This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/jVNCcPahI8MnAo7bfEhLMs0jPM8.roa
File:                     jVNCcPahI8MnAo7bfEhLMs0jPM8.roa (raw, json)
Hash identifier:          ixsuELj++X2HDmoMacER2sGM/0OkonMaKJdRtYHa0xA=
Subject key identifier:   8D:53:42:70:F6:A1:23:C3:27:02:8E:DB:7C:48:4B:32:CD:23:3C:CF
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019B7F15FA13D6AD92A6DFA28A5B81936BA5
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/jVNCcPahI8MnAo7bfEhLMs0jPM8.roa
Signing time:             Fri 02 Jan 2026 14:21:45 +0000
ROA not before:           Fri 02 Jan 2026 14:21:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216045
IP address blocks:        2.56.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 Jan 2026 14:32:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:fa:13:d6:ad:92:a6:df:a2:8a:5b:81:93:6b:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jan  2 14:21:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8d534270f6a123c327028edb7c484b32cd233ccf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:bc:42:87:75:f6:2c:69:4e:8f:f6:30:cc:87:
                    0a:d5:d9:cf:f7:ef:2e:8e:85:40:ff:e2:48:65:0b:
                    58:af:60:32:5e:64:47:3c:42:8f:4b:83:77:be:e0:
                    d5:b4:08:71:ca:da:ce:b6:6e:39:aa:23:0b:1b:93:
                    a4:f9:e3:e7:04:db:87:6d:ac:ea:10:96:c3:e4:80:
                    5f:93:76:de:b8:d7:01:cf:fd:c7:6a:67:5f:db:7b:
                    ea:79:b0:4e:40:50:6f:35:5e:3a:eb:b0:89:34:8e:
                    71:ce:ec:38:16:ab:f7:15:12:06:c2:84:cf:c1:3b:
                    3e:92:bf:d4:a1:8b:cc:a0:3a:b1:50:49:aa:36:c4:
                    05:a4:2e:b4:d1:86:a9:fb:5e:a5:1c:a6:23:46:7f:
                    14:60:b7:35:83:1e:1a:86:00:c0:89:42:44:92:97:
                    51:cf:9d:ec:ac:52:0a:05:79:22:e2:67:06:67:8c:
                    29:91:58:44:27:2e:54:5a:54:43:e2:b4:cf:29:75:
                    88:96:ec:43:cf:d6:82:5d:e3:8c:60:33:3d:cc:73:
                    de:6b:51:26:68:6e:e4:44:48:f8:8b:42:a3:ed:dc:
                    ff:78:5d:df:fe:fc:bb:f4:66:ab:17:70:0b:70:17:
                    37:8b:f4:26:6e:ab:53:45:6c:87:41:60:80:02:50:
                    f7:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:53:42:70:F6:A1:23:C3:27:02:8E:DB:7C:48:4B:32:CD:23:3C:CF
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/jVNCcPahI8MnAo7bfEhLMs0jPM8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:67:64:5e:6f:47:03:c4:dc:34:d7:a9:2d:7d:1b:35:af:ff:
         3b:e8:85:c1:82:b2:31:0b:3d:e1:58:0f:dd:04:29:a8:b6:81:
         e1:9f:3b:08:0b:a7:cd:e4:24:66:e4:8b:ca:48:77:1b:1a:26:
         78:b8:fc:82:66:10:1d:eb:1a:87:bd:2c:ab:c8:c7:36:05:42:
         01:12:30:e1:94:41:cf:56:f9:63:8f:99:20:44:2e:21:74:70:
         7a:94:37:71:71:25:a3:e8:4d:4a:38:13:91:2d:bd:cd:14:4c:
         37:c4:45:39:c5:fb:f5:98:47:37:e8:15:7a:1f:ee:a4:7e:d1:
         83:af:a1:c4:f9:8e:47:b2:6a:62:63:52:52:86:5d:b6:db:d4:
         c0:26:a6:3d:62:ce:30:05:cc:84:48:aa:8c:61:07:0c:e4:08:
         78:3d:d0:0b:de:6a:a5:5b:07:2f:c7:e0:d3:f1:67:1d:b3:10:
         31:89:d9:a0:d2:54:bf:5d:e9:b0:51:fd:5d:7d:90:70:e4:a6:
         e4:99:1f:95:55:24:75:7e:5f:1f:f4:51:0a:36:3e:e4:d4:99:
         2c:a7:36:ab:8b:de:05:58:48:ac:20:d9:93:8a:2a:9b:d4:1a:
         2b:cc:1d:f2:de:c9:36:ce:63:bf:4d:8b:fb:9b:0a:1a:ef:04:
         da:4d:07:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FfoT1q2Spt+iiluBk2ulMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjYwMTAyMTQyMTQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDUzNDI3MGY2YTEyM2MzMjcwMjhlZGI3YzQ4NGIzMmNkMjMzY2NmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9rxCh3X2LGlOj/YwzIcK1dnP9+8u
joVA/+JIZQtYr2AyXmRHPEKPS4N3vuDVtAhxytrOtm45qiMLG5Ok+ePnBNuHbazq
EJbD5IBfk3beuNcBz/3Hamdf23vqebBOQFBvNV4667CJNI5xzuw4Fqv3FRIGwoTP
wTs+kr/UoYvMoDqxUEmqNsQFpC600Yap+16lHKYjRn8UYLc1gx4ahgDAiUJEkpdR
z53srFIKBXki4mcGZ4wpkVhEJy5UWlRD4rTPKXWIluxDz9aCXeOMYDM9zHPea1Em
aG7kREj4i0Kj7dz/eF3f/vy79GarF3ALcBc3i/QmbqtTRWyHQWCAAlD3FQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI1TQnD2oSPDJwKO23xISzLNIzzPMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvalZOQ2NQYWhJOE1uQW83YmZFaExNczBqUE04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjhvMA0G
CSqGSIb3DQEBCwUAA4IBAQB9Z2Reb0cDxNw016ktfRs1r/876IXBgrIxCz3hWA/d
BCmotoHhnzsIC6fN5CRm5IvKSHcbGiZ4uPyCZhAd6xqHvSyryMc2BUIBEjDhlEHP
Vvljj5kgRC4hdHB6lDdxcSWj6E1KOBORLb3NFEw3xEU5xfv1mEc36BV6H+6kftGD
r6HE+Y5HsmpiY1JShl2229TAJqY9Ys4wBcyESKqMYQcM5Ah4PdAL3mqlWwcvx+DT
8WcdsxAxidmg0lS/XemwUf1dfZBw5KbkmR+VVSR1fl8f9FEKNj7k1Jkspzari94F
WEisINmTiiqb1BorzB3y3sk2zmO/TYv7mwoa7wTaTQfb
-----END CERTIFICATE-----