This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/5d6745-e0d6-40d0-84ed-c34953edc7e5/1/CIRhprz3rBBOPNEdy3jnFyLtmiA.roa
File:                     CIRhprz3rBBOPNEdy3jnFyLtmiA.roa (raw, json)
Hash identifier:          z/XfH3Aycu8JqZsvCP3U4kd6hBotdVQ6hRO0n7omiP8=
Subject key identifier:   08:84:61:A6:BC:F7:AC:10:4E:3C:D1:1D:CB:78:E7:17:22:ED:9A:20
Certificate issuer:       /CN=be3c54d1edca692f44c9da383402c24fde723507
Certificate serial:       019B7BA527C8354399E1C8D0981C1BA2486F
Authority key identifier: BE:3C:54:D1:ED:CA:69:2F:44:C9:DA:38:34:02:C2:4F:DE:72:35:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vjxU0e3KaS9Eydo4NALCT95yNQc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/5d6745-e0d6-40d0-84ed-c34953edc7e5/1/CIRhprz3rBBOPNEdy3jnFyLtmiA.roa
Signing time:             Thu 01 Jan 2026 22:19:39 +0000
ROA not before:           Thu 01 Jan 2026 22:19:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12843
IP address blocks:        193.42.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/5d6745-e0d6-40d0-84ed-c34953edc7e5/1/vjxU0e3KaS9Eydo4NALCT95yNQc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/5d6745-e0d6-40d0-84ed-c34953edc7e5/1/vjxU0e3KaS9Eydo4NALCT95yNQc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vjxU0e3KaS9Eydo4NALCT95yNQc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:35:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:27:c8:35:43:99:e1:c8:d0:98:1c:1b:a2:48:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be3c54d1edca692f44c9da383402c24fde723507
        Validity
            Not Before: Jan  1 22:19:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=088461a6bcf7ac104e3cd11dcb78e71722ed9a20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:5b:24:be:49:14:79:8b:b9:b1:9c:cc:a6:c1:
                    c1:4c:01:a4:99:75:b7:28:4d:8b:e1:c1:0d:47:7e:
                    6b:cd:80:35:f1:30:2f:05:a0:b5:47:b4:1d:83:2e:
                    44:e9:b5:71:96:87:d0:1a:f0:1b:5d:ad:fc:57:f1:
                    26:1c:8a:e8:42:df:77:ea:fc:f4:6b:9d:c9:f6:72:
                    b5:9c:28:ba:61:61:42:04:4d:e8:96:82:43:0d:a1:
                    61:cb:f6:c0:e4:5a:17:6d:1d:60:a6:c0:44:69:26:
                    e1:0a:b4:43:f5:c4:62:93:33:ac:5d:06:f8:3e:9c:
                    b6:17:8d:32:a1:58:15:a9:19:49:57:d7:b3:ba:e0:
                    ad:e9:ee:48:a0:3b:52:2b:07:51:2d:2b:1b:43:4a:
                    e9:55:dc:68:03:cb:05:64:b4:7a:01:ec:88:f8:90:
                    06:f3:9f:4a:db:d4:e7:a0:8b:25:61:05:58:8c:6a:
                    8b:f9:39:4c:4a:1e:60:09:f6:66:88:08:45:5a:fe:
                    7f:fc:57:fb:3b:5e:a7:08:75:8e:ba:51:4a:32:00:
                    89:eb:1d:78:59:e6:e4:d9:64:36:b5:25:a7:b3:f1:
                    b8:69:3c:e3:1a:51:a7:00:f6:c7:63:01:ff:24:67:
                    14:a9:c5:d7:e1:40:ff:f6:17:65:7b:97:30:47:a5:
                    25:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:84:61:A6:BC:F7:AC:10:4E:3C:D1:1D:CB:78:E7:17:22:ED:9A:20
            X509v3 Authority Key Identifier:
                keyid:BE:3C:54:D1:ED:CA:69:2F:44:C9:DA:38:34:02:C2:4F:DE:72:35:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vjxU0e3KaS9Eydo4NALCT95yNQc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5d6745-e0d6-40d0-84ed-c34953edc7e5/1/CIRhprz3rBBOPNEdy3jnFyLtmiA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5d6745-e0d6-40d0-84ed-c34953edc7e5/1/vjxU0e3KaS9Eydo4NALCT95yNQc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.42.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:e3:2a:fc:45:17:04:a9:66:00:d6:09:69:29:43:cd:71:02:
         6e:e8:5b:84:71:43:75:61:b7:af:85:48:f0:7a:4a:4c:c3:d3:
         ba:94:27:1d:6c:80:70:6a:97:92:12:77:c5:de:da:27:63:8b:
         38:1e:7f:ad:34:fd:41:6c:d7:1a:75:8c:5e:cb:a0:12:d7:71:
         f0:9e:b9:05:e9:0e:be:ab:36:e2:99:ae:7d:79:53:6a:6f:13:
         e6:58:52:56:e4:58:6a:dc:91:ef:25:8c:13:82:02:50:ca:56:
         9a:7b:f8:e8:16:e4:2f:37:ed:f8:eb:ec:d0:e2:24:32:b1:59:
         97:9c:80:85:89:94:c4:20:c2:de:62:e5:4c:01:e3:a1:37:8e:
         7a:15:74:f5:36:0e:5e:7e:15:88:fe:56:2d:0b:c5:b9:8a:97:
         69:b4:d1:37:fe:f6:7a:b3:d8:56:50:7c:66:95:23:a5:e2:64:
         be:3e:ce:45:7a:67:49:c4:5a:0d:8f:18:cd:51:0c:72:b5:6a:
         dc:3d:36:39:8a:1d:e5:f7:75:8e:8a:a5:2e:1e:cf:38:d7:08:
         50:ca:a9:bc:c1:16:f0:4a:bf:dc:52:ce:11:4a:db:53:2d:d0:
         b5:90:0f:a7:df:67:ee:a7:f2:1f:fd:b8:77:4a:7f:98:71:30:
         3c:7f:6d:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pSfINUOZ4cjQmBwbokhvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlM2M1NGQxZWRjYTY5MmY0NGM5ZGEzODM0MDJjMjRmZGU3
MjM1MDcwHhcNMjYwMTAxMjIxOTM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODg0NjFhNmJjZjdhYzEwNGUzY2QxMWRjYjc4ZTcxNzIyZWQ5YTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkFskvkkUeYu5sZzMpsHBTAGkmXW3
KE2L4cENR35rzYA18TAvBaC1R7Qdgy5E6bVxlofQGvAbXa38V/EmHIroQt936vz0
a53J9nK1nCi6YWFCBE3oloJDDaFhy/bA5FoXbR1gpsBEaSbhCrRD9cRikzOsXQb4
Ppy2F40yoVgVqRlJV9ezuuCt6e5IoDtSKwdRLSsbQ0rpVdxoA8sFZLR6AeyI+JAG
859K29TnoIslYQVYjGqL+TlMSh5gCfZmiAhFWv5//Ff7O16nCHWOulFKMgCJ6x14
Webk2WQ2tSWns/G4aTzjGlGnAPbHYwH/JGcUqcXX4UD/9hdle5cwR6UlcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAiEYaa896wQTjzRHct45xci7ZogMB8GA1UdIwQY
MBaAFL48VNHtymkvRMnaODQCwk/ecjUHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmp4VTBlM0thUzlFeWRvNE5BTENUOTV5TlFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS81ZDY3NDUtZTBkNi00MGQwLTg0ZWQt
YzM0OTUzZWRjN2U1LzEvQ0lSaHByejNyQkJPUE5FZHkzam5GeUx0bWlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS81ZDY3NDUtZTBkNi00MGQwLTg0ZWQtYzM0OTUzZWRjN2U1
LzEvdmp4VTBlM0thUzlFeWRvNE5BTENUOTV5TlFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSrdMA0G
CSqGSIb3DQEBCwUAA4IBAQCm4yr8RRcEqWYA1glpKUPNcQJu6FuEcUN1YbevhUjw
ekpMw9O6lCcdbIBwapeSEnfF3tonY4s4Hn+tNP1BbNcadYxey6AS13HwnrkF6Q6+
qzbima59eVNqbxPmWFJW5Fhq3JHvJYwTggJQylaae/joFuQvN+346+zQ4iQysVmX
nICFiZTEIMLeYuVMAeOhN456FXT1Ng5efhWI/lYtC8W5ipdptNE3/vZ6s9hWUHxm
lSOl4mS+Ps5FemdJxFoNjxjNUQxytWrcPTY5ih3l93WOiqUuHs841whQyqm8wRbw
Sr/cUs4RSttTLdC1kA+n32fup/If/bh3Sn+YcTA8f21R
-----END CERTIFICATE-----