This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/iIKrWWpJLnlJPMihAC3Oxnef8CQ.roa
File:                     iIKrWWpJLnlJPMihAC3Oxnef8CQ.roa (raw, json)
Hash identifier:          WJVpY9aTNRcb5ocwERF3mAtLjs8HyytgbDOMYzs+TVA=
Subject key identifier:   88:82:AB:59:6A:49:2E:79:49:3C:C8:A1:00:2D:CE:C6:77:9F:F0:24
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019B7F855580D179BDACAE53A3761AED3ACC
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/iIKrWWpJLnlJPMihAC3Oxnef8CQ.roa
Signing time:             Fri 02 Jan 2026 16:23:23 +0000
ROA not before:           Fri 02 Jan 2026 16:23:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57494
IP address blocks:        195.133.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 13:02:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:85:55:80:d1:79:bd:ac:ae:53:a3:76:1a:ed:3a:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 16:23:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8882ab596a492e79493cc8a1002dcec6779ff024
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:25:bf:7d:0d:cf:c7:ff:a0:e2:89:3f:80:bb:
                    d7:98:ab:25:f7:52:c3:cf:cb:12:be:f3:44:28:17:
                    42:ce:6f:c2:5d:84:9d:aa:5c:a2:7e:13:c1:d4:fc:
                    77:af:8f:51:b8:a6:ba:14:2d:86:66:96:1e:79:c0:
                    b8:7d:02:d8:57:cd:5b:68:aa:d0:00:c5:82:79:93:
                    ba:e6:06:09:79:07:46:1c:4e:f6:da:84:94:be:5f:
                    c3:2d:da:7b:ab:59:bd:ba:ab:c1:48:e5:85:de:f5:
                    2d:ed:69:53:b1:2d:ed:9b:e4:40:17:8c:43:a5:df:
                    7f:a8:56:0a:5f:f1:56:0a:2f:24:f0:0b:60:ec:68:
                    4e:3a:6f:60:ad:c7:7b:f5:56:f4:90:4a:11:ca:a4:
                    22:31:32:f0:9d:46:d9:14:53:83:54:42:13:04:99:
                    df:6d:2c:a6:8b:dc:f7:88:e5:42:b4:11:bc:25:71:
                    8e:59:41:84:07:85:35:80:55:44:87:50:ac:aa:82:
                    b4:a8:a9:0d:14:52:95:0a:77:40:41:69:b6:2a:16:
                    49:8a:76:b7:b3:46:d3:ad:6e:c2:de:ef:a5:b8:42:
                    25:3b:15:9c:88:b4:df:5b:3f:9e:a0:db:3b:43:04:
                    e1:b8:df:5d:b6:72:1f:d5:d8:85:64:ec:93:e9:e1:
                    58:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:82:AB:59:6A:49:2E:79:49:3C:C8:A1:00:2D:CE:C6:77:9F:F0:24
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/iIKrWWpJLnlJPMihAC3Oxnef8CQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.133.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:1d:14:9e:34:9d:05:84:fe:a9:72:fb:bd:6b:d5:22:e2:36:
         68:cf:c9:dd:ec:61:3e:f9:00:99:22:c1:73:6e:a8:96:28:89:
         ee:d9:17:7c:7a:21:a4:03:fa:98:82:5f:73:9e:b0:e1:8e:d7:
         11:fb:6b:d3:41:37:79:d0:2e:93:ce:e7:4a:0b:ac:3d:7e:53:
         b5:4f:4e:00:64:67:27:e5:23:e1:ab:0b:4b:b4:72:1d:52:e3:
         68:22:db:d5:b3:dc:23:60:6c:42:1a:65:c2:47:b9:30:a1:a9:
         c7:9f:52:70:92:0b:e9:15:43:06:c6:db:23:53:8f:e9:2d:e0:
         0d:21:b3:ff:39:50:0d:8d:c7:ef:1b:ab:b3:ef:84:04:d9:10:
         9b:73:db:32:69:97:bc:e0:52:b3:58:49:74:ea:b9:a8:f6:32:
         40:66:35:2e:ee:91:39:f1:28:b1:19:00:d0:c6:b9:22:ad:ba:
         1d:95:50:d6:0a:ba:9b:e7:e7:fd:f3:5f:05:0c:47:23:60:6d:
         71:a6:bf:81:58:8e:97:c0:1a:8c:9e:18:1f:35:55:51:e2:d3:
         8c:3e:ed:b1:77:24:37:62:73:ba:48:30:a7:b4:d6:40:83:ad:
         e6:0f:eb:bc:07:88:76:34:ac:85:2d:d4:63:37:86:e7:71:07:
         9e:57:83:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hVWA0Xm9rK5To3Ya7TrMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjYwMTAyMTYyMzIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODgyYWI1OTZhNDkyZTc5NDkzY2M4YTEwMDJkY2VjNjc3OWZmMDI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzSW/fQ3Px/+g4ok/gLvXmKsl91LD
z8sSvvNEKBdCzm/CXYSdqlyifhPB1Px3r49RuKa6FC2GZpYeecC4fQLYV81baKrQ
AMWCeZO65gYJeQdGHE722oSUvl/DLdp7q1m9uqvBSOWF3vUt7WlTsS3tm+RAF4xD
pd9/qFYKX/FWCi8k8Atg7GhOOm9grcd79Vb0kEoRyqQiMTLwnUbZFFODVEITBJnf
bSymi9z3iOVCtBG8JXGOWUGEB4U1gFVEh1CsqoK0qKkNFFKVCndAQWm2KhZJina3
s0bTrW7C3u+luEIlOxWciLTfWz+eoNs7QwThuN9dtnIf1diFZOyT6eFYFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIiCq1lqSS55STzIoQAtzsZ3n/AkMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvaUlLcldXcEpMbmxKUE1paEFDM094bmVmOENRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4XCMA0G
CSqGSIb3DQEBCwUAA4IBAQA9HRSeNJ0FhP6pcvu9a9Ui4jZoz8nd7GE++QCZIsFz
bqiWKInu2Rd8eiGkA/qYgl9znrDhjtcR+2vTQTd50C6TzudKC6w9flO1T04AZGcn
5SPhqwtLtHIdUuNoItvVs9wjYGxCGmXCR7kwoanHn1JwkgvpFUMGxtsjU4/pLeAN
IbP/OVANjcfvG6uz74QE2RCbc9syaZe84FKzWEl06rmo9jJAZjUu7pE58SixGQDQ
xrkirbodlVDWCrqb5+f9818FDEcjYG1xpr+BWI6XwBqMnhgfNVVR4tOMPu2xdyQ3
YnO6SDCntNZAg63mD+u8B4h2NKyFLdRjN4bncQeeV4NG
-----END CERTIFICATE-----