This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/li17bP2P0aQTsR1cjJEbgWnI9mY.roa
File:                     li17bP2P0aQTsR1cjJEbgWnI9mY.roa (raw, json)
Hash identifier:          ca3PJqDN9j++OqyHWxWI1hfsQQE5QSfVjUAmkra0fi8=
Subject key identifier:   96:2D:7B:6C:FD:8F:D1:A4:13:B1:1D:5C:8C:91:1B:81:69:C8:F6:66
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       019B7F1453BB17387713C63CA64A5ECD99A1
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/li17bP2P0aQTsR1cjJEbgWnI9mY.roa
Signing time:             Fri 02 Jan 2026 14:19:57 +0000
ROA not before:           Fri 02 Jan 2026 14:19:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     137263
IP address blocks:        193.233.194.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 03:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:14:53:bb:17:38:77:13:c6:3c:a6:4a:5e:cd:99:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  2 14:19:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=962d7b6cfd8fd1a413b11d5c8c911b8169c8f666
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:e7:c7:b3:a7:26:59:4a:63:4b:71:d5:b0:bd:
                    f8:cd:ef:d8:6b:bd:28:ae:8d:78:1a:e1:61:fb:bb:
                    8a:43:c8:c3:c9:17:94:b3:cf:94:4c:a1:14:6f:2f:
                    89:fe:8b:ef:1e:39:4b:4f:b3:12:fd:05:ef:01:13:
                    37:80:a8:3b:7b:c6:80:55:32:53:33:fa:d3:ce:01:
                    1c:48:cc:ed:0f:9f:5b:d4:45:30:2f:06:8d:3d:bc:
                    6c:d7:d1:3b:80:78:f5:a1:20:4c:f6:be:16:8d:46:
                    ef:6f:58:28:c7:ab:ae:0b:55:60:33:23:cf:67:db:
                    69:86:40:e0:62:dc:5e:97:f3:bb:6a:48:4e:37:26:
                    7d:c3:ec:a4:6b:59:72:d2:81:44:59:51:4d:e4:36:
                    d9:4c:9e:ea:53:d9:43:d4:d9:a7:4b:16:e4:2d:82:
                    f0:f7:85:c6:59:41:f6:ce:43:b5:23:4d:e6:8b:c9:
                    46:87:dd:37:81:67:47:27:27:3f:b9:32:00:86:22:
                    67:e4:a3:ef:41:3b:e3:16:36:6c:01:80:9a:f5:fd:
                    12:88:fd:40:28:c7:3d:cf:f9:46:1d:39:da:13:68:
                    4b:84:44:16:45:a4:2a:c8:cb:06:67:9e:01:af:32:
                    22:d5:af:c5:73:2b:ff:6d:1f:72:bb:d0:14:8d:db:
                    15:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:2D:7B:6C:FD:8F:D1:A4:13:B1:1D:5C:8C:91:1B:81:69:C8:F6:66
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/li17bP2P0aQTsR1cjJEbgWnI9mY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.194.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2c:14:83:21:04:3e:6d:3b:9e:32:6f:68:65:3d:76:81:ad:60:
         c2:49:61:a9:52:ee:ac:14:f6:13:e1:04:03:08:69:9f:af:a9:
         78:ad:d8:7d:43:28:bd:10:34:45:f0:4b:d4:a1:8b:0e:b6:9d:
         f2:21:3e:59:aa:b4:14:b3:42:85:01:bd:d5:a8:8b:f7:f9:14:
         3a:fd:b9:aa:2b:e6:11:50:11:cf:c3:1f:27:df:9f:c9:e0:b8:
         c6:ad:80:76:df:da:5f:7e:62:ad:14:46:90:ca:1d:26:95:ca:
         94:b9:63:d5:ad:42:31:34:23:9a:70:2b:6c:aa:c0:3d:00:e2:
         46:a2:71:68:64:5d:4d:62:af:bf:e0:10:06:e9:79:b8:2e:c5:
         6c:2a:6b:76:fa:d8:76:f9:58:f2:19:ce:5b:6a:0b:f8:29:55:
         27:ff:c5:4c:b0:87:76:9f:eb:1d:8f:ae:9c:83:6c:b5:0a:9d:
         1e:5a:47:1d:bb:ac:e9:02:34:ed:14:70:1f:3c:64:88:f9:f7:
         99:b7:a8:18:78:25:84:e2:21:51:36:45:ff:07:e5:a3:84:bc:
         17:c4:f1:43:df:0c:5d:03:62:b9:69:21:6a:ad:ed:82:17:c1:
         40:fc:7f:3d:31:8b:d6:b0:ae:c9:4e:3f:82:60:1a:aa:ee:b4:
         96:31:6e:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FFO7Fzh3E8Y8pkpezZmhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjYwMTAyMTQxOTU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjJkN2I2Y2ZkOGZkMWE0MTNiMTFkNWM4YzkxMWI4MTY5YzhmNjY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7OfHs6cmWUpjS3HVsL34ze/Ya70o
ro14GuFh+7uKQ8jDyReUs8+UTKEUby+J/ovvHjlLT7MS/QXvARM3gKg7e8aAVTJT
M/rTzgEcSMztD59b1EUwLwaNPbxs19E7gHj1oSBM9r4WjUbvb1gox6uuC1VgMyPP
Z9tphkDgYtxel/O7akhONyZ9w+yka1ly0oFEWVFN5DbZTJ7qU9lD1NmnSxbkLYLw
94XGWUH2zkO1I03mi8lGh903gWdHJyc/uTIAhiJn5KPvQTvjFjZsAYCa9f0SiP1A
KMc9z/lGHTnaE2hLhEQWRaQqyMsGZ54BrzIi1a/Fcyv/bR9yu9AUjdsVdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJYte2z9j9GkE7EdXIyRG4FpyPZmMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvbGkxN2JQMlAwYVFUc1IxY2pKRWJnV25JOW1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwenCMA0G
CSqGSIb3DQEBCwUAA4IBAQAsFIMhBD5tO54yb2hlPXaBrWDCSWGpUu6sFPYT4QQD
CGmfr6l4rdh9Qyi9EDRF8EvUoYsOtp3yIT5ZqrQUs0KFAb3VqIv3+RQ6/bmqK+YR
UBHPwx8n35/J4LjGrYB239pffmKtFEaQyh0mlcqUuWPVrUIxNCOacCtsqsA9AOJG
onFoZF1NYq+/4BAG6Xm4LsVsKmt2+th2+VjyGc5bagv4KVUn/8VMsId2n+sdj66c
g2y1Cp0eWkcdu6zpAjTtFHAfPGSI+feZt6gYeCWE4iFRNkX/B+WjhLwXxPFD3wxd
A2K5aSFqre2CF8FA/H89MYvWsK7JTj+CYBqq7rSWMW7T
-----END CERTIFICATE-----