This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/Cd-26QaP5uZbdtOPygn0zKmEKk4.roa
File:                     Cd-26QaP5uZbdtOPygn0zKmEKk4.roa (raw, json)
Hash identifier:          NKzO/UD8/lvtZBJ+cqvMTIO20lAPFWWg0miRXsJuFs8=
Subject key identifier:   09:DF:B6:E9:06:8F:E6:E6:5B:76:D3:8F:CA:09:F4:CC:A9:84:2A:4E
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       019B7F146105E5D1E185A1B2D6791FE5598F
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/Cd-26QaP5uZbdtOPygn0zKmEKk4.roa
Signing time:             Fri 02 Jan 2026 14:20:00 +0000
ROA not before:           Fri 02 Jan 2026 14:20:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207967
IP address blocks:        193.233.116.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 03:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:14:61:05:e5:d1:e1:85:a1:b2:d6:79:1f:e5:59:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  2 14:20:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=09dfb6e9068fe6e65b76d38fca09f4cca9842a4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:bb:14:2f:bb:6f:10:34:77:bd:10:64:1d:99:
                    25:64:44:1c:c9:77:99:de:d1:a3:9c:cf:a4:6e:9f:
                    2e:8c:49:84:fc:5e:db:45:6f:8d:d5:a5:97:98:92:
                    23:34:1d:30:5b:b3:df:c7:ff:e8:98:10:c6:d8:97:
                    14:bc:d2:0f:d7:90:cd:a4:3d:95:e6:fe:38:a7:d8:
                    95:00:45:15:0c:36:b9:0d:26:db:20:b7:02:78:2c:
                    ad:40:98:42:64:53:5a:75:52:75:de:b8:2a:b1:b2:
                    46:27:d5:57:c6:c9:00:56:01:cd:85:c9:15:11:a1:
                    06:93:40:ae:66:d4:c5:84:3c:a3:f3:5e:6d:f9:7f:
                    7c:d5:e5:76:4e:f5:e6:9b:91:f6:86:2a:51:dc:b6:
                    3f:55:3b:81:d5:a9:c0:fd:35:5c:3c:cb:86:10:71:
                    c2:b5:ac:e6:06:d1:72:ef:12:c0:cb:dd:c7:f5:21:
                    66:81:c5:10:5c:fb:31:8c:84:76:3f:7e:6c:f9:73:
                    16:e4:f3:c9:73:f9:d4:f3:0f:6b:65:b0:83:df:9f:
                    48:51:32:27:16:24:f4:b4:31:6a:d3:16:e4:0c:31:
                    48:b3:b1:31:f1:11:4f:dc:db:4d:d4:c3:71:16:8e:
                    de:95:ca:ff:0c:51:a5:97:e4:e0:3f:8c:59:2a:b3:
                    60:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:DF:B6:E9:06:8F:E6:E6:5B:76:D3:8F:CA:09:F4:CC:A9:84:2A:4E
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/Cd-26QaP5uZbdtOPygn0zKmEKk4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         68:e4:19:eb:ff:aa:cf:40:ee:e9:03:73:5e:e0:e3:e9:97:a0:
         f8:1e:92:89:d3:33:99:59:48:b4:9d:0b:db:10:cb:39:c8:9b:
         ad:7b:d7:b5:ae:f5:e7:be:cf:af:19:3b:b9:ab:5b:1e:f9:84:
         37:7c:d5:9c:2e:2a:08:0c:fe:89:cc:29:77:46:d1:13:45:36:
         f2:3d:ff:07:24:82:73:8b:0b:59:cd:72:e8:1a:54:56:24:05:
         6f:16:00:22:20:21:90:50:33:65:66:40:9e:b5:28:be:16:fd:
         bc:7e:e6:04:8b:8d:cc:c5:c7:a7:33:97:49:40:0a:32:d2:6a:
         58:bf:11:66:61:08:39:15:1b:17:20:77:df:81:3b:d3:fa:10:
         7e:66:15:31:ec:d5:87:f9:b4:36:40:f2:d6:76:26:8e:1a:c2:
         b3:dc:90:50:ec:64:3a:c1:b6:7c:65:db:32:d3:76:15:2a:73:
         13:1f:72:8d:b0:f8:24:50:3b:38:6a:ac:db:7b:5f:c4:8b:c0:
         98:03:6d:1b:bb:8a:89:33:e6:c4:a2:79:34:e7:d1:04:fd:3d:
         47:6b:58:ad:e2:b8:3f:be:be:1d:77:cb:a4:87:56:e1:b6:56:
         83:84:f3:83:bd:8c:95:e6:25:98:f3:c9:06:7a:3b:af:72:5e:
         8a:bb:7d:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FGEF5dHhhaGy1nkf5VmPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjYwMTAyMTQyMDAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWRmYjZlOTA2OGZlNmU2NWI3NmQzOGZjYTA5ZjRjY2E5ODQyYTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwrsUL7tvEDR3vRBkHZklZEQcyXeZ
3tGjnM+kbp8ujEmE/F7bRW+N1aWXmJIjNB0wW7Pfx//omBDG2JcUvNIP15DNpD2V
5v44p9iVAEUVDDa5DSbbILcCeCytQJhCZFNadVJ13rgqsbJGJ9VXxskAVgHNhckV
EaEGk0CuZtTFhDyj815t+X981eV2TvXmm5H2hipR3LY/VTuB1anA/TVcPMuGEHHC
tazmBtFy7xLAy93H9SFmgcUQXPsxjIR2P35s+XMW5PPJc/nU8w9rZbCD359IUTIn
FiT0tDFq0xbkDDFIs7Ex8RFP3NtN1MNxFo7elcr/DFGll+TgP4xZKrNgRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAnftukGj+bmW3bTj8oJ9MyphCpOMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvQ2QtMjZRYVA1dVpiZHRPUHlnbjB6S21FS2s0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwel0MA0G
CSqGSIb3DQEBCwUAA4IBAQBo5Bnr/6rPQO7pA3Ne4OPpl6D4HpKJ0zOZWUi0nQvb
EMs5yJute9e1rvXnvs+vGTu5q1se+YQ3fNWcLioIDP6JzCl3RtETRTbyPf8HJIJz
iwtZzXLoGlRWJAVvFgAiICGQUDNlZkCetSi+Fv28fuYEi43MxcenM5dJQAoy0mpY
vxFmYQg5FRsXIHffgTvT+hB+ZhUx7NWH+bQ2QPLWdiaOGsKz3JBQ7GQ6wbZ8Zdsy
03YVKnMTH3KNsPgkUDs4aqzbe1/Ei8CYA20bu4qJM+bEonk059EE/T1Ha1it4rg/
vr4dd8ukh1bhtlaDhPODvYyV5iWY88kGejuvcl6Ku32r
-----END CERTIFICATE-----