This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/jSwTK8WO_dyZXitPUZpa7HZe2us.roa
File:                     jSwTK8WO_dyZXitPUZpa7HZe2us.roa (raw, json)
Hash identifier:          WAbxVoaqdYtAGHRcKfjQ3k1++PnSo/RRgkQO4XwiCoY=
Subject key identifier:   8D:2C:13:2B:C5:8E:FD:DC:99:5E:2B:4F:51:9A:5A:EC:76:5E:DA:EB
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019B7F85639D30C00387F1A8AE7E69F5713C
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/jSwTK8WO_dyZXitPUZpa7HZe2us.roa
Signing time:             Fri 02 Jan 2026 16:23:26 +0000
ROA not before:           Fri 02 Jan 2026 16:23:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204769
IP address blocks:        195.133.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 13:02:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:85:63:9d:30:c0:03:87:f1:a8:ae:7e:69:f5:71:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 16:23:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8d2c132bc58efddc995e2b4f519a5aec765edaeb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:6e:0d:3d:de:bb:32:c7:11:07:a1:24:90:cb:
                    a2:64:5b:3c:2a:79:a7:6c:0f:ac:aa:54:d1:6a:db:
                    a2:e9:8e:9a:59:bb:53:6c:20:51:f4:5f:74:49:6d:
                    bc:c2:5f:d0:a6:47:1b:b9:5b:8e:f3:c8:5f:90:13:
                    94:3a:69:43:02:07:b3:9a:b6:bf:fe:4c:25:cf:17:
                    d6:84:f3:db:ce:b3:9e:8a:e2:06:7b:8b:0d:c4:b0:
                    c7:28:26:7a:ea:81:d6:16:4c:e7:df:83:d2:12:db:
                    60:7f:c5:d8:1f:13:29:8c:6c:69:ab:31:4b:3e:b9:
                    8a:07:07:d8:c7:1e:fc:f5:c5:43:be:0a:f2:62:f9:
                    e8:4e:d2:96:96:14:5c:28:ee:68:b7:0c:ae:0b:d1:
                    91:e3:d1:c4:22:a3:3c:aa:fa:ab:82:51:b2:07:31:
                    bb:86:a9:40:90:e7:6f:74:c6:54:b3:cb:52:df:e5:
                    43:ac:e4:ed:67:aa:ed:75:24:42:de:a9:af:39:22:
                    84:71:4a:1a:a9:83:0b:3e:5b:70:f6:85:4f:59:49:
                    12:20:3a:06:90:40:c3:66:e8:18:bb:f2:0c:85:08:
                    79:a8:42:fd:be:d3:30:6b:bc:fb:68:9d:ae:b9:8c:
                    70:1b:ed:23:2b:2d:4c:ef:1f:cb:94:62:a6:d2:e0:
                    92:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:2C:13:2B:C5:8E:FD:DC:99:5E:2B:4F:51:9A:5A:EC:76:5E:DA:EB
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/jSwTK8WO_dyZXitPUZpa7HZe2us.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.133.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:48:b2:97:a4:40:6c:23:ce:92:5a:d8:0a:12:4c:13:12:28:
         62:42:b1:f9:79:b2:38:15:7a:f2:61:bb:45:1f:1c:4d:4b:e9:
         3f:07:6b:4d:0b:3d:ff:6c:73:74:ff:02:1a:68:76:df:97:f4:
         27:86:ab:15:20:38:da:fd:e4:70:98:ae:0d:78:8e:af:7c:eb:
         f7:2f:38:c2:80:26:91:cc:8d:4c:91:cf:db:a2:a7:be:d0:f9:
         ed:2f:14:99:07:ac:ec:00:24:4e:e7:a6:35:3d:81:3a:87:12:
         ed:c3:6e:5b:cf:e8:11:bd:b5:22:d6:05:d5:a6:db:33:d6:4b:
         69:ac:aa:0f:06:73:a1:f5:65:13:5e:8d:f8:9a:3a:51:ad:22:
         1c:97:45:e5:e7:20:6b:20:6c:05:39:53:ec:86:60:0e:93:17:
         76:93:87:0a:14:9e:42:f3:89:7f:31:d2:df:d5:80:bf:44:9d:
         0f:39:5a:55:1a:96:b7:3a:b9:13:58:73:13:3d:a9:b7:2b:71:
         f1:3c:d8:89:b0:36:5d:4f:31:e9:9a:46:04:2e:c3:38:6d:11:
         b9:19:b4:21:14:a4:00:d6:df:ec:09:92:92:4d:07:e3:f8:6f:
         3a:fd:61:d8:3e:66:90:63:cc:37:95:92:c5:78:ba:81:e0:0f:
         41:cf:d2:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hWOdMMADh/Gorn5p9XE8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjYwMTAyMTYyMzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDJjMTMyYmM1OGVmZGRjOTk1ZTJiNGY1MTlhNWFlYzc2NWVkYWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzG4NPd67MscRB6EkkMuiZFs8Knmn
bA+sqlTRatui6Y6aWbtTbCBR9F90SW28wl/QpkcbuVuO88hfkBOUOmlDAgezmra/
/kwlzxfWhPPbzrOeiuIGe4sNxLDHKCZ66oHWFkzn34PSEttgf8XYHxMpjGxpqzFL
PrmKBwfYxx789cVDvgryYvnoTtKWlhRcKO5otwyuC9GR49HEIqM8qvqrglGyBzG7
hqlAkOdvdMZUs8tS3+VDrOTtZ6rtdSRC3qmvOSKEcUoaqYMLPltw9oVPWUkSIDoG
kEDDZugYu/IMhQh5qEL9vtMwa7z7aJ2uuYxwG+0jKy1M7x/LlGKm0uCSCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI0sEyvFjv3cmV4rT1GaWux2XtrrMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvalN3VEs4V09fZHlaWGl0UFVacGE3SFplMnVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4VOMA0G
CSqGSIb3DQEBCwUAA4IBAQB5SLKXpEBsI86SWtgKEkwTEihiQrH5ebI4FXryYbtF
HxxNS+k/B2tNCz3/bHN0/wIaaHbfl/QnhqsVIDja/eRwmK4NeI6vfOv3LzjCgCaR
zI1Mkc/boqe+0PntLxSZB6zsACRO56Y1PYE6hxLtw25bz+gRvbUi1gXVptsz1ktp
rKoPBnOh9WUTXo34mjpRrSIcl0Xl5yBrIGwFOVPshmAOkxd2k4cKFJ5C84l/MdLf
1YC/RJ0POVpVGpa3OrkTWHMTPam3K3HxPNiJsDZdTzHpmkYELsM4bRG5GbQhFKQA
1t/sCZKSTQfj+G86/WHYPmaQY8w3lZLFeLqB4A9Bz9Jg
-----END CERTIFICATE-----