This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/1c67ef-e83d-4427-864b-c59825bbcb32/1/4zm2PsKp7CDX_05EMQ3wVCKsJac.roa
File:                     4zm2PsKp7CDX_05EMQ3wVCKsJac.roa (raw, json)
Hash identifier:          xoTjplgsEXDzNn5OQacn8odHDYwMOSV8PxajUULY6Jg=
Subject key identifier:   E3:39:B6:3E:C2:A9:EC:20:D7:FF:4E:44:31:0D:F0:54:22:AC:25:A7
Certificate issuer:       /CN=d4afe3f0c9e555e52d3505d6163278df3da18cee
Certificate serial:       019B310EC30F40233C1898CF4902AD9DA232
Authority key identifier: D4:AF:E3:F0:C9:E5:55:E5:2D:35:05:D6:16:32:78:DF:3D:A1:8C:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1K_j8MnlVeUtNQXWFjJ43z2hjO4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/1c67ef-e83d-4427-864b-c59825bbcb32/1/4zm2PsKp7CDX_05EMQ3wVCKsJac.roa
Signing time:             Thu 18 Dec 2025 10:43:29 +0000
ROA not before:           Thu 18 Dec 2025 10:43:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211373
IP address blocks:        194.53.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/1c67ef-e83d-4427-864b-c59825bbcb32/1/1K_j8MnlVeUtNQXWFjJ43z2hjO4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/1c67ef-e83d-4427-864b-c59825bbcb32/1/1K_j8MnlVeUtNQXWFjJ43z2hjO4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1K_j8MnlVeUtNQXWFjJ43z2hjO4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Dec 2025 07:02:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:31:0e:c3:0f:40:23:3c:18:98:cf:49:02:ad:9d:a2:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4afe3f0c9e555e52d3505d6163278df3da18cee
        Validity
            Not Before: Dec 18 10:43:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e339b63ec2a9ec20d7ff4e44310df05422ac25a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:ba:8a:cc:76:be:e2:ac:f5:b6:8c:5c:23:3e:
                    29:a9:e9:66:31:88:84:3a:df:29:65:93:6b:12:2b:
                    cf:17:5c:73:12:93:26:70:54:08:78:21:cd:19:31:
                    d7:0e:3c:43:d5:14:4a:54:ed:36:e4:2d:93:68:a7:
                    68:f3:b1:d1:db:4b:43:d9:81:0d:7f:af:5d:f0:6b:
                    aa:84:7f:d4:1e:cb:83:2f:70:d3:fb:45:6f:df:96:
                    27:f7:02:2c:e1:2d:7a:e0:8b:31:a1:b8:4e:0b:64:
                    ef:b4:9f:cc:a7:81:f8:a9:48:7b:c8:75:4b:29:fe:
                    48:2c:af:e1:21:a2:7b:93:02:86:7b:40:79:8c:24:
                    e1:cb:3b:18:72:00:34:f3:a3:81:9d:e6:fa:48:27:
                    e8:1f:be:fb:35:2b:bf:a7:5b:59:5f:2f:3b:8a:36:
                    a5:c1:95:86:a9:1b:96:87:89:35:c2:49:e5:ca:6c:
                    7a:4c:66:71:74:2f:70:08:96:87:99:e2:65:b4:24:
                    63:05:c7:f4:cd:50:37:75:49:96:2d:34:7e:43:c6:
                    fa:83:cb:bb:a0:5e:59:4d:e2:88:c8:65:1b:ea:68:
                    00:53:95:92:79:80:10:42:7c:07:c8:bc:5c:2a:13:
                    32:75:c5:c4:48:2d:10:7d:4b:ea:b4:73:b8:6f:dd:
                    b3:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:39:B6:3E:C2:A9:EC:20:D7:FF:4E:44:31:0D:F0:54:22:AC:25:A7
            X509v3 Authority Key Identifier:
                keyid:D4:AF:E3:F0:C9:E5:55:E5:2D:35:05:D6:16:32:78:DF:3D:A1:8C:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1K_j8MnlVeUtNQXWFjJ43z2hjO4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/1c67ef-e83d-4427-864b-c59825bbcb32/1/4zm2PsKp7CDX_05EMQ3wVCKsJac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/1c67ef-e83d-4427-864b-c59825bbcb32/1/1K_j8MnlVeUtNQXWFjJ43z2hjO4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.53.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:2c:4e:95:d6:8e:93:41:ae:90:fe:8c:c9:bc:56:28:45:54:
         16:cb:9d:cc:05:bd:57:22:a0:1b:c0:7a:9b:1a:33:ad:c7:19:
         2e:10:c6:ee:14:8a:b8:8a:91:d7:29:07:77:e4:77:1b:61:7b:
         cb:01:81:91:b4:80:42:05:c8:09:a5:54:e9:9e:07:87:b6:8d:
         ab:ee:2c:93:74:4b:11:d8:b7:7a:0c:6f:23:b7:c1:9e:ed:96:
         f7:6b:61:4d:a0:d1:b2:3b:25:9a:8f:3a:36:da:a1:e1:ca:3c:
         10:f5:85:9b:4d:84:66:07:46:de:a5:5a:13:4a:40:ea:4d:27:
         93:51:03:40:94:6b:6f:85:b8:ca:d0:d6:e5:47:68:db:6a:8c:
         1b:70:76:56:4f:90:ee:0a:2c:ba:2b:5e:c7:14:ab:8c:ba:24:
         3a:47:1f:bb:6a:3d:c9:c8:8a:b5:71:30:6f:71:b7:41:93:fb:
         4f:ad:df:72:0f:96:c6:ff:68:7e:b7:42:95:fd:ae:7a:53:c3:
         e4:9f:2a:99:2a:a9:2d:09:05:7a:dd:37:00:9e:ae:a5:b3:74:
         37:4c:51:e2:69:d6:90:ce:14:17:68:6b:48:a3:5d:a2:b4:f0:
         d7:a3:38:16:c0:bc:fe:00:9c:c4:87:d0:9d:8b:ee:b8:de:a3:
         22:a4:87:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZsxDsMPQCM8GJjPSQKtnaIyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0YWZlM2YwYzllNTU1ZTUyZDM1MDVkNjE2MzI3OGRmM2Rh
MThjZWUwHhcNMjUxMjE4MTA0MzI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzM5YjYzZWMyYTllYzIwZDdmZjRlNDQzMTBkZjA1NDIyYWMyNWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA67qKzHa+4qz1toxcIz4pqelmMYiE
Ot8pZZNrEivPF1xzEpMmcFQIeCHNGTHXDjxD1RRKVO025C2TaKdo87HR20tD2YEN
f69d8GuqhH/UHsuDL3DT+0Vv35Yn9wIs4S164IsxobhOC2TvtJ/Mp4H4qUh7yHVL
Kf5ILK/hIaJ7kwKGe0B5jCThyzsYcgA086OBneb6SCfoH777NSu/p1tZXy87ijal
wZWGqRuWh4k1wknlymx6TGZxdC9wCJaHmeJltCRjBcf0zVA3dUmWLTR+Q8b6g8u7
oF5ZTeKIyGUb6mgAU5WSeYAQQnwHyLxcKhMydcXESC0QfUvqtHO4b92ztQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOM5tj7Cqewg1/9ORDEN8FQirCWnMB8GA1UdIwQY
MBaAFNSv4/DJ5VXlLTUF1hYyeN89oYzuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUtfajhNbmxWZVV0TlFYV0ZqSjQzejJoak80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8xYzY3ZWYtZTgzZC00NDI3LTg2NGIt
YzU5ODI1YmJjYjMyLzEvNHptMlBzS3A3Q0RYXzA1RU1RM3dWQ0tzSmFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8xYzY3ZWYtZTgzZC00NDI3LTg2NGItYzU5ODI1YmJjYjMy
LzEvMUtfajhNbmxWZVV0TlFYV0ZqSjQzejJoak80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjWLMA0G
CSqGSIb3DQEBCwUAA4IBAQBpLE6V1o6TQa6Q/ozJvFYoRVQWy53MBb1XIqAbwHqb
GjOtxxkuEMbuFIq4ipHXKQd35HcbYXvLAYGRtIBCBcgJpVTpngeHto2r7iyTdEsR
2Ld6DG8jt8Ge7Zb3a2FNoNGyOyWajzo22qHhyjwQ9YWbTYRmB0bepVoTSkDqTSeT
UQNAlGtvhbjK0NblR2jbaowbcHZWT5DuCiy6K17HFKuMuiQ6Rx+7aj3JyIq1cTBv
cbdBk/tPrd9yD5bG/2h+t0KV/a56U8PknyqZKqktCQV63TcAnq6ls3Q3TFHiadaQ
zhQXaGtIo12itPDXozgWwLz+AJzEh9Cdi+643qMipIch
-----END CERTIFICATE-----