This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/34244d-03c8-4780-87c3-45e696a5ae45/1/jOKUVjy0c9vId2Sgar1ALyHha2U.roa
File:                     jOKUVjy0c9vId2Sgar1ALyHha2U.roa (raw, json)
Hash identifier:          LYaq4K0uwHA/ENOgkf4QZP3JMqPWmSKEI1664spJ028=
Subject key identifier:   8C:E2:94:56:3C:B4:73:DB:C8:77:64:A0:6A:BD:40:2F:21:E1:6B:65
Certificate issuer:       /CN=f13219221cc0a21326ce006c42825bac2be31e17
Certificate serial:       019B78A2F881D630BB38AAA6D94F6FB2895B
Authority key identifier: F1:32:19:22:1C:C0:A2:13:26:CE:00:6C:42:82:5B:AC:2B:E3:1E:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TIZIhzAohMmzgBsQoJbrCvjHhc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/34244d-03c8-4780-87c3-45e696a5ae45/1/jOKUVjy0c9vId2Sgar1ALyHha2U.roa
Signing time:             Thu 01 Jan 2026 08:18:24 +0000
ROA not before:           Thu 01 Jan 2026 08:18:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44577
IP address blocks:        37.99.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/34244d-03c8-4780-87c3-45e696a5ae45/1/8TIZIhzAohMmzgBsQoJbrCvjHhc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/34244d-03c8-4780-87c3-45e696a5ae45/1/8TIZIhzAohMmzgBsQoJbrCvjHhc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TIZIhzAohMmzgBsQoJbrCvjHhc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 20:29:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:f8:81:d6:30:bb:38:aa:a6:d9:4f:6f:b2:89:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13219221cc0a21326ce006c42825bac2be31e17
        Validity
            Not Before: Jan  1 08:18:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8ce294563cb473dbc87764a06abd402f21e16b65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:2f:26:69:a1:24:68:1f:43:e0:2a:0e:0c:42:
                    40:c4:b7:68:4d:c7:c5:ac:12:8b:77:88:04:fe:22:
                    92:22:a1:1e:9f:6e:c6:67:ef:ca:8e:92:87:34:3f:
                    b9:8f:0d:b3:c1:cc:87:9c:72:9a:36:98:f6:79:47:
                    03:66:27:03:4e:51:08:13:ed:34:9f:6d:ae:f3:9e:
                    3d:40:fe:6a:9d:4c:24:41:3d:df:8b:95:ad:16:4a:
                    05:f9:2e:ee:4f:b7:71:67:df:ce:95:ff:2c:92:1c:
                    74:a8:21:46:13:77:0f:53:9f:be:98:d8:8e:f2:f0:
                    45:c5:ca:0a:76:16:c6:ed:e0:ca:6d:f5:ab:a5:f2:
                    9d:92:21:00:d5:86:f2:a8:fa:59:8f:f9:f4:24:96:
                    ad:08:74:34:dd:3f:5d:e4:a3:d4:d6:18:c9:c7:2d:
                    de:f0:46:5c:97:25:da:08:b4:16:95:11:31:60:e0:
                    24:d3:44:4b:55:75:9f:f9:71:4a:d3:0f:ad:f0:f4:
                    07:af:70:1d:5d:da:b5:ee:61:ca:42:2c:5c:97:6d:
                    35:4b:58:27:65:b6:f0:af:1d:d2:f3:ed:03:c9:41:
                    23:ec:8d:50:b0:e6:69:1e:dc:64:c9:66:c8:50:13:
                    14:ea:70:a4:46:58:37:e2:2d:8a:3b:d9:29:b6:d3:
                    4d:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:E2:94:56:3C:B4:73:DB:C8:77:64:A0:6A:BD:40:2F:21:E1:6B:65
            X509v3 Authority Key Identifier:
                keyid:F1:32:19:22:1C:C0:A2:13:26:CE:00:6C:42:82:5B:AC:2B:E3:1E:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TIZIhzAohMmzgBsQoJbrCvjHhc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/34244d-03c8-4780-87c3-45e696a5ae45/1/jOKUVjy0c9vId2Sgar1ALyHha2U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/34244d-03c8-4780-87c3-45e696a5ae45/1/8TIZIhzAohMmzgBsQoJbrCvjHhc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.99.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:92:92:13:c3:ac:4f:c7:e1:78:8d:fa:63:33:83:23:b9:88:
         90:3b:a5:a1:f2:55:e2:e7:cc:f7:63:57:47:2d:4f:23:7c:f8:
         2a:46:cb:97:da:d4:38:c3:83:e7:47:f9:05:00:c3:3b:4c:f9:
         37:af:7c:3b:4f:51:da:69:11:15:63:d2:4e:9d:58:04:6c:18:
         49:07:b6:b3:df:d8:7e:3f:1a:1e:eb:83:11:b7:fb:5b:7b:24:
         43:6d:4f:94:72:54:4f:39:ad:0f:de:4d:ee:ba:be:ac:c0:eb:
         63:2a:3a:ac:c2:c5:b2:2a:f1:89:16:08:4f:f2:d0:bf:3b:de:
         9d:33:ca:b7:fa:7e:70:2b:1a:61:de:23:b8:65:19:b7:ef:a0:
         d4:be:a8:ba:0f:db:52:f9:37:22:2b:dc:c3:29:70:7f:21:c8:
         fb:44:55:8b:bd:30:cc:f4:58:28:60:07:49:23:fb:c3:5a:6d:
         51:e6:3a:12:d0:3e:ee:7f:fe:74:f6:29:39:14:a8:e2:97:6f:
         4e:01:0e:d8:17:c6:ca:0f:cc:af:4f:80:30:32:41:15:44:01:
         5e:fb:ad:6e:e0:d8:cb:b0:6f:7e:de:ed:32:04:fa:9f:73:04:
         34:69:99:5e:e3:a2:8c:7e:e5:eb:70:c2:59:6e:c5:5b:31:68:
         5e:08:09:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4oviB1jC7OKqm2U9vsolbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzIxOTIyMWNjMGEyMTMyNmNlMDA2YzQyODI1YmFjMmJl
MzFlMTcwHhcNMjYwMTAxMDgxODI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2UyOTQ1NjNjYjQ3M2RiYzg3NzY0YTA2YWJkNDAyZjIxZTE2YjY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAli8maaEkaB9D4CoODEJAxLdoTcfF
rBKLd4gE/iKSIqEen27GZ+/KjpKHND+5jw2zwcyHnHKaNpj2eUcDZicDTlEIE+00
n22u8549QP5qnUwkQT3fi5WtFkoF+S7uT7dxZ9/Olf8skhx0qCFGE3cPU5++mNiO
8vBFxcoKdhbG7eDKbfWrpfKdkiEA1YbyqPpZj/n0JJatCHQ03T9d5KPU1hjJxy3e
8EZclyXaCLQWlRExYOAk00RLVXWf+XFK0w+t8PQHr3AdXdq17mHKQixcl201S1gn
Zbbwrx3S8+0DyUEj7I1QsOZpHtxkyWbIUBMU6nCkRlg34i2KO9kpttNNxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIzilFY8tHPbyHdkoGq9QC8h4WtlMB8GA1UdIwQY
MBaAFPEyGSIcwKITJs4AbEKCW6wr4x4XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRJWkloekFvaE1temdCc1FvSmJyQ3ZqSGhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8zNDI0NGQtMDNjOC00NzgwLTg3YzMt
NDVlNjk2YTVhZTQ1LzEvak9LVVZqeTBjOXZJZDJTZ2FyMUFMeUhoYTJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8zNDI0NGQtMDNjOC00NzgwLTg3YzMtNDVlNjk2YTVhZTQ1
LzEvOFRJWkloekFvaE1temdCc1FvSmJyQ3ZqSGhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJWO+MA0G
CSqGSIb3DQEBCwUAA4IBAQBekpITw6xPx+F4jfpjM4MjuYiQO6Wh8lXi58z3Y1dH
LU8jfPgqRsuX2tQ4w4PnR/kFAMM7TPk3r3w7T1HaaREVY9JOnVgEbBhJB7az39h+
Pxoe64MRt/tbeyRDbU+UclRPOa0P3k3uur6swOtjKjqswsWyKvGJFghP8tC/O96d
M8q3+n5wKxph3iO4ZRm376DUvqi6D9tS+TciK9zDKXB/Icj7RFWLvTDM9FgoYAdJ
I/vDWm1R5joS0D7uf/509ik5FKjil29OAQ7YF8bKD8yvT4AwMkEVRAFe+61u4NjL
sG9+3u0yBPqfcwQ0aZle46KMfuXrcMJZbsVbMWheCAmg
-----END CERTIFICATE-----