This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/532f41-2e3b-47eb-bed5-0e1c4ad03956/1/JGaj-VMF82BATvYd0lQOFLHFMc8.roa
File:                     JGaj-VMF82BATvYd0lQOFLHFMc8.roa (raw, json)
Hash identifier:          pT58jY5xAuPaGqFJHp5UHGx9TDCbSHrDu393sd5XVkQ=
Subject key identifier:   24:66:A3:F9:53:05:F3:60:40:4E:F6:1D:D2:54:0E:14:B1:C5:31:CF
Certificate issuer:       /CN=e7041e7e7d184d5dbad71429e365b9f0ac76ca52
Certificate serial:       019C0D5FD5FBD9C739265C2FB3D89E7192A0
Authority key identifier: E7:04:1E:7E:7D:18:4D:5D:BA:D7:14:29:E3:65:B9:F0:AC:76:CA:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5wQefn0YTV261xQp42W58Kx2ylI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/532f41-2e3b-47eb-bed5-0e1c4ad03956/1/JGaj-VMF82BATvYd0lQOFLHFMc8.roa
Signing time:             Fri 30 Jan 2026 05:28:30 +0000
ROA not before:           Fri 30 Jan 2026 05:28:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204269
IP address blocks:        167.150.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/532f41-2e3b-47eb-bed5-0e1c4ad03956/1/5wQefn0YTV261xQp42W58Kx2ylI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/532f41-2e3b-47eb-bed5-0e1c4ad03956/1/5wQefn0YTV261xQp42W58Kx2ylI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5wQefn0YTV261xQp42W58Kx2ylI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:0d:5f:d5:fb:d9:c7:39:26:5c:2f:b3:d8:9e:71:92:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7041e7e7d184d5dbad71429e365b9f0ac76ca52
        Validity
            Not Before: Jan 30 05:28:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2466a3f95305f360404ef61dd2540e14b1c531cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:c8:17:47:78:5a:58:e2:34:cb:ca:38:48:16:
                    e9:c5:ff:de:2f:58:05:54:4d:ff:5b:0b:22:8e:f9:
                    2c:9a:c2:a2:04:30:29:8b:c4:4f:5e:3e:a9:b2:67:
                    a3:1d:19:0a:d5:77:82:1f:1c:16:13:a0:71:63:de:
                    42:74:91:d3:49:46:2f:40:72:20:ec:68:05:a2:88:
                    55:73:f2:e3:26:ea:63:e1:2e:cb:cc:77:9c:7a:34:
                    d5:45:1d:39:df:b7:9c:f9:e2:61:0f:c6:8f:01:5a:
                    b9:0a:8b:c7:5d:41:a0:61:48:aa:2a:06:46:fe:19:
                    3f:33:90:92:0b:63:33:34:d5:4f:79:25:d9:04:70:
                    2e:c0:11:48:e9:de:65:b5:9f:03:48:ae:a7:d4:0a:
                    28:d2:b4:6f:44:51:84:ad:fb:67:c5:b9:fd:0e:11:
                    be:27:75:c2:58:96:9d:5c:69:6e:d1:7b:4b:b2:87:
                    79:94:00:12:5c:f6:5e:26:39:ec:5a:b3:d7:70:87:
                    8b:7e:e9:45:6a:b7:f2:34:ef:01:72:03:99:6b:a5:
                    46:bc:cc:76:87:d3:ea:26:98:bc:0b:3e:2c:cf:16:
                    b8:a3:ac:ae:76:ea:d8:b1:0d:09:d5:6b:98:f7:16:
                    90:00:8d:53:1e:a2:73:2f:af:b3:e6:f7:2e:a8:2d:
                    c0:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:66:A3:F9:53:05:F3:60:40:4E:F6:1D:D2:54:0E:14:B1:C5:31:CF
            X509v3 Authority Key Identifier:
                keyid:E7:04:1E:7E:7D:18:4D:5D:BA:D7:14:29:E3:65:B9:F0:AC:76:CA:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5wQefn0YTV261xQp42W58Kx2ylI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/532f41-2e3b-47eb-bed5-0e1c4ad03956/1/JGaj-VMF82BATvYd0lQOFLHFMc8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/532f41-2e3b-47eb-bed5-0e1c4ad03956/1/5wQefn0YTV261xQp42W58Kx2ylI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.150.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:54:8b:d9:d3:66:b8:eb:f5:30:0f:88:fb:90:25:bb:d1:4f:
         f0:17:84:51:f9:50:4a:ce:62:dd:eb:3f:54:d9:21:49:0e:3f:
         ad:3d:03:f2:48:43:dc:f7:1a:7d:33:78:f1:26:c1:47:b4:3f:
         98:17:fc:ce:aa:6d:99:a7:ee:05:4c:62:81:f8:6a:99:e1:f6:
         d3:db:b6:80:82:5b:7a:32:89:c1:31:1a:98:33:9b:2f:4f:8f:
         0d:55:43:21:b1:55:27:75:00:8f:0a:ab:49:a2:2c:46:85:5f:
         6e:83:2b:1a:cf:ef:99:7e:ac:04:0d:d8:2e:2a:01:9f:dd:ff:
         1c:47:4b:09:89:36:c9:aa:47:ff:77:3b:ba:2a:53:16:c7:08:
         29:33:25:98:b9:8f:17:3a:29:b0:d2:5b:5d:d0:52:b2:2d:15:
         9e:dd:8e:20:1e:76:25:ee:21:7a:da:84:5d:50:16:6e:ac:2f:
         f9:7a:e7:4f:d3:99:dd:67:bf:66:a9:80:cd:51:37:8d:0e:7e:
         9f:d2:8f:07:6c:e4:5f:c9:c8:f8:ac:2d:b5:68:b5:7f:94:fd:
         b9:d0:c1:e9:11:b4:8a:d2:e6:da:cb:9a:dc:49:6a:97:7c:d6:
         f1:74:ec:06:8d:33:cc:10:be:8f:c3:68:e5:07:43:cb:f6:73:
         c5:af:d4:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwNX9X72cc5Jlwvs9iecZKgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3MDQxZTdlN2QxODRkNWRiYWQ3MTQyOWUzNjViOWYwYWM3
NmNhNTIwHhcNMjYwMTMwMDUyODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDY2YTNmOTUzMDVmMzYwNDA0ZWY2MWRkMjU0MGUxNGIxYzUzMWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqMgXR3haWOI0y8o4SBbpxf/eL1gF
VE3/WwsijvksmsKiBDApi8RPXj6psmejHRkK1XeCHxwWE6BxY95CdJHTSUYvQHIg
7GgFoohVc/LjJupj4S7LzHecejTVRR0537ec+eJhD8aPAVq5CovHXUGgYUiqKgZG
/hk/M5CSC2MzNNVPeSXZBHAuwBFI6d5ltZ8DSK6n1Aoo0rRvRFGErftnxbn9DhG+
J3XCWJadXGlu0XtLsod5lAASXPZeJjnsWrPXcIeLfulFarfyNO8BcgOZa6VGvMx2
h9PqJpi8Cz4szxa4o6yudurYsQ0J1WuY9xaQAI1THqJzL6+z5vcuqC3APQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCRmo/lTBfNgQE72HdJUDhSxxTHPMB8GA1UdIwQY
MBaAFOcEHn59GE1dutcUKeNlufCsdspSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXdRZWZuMFlUVjI2MXhRcDQyVzU4S3gyeWxJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC81MzJmNDEtMmUzYi00N2ViLWJlZDUt
MGUxYzRhZDAzOTU2LzEvSkdhai1WTUY4MkJBVHZZZDBsUU9GTEhGTWM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC81MzJmNDEtMmUzYi00N2ViLWJlZDUtMGUxYzRhZDAzOTU2
LzEvNXdRZWZuMFlUVjI2MXhRcDQyVzU4S3gyeWxJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAp5bfMA0G
CSqGSIb3DQEBCwUAA4IBAQAbVIvZ02a46/UwD4j7kCW70U/wF4RR+VBKzmLd6z9U
2SFJDj+tPQPySEPc9xp9M3jxJsFHtD+YF/zOqm2Zp+4FTGKB+GqZ4fbT27aAglt6
MonBMRqYM5svT48NVUMhsVUndQCPCqtJoixGhV9ugysaz++ZfqwEDdguKgGf3f8c
R0sJiTbJqkf/dzu6KlMWxwgpMyWYuY8XOimw0ltd0FKyLRWe3Y4gHnYl7iF62oRd
UBZurC/5eudP05ndZ79mqYDNUTeNDn6f0o8HbORfycj4rC21aLV/lP250MHpEbSK
0ubay5rcSWqXfNbxdOwGjTPMEL6Pw2jlB0PL9nPFr9R6
-----END CERTIFICATE-----