This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/JX55jcV6gfM2l9um7UDwtp1OuG4.roa
File:                     JX55jcV6gfM2l9um7UDwtp1OuG4.roa (raw, json)
Hash identifier:          virMj+OsUzasT2LSKwkjbS79ulje/gW/NhHTtSzr02c=
Subject key identifier:   25:7E:79:8D:C5:7A:81:F3:36:97:DB:A6:ED:40:F0:B6:9D:4E:B8:6E
Certificate issuer:       /CN=76670236cd0e038684a33194bde7d4b95adc66f7
Certificate serial:       019B7DC97213733DC53C72DC4AACEB12BC56
Authority key identifier: 76:67:02:36:CD:0E:03:86:84:A3:31:94:BD:E7:D4:B9:5A:DC:66:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dmcCNs0OA4aEozGUvefUuVrcZvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/JX55jcV6gfM2l9um7UDwtp1OuG4.roa
Signing time:             Fri 02 Jan 2026 08:18:32 +0000
ROA not before:           Fri 02 Jan 2026 08:18:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     45027
IP address blocks:        193.109.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/dmcCNs0OA4aEozGUvefUuVrcZvc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/dmcCNs0OA4aEozGUvefUuVrcZvc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dmcCNs0OA4aEozGUvefUuVrcZvc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 11:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:c9:72:13:73:3d:c5:3c:72:dc:4a:ac:eb:12:bc:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76670236cd0e038684a33194bde7d4b95adc66f7
        Validity
            Not Before: Jan  2 08:18:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=257e798dc57a81f33697dba6ed40f0b69d4eb86e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:2b:32:d7:3f:7a:93:b2:19:e7:6d:db:10:89:
                    a4:c3:11:70:b8:a9:14:de:77:73:24:af:f2:d4:ba:
                    39:a1:8a:bf:f0:db:dc:2c:f3:52:d6:cc:cc:40:6a:
                    5c:c1:9a:ea:76:c7:f4:de:20:05:f5:f3:2e:4e:b1:
                    2c:26:34:92:fc:c8:43:24:56:0f:ec:ba:8b:16:b7:
                    3e:42:e7:b1:33:d0:ed:ee:d0:6d:d2:99:97:27:dd:
                    f6:f4:c6:aa:a6:18:93:08:a8:3b:c7:b4:67:57:6d:
                    f5:25:6f:80:9f:79:64:a6:3e:f4:2d:54:92:cd:0f:
                    60:39:4d:d3:61:6e:b2:a7:9c:de:34:01:c9:64:35:
                    98:90:a6:c8:f7:07:ba:2e:70:35:d6:28:15:43:ad:
                    60:84:1e:78:45:d7:02:e2:80:72:95:3c:c9:03:de:
                    06:26:4b:51:c3:c6:99:88:41:96:7d:6a:69:2b:ac:
                    40:7e:4f:70:c1:09:43:0d:c7:09:1d:37:ea:2d:f1:
                    11:77:b8:f4:f9:b8:c8:50:a1:c8:74:6b:94:a5:61:
                    72:ab:0c:77:6f:84:8c:08:f0:a6:9b:9b:9c:69:0c:
                    35:b5:59:cf:16:1f:94:71:42:60:1a:72:01:90:92:
                    11:53:c3:5d:d5:c6:56:0e:ef:4e:cf:10:92:99:c5:
                    5b:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:7E:79:8D:C5:7A:81:F3:36:97:DB:A6:ED:40:F0:B6:9D:4E:B8:6E
            X509v3 Authority Key Identifier:
                keyid:76:67:02:36:CD:0E:03:86:84:A3:31:94:BD:E7:D4:B9:5A:DC:66:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dmcCNs0OA4aEozGUvefUuVrcZvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/JX55jcV6gfM2l9um7UDwtp1OuG4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/dmcCNs0OA4aEozGUvefUuVrcZvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.109.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:68:03:33:67:66:6b:74:a1:40:f3:01:ce:f8:3d:88:f3:e6:
         05:68:8e:aa:5c:d4:90:39:0a:ac:78:bc:d4:42:5e:0c:97:d3:
         1b:9f:74:b2:d4:93:91:cb:f5:96:cf:6f:b3:d5:73:4d:14:e3:
         58:22:83:a6:6e:ad:2a:0b:f7:25:f3:5c:73:41:77:4c:f7:a4:
         95:b3:39:2d:d2:21:8e:1f:7b:2d:78:3b:d0:74:aa:85:d8:05:
         4b:7e:60:3a:1a:8c:97:52:0b:d5:98:c7:df:cf:bf:8c:51:a1:
         16:ea:32:c0:8a:9c:2e:a1:f2:8d:42:57:2f:f0:fe:86:b3:8c:
         b3:95:cd:5c:64:2d:50:69:b6:8b:3c:fc:41:d1:b3:8c:0e:99:
         0e:28:d4:a7:34:49:0a:b6:7d:92:84:f1:d7:67:3f:b5:aa:74:
         aa:13:fc:4a:ef:fa:ee:96:ef:0e:47:6d:0e:03:93:b0:46:79:
         4c:ab:58:3b:fe:a8:14:10:f1:b8:19:c0:c7:3e:6b:ca:91:f4:
         cf:80:a7:11:1f:db:bd:6e:b1:20:23:a4:bf:84:63:6e:56:5d:
         1e:02:3e:ae:09:d8:20:8e:83:f0:ae:72:3b:3d:ea:70:27:38:
         37:64:94:84:91:8c:f9:4a:4b:2a:d1:14:d2:fe:8e:35:24:d4:
         b0:30:9e:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yXITcz3FPHLcSqzrErxWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2NjcwMjM2Y2QwZTAzODY4NGEzMzE5NGJkZTdkNGI5NWFk
YzY2ZjcwHhcNMjYwMTAyMDgxODMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTdlNzk4ZGM1N2E4MWYzMzY5N2RiYTZlZDQwZjBiNjlkNGViODZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyCsy1z96k7IZ523bEImkwxFwuKkU
3ndzJK/y1Lo5oYq/8NvcLPNS1szMQGpcwZrqdsf03iAF9fMuTrEsJjSS/MhDJFYP
7LqLFrc+QuexM9Dt7tBt0pmXJ9329MaqphiTCKg7x7RnV231JW+An3lkpj70LVSS
zQ9gOU3TYW6yp5zeNAHJZDWYkKbI9we6LnA11igVQ61ghB54RdcC4oBylTzJA94G
JktRw8aZiEGWfWppK6xAfk9wwQlDDccJHTfqLfERd7j0+bjIUKHIdGuUpWFyqwx3
b4SMCPCmm5ucaQw1tVnPFh+UcUJgGnIBkJIRU8Nd1cZWDu9OzxCSmcVbDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCV+eY3FeoHzNpfbpu1A8LadTrhuMB8GA1UdIwQY
MBaAFHZnAjbNDgOGhKMxlL3n1Lla3Gb3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZG1jQ05zME9BNGFFb3pHVXZlZlV1VnJjWnZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi8xODA5ZGEtMWM2Zi00NGRiLWFhMjgt
YmE0ZmMyMzQ2ODNlLzEvSlg1NWpjVjZnZk0ybDl1bTdVRHd0cDFPdUc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi8xODA5ZGEtMWM2Zi00NGRiLWFhMjgtYmE0ZmMyMzQ2ODNl
LzEvZG1jQ05zME9BNGFFb3pHVXZlZlV1VnJjWnZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwW3ZMA0G
CSqGSIb3DQEBCwUAA4IBAQCBaAMzZ2ZrdKFA8wHO+D2I8+YFaI6qXNSQOQqseLzU
Ql4Ml9Mbn3Sy1JORy/WWz2+z1XNNFONYIoOmbq0qC/cl81xzQXdM96SVszkt0iGO
H3steDvQdKqF2AVLfmA6GoyXUgvVmMffz7+MUaEW6jLAipwuofKNQlcv8P6Gs4yz
lc1cZC1QabaLPPxB0bOMDpkOKNSnNEkKtn2ShPHXZz+1qnSqE/xK7/rulu8OR20O
A5OwRnlMq1g7/qgUEPG4GcDHPmvKkfTPgKcRH9u9brEgI6S/hGNuVl0eAj6uCdgg
joPwrnI7PepwJzg3ZJSEkYz5Sksq0RTS/o41JNSwMJ7/
-----END CERTIFICATE-----