This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/1kBIFOo2ulyvKv1UJg_qBLS4UFA.roa
File:                     1kBIFOo2ulyvKv1UJg_qBLS4UFA.roa (raw, json)
Hash identifier:          19uLjaCGyhFk7BEMqIY3TiGJXMkjDGV7tyTcmeRBNPI=
Subject key identifier:   D6:40:48:14:EA:36:BA:5C:AF:2A:FD:54:26:0F:EA:04:B4:B8:50:50
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019B7F14BBBC3FE5C8745AD36A49FFCBB98E
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/1kBIFOo2ulyvKv1UJg_qBLS4UFA.roa
Signing time:             Fri 02 Jan 2026 14:20:23 +0000
ROA not before:           Fri 02 Jan 2026 14:20:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     140641
IP address blocks:        194.231.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:14:bb:bc:3f:e5:c8:74:5a:d3:6a:49:ff:cb:b9:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jan  2 14:20:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d6404814ea36ba5caf2afd54260fea04b4b85050
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:65:a9:83:2d:98:c5:e9:c0:eb:69:39:3f:e1:
                    63:98:54:af:3b:4b:69:70:8c:ec:48:fd:d9:36:59:
                    a8:f4:e8:ff:9b:15:2d:db:b9:50:de:99:43:6f:3a:
                    e0:77:9b:da:c8:b8:1e:10:c0:ae:18:e7:33:97:95:
                    4e:94:88:97:a9:d1:08:03:8e:c6:f6:dc:6c:11:82:
                    d9:14:c5:f9:36:59:ae:7a:b3:6a:f6:64:37:6d:e9:
                    a3:8d:c4:fe:a6:45:1e:b1:e4:74:37:b5:23:1c:aa:
                    fb:df:c7:5e:9c:7a:17:ae:e8:cc:47:26:e9:97:8d:
                    eb:9d:5c:db:de:dc:95:9f:b8:74:d6:56:c0:6d:49:
                    76:18:a4:b0:15:af:03:88:1c:f2:85:bd:65:6e:03:
                    10:e9:be:82:26:9e:f0:58:6e:23:0e:5b:f5:83:c3:
                    77:6e:d0:70:c9:e3:0f:3d:08:d9:ff:65:a6:c8:d2:
                    bb:47:13:23:31:ce:6f:fd:bc:f2:02:a9:0c:6e:eb:
                    ea:17:20:8e:96:8e:c7:fd:25:d6:05:7d:61:f4:36:
                    a1:3e:37:dd:61:2b:a6:1d:a9:69:01:fb:16:7d:d8:
                    4c:9c:a1:e1:8e:05:b6:9f:7f:2e:da:5f:32:12:e4:
                    d9:88:10:f2:fb:e9:1c:4b:25:4c:b4:d6:1a:c5:b5:
                    7e:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:40:48:14:EA:36:BA:5C:AF:2A:FD:54:26:0F:EA:04:B4:B8:50:50
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/1kBIFOo2ulyvKv1UJg_qBLS4UFA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.231.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:43:12:ae:b7:f2:50:ac:55:58:0d:20:c5:14:49:98:3b:3a:
         84:3d:43:f7:6f:7f:d2:c7:92:ef:6f:b6:7f:17:24:1d:e0:00:
         24:de:bd:03:e3:c5:87:f6:cb:60:15:a8:f5:36:cc:8d:2e:36:
         72:32:ba:39:48:73:fb:3f:94:46:8f:3c:3f:ae:46:35:d4:d4:
         1a:9d:64:a3:f7:70:f1:cd:49:67:3c:f5:23:2b:fb:88:17:4e:
         e6:a1:0c:79:a3:c5:e4:67:e7:16:e0:5a:2c:82:47:bb:94:13:
         30:35:e1:0e:dd:2d:f9:2e:92:c3:fd:e7:fe:85:5c:cb:7c:32:
         08:34:a7:b0:24:16:1d:6b:0d:a1:ff:9b:e7:1a:a0:ee:12:57:
         c3:96:2a:63:19:3b:ba:22:72:68:8f:90:dd:c3:3d:81:bf:ab:
         49:2e:fc:e8:f7:83:21:08:11:50:bb:79:1a:95:ce:71:3b:c3:
         5c:ea:66:08:80:0b:50:8e:41:6d:7a:5e:e5:96:c7:35:2f:6e:
         9f:52:6b:48:11:c7:94:e4:96:9d:6d:5d:21:51:87:11:18:9d:
         07:d4:bb:fa:d2:64:10:5a:d3:9b:17:97:4d:50:7a:4b:89:b3:
         c4:e2:09:e9:c5:48:8f:28:85:6a:92:ad:80:ed:b6:f7:3f:61:
         62:06:0c:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FLu8P+XIdFrTakn/y7mOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwMTAyMTQyMDIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjQwNDgxNGVhMzZiYTVjYWYyYWZkNTQyNjBmZWEwNGI0Yjg1MDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0mWpgy2YxenA62k5P+FjmFSvO0tp
cIzsSP3ZNlmo9Oj/mxUt27lQ3plDbzrgd5vayLgeEMCuGOczl5VOlIiXqdEIA47G
9txsEYLZFMX5NlmuerNq9mQ3bemjjcT+pkUeseR0N7UjHKr738denHoXrujMRybp
l43rnVzb3tyVn7h01lbAbUl2GKSwFa8DiBzyhb1lbgMQ6b6CJp7wWG4jDlv1g8N3
btBwyeMPPQjZ/2WmyNK7RxMjMc5v/bzyAqkMbuvqFyCOlo7H/SXWBX1h9DahPjfd
YSumHalpAfsWfdhMnKHhjgW2n38u2l8yEuTZiBDy++kcSyVMtNYaxbV+YwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNZASBTqNrpcryr9VCYP6gS0uFBQMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvMWtCSUZPbzJ1bHl2S3YxVUpnX3FCTFM0VUZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwueNMA0G
CSqGSIb3DQEBCwUAA4IBAQCVQxKut/JQrFVYDSDFFEmYOzqEPUP3b3/Sx5Lvb7Z/
FyQd4AAk3r0D48WH9stgFaj1NsyNLjZyMro5SHP7P5RGjzw/rkY11NQanWSj93Dx
zUlnPPUjK/uIF07moQx5o8XkZ+cW4Fosgke7lBMwNeEO3S35LpLD/ef+hVzLfDII
NKewJBYdaw2h/5vnGqDuElfDlipjGTu6InJoj5Ddwz2Bv6tJLvzo94MhCBFQu3ka
lc5xO8Nc6mYIgAtQjkFtel7llsc1L26fUmtIEceU5JadbV0hUYcRGJ0H1Lv60mQQ
WtObF5dNUHpLibPE4gnpxUiPKIVqkq2A7bb3P2FiBgwT
-----END CERTIFICATE-----