This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/476fd0-b8a6-461f-b4c5-38c2c2a79c35/1/19kTeJepP8HkpIg63hHdZMuI5pU.roa
File:                     19kTeJepP8HkpIg63hHdZMuI5pU.roa (raw, json)
Hash identifier:          rYKL3pXSi0W4E3AFcHleDUG0Z3vGSYXA5D+E17BmR8U=
Subject key identifier:   D7:D9:13:78:97:A9:3F:C1:E4:A4:88:3A:DE:11:DD:64:CB:88:E6:95
Certificate issuer:       /CN=888166463a1a301ca5b6eb98bddd07e397091986
Certificate serial:       019B7AC8DAC93586ADE0825A7A12C7672FB3
Authority key identifier: 88:81:66:46:3A:1A:30:1C:A5:B6:EB:98:BD:DD:07:E3:97:09:19:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iIFmRjoaMByltuuYvd0H45cJGYY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/476fd0-b8a6-461f-b4c5-38c2c2a79c35/1/19kTeJepP8HkpIg63hHdZMuI5pU.roa
Signing time:             Thu 01 Jan 2026 18:19:02 +0000
ROA not before:           Thu 01 Jan 2026 18:19:02 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9211
IP address blocks:        194.156.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/476fd0-b8a6-461f-b4c5-38c2c2a79c35/1/iIFmRjoaMByltuuYvd0H45cJGYY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/476fd0-b8a6-461f-b4c5-38c2c2a79c35/1/iIFmRjoaMByltuuYvd0H45cJGYY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iIFmRjoaMByltuuYvd0H45cJGYY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 12:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:da:c9:35:86:ad:e0:82:5a:7a:12:c7:67:2f:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=888166463a1a301ca5b6eb98bddd07e397091986
        Validity
            Not Before: Jan  1 18:19:02 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d7d9137897a93fc1e4a4883ade11dd64cb88e695
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:38:7c:a9:c1:b3:69:c6:96:66:f9:22:6a:05:
                    e9:64:0a:4f:5b:39:26:a9:23:40:5e:54:15:e1:c6:
                    c1:76:99:8d:b8:32:5e:55:7a:ed:c5:9d:cb:82:af:
                    d0:3c:99:a0:a4:a9:72:2e:02:f4:7f:22:71:17:a1:
                    26:a1:24:c9:01:f6:af:f3:13:b3:6b:bd:b0:9b:1c:
                    52:f2:3b:96:75:ac:19:73:2e:5e:d5:ea:e6:57:5c:
                    b3:6c:9d:5d:2f:65:1f:74:0a:4d:3a:e2:63:44:d9:
                    10:a3:07:0e:d7:55:46:38:4a:8d:f0:04:12:25:06:
                    e4:5b:16:f6:86:92:a8:3f:31:0d:57:85:1a:e6:3e:
                    3c:a8:0d:42:c2:bd:64:a1:e7:cf:f3:94:ce:5c:73:
                    57:e8:3d:75:a7:4d:43:8d:82:8e:19:1a:06:a3:77:
                    c1:c2:e1:1d:2f:f7:b0:a3:d4:09:17:5c:e2:92:68:
                    aa:4b:e3:8d:88:24:f1:2a:16:0e:9e:b9:23:a9:38:
                    4d:7a:e0:ad:b7:1e:b2:83:41:5b:20:6f:a9:b3:b7:
                    f1:43:f7:3e:e5:ee:81:41:da:a8:b1:63:3b:b5:df:
                    5b:79:6f:6e:33:6a:e1:2f:6b:a8:4e:f5:46:80:fe:
                    d9:a2:b0:00:00:ca:f7:c4:79:48:f9:c6:14:07:3b:
                    85:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:D9:13:78:97:A9:3F:C1:E4:A4:88:3A:DE:11:DD:64:CB:88:E6:95
            X509v3 Authority Key Identifier:
                keyid:88:81:66:46:3A:1A:30:1C:A5:B6:EB:98:BD:DD:07:E3:97:09:19:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iIFmRjoaMByltuuYvd0H45cJGYY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/476fd0-b8a6-461f-b4c5-38c2c2a79c35/1/19kTeJepP8HkpIg63hHdZMuI5pU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/476fd0-b8a6-461f-b4c5-38c2c2a79c35/1/iIFmRjoaMByltuuYvd0H45cJGYY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.156.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:17:6e:9f:cd:0b:6b:8b:04:6f:38:52:fa:37:9a:79:9a:40:
         26:ee:8b:b9:e8:fe:38:43:e7:4b:ef:e9:3e:96:20:05:e4:51:
         a0:50:8d:f5:23:74:59:ea:3b:5a:c0:1e:32:e2:37:00:0a:c7:
         77:68:b5:fa:99:78:73:5e:be:a6:a7:03:72:40:c1:91:9a:36:
         85:69:73:d5:c3:bc:ad:69:09:e1:e7:c8:0a:5e:31:62:4e:3d:
         2d:61:ca:9f:f1:d5:c1:16:ef:6c:75:fe:76:0f:ad:c6:17:d0:
         bc:ba:f8:e6:85:35:d6:93:19:7e:2b:07:34:bc:d8:52:53:48:
         67:81:95:26:b9:08:5a:81:7e:ba:da:61:62:1a:f9:a8:50:1c:
         2a:9b:c2:d6:70:03:27:d4:65:48:ee:5e:d9:47:b2:a5:3f:23:
         db:db:79:94:59:c7:f0:1f:30:74:92:4f:48:8e:56:7d:e5:33:
         e5:37:83:8e:af:87:fc:5c:b3:8e:37:11:7d:17:69:74:b6:b3:
         64:17:08:cb:64:16:6a:31:04:cc:b0:6a:77:5b:11:9c:a3:7b:
         f1:92:71:aa:6c:38:69:56:ce:07:4b:38:ea:70:9e:14:b9:52:
         25:13:d8:31:37:69:1a:0d:5d:57:14:6f:94:26:6d:c1:43:3a:
         90:82:e5:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yNrJNYat4IJaehLHZy+zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4ODE2NjQ2M2ExYTMwMWNhNWI2ZWI5OGJkZGQwN2UzOTcw
OTE5ODYwHhcNMjYwMTAxMTgxOTAyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2Q5MTM3ODk3YTkzZmMxZTRhNDg4M2FkZTExZGQ2NGNiODhlNjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArTh8qcGzacaWZvkiagXpZApPWzkm
qSNAXlQV4cbBdpmNuDJeVXrtxZ3Lgq/QPJmgpKlyLgL0fyJxF6EmoSTJAfav8xOz
a72wmxxS8juWdawZcy5e1ermV1yzbJ1dL2UfdApNOuJjRNkQowcO11VGOEqN8AQS
JQbkWxb2hpKoPzENV4Ua5j48qA1Cwr1koefP85TOXHNX6D11p01DjYKOGRoGo3fB
wuEdL/ewo9QJF1zikmiqS+ONiCTxKhYOnrkjqThNeuCttx6yg0FbIG+ps7fxQ/c+
5e6BQdqosWM7td9beW9uM2rhL2uoTvVGgP7ZorAAAMr3xHlI+cYUBzuFIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNfZE3iXqT/B5KSIOt4R3WTLiOaVMB8GA1UdIwQY
MBaAFIiBZkY6GjAcpbbrmL3dB+OXCRmGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUlGbVJqb2FNQnlsdHV1WXZkMEg0NWNKR1lZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi80NzZmZDAtYjhhNi00NjFmLWI0YzUt
MzhjMmMyYTc5YzM1LzEvMTlrVGVKZXBQOEhrcElnNjNoSGRaTXVJNXBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi80NzZmZDAtYjhhNi00NjFmLWI0YzUtMzhjMmMyYTc5YzM1
LzEvaUlGbVJqb2FNQnlsdHV1WXZkMEg0NWNKR1lZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpy9MA0G
CSqGSIb3DQEBCwUAA4IBAQAIF26fzQtriwRvOFL6N5p5mkAm7ou56P44Q+dL7+k+
liAF5FGgUI31I3RZ6jtawB4y4jcACsd3aLX6mXhzXr6mpwNyQMGRmjaFaXPVw7yt
aQnh58gKXjFiTj0tYcqf8dXBFu9sdf52D63GF9C8uvjmhTXWkxl+Kwc0vNhSU0hn
gZUmuQhagX662mFiGvmoUBwqm8LWcAMn1GVI7l7ZR7KlPyPb23mUWcfwHzB0kk9I
jlZ95TPlN4OOr4f8XLOONxF9F2l0trNkFwjLZBZqMQTMsGp3WxGco3vxknGqbDhp
Vs4HSzjqcJ4UuVIlE9gxN2kaDV1XFG+UJm3BQzqQguWj
-----END CERTIFICATE-----