This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/sGXwj6bmJ4oXK4z9cdh4Z5EbMZE.roa
File:                     sGXwj6bmJ4oXK4z9cdh4Z5EbMZE.roa (raw, json)
Hash identifier:          GGTXUu5yuu5Q4EqTmjOjLSuSLfHo/raKtm+obw/cIG8=
Subject key identifier:   B0:65:F0:8F:A6:E6:27:8A:17:2B:8C:FD:71:D8:78:67:91:1B:31:91
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       019B7F144BC57B33B267D931CD310B51B0C5
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/sGXwj6bmJ4oXK4z9cdh4Z5EbMZE.roa
Signing time:             Fri 02 Jan 2026 14:19:55 +0000
ROA not before:           Fri 02 Jan 2026 14:19:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49791
IP address blocks:        193.233.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 03:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:14:4b:c5:7b:33:b2:67:d9:31:cd:31:0b:51:b0:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  2 14:19:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b065f08fa6e6278a172b8cfd71d87867911b3191
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:51:98:1a:0f:a2:86:96:b9:ee:04:13:d4:4a:
                    64:07:0a:2e:7a:0c:dd:3d:26:b5:85:9b:6b:8a:b5:
                    f5:b3:f8:4b:f2:87:07:27:f0:91:26:f4:e1:69:c8:
                    c1:f3:3b:c2:a9:5a:cc:d5:f7:14:64:df:eb:30:fe:
                    9a:4a:bd:34:78:9e:16:90:90:1d:8d:52:29:0c:65:
                    f9:29:62:15:2d:27:4e:e9:e3:c5:3c:2e:48:f5:ad:
                    49:6f:28:3a:6d:0b:6f:75:21:d0:7e:9c:ed:18:a6:
                    6a:16:f2:2b:50:88:6d:61:ea:93:40:b2:78:45:3e:
                    32:c8:b0:53:b0:da:8b:15:fa:3d:fe:f5:95:d3:d2:
                    17:83:ba:62:c9:6f:a4:84:be:e9:44:5b:7c:b4:3f:
                    7c:4f:71:29:85:22:d5:0e:34:71:14:b6:ea:2e:e1:
                    95:79:eb:99:a9:b0:b7:dd:0d:5a:90:69:16:86:1a:
                    d9:3b:74:c9:dc:7c:06:6c:74:e6:7d:65:a5:d0:45:
                    7a:1e:a2:de:68:c8:91:30:25:c6:0a:41:25:fd:17:
                    85:da:a2:22:5b:7c:3e:d2:98:72:10:5b:57:22:91:
                    c1:f9:c2:b4:6d:0c:18:6c:f9:03:19:c5:10:09:89:
                    a0:b1:1e:5a:a8:82:7a:82:83:ba:b5:27:dc:13:62:
                    01:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:65:F0:8F:A6:E6:27:8A:17:2B:8C:FD:71:D8:78:67:91:1B:31:91
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/sGXwj6bmJ4oXK4z9cdh4Z5EbMZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:f4:f6:46:b2:56:5e:02:45:d2:b2:75:00:28:2b:ac:c8:c9:
         20:c1:45:ff:f7:06:3a:f3:13:c7:9e:42:20:4a:03:71:3d:48:
         4c:5c:3e:dd:47:ca:64:c0:e1:af:80:0c:f3:ac:6b:2f:5a:82:
         01:89:04:91:bb:47:40:2e:7d:e4:53:4b:86:6b:6f:f5:83:81:
         7d:33:67:95:2f:c3:e0:f8:70:27:1a:ec:fa:7f:7c:e3:98:fb:
         6b:29:a7:57:f8:3c:11:ff:10:70:cd:c9:b3:82:7d:b0:a7:7f:
         56:e0:2b:19:d9:c7:54:f3:ed:79:bb:1e:48:5b:68:85:1c:a4:
         b1:ee:73:99:40:95:0b:b5:cf:7c:09:68:1a:60:da:d0:63:92:
         8e:4f:ce:40:83:fa:d2:95:55:1c:92:68:a8:4e:24:29:21:02:
         d2:f2:cb:ad:06:17:fc:68:70:06:00:93:1e:08:32:27:48:09:
         0d:f3:f2:44:bf:43:2f:47:2b:84:35:43:19:e8:f6:bc:89:cf:
         07:f4:a8:69:a2:9a:12:8a:a6:ed:93:ea:3f:bd:06:95:92:13:
         ac:59:ce:3a:96:2e:61:6b:b0:7a:54:2e:a3:67:fa:bf:6e:55:
         86:29:95:18:a6:47:8b:fb:8a:ed:b9:90:8a:63:fe:25:06:b1:
         ed:3b:b3:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FEvFezOyZ9kxzTELUbDFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjYwMTAyMTQxOTU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDY1ZjA4ZmE2ZTYyNzhhMTcyYjhjZmQ3MWQ4Nzg2NzkxMWIzMTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0VGYGg+ihpa57gQT1EpkBwouegzd
PSa1hZtrirX1s/hL8ocHJ/CRJvThacjB8zvCqVrM1fcUZN/rMP6aSr00eJ4WkJAd
jVIpDGX5KWIVLSdO6ePFPC5I9a1Jbyg6bQtvdSHQfpztGKZqFvIrUIhtYeqTQLJ4
RT4yyLBTsNqLFfo9/vWV09IXg7piyW+khL7pRFt8tD98T3EphSLVDjRxFLbqLuGV
eeuZqbC33Q1akGkWhhrZO3TJ3HwGbHTmfWWl0EV6HqLeaMiRMCXGCkEl/ReF2qIi
W3w+0phyEFtXIpHB+cK0bQwYbPkDGcUQCYmgsR5aqIJ6goO6tSfcE2IBfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLBl8I+m5ieKFyuM/XHYeGeRGzGRMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvc0dYd2o2Ym1KNG9YSzR6OWNkaDRaNUViTVpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwelXMA0G
CSqGSIb3DQEBCwUAA4IBAQB09PZGslZeAkXSsnUAKCusyMkgwUX/9wY68xPHnkIg
SgNxPUhMXD7dR8pkwOGvgAzzrGsvWoIBiQSRu0dALn3kU0uGa2/1g4F9M2eVL8Pg
+HAnGuz6f3zjmPtrKadX+DwR/xBwzcmzgn2wp39W4CsZ2cdU8+15ux5IW2iFHKSx
7nOZQJULtc98CWgaYNrQY5KOT85Ag/rSlVUckmioTiQpIQLS8sutBhf8aHAGAJMe
CDInSAkN8/JEv0MvRyuENUMZ6Pa8ic8H9KhpopoSiqbtk+o/vQaVkhOsWc46li5h
a7B6VC6jZ/q/blWGKZUYpkeL+4rtuZCKY/4lBrHtO7PF
-----END CERTIFICATE-----