This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/59d109-8b06-4ddd-bc20-9941992c9c24/1/byVdI5-pp6NIJu3UrT-3MuGaeXY.roa
File:                     byVdI5-pp6NIJu3UrT-3MuGaeXY.roa (raw, json)
Hash identifier:          l8DHq/5oUA3iWZHNp7UWg+LEjnOk5a1rdRkMplixMAw=
Subject key identifier:   6F:25:5D:23:9F:A9:A7:A3:48:26:ED:D4:AD:3F:B7:32:E1:9A:79:76
Certificate issuer:       /CN=d3641fa8ed1cfc3daa23aaaf8c3a76fe87ed5bab
Certificate serial:       019C049662C8CBA89D25C5F016B1F5121E34
Authority key identifier: D3:64:1F:A8:ED:1C:FC:3D:AA:23:AA:AF:8C:3A:76:FE:87:ED:5B:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/02QfqO0c_D2qI6qvjDp2_oftW6s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/59d109-8b06-4ddd-bc20-9941992c9c24/1/byVdI5-pp6NIJu3UrT-3MuGaeXY.roa
Signing time:             Wed 28 Jan 2026 12:31:30 +0000
ROA not before:           Wed 28 Jan 2026 12:31:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198938
IP address blocks:        193.35.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/59d109-8b06-4ddd-bc20-9941992c9c24/1/02QfqO0c_D2qI6qvjDp2_oftW6s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/59d109-8b06-4ddd-bc20-9941992c9c24/1/02QfqO0c_D2qI6qvjDp2_oftW6s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/02QfqO0c_D2qI6qvjDp2_oftW6s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:04:96:62:c8:cb:a8:9d:25:c5:f0:16:b1:f5:12:1e:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3641fa8ed1cfc3daa23aaaf8c3a76fe87ed5bab
        Validity
            Not Before: Jan 28 12:31:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6f255d239fa9a7a34826edd4ad3fb732e19a7976
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:8b:4c:d9:75:89:be:7d:56:84:29:fb:be:22:
                    26:11:22:f8:ee:08:30:04:38:87:0d:de:88:4c:15:
                    04:ea:62:79:e3:e8:e5:0b:7d:38:3f:86:16:60:f5:
                    70:b5:78:a0:b1:92:85:e6:75:b0:0e:8c:c3:21:bf:
                    06:44:f0:ab:f1:bb:86:bd:9c:da:e2:3a:b1:0e:1b:
                    b4:16:ba:a2:48:c6:cd:3c:d3:34:c2:23:86:53:0f:
                    6d:16:29:e3:39:b2:b9:e7:40:99:b9:7f:b4:16:87:
                    1c:30:5f:6e:a5:1a:83:9e:4b:2f:a3:0e:60:39:59:
                    ad:58:8f:02:c7:70:69:c1:85:a8:54:b6:71:63:54:
                    ab:04:ce:5f:91:12:50:86:1f:e1:e6:48:05:38:35:
                    6a:c2:e8:1c:6c:1b:b2:98:83:59:6d:92:3e:58:15:
                    41:92:75:08:3c:2d:90:02:76:a2:fc:99:41:89:0b:
                    38:80:77:5a:68:2e:2f:dd:14:9b:2b:66:e5:db:a0:
                    30:7a:17:06:62:59:93:31:a8:cb:d3:5f:a7:21:a5:
                    04:11:43:1e:d6:04:f0:3c:89:2f:0e:3c:49:71:dd:
                    d4:f8:bf:9c:c0:60:37:8c:e5:6a:c7:47:8d:ef:14:
                    8c:d4:4a:72:4e:66:bf:36:90:09:10:c1:7c:d0:ad:
                    e6:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:25:5D:23:9F:A9:A7:A3:48:26:ED:D4:AD:3F:B7:32:E1:9A:79:76
            X509v3 Authority Key Identifier:
                keyid:D3:64:1F:A8:ED:1C:FC:3D:AA:23:AA:AF:8C:3A:76:FE:87:ED:5B:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/02QfqO0c_D2qI6qvjDp2_oftW6s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/59d109-8b06-4ddd-bc20-9941992c9c24/1/byVdI5-pp6NIJu3UrT-3MuGaeXY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/59d109-8b06-4ddd-bc20-9941992c9c24/1/02QfqO0c_D2qI6qvjDp2_oftW6s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.35.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:24:a6:54:ab:d9:0f:e7:41:62:04:e7:d0:08:b9:3f:cf:ce:
         a4:6c:73:6d:00:20:13:eb:09:9e:78:a6:b4:c6:cd:03:08:45:
         d3:b6:42:9e:30:2c:6b:da:3e:fc:14:7c:cf:6c:ee:df:c1:6f:
         b6:45:5a:85:1d:f0:c6:41:ea:4d:5a:8a:74:3a:45:c4:26:18:
         e1:8d:c2:9f:49:2d:d5:60:90:bf:c0:56:5e:bb:f8:13:e8:06:
         d5:cf:e9:91:b8:76:f3:18:c8:cb:6c:57:02:fd:7d:15:cc:e5:
         08:df:70:48:39:53:fe:3e:36:ec:5f:f8:2e:ab:73:ce:f6:4d:
         ae:5e:ab:7f:f7:90:4f:39:d8:9c:82:4f:84:c8:af:38:88:3a:
         6f:61:02:f6:3c:ef:1b:d4:09:f9:c5:f9:62:5b:8f:21:dd:c0:
         a7:b8:96:a1:29:86:5d:8b:a3:eb:b0:30:89:15:a7:e5:a9:4f:
         24:a9:8e:b4:0c:7a:94:dd:7c:ba:49:87:45:70:7c:55:4e:df:
         fe:2b:4b:42:c6:63:04:23:94:51:77:5f:e8:5d:e0:73:e6:4d:
         5d:5d:b9:31:07:e2:ae:72:7e:74:69:05:a2:dd:3a:f9:91:b3:
         b7:bf:18:8c:ee:5e:b7:5e:fb:84:da:22:eb:f0:ea:ce:7e:38:
         8a:0f:f0:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwElmLIy6idJcXwFrH1Eh40MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzNjQxZmE4ZWQxY2ZjM2RhYTIzYWFhZjhjM2E3NmZlODdl
ZDViYWIwHhcNMjYwMTI4MTIzMTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjI1NWQyMzlmYTlhN2EzNDgyNmVkZDRhZDNmYjczMmUxOWE3OTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnItM2XWJvn1WhCn7viImESL47ggw
BDiHDd6ITBUE6mJ54+jlC304P4YWYPVwtXigsZKF5nWwDozDIb8GRPCr8buGvZza
4jqxDhu0FrqiSMbNPNM0wiOGUw9tFinjObK550CZuX+0FoccMF9upRqDnksvow5g
OVmtWI8Cx3BpwYWoVLZxY1SrBM5fkRJQhh/h5kgFODVqwugcbBuymINZbZI+WBVB
knUIPC2QAnai/JlBiQs4gHdaaC4v3RSbK2bl26AwehcGYlmTMajL01+nIaUEEUMe
1gTwPIkvDjxJcd3U+L+cwGA3jOVqx0eN7xSM1EpyTma/NpAJEMF80K3mVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG8lXSOfqaejSCbt1K0/tzLhmnl2MB8GA1UdIwQY
MBaAFNNkH6jtHPw9qiOqr4w6dv6H7VurMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDJRZnFPMGNfRDJxSTZxdmpEcDJfb2Z0VzZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81OWQxMDktOGIwNi00ZGRkLWJjMjAt
OTk0MTk5MmM5YzI0LzEvYnlWZEk1LXBwNk5JSnUzVXJULTNNdUdhZVhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81OWQxMDktOGIwNi00ZGRkLWJjMjAtOTk0MTk5MmM5YzI0
LzEvMDJRZnFPMGNfRDJxSTZxdmpEcDJfb2Z0VzZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSMoMA0G
CSqGSIb3DQEBCwUAA4IBAQCiJKZUq9kP50FiBOfQCLk/z86kbHNtACAT6wmeeKa0
xs0DCEXTtkKeMCxr2j78FHzPbO7fwW+2RVqFHfDGQepNWop0OkXEJhjhjcKfSS3V
YJC/wFZeu/gT6AbVz+mRuHbzGMjLbFcC/X0VzOUI33BIOVP+PjbsX/guq3PO9k2u
Xqt/95BPOdicgk+EyK84iDpvYQL2PO8b1An5xfliW48h3cCnuJahKYZdi6PrsDCJ
FaflqU8kqY60DHqU3Xy6SYdFcHxVTt/+K0tCxmMEI5RRd1/oXeBz5k1dXbkxB+Ku
cn50aQWi3Tr5kbO3vxiM7l63XvuE2iLr8OrOfjiKD/AI
-----END CERTIFICATE-----