This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/iEwy4hvC5Uu8z1Rem0QH0P8szPw.roa
File:                     iEwy4hvC5Uu8z1Rem0QH0P8szPw.roa (raw, json)
Hash identifier:          Anwtfd5/5zHCKLAgSLLAbIWK4dAMeabN5GCO7CNCpHU=
Subject key identifier:   88:4C:32:E2:1B:C2:E5:4B:BC:CF:54:5E:9B:44:07:D0:FF:2C:CC:FC
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       019B7C1309FA7FCDA9D95E6215E9FF28615D
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/iEwy4hvC5Uu8z1Rem0QH0P8szPw.roa
Signing time:             Fri 02 Jan 2026 00:19:41 +0000
ROA not before:           Fri 02 Jan 2026 00:19:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212823
IP address blocks:        194.209.192.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:13:09:fa:7f:cd:a9:d9:5e:62:15:e9:ff:28:61:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  2 00:19:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=884c32e21bc2e54bbccf545e9b4407d0ff2cccfc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:fe:87:2e:b7:51:d3:8b:2a:d5:0a:5a:58:c2:
                    25:ac:13:9a:ce:42:35:be:cc:3b:83:af:ce:63:e8:
                    76:07:f3:ff:f3:57:bf:e0:2f:35:fb:a2:4b:fa:d8:
                    3a:8b:07:32:11:a5:62:cb:90:dc:2f:db:89:79:77:
                    6a:ca:92:f3:1b:0e:ca:cf:84:d1:0f:aa:98:0e:88:
                    44:07:3d:b9:f7:22:3c:f6:13:0f:2a:6c:85:a0:db:
                    0f:54:6f:ae:3c:97:cc:fe:6e:4e:a1:fe:b2:78:6d:
                    b8:15:f5:2c:55:cc:ea:85:d8:c8:94:b1:b9:cb:b0:
                    a0:a0:28:bc:53:65:9b:68:80:05:a8:65:27:30:44:
                    81:d0:1f:22:30:f5:ce:38:98:74:5b:f8:01:e6:85:
                    8b:3f:32:f7:78:e9:1e:18:b9:7b:5f:89:49:83:7a:
                    b6:a5:73:07:f9:88:52:a4:ab:e8:15:24:2b:2b:5f:
                    80:ca:d2:0c:25:33:29:0b:e0:e2:87:bc:d4:6e:81:
                    16:ec:4f:5f:a7:87:00:9c:70:3f:aa:c8:d8:78:d2:
                    d5:49:6c:3b:39:84:79:11:d4:2a:d8:9b:01:46:12:
                    31:81:fd:09:c4:79:d6:b2:2a:da:43:db:d3:de:2b:
                    e0:9f:0e:3a:07:80:83:fd:87:8f:c6:56:73:d7:9b:
                    df:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:4C:32:E2:1B:C2:E5:4B:BC:CF:54:5E:9B:44:07:D0:FF:2C:CC:FC
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/iEwy4hvC5Uu8z1Rem0QH0P8szPw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.209.192.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2c:2e:ef:c0:48:73:54:c9:73:49:17:fe:3b:92:89:8e:1a:22:
         97:8e:2c:ae:52:41:27:1d:59:95:dc:b9:c2:59:b1:19:9c:78:
         98:d3:5b:bc:c4:d0:e6:6f:be:97:6e:cc:20:00:0b:16:a7:de:
         32:9c:eb:c0:b9:9d:93:99:d5:5d:cf:46:6e:a9:73:b3:f0:d7:
         69:de:9a:bc:01:91:c2:6b:59:86:07:0a:c8:ca:64:41:aa:81:
         25:2a:7f:07:db:56:e6:62:56:40:18:f8:69:8f:de:4f:06:41:
         03:40:9e:43:2a:29:b7:7d:06:ce:59:73:d0:e2:86:9e:e6:21:
         a9:3a:17:7f:a8:c5:ff:53:51:f3:9d:4f:09:59:06:e1:66:9a:
         d5:d0:c3:9e:ad:d8:7a:76:c9:f8:84:9e:23:9b:64:53:ed:3e:
         67:aa:ea:73:02:14:ef:fc:9e:75:ca:63:64:e4:15:16:53:d8:
         86:24:87:0b:55:9a:32:6c:7f:f7:2d:58:14:fe:0c:a4:8b:67:
         34:95:1f:f2:aa:e9:04:a0:7e:be:88:12:42:97:94:8b:53:a2:
         3d:34:b4:5e:75:76:83:8c:19:42:8d:6f:41:46:4f:32:44:85:
         e9:91:39:db:23:ad:de:f1:26:42:8a:6f:da:a4:42:ef:23:21:
         e9:de:96:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8Ewn6f82p2V5iFen/KGFdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjYwMTAyMDAxOTQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODRjMzJlMjFiYzJlNTRiYmNjZjU0NWU5YjQ0MDdkMGZmMmNjY2ZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwf6HLrdR04sq1QpaWMIlrBOazkI1
vsw7g6/OY+h2B/P/81e/4C81+6JL+tg6iwcyEaViy5DcL9uJeXdqypLzGw7Kz4TR
D6qYDohEBz259yI89hMPKmyFoNsPVG+uPJfM/m5Oof6yeG24FfUsVczqhdjIlLG5
y7CgoCi8U2WbaIAFqGUnMESB0B8iMPXOOJh0W/gB5oWLPzL3eOkeGLl7X4lJg3q2
pXMH+YhSpKvoFSQrK1+AytIMJTMpC+Dih7zUboEW7E9fp4cAnHA/qsjYeNLVSWw7
OYR5EdQq2JsBRhIxgf0JxHnWsiraQ9vT3ivgnw46B4CD/YePxlZz15vf+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIhMMuIbwuVLvM9UXptEB9D/LMz8MB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvaUV3eTRodkM1VXU4ejFSZW0wUUgwUDhzelB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwtHAMA0G
CSqGSIb3DQEBCwUAA4IBAQAsLu/ASHNUyXNJF/47komOGiKXjiyuUkEnHVmV3LnC
WbEZnHiY01u8xNDmb76XbswgAAsWp94ynOvAuZ2TmdVdz0ZuqXOz8Ndp3pq8AZHC
a1mGBwrIymRBqoElKn8H21bmYlZAGPhpj95PBkEDQJ5DKim3fQbOWXPQ4oae5iGp
Ohd/qMX/U1HznU8JWQbhZprV0MOerdh6dsn4hJ4jm2RT7T5nqupzAhTv/J51ymNk
5BUWU9iGJIcLVZoybH/3LVgU/gyki2c0lR/yqukEoH6+iBJCl5SLU6I9NLRedXaD
jBlCjW9BRk8yRIXpkTnbI63e8SZCim/apELvIyHp3pa5
-----END CERTIFICATE-----