This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/53ffa0-9060-472c-aac2-8eb85e3283e2/1/JKIhvk4nR2Yatg3LSMzcvAB5gDY.roa
File:                     JKIhvk4nR2Yatg3LSMzcvAB5gDY.roa (raw, json)
Hash identifier:          Wu8o0XpgB80LZ5YT5dratdi0qOmv7LG2bN4vwgSeFRY=
Subject key identifier:   24:A2:21:BE:4E:27:47:66:1A:B6:0D:CB:48:CC:DC:BC:00:79:80:36
Certificate issuer:       /CN=d8fb96ea3af51c532d7e8fe8c94376f51e1ea402
Certificate serial:       019B78A277C19A278A4D0DCF1152681A9E55
Authority key identifier: D8:FB:96:EA:3A:F5:1C:53:2D:7E:8F:E8:C9:43:76:F5:1E:1E:A4:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2PuW6jr1HFMtfo_oyUN29R4epAI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/53ffa0-9060-472c-aac2-8eb85e3283e2/1/JKIhvk4nR2Yatg3LSMzcvAB5gDY.roa
Signing time:             Thu 01 Jan 2026 08:17:52 +0000
ROA not before:           Thu 01 Jan 2026 08:17:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212829
IP address blocks:        193.36.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/53ffa0-9060-472c-aac2-8eb85e3283e2/1/2PuW6jr1HFMtfo_oyUN29R4epAI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/53ffa0-9060-472c-aac2-8eb85e3283e2/1/2PuW6jr1HFMtfo_oyUN29R4epAI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2PuW6jr1HFMtfo_oyUN29R4epAI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:77:c1:9a:27:8a:4d:0d:cf:11:52:68:1a:9e:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8fb96ea3af51c532d7e8fe8c94376f51e1ea402
        Validity
            Not Before: Jan  1 08:17:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=24a221be4e2747661ab60dcb48ccdcbc00798036
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:73:b7:f9:f6:ef:14:e4:6c:56:54:f3:8c:84:
                    42:c1:db:c0:a8:6a:69:67:b1:1f:dd:f0:d7:85:46:
                    30:8f:12:22:9b:c5:4f:8a:ee:ea:5b:c4:02:d2:fd:
                    4e:1b:ee:a7:60:b9:1f:ae:91:20:d4:1b:dd:51:6e:
                    60:2b:79:78:a6:9d:79:ac:89:0f:41:89:43:53:be:
                    fb:0d:eb:ed:77:00:51:34:0a:4c:01:81:b3:6f:a4:
                    1e:7a:bc:66:5c:45:f5:8c:57:5f:a1:ca:ae:94:f9:
                    a5:f1:af:4d:96:a9:ed:22:1c:8e:d3:01:81:e7:93:
                    39:72:70:58:b3:7c:ee:40:89:8a:61:a0:6a:9f:95:
                    04:e8:eb:f8:7f:bd:89:1a:9b:af:8a:94:6d:82:9f:
                    34:31:7e:ec:70:40:8a:44:64:bb:51:34:7c:10:f8:
                    28:e4:6f:5b:ed:69:04:a2:25:5a:ea:48:75:4a:e8:
                    52:74:ba:66:06:c6:bc:ae:18:5c:c5:63:35:05:4d:
                    b9:d2:f2:b6:e2:94:8b:07:b0:b5:01:96:37:57:5d:
                    c2:ef:5a:4a:90:96:88:10:f0:7b:eb:9c:99:4a:c6:
                    80:d2:2a:7c:0e:9f:e7:6d:e5:4d:06:55:af:60:f1:
                    9c:6c:46:a4:e0:4e:0f:24:7d:0a:e5:af:6c:97:d9:
                    a0:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:A2:21:BE:4E:27:47:66:1A:B6:0D:CB:48:CC:DC:BC:00:79:80:36
            X509v3 Authority Key Identifier:
                keyid:D8:FB:96:EA:3A:F5:1C:53:2D:7E:8F:E8:C9:43:76:F5:1E:1E:A4:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2PuW6jr1HFMtfo_oyUN29R4epAI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/53ffa0-9060-472c-aac2-8eb85e3283e2/1/JKIhvk4nR2Yatg3LSMzcvAB5gDY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/53ffa0-9060-472c-aac2-8eb85e3283e2/1/2PuW6jr1HFMtfo_oyUN29R4epAI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.36.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:58:8f:13:20:97:4c:a2:36:d4:1e:c9:33:f4:bd:e5:7c:26:
         d3:92:7e:81:a2:c8:d6:08:4e:95:be:19:0e:5e:b6:f8:7a:88:
         93:c6:21:05:87:6b:06:ff:ae:cc:05:0f:de:be:2e:91:5c:02:
         eb:4d:d4:01:f5:4a:11:96:9a:f5:22:56:eb:14:b6:1c:37:14:
         ca:a5:bf:27:e7:4d:dd:25:83:03:2c:50:79:a9:d7:be:74:ab:
         fb:47:20:6c:0f:fc:db:be:c6:78:b7:e0:09:71:2f:2c:3f:b5:
         7d:f5:de:47:b5:49:8c:55:e4:7b:c5:0e:cf:c7:f1:b6:cc:8c:
         b1:4d:42:2b:36:ec:b8:6f:ef:b0:7b:02:fe:79:6c:ed:5f:2a:
         85:f7:e4:c9:39:0e:1e:8e:7a:84:3c:fd:ec:5a:0d:cf:c0:39:
         39:d2:92:f0:1e:06:c8:9a:25:4f:3c:fa:1f:db:02:d2:39:52:
         18:ae:70:c4:92:89:e1:80:1c:95:97:30:fe:50:14:68:ea:d4:
         0b:d7:2d:8d:9a:ea:82:31:58:04:5e:62:49:0f:91:fa:0f:20:
         a4:16:ca:8a:1c:fc:90:25:39:de:4f:77:7b:52:57:44:80:78:
         d4:33:24:53:f7:6d:c1:43:26:1c:65:39:9b:ec:86:2a:c7:3e:
         19:8a:3e:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4onfBmieKTQ3PEVJoGp5VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZmI5NmVhM2FmNTFjNTMyZDdlOGZlOGM5NDM3NmY1MWUx
ZWE0MDIwHhcNMjYwMTAxMDgxNzUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGEyMjFiZTRlMjc0NzY2MWFiNjBkY2I0OGNjZGNiYzAwNzk4MDM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqXO3+fbvFORsVlTzjIRCwdvAqGpp
Z7Ef3fDXhUYwjxIim8VPiu7qW8QC0v1OG+6nYLkfrpEg1BvdUW5gK3l4pp15rIkP
QYlDU777DevtdwBRNApMAYGzb6QeerxmXEX1jFdfocqulPml8a9NlqntIhyO0wGB
55M5cnBYs3zuQImKYaBqn5UE6Ov4f72JGpuvipRtgp80MX7scECKRGS7UTR8EPgo
5G9b7WkEoiVa6kh1SuhSdLpmBsa8rhhcxWM1BU250vK24pSLB7C1AZY3V13C71pK
kJaIEPB765yZSsaA0ip8Dp/nbeVNBlWvYPGcbEak4E4PJH0K5a9sl9mgmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCSiIb5OJ0dmGrYNy0jM3LwAeYA2MB8GA1UdIwQY
MBaAFNj7luo69RxTLX6P6MlDdvUeHqQCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlB1VzZqcjFIRk10Zm9fb3lVTjI5UjRlcEFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS81M2ZmYTAtOTA2MC00NzJjLWFhYzIt
OGViODVlMzI4M2UyLzEvSktJaHZrNG5SMllhdGczTFNNemN2QUI1Z0RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS81M2ZmYTAtOTA2MC00NzJjLWFhYzItOGViODVlMzI4M2Uy
LzEvMlB1VzZqcjFIRk10Zm9fb3lVTjI5UjRlcEFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSS3MA0G
CSqGSIb3DQEBCwUAA4IBAQBrWI8TIJdMojbUHskz9L3lfCbTkn6BosjWCE6VvhkO
Xrb4eoiTxiEFh2sG/67MBQ/evi6RXALrTdQB9UoRlpr1IlbrFLYcNxTKpb8n503d
JYMDLFB5qde+dKv7RyBsD/zbvsZ4t+AJcS8sP7V99d5HtUmMVeR7xQ7Px/G2zIyx
TUIrNuy4b++wewL+eWztXyqF9+TJOQ4ejnqEPP3sWg3PwDk50pLwHgbImiVPPPof
2wLSOVIYrnDEkonhgByVlzD+UBRo6tQL1y2NmuqCMVgEXmJJD5H6DyCkFsqKHPyQ
JTneT3d7UldEgHjUMyRT923BQyYcZTmb7IYqxz4Zij43
-----END CERTIFICATE-----