This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/0e095b-6891-45c5-a3a1-f0c4eb154261/1/OQhQ0ERvOy6cUfsHeSPtDIxPLy0.roa
File:                     OQhQ0ERvOy6cUfsHeSPtDIxPLy0.roa (raw, json)
Hash identifier:          ZP0fbWow0Y5xEJaJhTl8fSb35nDS4+b7RNqWl3nyzwg=
Subject key identifier:   39:08:50:D0:44:6F:3B:2E:9C:51:FB:07:79:23:ED:0C:8C:4F:2F:2D
Certificate issuer:       /CN=1a70a721d1b53ed91d85b6c535ac72b4904f9c3d
Certificate serial:       019B783540F3D554008E649EBA7E1592AC00
Authority key identifier: 1A:70:A7:21:D1:B5:3E:D9:1D:85:B6:C5:35:AC:72:B4:90:4F:9C:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GnCnIdG1PtkdhbbFNaxytJBPnD0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/0e095b-6891-45c5-a3a1-f0c4eb154261/1/OQhQ0ERvOy6cUfsHeSPtDIxPLy0.roa
Signing time:             Thu 01 Jan 2026 06:18:34 +0000
ROA not before:           Thu 01 Jan 2026 06:18:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15830
IP address blocks:        193.23.24.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/0e095b-6891-45c5-a3a1-f0c4eb154261/1/GnCnIdG1PtkdhbbFNaxytJBPnD0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/0e095b-6891-45c5-a3a1-f0c4eb154261/1/GnCnIdG1PtkdhbbFNaxytJBPnD0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GnCnIdG1PtkdhbbFNaxytJBPnD0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 18:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:35:40:f3:d5:54:00:8e:64:9e:ba:7e:15:92:ac:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a70a721d1b53ed91d85b6c535ac72b4904f9c3d
        Validity
            Not Before: Jan  1 06:18:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=390850d0446f3b2e9c51fb077923ed0c8c4f2f2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:89:c5:26:62:97:f8:d7:dd:6b:8c:2e:1d:be:
                    38:5b:5c:8a:7a:2a:2a:ef:00:b9:d1:5f:bb:1e:33:
                    ba:8a:22:f8:ee:b3:10:e5:d7:a2:72:78:f2:eb:ff:
                    1a:e7:3c:b3:f1:02:f4:5c:d1:d1:9e:1c:dc:c1:1d:
                    eb:0a:e0:9c:8c:e0:cd:f7:76:40:5a:a7:f2:6e:4e:
                    ce:02:21:c5:07:6d:6c:8e:9f:ce:dd:04:f3:70:db:
                    fb:ea:6b:ea:2f:1e:be:9c:a7:c0:1f:96:a8:bd:a1:
                    7c:31:b7:4b:e8:78:3d:5c:48:48:7f:37:45:b9:01:
                    50:60:c4:81:f0:39:f5:47:67:62:4d:57:47:aa:51:
                    cb:da:5d:fa:b2:dd:6e:fb:51:67:0f:a2:8e:ce:8c:
                    62:b6:d3:34:2b:f2:34:3d:59:df:93:24:7c:9f:47:
                    b6:b9:49:79:f7:8c:38:60:9b:0c:00:88:d0:79:c0:
                    18:41:54:8e:28:2d:e7:ae:e4:bd:ab:57:b8:2f:d7:
                    8a:eb:1f:e0:1f:ac:f5:94:12:0d:57:f6:f4:ff:5c:
                    ed:42:f4:e0:34:e6:a5:c4:5d:f7:48:df:54:82:97:
                    ef:f0:79:1d:6f:fb:8e:95:bb:91:a8:26:bd:8c:c5:
                    e7:f0:81:f1:21:f7:22:ba:fb:8e:f4:52:ef:9d:5d:
                    16:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:08:50:D0:44:6F:3B:2E:9C:51:FB:07:79:23:ED:0C:8C:4F:2F:2D
            X509v3 Authority Key Identifier:
                keyid:1A:70:A7:21:D1:B5:3E:D9:1D:85:B6:C5:35:AC:72:B4:90:4F:9C:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GnCnIdG1PtkdhbbFNaxytJBPnD0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/0e095b-6891-45c5-a3a1-f0c4eb154261/1/OQhQ0ERvOy6cUfsHeSPtDIxPLy0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/0e095b-6891-45c5-a3a1-f0c4eb154261/1/GnCnIdG1PtkdhbbFNaxytJBPnD0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.23.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2e:28:b0:2c:78:0c:bb:ac:a9:00:d5:33:b3:ec:d1:ca:39:cc:
         d7:03:8e:8a:44:f8:07:09:47:21:4c:d1:d1:a2:a7:ff:8e:63:
         f8:86:22:af:14:bb:4e:85:3d:95:6d:c6:af:d5:ae:83:11:36:
         e3:4c:33:6f:2d:ae:6e:b4:81:c4:84:fe:9a:8d:6a:b0:70:3c:
         db:d9:68:b6:52:fb:33:48:8f:c5:f8:6d:80:b4:e3:6f:b3:75:
         4d:8d:dd:27:f3:76:90:c3:0c:bb:a4:ff:8b:70:42:d6:d4:78:
         1f:af:7a:b2:8c:b2:3f:b5:9f:97:55:98:f3:38:53:b9:92:49:
         69:3f:51:ab:ae:2b:d3:15:c2:9f:66:9d:b3:43:2a:da:42:57:
         90:e4:1f:dc:af:e8:a4:75:13:6d:dc:0b:de:46:19:1d:9c:bd:
         cf:6f:78:e1:d0:27:b4:26:df:86:ad:d4:6c:aa:65:4e:ab:de:
         24:8d:b0:c0:24:d8:01:38:ef:49:82:de:c6:e8:2b:08:d6:33:
         9d:07:8f:13:80:34:e9:51:f2:c2:98:a9:6a:4d:9e:d3:dd:c1:
         20:6a:cd:42:57:42:51:76:33:0e:1a:08:21:f7:ee:f3:9a:5f:
         1f:18:2b:3e:44:5f:c5:07:18:1d:ad:60:33:ca:62:bb:00:7f:
         5d:6c:0d:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NUDz1VQAjmSeun4VkqwAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhNzBhNzIxZDFiNTNlZDkxZDg1YjZjNTM1YWM3MmI0OTA0
ZjljM2QwHhcNMjYwMTAxMDYxODM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTA4NTBkMDQ0NmYzYjJlOWM1MWZiMDc3OTIzZWQwYzhjNGYyZjJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzInFJmKX+Nfda4wuHb44W1yKeioq
7wC50V+7HjO6iiL47rMQ5deicnjy6/8a5zyz8QL0XNHRnhzcwR3rCuCcjODN93ZA
Wqfybk7OAiHFB21sjp/O3QTzcNv76mvqLx6+nKfAH5aovaF8MbdL6Hg9XEhIfzdF
uQFQYMSB8Dn1R2diTVdHqlHL2l36st1u+1FnD6KOzoxittM0K/I0PVnfkyR8n0e2
uUl594w4YJsMAIjQecAYQVSOKC3nruS9q1e4L9eK6x/gH6z1lBINV/b0/1ztQvTg
NOalxF33SN9Ugpfv8Hkdb/uOlbuRqCa9jMXn8IHxIfciuvuO9FLvnV0WbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDkIUNBEbzsunFH7B3kj7QyMTy8tMB8GA1UdIwQY
MBaAFBpwpyHRtT7ZHYW2xTWscrSQT5w9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR25DbklkRzFQdGtkaGJiRk5heHl0SkJQbkQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8wZTA5NWItNjg5MS00NWM1LWEzYTEt
ZjBjNGViMTU0MjYxLzEvT1FoUTBFUnZPeTZjVWZzSGVTUHRESXhQTHkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8wZTA5NWItNjg5MS00NWM1LWEzYTEtZjBjNGViMTU0MjYx
LzEvR25DbklkRzFQdGtkaGJiRk5heHl0SkJQbkQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwRcYMA0G
CSqGSIb3DQEBCwUAA4IBAQAuKLAseAy7rKkA1TOz7NHKOczXA46KRPgHCUchTNHR
oqf/jmP4hiKvFLtOhT2Vbcav1a6DETbjTDNvLa5utIHEhP6ajWqwcDzb2Wi2Uvsz
SI/F+G2AtONvs3VNjd0n83aQwwy7pP+LcELW1Hgfr3qyjLI/tZ+XVZjzOFO5kklp
P1GrrivTFcKfZp2zQyraQleQ5B/cr+ikdRNt3AveRhkdnL3Pb3jh0Ce0Jt+GrdRs
qmVOq94kjbDAJNgBOO9Jgt7G6CsI1jOdB48TgDTpUfLCmKlqTZ7T3cEgas1CV0JR
djMOGggh9+7zml8fGCs+RF/FBxgdrWAzymK7AH9dbA2D
-----END CERTIFICATE-----