This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/f0cc41-b3e7-46ff-a976-29df4e2611f1/1/cCJJNwn_gJuAQtsmGPX_UDP9tnY.roa
File:                     cCJJNwn_gJuAQtsmGPX_UDP9tnY.roa (raw, json)
Hash identifier:          rNInpx5nNSrUT999uu8Pr9WEUgG03eUXK2AlHeyvWXE=
Subject key identifier:   70:22:49:37:09:FF:80:9B:80:42:DB:26:18:F5:FF:50:33:FD:B6:76
Certificate issuer:       /CN=70f68cded39e3ec54cee2233252ef3937ba9828d
Certificate serial:       019B7BA4E2AF031F7A0DED4055E0F96DACF1
Authority key identifier: 70:F6:8C:DE:D3:9E:3E:C5:4C:EE:22:33:25:2E:F3:93:7B:A9:82:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cPaM3tOePsVM7iIzJS7zk3upgo0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/f0cc41-b3e7-46ff-a976-29df4e2611f1/1/cCJJNwn_gJuAQtsmGPX_UDP9tnY.roa
Signing time:             Thu 01 Jan 2026 22:19:22 +0000
ROA not before:           Thu 01 Jan 2026 22:19:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211143
IP address blocks:        194.164.138.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/f0cc41-b3e7-46ff-a976-29df4e2611f1/1/cPaM3tOePsVM7iIzJS7zk3upgo0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/f0cc41-b3e7-46ff-a976-29df4e2611f1/1/cPaM3tOePsVM7iIzJS7zk3upgo0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cPaM3tOePsVM7iIzJS7zk3upgo0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a4:e2:af:03:1f:7a:0d:ed:40:55:e0:f9:6d:ac:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70f68cded39e3ec54cee2233252ef3937ba9828d
        Validity
            Not Before: Jan  1 22:19:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7022493709ff809b8042db2618f5ff5033fdb676
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:0c:0e:ed:15:56:06:2a:52:d4:0f:99:6c:58:
                    1e:6d:00:71:b7:88:b3:4e:e7:25:ee:4c:e4:35:1c:
                    84:02:53:5b:2a:e7:bc:61:ba:b3:61:f1:c8:4a:6e:
                    44:cf:7c:65:b9:81:a8:d0:87:13:40:eb:fb:f0:e6:
                    ef:f1:e2:bb:e1:e9:64:3c:ed:d9:1c:57:83:1e:a8:
                    71:1f:85:b2:94:35:7c:f8:ee:0b:97:12:fd:d1:fc:
                    b1:7b:c4:05:87:ad:7e:88:24:02:51:5b:c0:21:11:
                    03:9a:fd:db:5d:79:20:95:d6:67:7f:f6:0d:35:15:
                    c3:03:11:4b:f5:ad:e5:ff:44:fc:46:fc:8b:5d:c1:
                    fe:fa:5d:6a:54:c1:96:a0:19:89:4f:44:e8:d4:80:
                    ca:9a:ce:75:f9:46:c2:6f:01:a4:1c:75:11:b5:b0:
                    80:ad:1f:6f:81:87:37:43:b6:15:31:25:3e:ad:db:
                    96:45:ec:a0:dc:17:40:13:34:ca:42:d2:bf:dc:a1:
                    ae:c3:b7:a0:d8:5d:fd:e6:8a:b3:de:c6:34:70:47:
                    39:8b:75:7a:8e:85:dc:41:8b:72:bc:18:02:5c:cd:
                    69:d6:df:3a:00:a2:d1:af:ec:c6:40:13:90:2d:a5:
                    b2:2c:a9:4f:20:d6:cd:a2:95:9d:e4:32:94:ee:a3:
                    61:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:22:49:37:09:FF:80:9B:80:42:DB:26:18:F5:FF:50:33:FD:B6:76
            X509v3 Authority Key Identifier:
                keyid:70:F6:8C:DE:D3:9E:3E:C5:4C:EE:22:33:25:2E:F3:93:7B:A9:82:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cPaM3tOePsVM7iIzJS7zk3upgo0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/f0cc41-b3e7-46ff-a976-29df4e2611f1/1/cCJJNwn_gJuAQtsmGPX_UDP9tnY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/f0cc41-b3e7-46ff-a976-29df4e2611f1/1/cPaM3tOePsVM7iIzJS7zk3upgo0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.164.138.0/23

    Signature Algorithm: sha256WithRSAEncryption
         80:6d:0a:12:61:13:36:5a:7a:4d:6a:c3:5f:3f:0c:23:23:72:
         a2:7f:33:31:dc:0d:4a:cf:c8:6f:b1:f2:75:86:6a:30:29:19:
         15:43:74:48:2f:04:f8:e6:5c:c5:d4:56:b6:0f:1a:84:06:ba:
         70:fc:11:5c:4f:05:00:36:aa:5b:10:af:b9:dd:1d:8e:fe:cf:
         a8:d4:d5:39:0e:83:e1:4f:ae:db:40:da:a9:0c:e3:6a:fa:5a:
         81:ed:4c:37:ac:7f:cd:82:28:c9:d9:3d:05:ee:8b:5a:6f:d9:
         78:ca:98:30:06:5e:72:ec:4e:ce:5e:d6:8a:36:be:9d:4c:bf:
         f7:9f:73:3c:a9:3a:fb:df:cd:7b:5f:45:f9:05:32:ad:4a:27:
         e4:2b:ac:3a:c2:0b:da:d7:ec:3e:f3:1a:ce:d7:01:87:20:2f:
         17:d6:af:53:6f:9a:38:4b:09:06:2e:a4:03:ea:37:c4:bc:5d:
         17:fb:a0:89:c3:f3:16:da:fc:3a:67:e4:a5:ae:e6:90:33:ce:
         69:c1:fa:c3:61:f5:6c:7f:cb:2d:ef:49:eb:57:ea:17:98:e0:
         30:a3:60:c5:e2:7f:d7:15:5c:26:fd:2f:7b:c1:b5:a6:8e:e9:
         e2:0d:55:9a:d5:c2:d3:89:ea:97:d7:bc:6e:d0:c6:8c:1e:c4:
         2e:1b:bd:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pOKvAx96De1AVeD5bazxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZjY4Y2RlZDM5ZTNlYzU0Y2VlMjIzMzI1MmVmMzkzN2Jh
OTgyOGQwHhcNMjYwMTAxMjIxOTIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDIyNDkzNzA5ZmY4MDliODA0MmRiMjYxOGY1ZmY1MDMzZmRiNjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAwO7RVWBipS1A+ZbFgebQBxt4iz
Tucl7kzkNRyEAlNbKue8YbqzYfHISm5Ez3xluYGo0IcTQOv78Obv8eK74elkPO3Z
HFeDHqhxH4WylDV8+O4LlxL90fyxe8QFh61+iCQCUVvAIREDmv3bXXkgldZnf/YN
NRXDAxFL9a3l/0T8RvyLXcH++l1qVMGWoBmJT0To1IDKms51+UbCbwGkHHURtbCA
rR9vgYc3Q7YVMSU+rduWReyg3BdAEzTKQtK/3KGuw7eg2F395oqz3sY0cEc5i3V6
joXcQYtyvBgCXM1p1t86AKLRr+zGQBOQLaWyLKlPINbNopWd5DKU7qNh0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHAiSTcJ/4CbgELbJhj1/1Az/bZ2MB8GA1UdIwQY
MBaAFHD2jN7Tnj7FTO4iMyUu85N7qYKNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1BhTTN0T2VQc1ZNN2lJekpTN3prM3VwZ28wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9mMGNjNDEtYjNlNy00NmZmLWE5NzYt
MjlkZjRlMjYxMWYxLzEvY0NKSk53bl9nSnVBUXRzbUdQWF9VRFA5dG5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9mMGNjNDEtYjNlNy00NmZmLWE5NzYtMjlkZjRlMjYxMWYx
LzEvY1BhTTN0T2VQc1ZNN2lJekpTN3prM3VwZ28wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwqSKMA0G
CSqGSIb3DQEBCwUAA4IBAQCAbQoSYRM2WnpNasNfPwwjI3KifzMx3A1Kz8hvsfJ1
hmowKRkVQ3RILwT45lzF1Fa2DxqEBrpw/BFcTwUANqpbEK+53R2O/s+o1NU5DoPh
T67bQNqpDONq+lqB7Uw3rH/NgijJ2T0F7otab9l4ypgwBl5y7E7OXtaKNr6dTL/3
n3M8qTr73817X0X5BTKtSifkK6w6wgva1+w+8xrO1wGHIC8X1q9Tb5o4SwkGLqQD
6jfEvF0X+6CJw/MW2vw6Z+SlruaQM85pwfrDYfVsf8st70nrV+oXmOAwo2DF4n/X
FVwm/S97wbWmjuniDVWa1cLTieqX17xu0MaMHsQuG71o
-----END CERTIFICATE-----