This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/mZIbZUM5n7SNvXZOBEvALh3oD_g.roa
File:                     mZIbZUM5n7SNvXZOBEvALh3oD_g.roa (raw, json)
Hash identifier:          AV63YnpqRQM0cB0PktZC8zmEKBSBUm96dCFtXeH4o7U=
Subject key identifier:   99:92:1B:65:43:39:9F:B4:8D:BD:76:4E:04:4B:C0:2E:1D:E8:0F:F8
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       019B7FF168B2D18919299CF26B4FB0F7C0A5
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/mZIbZUM5n7SNvXZOBEvALh3oD_g.roa
Signing time:             Fri 02 Jan 2026 18:21:26 +0000
ROA not before:           Fri 02 Jan 2026 18:21:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29014
IP address blocks:        193.168.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 05:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f1:68:b2:d1:89:19:29:9c:f2:6b:4f:b0:f7:c0:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Jan  2 18:21:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=99921b6543399fb48dbd764e044bc02e1de80ff8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:c2:e7:4b:70:25:7d:6b:62:b4:c9:32:17:d8:
                    6d:37:01:4c:61:0a:1c:92:b4:22:cd:15:36:32:c1:
                    d8:58:2a:89:1b:61:9b:62:0f:93:ab:f8:06:6d:f5:
                    16:f1:01:73:63:a8:56:cc:f7:ec:6d:6a:0b:30:a4:
                    95:b6:b5:a3:64:c4:09:fe:5a:54:52:14:8e:4b:4d:
                    57:66:3f:e7:5e:19:a4:ae:6e:ed:1d:2b:9d:d0:1c:
                    d7:ac:93:21:20:88:71:fa:1b:e5:53:c7:4e:aa:3c:
                    76:24:31:74:ab:54:bc:b1:bf:99:44:f1:73:37:90:
                    31:40:1f:b9:c5:43:c1:ac:79:46:7a:57:77:da:b1:
                    2d:05:b5:1e:a7:cb:a8:5f:61:fd:b3:e7:90:27:37:
                    42:03:13:dd:91:b2:d7:55:c2:f4:df:2d:9e:55:c5:
                    f5:b4:b0:39:a2:27:b1:f7:49:e9:27:bf:3e:d8:43:
                    e4:6b:9c:68:99:64:ce:80:3e:0f:30:da:08:1c:e3:
                    ab:67:1c:6b:48:a6:b6:be:69:22:7e:f3:89:a7:a6:
                    24:5a:1b:20:aa:b4:48:7f:2d:39:2b:d2:60:63:0b:
                    52:7a:7e:92:09:c4:eb:32:e4:5f:7e:40:27:54:52:
                    ec:a9:b1:e3:32:94:0b:09:2f:94:35:c2:ef:86:f4:
                    9c:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:92:1B:65:43:39:9F:B4:8D:BD:76:4E:04:4B:C0:2E:1D:E8:0F:F8
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/mZIbZUM5n7SNvXZOBEvALh3oD_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.168.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:f7:ec:80:eb:c0:5f:c7:27:19:6d:15:aa:c5:e8:2f:d6:c8:
         89:1f:5a:3b:e9:53:9c:7b:a9:ca:d1:6d:a7:54:6d:e8:9c:bc:
         33:57:09:2e:c8:d2:56:db:02:d5:da:61:16:6e:32:2d:18:b7:
         dd:ae:38:9a:65:6b:40:8d:dc:14:c8:23:f9:16:38:54:d2:88:
         e0:4a:1a:fc:c2:d2:3b:81:46:55:18:21:9a:a5:2c:6b:a8:df:
         d4:72:af:96:54:ae:07:73:b0:e1:3d:f6:23:a3:72:23:b6:4a:
         e8:76:16:71:c9:2c:1d:2d:32:93:3f:4c:ea:e8:22:d9:7f:44:
         51:82:54:25:50:47:5c:39:25:06:74:45:7e:d6:44:87:06:e2:
         86:72:7f:a8:ee:f2:51:09:15:f4:37:55:43:94:74:13:4b:22:
         44:ff:3c:25:08:2d:a2:e7:8f:c2:71:9f:7b:d3:9a:95:c8:21:
         e5:4f:c0:fd:8b:88:8e:28:76:44:50:52:f5:ea:8e:4e:11:68:
         49:82:6c:63:25:de:22:5f:03:c2:84:23:8a:4e:3f:1b:64:ee:
         44:fa:9d:bb:d0:13:84:a0:dc:7a:99:15:e8:e6:2b:ad:cd:7f:
         9d:e7:d1:71:f4:0b:da:73:3d:72:8b:1e:9a:4e:9c:42:69:f1:
         d8:3e:dc:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/8Wiy0YkZKZzya0+w98ClMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjYwMTAyMTgyMTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTkyMWI2NTQzMzk5ZmI0OGRiZDc2NGUwNDRiYzAyZTFkZTgwZmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAncLnS3AlfWtitMkyF9htNwFMYQoc
krQizRU2MsHYWCqJG2GbYg+Tq/gGbfUW8QFzY6hWzPfsbWoLMKSVtrWjZMQJ/lpU
UhSOS01XZj/nXhmkrm7tHSud0BzXrJMhIIhx+hvlU8dOqjx2JDF0q1S8sb+ZRPFz
N5AxQB+5xUPBrHlGeld32rEtBbUep8uoX2H9s+eQJzdCAxPdkbLXVcL03y2eVcX1
tLA5oiex90npJ78+2EPka5xomWTOgD4PMNoIHOOrZxxrSKa2vmkifvOJp6YkWhsg
qrRIfy05K9JgYwtSen6SCcTrMuRffkAnVFLsqbHjMpQLCS+UNcLvhvScmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJmSG2VDOZ+0jb12TgRLwC4d6A/4MB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvbVpJYlpVTTVuN1NOdlhaT0JFdkFMaDNvRF9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwajKMA0G
CSqGSIb3DQEBCwUAA4IBAQAd9+yA68BfxycZbRWqxegv1siJH1o76VOce6nK0W2n
VG3onLwzVwkuyNJW2wLV2mEWbjItGLfdrjiaZWtAjdwUyCP5FjhU0ojgShr8wtI7
gUZVGCGapSxrqN/Ucq+WVK4Hc7DhPfYjo3IjtkrodhZxySwdLTKTP0zq6CLZf0RR
glQlUEdcOSUGdEV+1kSHBuKGcn+o7vJRCRX0N1VDlHQTSyJE/zwlCC2i54/CcZ97
05qVyCHlT8D9i4iOKHZEUFL16o5OEWhJgmxjJd4iXwPChCOKTj8bZO5E+p270BOE
oNx6mRXo5iutzX+d59Fx9Avacz1yix6aTpxCafHYPtyf
-----END CERTIFICATE-----