This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/40a1e5-7d2a-48d6-a50e-f96fb4ea7e70/1/ijFoRhXfDlfrNpWNyFmogIXNNoA.roa
File:                     ijFoRhXfDlfrNpWNyFmogIXNNoA.roa (raw, json)
Hash identifier:          adP2IDTZNzyeUMfynFkS2hIcBFbJGISzpZDlTGKl9HQ=
Subject key identifier:   8A:31:68:46:15:DF:0E:57:EB:36:95:8D:C8:59:A8:80:85:CD:36:80
Certificate issuer:       /CN=2c75f35d256cc4a5b88319bb7e4bbba329e49341
Certificate serial:       019B76EB55BA78D60E499D1E3A2079EE6E34
Authority key identifier: 2C:75:F3:5D:25:6C:C4:A5:B8:83:19:BB:7E:4B:BB:A3:29:E4:93:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LHXzXSVsxKW4gxm7fku7oynkk0E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/40a1e5-7d2a-48d6-a50e-f96fb4ea7e70/1/ijFoRhXfDlfrNpWNyFmogIXNNoA.roa
Signing time:             Thu 01 Jan 2026 00:18:12 +0000
ROA not before:           Thu 01 Jan 2026 00:18:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200044
IP address blocks:        195.22.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/40a1e5-7d2a-48d6-a50e-f96fb4ea7e70/1/LHXzXSVsxKW4gxm7fku7oynkk0E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/40a1e5-7d2a-48d6-a50e-f96fb4ea7e70/1/LHXzXSVsxKW4gxm7fku7oynkk0E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LHXzXSVsxKW4gxm7fku7oynkk0E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 09:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:55:ba:78:d6:0e:49:9d:1e:3a:20:79:ee:6e:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c75f35d256cc4a5b88319bb7e4bbba329e49341
        Validity
            Not Before: Jan  1 00:18:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8a31684615df0e57eb36958dc859a88085cd3680
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:84:8b:02:5e:88:15:f4:20:22:1e:c7:5b:d5:
                    30:1c:8f:4d:71:1f:bd:80:cf:5c:af:f1:04:93:6d:
                    a9:04:27:81:77:da:f1:68:77:1c:36:e9:b6:2f:88:
                    8f:3b:81:49:c7:3b:b5:87:ad:78:91:ed:3c:1f:e1:
                    94:4e:b7:1b:70:7f:71:c3:72:07:b0:c7:0a:56:c2:
                    0d:b3:88:c0:60:46:00:02:bd:6b:40:66:86:c3:59:
                    27:39:f3:b6:d4:9d:0c:17:4e:28:77:3f:ec:a1:be:
                    9f:e1:d3:49:ff:4d:5b:64:79:a9:2b:02:65:de:40:
                    e3:58:bc:5b:6c:38:5d:d1:d9:37:1d:88:90:a1:64:
                    9b:7e:51:3b:da:f7:54:61:6c:f6:80:af:8c:a2:31:
                    8c:2c:a0:e7:b8:1e:1b:12:5e:d5:59:1a:43:40:d3:
                    e7:55:83:85:0c:0f:cf:22:07:01:aa:18:9a:1b:36:
                    ba:73:63:f2:af:90:b6:07:05:cc:2a:d1:af:ce:d4:
                    e8:b5:6c:ae:bf:10:25:a2:d3:b4:36:7c:ed:cf:b4:
                    b2:5d:ee:14:50:c2:be:02:d3:97:58:51:29:39:3a:
                    85:76:75:96:81:7d:1e:fd:f3:72:9a:28:22:a8:e9:
                    9a:a9:65:4b:eb:3f:33:0a:76:f7:32:8d:de:39:b8:
                    81:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:31:68:46:15:DF:0E:57:EB:36:95:8D:C8:59:A8:80:85:CD:36:80
            X509v3 Authority Key Identifier:
                keyid:2C:75:F3:5D:25:6C:C4:A5:B8:83:19:BB:7E:4B:BB:A3:29:E4:93:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LHXzXSVsxKW4gxm7fku7oynkk0E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/40a1e5-7d2a-48d6-a50e-f96fb4ea7e70/1/ijFoRhXfDlfrNpWNyFmogIXNNoA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/40a1e5-7d2a-48d6-a50e-f96fb4ea7e70/1/LHXzXSVsxKW4gxm7fku7oynkk0E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.22.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:5d:26:13:73:f7:3e:d6:66:e7:7c:88:c6:ec:3d:a5:47:31:
         9c:80:95:83:12:fe:7c:74:0e:17:94:e3:83:d7:63:8c:12:6f:
         44:b3:cc:f7:4e:d4:67:ad:5e:e3:44:b6:87:3e:7b:95:89:08:
         3f:19:e7:b6:a9:ed:b0:d7:e0:4a:55:63:a0:53:e9:5c:fa:97:
         0b:1d:8b:8e:af:85:fb:81:74:aa:b3:32:1e:89:45:8c:9d:f4:
         f1:11:b8:6b:ae:bb:51:bf:45:2d:8e:11:4e:5b:4c:ca:7d:a8:
         c3:a2:30:04:d9:c3:ca:56:83:0d:8b:76:6e:3e:fc:9e:1b:05:
         31:e5:87:45:ac:59:cb:84:6e:ba:15:51:4e:be:d5:83:24:1b:
         90:26:c1:f5:9f:9c:1c:b1:e5:77:62:44:bb:5a:40:f3:43:49:
         a6:85:1e:10:ad:98:dd:2d:25:15:50:7b:f8:90:84:91:73:c0:
         97:00:3e:12:af:a6:d0:39:17:46:bf:16:73:bd:6d:63:52:81:
         50:3b:74:06:5b:dd:cb:29:cd:71:b4:84:e0:78:ef:43:a9:3e:
         42:27:53:02:ba:8d:91:e9:d7:fd:7f:6d:30:9a:65:d0:0f:c9:
         28:06:81:95:76:39:9c:6b:d8:50:a6:86:81:7b:c2:72:3d:66:
         2d:c3:5a:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt261W6eNYOSZ0eOiB57m40MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjNzVmMzVkMjU2Y2M0YTViODgzMTliYjdlNGJiYmEzMjll
NDkzNDEwHhcNMjYwMTAxMDAxODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTMxNjg0NjE1ZGYwZTU3ZWIzNjk1OGRjODU5YTg4MDg1Y2QzNjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxYSLAl6IFfQgIh7HW9UwHI9NcR+9
gM9cr/EEk22pBCeBd9rxaHccNum2L4iPO4FJxzu1h614ke08H+GUTrcbcH9xw3IH
sMcKVsINs4jAYEYAAr1rQGaGw1knOfO21J0MF04odz/sob6f4dNJ/01bZHmpKwJl
3kDjWLxbbDhd0dk3HYiQoWSbflE72vdUYWz2gK+MojGMLKDnuB4bEl7VWRpDQNPn
VYOFDA/PIgcBqhiaGza6c2Pyr5C2BwXMKtGvztTotWyuvxAlotO0Nnztz7SyXe4U
UMK+AtOXWFEpOTqFdnWWgX0e/fNymigiqOmaqWVL6z8zCnb3Mo3eObiBsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIoxaEYV3w5X6zaVjchZqICFzTaAMB8GA1UdIwQY
MBaAFCx1810lbMSluIMZu35Lu6Mp5JNBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEhYelhTVnN4S1c0Z3htN2ZrdTdveW5razBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC80MGExZTUtN2QyYS00OGQ2LWE1MGUt
Zjk2ZmI0ZWE3ZTcwLzEvaWpGb1JoWGZEbGZyTnBXTnlGbW9nSVhOTm9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC80MGExZTUtN2QyYS00OGQ2LWE1MGUtZjk2ZmI0ZWE3ZTcw
LzEvTEhYelhTVnN4S1c0Z3htN2ZrdTdveW5razBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwxZ7MA0G
CSqGSIb3DQEBCwUAA4IBAQCfXSYTc/c+1mbnfIjG7D2lRzGcgJWDEv58dA4XlOOD
12OMEm9Es8z3TtRnrV7jRLaHPnuViQg/Gee2qe2w1+BKVWOgU+lc+pcLHYuOr4X7
gXSqszIeiUWMnfTxEbhrrrtRv0UtjhFOW0zKfajDojAE2cPKVoMNi3ZuPvyeGwUx
5YdFrFnLhG66FVFOvtWDJBuQJsH1n5wcseV3YkS7WkDzQ0mmhR4QrZjdLSUVUHv4
kISRc8CXAD4Sr6bQORdGvxZzvW1jUoFQO3QGW93LKc1xtITgeO9DqT5CJ1MCuo2R
6df9f20wmmXQD8koBoGVdjmca9hQpoaBe8JyPWYtw1qk
-----END CERTIFICATE-----