+h+U+E4o6b6yHYFZwKu1MQ+7tgMXz8
of8ri0R2mofGCQV8080EwjdlE5mlN/kyeUKmhacFmfX8WboOKj0JsCS2o5xTHnX1
i/CKULmWFydbaXPsxzv1jZRAeCHqiTiNgSFHyiACTBL8RKD/hNAz9oCmAD+Tvq6z
0Kr1Gz9c0z7bBZ0WV28adiUjSF7XEK71/EA6HpwDHX75
-----END CERTIFICATE-----