This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/4696e5-fcec-44a0-8f03-1eeda9a9ff8f/1/tUtGKToVFVEdLnvzwP_qbyoWrD4.roa
File:                     tUtGKToVFVEdLnvzwP_qbyoWrD4.roa (raw, json)
Hash identifier:          oDawWr/gCtZY5IlLhtFkFwJPnj3rhzKF04OEEY7CZlE=
Subject key identifier:   B5:4B:46:29:3A:15:15:51:1D:2E:7B:F3:C0:FF:EA:6F:2A:16:AC:3E
Certificate issuer:       /CN=11556797da9ce71eec295f35b00859b90ce8c5f0
Certificate serial:       019BFA037A7802BE62E89BE2D0C32FBD10D5
Authority key identifier: 11:55:67:97:DA:9C:E7:1E:EC:29:5F:35:B0:08:59:B9:0C:E8:C5:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EVVnl9qc5x7sKV81sAhZuQzoxfA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/4696e5-fcec-44a0-8f03-1eeda9a9ff8f/1/tUtGKToVFVEdLnvzwP_qbyoWrD4.roa
Signing time:             Mon 26 Jan 2026 11:14:50 +0000
ROA not before:           Mon 26 Jan 2026 11:14:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3320
IP address blocks:        193.168.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/4696e5-fcec-44a0-8f03-1eeda9a9ff8f/1/EVVnl9qc5x7sKV81sAhZuQzoxfA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/4696e5-fcec-44a0-8f03-1eeda9a9ff8f/1/EVVnl9qc5x7sKV81sAhZuQzoxfA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EVVnl9qc5x7sKV81sAhZuQzoxfA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:fa:03:7a:78:02:be:62:e8:9b:e2:d0:c3:2f:bd:10:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11556797da9ce71eec295f35b00859b90ce8c5f0
        Validity
            Not Before: Jan 26 11:14:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b54b46293a1515511d2e7bf3c0ffea6f2a16ac3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:63:2e:b0:8d:1a:91:c8:b2:ee:84:3d:64:da:
                    e5:5a:a9:74:7f:c0:f9:a6:af:a1:28:34:a7:a2:0b:
                    20:60:b8:67:d1:11:ac:b7:08:9d:8b:cf:42:a1:1f:
                    14:8d:b5:b1:98:50:8c:6e:e7:e9:b3:42:53:b7:14:
                    63:e9:89:49:f4:2b:af:1d:e8:db:dd:fa:8c:43:90:
                    6b:4f:db:2e:45:30:47:e4:6e:a8:b0:1e:5c:43:99:
                    9e:b9:ea:86:ab:8c:97:8e:c5:35:98:6a:e0:cd:b5:
                    d1:40:2c:77:b3:c6:85:81:82:55:4a:04:99:1b:21:
                    6a:0e:40:47:be:ef:73:41:98:e4:70:da:39:bd:0e:
                    49:49:67:ad:27:73:f8:e1:71:96:ec:e0:fb:15:af:
                    30:56:a0:99:be:5d:23:19:a5:6b:22:0b:35:fa:ca:
                    8e:10:de:22:8c:ba:82:0a:56:dd:6d:dc:1a:23:6c:
                    26:32:2a:f9:e7:30:e3:39:e0:62:65:1f:a1:8e:dd:
                    07:81:5b:27:db:8e:63:35:0c:09:d0:36:e0:22:02:
                    5a:5e:23:06:a5:66:c1:e6:92:2d:8c:d9:f9:d0:96:
                    82:0a:f2:ff:75:61:b5:e8:87:27:1c:b8:31:82:48:
                    4b:c5:51:ef:1d:da:d8:60:1a:7e:2b:53:e7:7e:91:
                    a1:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:4B:46:29:3A:15:15:51:1D:2E:7B:F3:C0:FF:EA:6F:2A:16:AC:3E
            X509v3 Authority Key Identifier:
                keyid:11:55:67:97:DA:9C:E7:1E:EC:29:5F:35:B0:08:59:B9:0C:E8:C5:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EVVnl9qc5x7sKV81sAhZuQzoxfA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/4696e5-fcec-44a0-8f03-1eeda9a9ff8f/1/tUtGKToVFVEdLnvzwP_qbyoWrD4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/4696e5-fcec-44a0-8f03-1eeda9a9ff8f/1/EVVnl9qc5x7sKV81sAhZuQzoxfA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.168.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:eb:a4:cf:2f:60:33:93:55:12:a9:11:f7:03:6b:6f:73:c9:
         c6:d5:0c:e9:f2:0c:cb:68:be:cd:4c:4f:75:7d:fe:0a:35:1d:
         1f:69:82:f1:19:09:17:b2:a0:48:e6:7e:16:8b:ed:01:64:fe:
         5c:29:f0:ee:51:59:3c:0a:3d:f7:71:17:03:9f:ea:80:f9:ab:
         e1:f5:ce:40:d4:af:9e:e5:b8:f9:00:18:0f:d2:f6:ee:0c:c1:
         38:fc:6d:5c:db:a4:84:1f:03:47:7e:cd:8e:91:b1:7a:a8:ed:
         0d:65:30:50:a7:87:3d:81:ff:88:6b:e5:f6:36:d6:36:15:b1:
         49:22:8b:9f:69:34:cb:f9:1e:9e:3a:e8:c0:a0:1b:af:de:66:
         1c:27:1a:e9:2c:a5:50:02:f5:93:4b:49:a9:1f:b7:af:8b:13:
         1b:dc:78:a8:c2:e1:d6:46:03:bc:27:5d:88:14:57:6d:55:18:
         76:69:ee:4c:09:02:32:69:6e:ac:4d:00:e9:21:2e:22:ea:3d:
         13:5e:86:d5:37:4a:0a:75:26:f2:e9:6b:10:62:32:77:14:41:
         d7:78:5c:54:02:d7:9f:d2:41:0e:cf:26:5f:75:e1:ee:24:02:
         56:78:24:66:e6:ff:e5:8e:60:72:e7:07:20:d2:89:12:a5:9e:
         f4:03:ad:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZv6A3p4Ar5i6Jvi0MMvvRDVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExNTU2Nzk3ZGE5Y2U3MWVlYzI5NWYzNWIwMDg1OWI5MGNl
OGM1ZjAwHhcNMjYwMTI2MTExNDUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTRiNDYyOTNhMTUxNTUxMWQyZTdiZjNjMGZmZWE2ZjJhMTZhYzNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2WMusI0akciy7oQ9ZNrlWql0f8D5
pq+hKDSnogsgYLhn0RGstwidi89CoR8UjbWxmFCMbufps0JTtxRj6YlJ9CuvHejb
3fqMQ5BrT9suRTBH5G6osB5cQ5meueqGq4yXjsU1mGrgzbXRQCx3s8aFgYJVSgSZ
GyFqDkBHvu9zQZjkcNo5vQ5JSWetJ3P44XGW7OD7Fa8wVqCZvl0jGaVrIgs1+sqO
EN4ijLqCClbdbdwaI2wmMir55zDjOeBiZR+hjt0HgVsn245jNQwJ0DbgIgJaXiMG
pWbB5pItjNn50JaCCvL/dWG16IcnHLgxgkhLxVHvHdrYYBp+K1PnfpGhgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLVLRik6FRVRHS5788D/6m8qFqw+MB8GA1UdIwQY
MBaAFBFVZ5fanOce7ClfNbAIWbkM6MXwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVZWbmw5cWM1eDdzS1Y4MXNBaFp1UXpveGZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi80Njk2ZTUtZmNlYy00NGEwLThmMDMt
MWVlZGE5YTlmZjhmLzEvdFV0R0tUb1ZGVkVkTG52endQX3FieW9XckQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi80Njk2ZTUtZmNlYy00NGEwLThmMDMtMWVlZGE5YTlmZjhm
LzEvRVZWbmw5cWM1eDdzS1Y4MXNBaFp1UXpveGZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwagAMA0G
CSqGSIb3DQEBCwUAA4IBAQCs66TPL2Azk1USqRH3A2tvc8nG1Qzp8gzLaL7NTE91
ff4KNR0faYLxGQkXsqBI5n4Wi+0BZP5cKfDuUVk8Cj33cRcDn+qA+avh9c5A1K+e
5bj5ABgP0vbuDME4/G1c26SEHwNHfs2OkbF6qO0NZTBQp4c9gf+Ia+X2NtY2FbFJ
IoufaTTL+R6eOujAoBuv3mYcJxrpLKVQAvWTS0mpH7evixMb3HiowuHWRgO8J12I
FFdtVRh2ae5MCQIyaW6sTQDpIS4i6j0TXobVN0oKdSby6WsQYjJ3FEHXeFxUAtef
0kEOzyZfdeHuJAJWeCRm5v/ljmBy5wcg0okSpZ70A61X
-----END CERTIFICATE-----