This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/7c0274-74c6-4423-9a88-9a300b0a7ed2/1/tKZtiob_Nq3JG5qKeeGyKdGDt2o.roa
File:                     tKZtiob_Nq3JG5qKeeGyKdGDt2o.roa (raw, json)
Hash identifier:          orNqkM35VJUEOJvGQtjnDxsBymM4EnHV3TJiqbLgHGU=
Subject key identifier:   B4:A6:6D:8A:86:FF:36:AD:C9:1B:9A:8A:79:E1:B2:29:D1:83:B7:6A
Certificate issuer:       /CN=c9d0e9234cc6721957a4ac213eac6753ed85eea7
Certificate serial:       019B7AC88006C99D213B176099325DF51661
Authority key identifier: C9:D0:E9:23:4C:C6:72:19:57:A4:AC:21:3E:AC:67:53:ED:85:EE:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydDpI0zGchlXpKwhPqxnU-2F7qc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/7c0274-74c6-4423-9a88-9a300b0a7ed2/1/tKZtiob_Nq3JG5qKeeGyKdGDt2o.roa
Signing time:             Thu 01 Jan 2026 18:18:38 +0000
ROA not before:           Thu 01 Jan 2026 18:18:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     1299
IP address blocks:        194.59.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/7c0274-74c6-4423-9a88-9a300b0a7ed2/1/ydDpI0zGchlXpKwhPqxnU-2F7qc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/7c0274-74c6-4423-9a88-9a300b0a7ed2/1/ydDpI0zGchlXpKwhPqxnU-2F7qc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydDpI0zGchlXpKwhPqxnU-2F7qc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 21:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:80:06:c9:9d:21:3b:17:60:99:32:5d:f5:16:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d0e9234cc6721957a4ac213eac6753ed85eea7
        Validity
            Not Before: Jan  1 18:18:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b4a66d8a86ff36adc91b9a8a79e1b229d183b76a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:18:d5:65:33:ea:70:f3:9f:b6:72:fc:e0:33:
                    15:22:8b:f0:30:37:6d:1e:7e:87:24:55:11:a2:e3:
                    be:ec:41:75:dc:2c:1f:ce:5e:8a:5d:24:45:1f:d0:
                    ec:7c:70:f6:b2:6d:d6:d9:c4:71:d8:c5:dc:a8:2c:
                    87:1b:27:e3:e2:69:e5:f5:e8:d2:b8:15:f2:d3:c8:
                    02:5d:d1:a5:f0:92:c9:e1:5c:32:ce:9a:fe:1a:74:
                    9d:ba:af:ab:75:cc:8b:34:da:d3:9c:33:ee:d2:56:
                    76:01:bd:51:41:21:ff:02:2d:93:86:a0:ed:d2:cb:
                    8e:0f:e5:1b:7c:a8:38:8d:ab:bd:ee:6b:b5:0a:85:
                    58:8f:db:f4:49:38:ab:79:af:7b:2b:fe:7a:56:ce:
                    82:66:9a:f7:71:ef:63:c4:7c:49:56:18:87:8c:fe:
                    61:a2:90:e5:10:c2:3e:4d:8e:e8:aa:c4:5d:44:69:
                    88:2e:fe:36:cc:dd:e7:89:16:fe:e0:54:31:83:1b:
                    1a:be:23:b0:2b:1c:d1:84:87:18:d3:9b:d4:8d:d0:
                    97:31:e5:00:1f:ad:b0:36:a0:53:0d:7d:8d:67:02:
                    8c:1e:e6:ab:d5:7a:5c:eb:f5:ed:39:9a:e9:56:f8:
                    aa:8d:f6:4b:78:6d:7f:bf:8a:8e:c6:7f:3c:2d:77:
                    8e:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:A6:6D:8A:86:FF:36:AD:C9:1B:9A:8A:79:E1:B2:29:D1:83:B7:6A
            X509v3 Authority Key Identifier:
                keyid:C9:D0:E9:23:4C:C6:72:19:57:A4:AC:21:3E:AC:67:53:ED:85:EE:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydDpI0zGchlXpKwhPqxnU-2F7qc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7c0274-74c6-4423-9a88-9a300b0a7ed2/1/tKZtiob_Nq3JG5qKeeGyKdGDt2o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7c0274-74c6-4423-9a88-9a300b0a7ed2/1/ydDpI0zGchlXpKwhPqxnU-2F7qc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.59.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:f1:a9:2f:36:ef:cc:66:b4:8d:c8:fd:52:14:62:bf:55:c8:
         5a:d3:4f:9e:eb:f9:c3:10:23:53:ac:ff:7c:ec:28:c9:68:b8:
         ba:d7:66:f8:0d:a4:97:81:3a:b1:b7:ae:ea:e9:28:97:60:b0:
         3b:38:2b:a0:b9:cb:dd:e5:21:18:f4:66:92:09:33:ba:62:eb:
         75:c0:97:95:f6:94:94:e4:cc:4f:d1:37:d5:2b:02:6e:c6:82:
         ac:a7:cd:21:26:64:84:c5:07:b4:53:63:78:97:62:6a:46:f2:
         c3:fc:59:83:4f:2b:bc:d1:41:e5:e0:6e:59:51:a5:51:48:dd:
         e0:77:59:ed:d3:b7:66:61:20:03:71:fd:33:0e:bc:d6:b7:7e:
         71:84:fc:8e:ef:5a:48:62:fe:c5:d2:d6:d6:61:d0:80:b2:13:
         96:fb:2f:2e:ea:c3:03:24:5e:1f:0a:b1:75:ec:ab:7d:b7:60:
         97:06:75:ca:c2:49:0f:49:5c:46:8d:93:3a:05:6b:95:eb:73:
         d6:34:79:7e:13:a0:ab:13:1c:fc:0a:d8:eb:51:16:7b:eb:ae:
         b9:52:b3:ac:22:21:d3:25:b5:48:c3:d0:16:fe:f3:0b:bc:30:
         93:ad:d5:38:9a:43:12:f8:5e:45:dc:28:da:63:ac:72:97:82:
         bc:db:87:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yIAGyZ0hOxdgmTJd9RZhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDBlOTIzNGNjNjcyMTk1N2E0YWMyMTNlYWM2NzUzZWQ4
NWVlYTcwHhcNMjYwMTAxMTgxODM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGE2NmQ4YTg2ZmYzNmFkYzkxYjlhOGE3OWUxYjIyOWQxODNiNzZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxRjVZTPqcPOftnL84DMVIovwMDdt
Hn6HJFURouO+7EF13Cwfzl6KXSRFH9DsfHD2sm3W2cRx2MXcqCyHGyfj4mnl9ejS
uBXy08gCXdGl8JLJ4Vwyzpr+GnSduq+rdcyLNNrTnDPu0lZ2Ab1RQSH/Ai2ThqDt
0suOD+UbfKg4jau97mu1CoVYj9v0STirea97K/56Vs6CZpr3ce9jxHxJVhiHjP5h
opDlEMI+TY7oqsRdRGmILv42zN3niRb+4FQxgxsaviOwKxzRhIcY05vUjdCXMeUA
H62wNqBTDX2NZwKMHuar1Xpc6/XtOZrpVviqjfZLeG1/v4qOxn88LXeOBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLSmbYqG/zatyRuainnhsinRg7dqMB8GA1UdIwQY
MBaAFMnQ6SNMxnIZV6SsIT6sZ1Pthe6nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWREcEkwekdjaGxYcEt3aFBxeG5VLTJGN3FjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83YzAyNzQtNzRjNi00NDIzLTlhODgt
OWEzMDBiMGE3ZWQyLzEvdEtadGlvYl9OcTNKRzVxS2VlR3lLZEdEdDJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83YzAyNzQtNzRjNi00NDIzLTlhODgtOWEzMDBiMGE3ZWQy
LzEveWREcEkwekdjaGxYcEt3aFBxeG5VLTJGN3FjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjsNMA0G
CSqGSIb3DQEBCwUAA4IBAQAI8akvNu/MZrSNyP1SFGK/Vcha00+e6/nDECNTrP98
7CjJaLi612b4DaSXgTqxt67q6SiXYLA7OCugucvd5SEY9GaSCTO6Yut1wJeV9pSU
5MxP0TfVKwJuxoKsp80hJmSExQe0U2N4l2JqRvLD/FmDTyu80UHl4G5ZUaVRSN3g
d1nt07dmYSADcf0zDrzWt35xhPyO71pIYv7F0tbWYdCAshOW+y8u6sMDJF4fCrF1
7Kt9t2CXBnXKwkkPSVxGjZM6BWuV63PWNHl+E6CrExz8CtjrURZ76665UrOsIiHT
JbVIw9AW/vMLvDCTrdU4mkMS+F5F3CjaY6xyl4K824cL
-----END CERTIFICATE-----