This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/fb3e98-d00f-45dd-bd19-eff8b95d20c5/1/0DAQlpT9x-QaKyJ8cOE4xeRFybQ.roa
File:                     0DAQlpT9x-QaKyJ8cOE4xeRFybQ.roa (raw, json)
Hash identifier:          cLzURrgNbzm6pPzLt8hQc5OKqgGCPtGdJQ9/RRN5LZU=
Subject key identifier:   D0:30:10:96:94:FD:C7:E4:1A:2B:22:7C:70:E1:38:C5:E4:45:C9:B4
Certificate issuer:       /CN=f52e9a043f3128336e3c97c2542574c8ad929ac9
Certificate serial:       019B7F156BA9A169A709B967B49FDF3FDC77
Authority key identifier: F5:2E:9A:04:3F:31:28:33:6E:3C:97:C2:54:25:74:C8:AD:92:9A:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9S6aBD8xKDNuPJfCVCV0yK2Smsk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/fb3e98-d00f-45dd-bd19-eff8b95d20c5/1/0DAQlpT9x-QaKyJ8cOE4xeRFybQ.roa
Signing time:             Fri 02 Jan 2026 14:21:08 +0000
ROA not before:           Fri 02 Jan 2026 14:21:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15576
IP address blocks:        193.200.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/fb3e98-d00f-45dd-bd19-eff8b95d20c5/1/9S6aBD8xKDNuPJfCVCV0yK2Smsk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/fb3e98-d00f-45dd-bd19-eff8b95d20c5/1/9S6aBD8xKDNuPJfCVCV0yK2Smsk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9S6aBD8xKDNuPJfCVCV0yK2Smsk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:6b:a9:a1:69:a7:09:b9:67:b4:9f:df:3f:dc:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f52e9a043f3128336e3c97c2542574c8ad929ac9
        Validity
            Not Before: Jan  2 14:21:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d030109694fdc7e41a2b227c70e138c5e445c9b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:ed:ad:52:d0:66:0c:43:a5:cc:39:b5:9c:f1:
                    31:49:d3:c3:2e:83:a2:a2:63:fc:1e:f8:01:16:b8:
                    54:78:99:44:ce:3a:87:b6:15:45:e7:15:d4:5c:b7:
                    9e:62:a0:88:b8:73:fe:66:ee:20:05:19:c0:ff:ab:
                    39:dc:fe:ce:f4:4c:d0:27:2d:e7:20:a4:69:68:49:
                    29:67:ab:20:e3:fb:57:dc:79:96:d2:25:cd:a6:a9:
                    b0:f8:dc:4b:2d:f2:87:be:1c:7b:c2:b4:2c:bf:2f:
                    e4:a2:61:b6:30:39:c0:12:02:b4:f5:ec:e6:26:57:
                    3e:cf:84:1a:9a:87:ca:27:ae:35:67:d3:12:01:30:
                    d4:d5:d2:87:01:a0:ee:9a:f7:2d:2a:68:48:8e:4b:
                    d2:a9:05:4e:29:6b:19:da:02:8a:07:9f:1d:c4:44:
                    ea:16:a5:b1:74:2a:c0:8c:75:66:20:3d:4a:2e:fb:
                    76:a2:02:0c:a0:f3:01:f0:b9:f5:5d:09:a5:97:18:
                    12:07:b6:9e:50:fb:05:0c:24:c2:0d:11:c5:06:88:
                    df:f7:c0:dd:cb:be:b9:32:21:bd:83:58:9e:c4:d3:
                    d4:1b:8b:75:56:77:7b:c3:18:a4:d1:4b:55:8c:6e:
                    0a:84:10:93:11:56:1d:80:a6:4d:f6:f4:7f:42:a0:
                    f8:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:30:10:96:94:FD:C7:E4:1A:2B:22:7C:70:E1:38:C5:E4:45:C9:B4
            X509v3 Authority Key Identifier:
                keyid:F5:2E:9A:04:3F:31:28:33:6E:3C:97:C2:54:25:74:C8:AD:92:9A:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9S6aBD8xKDNuPJfCVCV0yK2Smsk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/fb3e98-d00f-45dd-bd19-eff8b95d20c5/1/0DAQlpT9x-QaKyJ8cOE4xeRFybQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/fb3e98-d00f-45dd-bd19-eff8b95d20c5/1/9S6aBD8xKDNuPJfCVCV0yK2Smsk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:11:f0:13:d6:5a:63:ec:18:8f:56:f5:89:cf:25:bf:34:0a:
         56:24:b0:d2:85:d8:08:35:76:eb:ac:2e:c6:0f:88:90:db:eb:
         e7:01:da:8c:75:de:fb:32:d0:40:77:78:d3:8b:58:a3:84:1f:
         02:f5:71:41:c6:ff:7f:c5:f9:04:48:5f:23:40:43:e2:d4:df:
         8b:11:d9:01:e3:52:11:5c:92:07:2e:ab:7a:a3:e5:0d:fe:2c:
         6c:bc:81:d5:b5:5c:27:32:f0:c4:b0:b7:5f:f3:7c:a5:4a:c5:
         92:5b:4e:68:a5:f0:17:12:28:f7:05:12:47:c0:f2:0f:d3:ae:
         c3:c5:3a:49:54:c2:6c:dd:15:80:40:57:18:c9:91:9b:bf:7f:
         5b:48:4d:eb:68:3c:d3:09:20:bd:da:77:aa:64:12:f9:7f:aa:
         70:7f:53:3b:e2:10:6f:9d:03:be:60:ca:45:97:b5:94:d6:25:
         49:3c:2f:83:c6:c0:2a:09:5c:33:86:22:c4:4a:b5:5a:fe:e5:
         19:36:6f:1c:af:d1:3d:a1:3d:56:ad:69:82:79:49:92:0d:80:
         47:8e:c0:c2:4a:00:04:d8:be:b9:76:c5:2c:13:bb:dd:4f:0a:
         f7:90:16:c2:28:6c:a2:a7:3b:e5:dc:58:f5:a0:1b:31:fe:8a:
         5c:2b:42:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FWupoWmnCblntJ/fP9x3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1MmU5YTA0M2YzMTI4MzM2ZTNjOTdjMjU0MjU3NGM4YWQ5
MjlhYzkwHhcNMjYwMTAyMTQyMTA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDMwMTA5Njk0ZmRjN2U0MWEyYjIyN2M3MGUxMzhjNWU0NDVjOWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuO2tUtBmDEOlzDm1nPExSdPDLoOi
omP8HvgBFrhUeJlEzjqHthVF5xXUXLeeYqCIuHP+Zu4gBRnA/6s53P7O9EzQJy3n
IKRpaEkpZ6sg4/tX3HmW0iXNpqmw+NxLLfKHvhx7wrQsvy/komG2MDnAEgK09ezm
Jlc+z4QamofKJ641Z9MSATDU1dKHAaDumvctKmhIjkvSqQVOKWsZ2gKKB58dxETq
FqWxdCrAjHVmID1KLvt2ogIMoPMB8Ln1XQmllxgSB7aeUPsFDCTCDRHFBojf98Dd
y765MiG9g1iexNPUG4t1Vnd7wxik0UtVjG4KhBCTEVYdgKZN9vR/QqD4CwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNAwEJaU/cfkGisifHDhOMXkRcm0MB8GA1UdIwQY
MBaAFPUumgQ/MSgzbjyXwlQldMitkprJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVM2YUJEOHhLRE51UEpmQ1ZDVjB5SzJTbXNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy9mYjNlOTgtZDAwZi00NWRkLWJkMTkt
ZWZmOGI5NWQyMGM1LzEvMERBUWxwVDl4LVFhS3lKOGNPRTR4ZVJGeWJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy9mYjNlOTgtZDAwZi00NWRkLWJkMTktZWZmOGI5NWQyMGM1
LzEvOVM2YUJEOHhLRE51UEpmQ1ZDVjB5SzJTbXNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcidMA0G
CSqGSIb3DQEBCwUAA4IBAQBWEfAT1lpj7BiPVvWJzyW/NApWJLDShdgINXbrrC7G
D4iQ2+vnAdqMdd77MtBAd3jTi1ijhB8C9XFBxv9/xfkESF8jQEPi1N+LEdkB41IR
XJIHLqt6o+UN/ixsvIHVtVwnMvDEsLdf83ylSsWSW05opfAXEij3BRJHwPIP067D
xTpJVMJs3RWAQFcYyZGbv39bSE3raDzTCSC92neqZBL5f6pwf1M74hBvnQO+YMpF
l7WU1iVJPC+DxsAqCVwzhiLESrVa/uUZNm8cr9E9oT1WrWmCeUmSDYBHjsDCSgAE
2L65dsUsE7vdTwr3kBbCKGyipzvl3Fj1oBsx/opcK0LI
-----END CERTIFICATE-----