This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/fa3603-c2ca-4577-b7eb-772f841c4393/1/IwgOR8SpECdLjDFzz0M9A3eTqHc.roa
File:                     IwgOR8SpECdLjDFzz0M9A3eTqHc.roa (raw, json)
Hash identifier:          bqzQ3UtBaN9yvyQu2pNXKzVdfCP2Omy5M2vD+gjTY/A=
Subject key identifier:   23:08:0E:47:C4:A9:10:27:4B:8C:31:73:CF:43:3D:03:77:93:A8:77
Certificate issuer:       /CN=988a01e2526e39504192c30272f380b39ae3f2a6
Certificate serial:       019B7C7FF14E1DA04EBB35718BDC04727AB0
Authority key identifier: 98:8A:01:E2:52:6E:39:50:41:92:C3:02:72:F3:80:B3:9A:E3:F2:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mIoB4lJuOVBBksMCcvOAs5rj8qY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/fa3603-c2ca-4577-b7eb-772f841c4393/1/IwgOR8SpECdLjDFzz0M9A3eTqHc.roa
Signing time:             Fri 02 Jan 2026 02:18:38 +0000
ROA not before:           Fri 02 Jan 2026 02:18:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15962
IP address blocks:        194.1.185.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/fa3603-c2ca-4577-b7eb-772f841c4393/1/mIoB4lJuOVBBksMCcvOAs5rj8qY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/fa3603-c2ca-4577-b7eb-772f841c4393/1/mIoB4lJuOVBBksMCcvOAs5rj8qY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mIoB4lJuOVBBksMCcvOAs5rj8qY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 14:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:7f:f1:4e:1d:a0:4e:bb:35:71:8b:dc:04:72:7a:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=988a01e2526e39504192c30272f380b39ae3f2a6
        Validity
            Not Before: Jan  2 02:18:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=23080e47c4a910274b8c3173cf433d037793a877
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:2c:3e:67:73:8a:e8:d3:b5:4b:18:5e:72:da:
                    78:70:71:8f:09:a2:ca:6b:73:fa:7c:1c:89:02:7f:
                    07:1c:87:ba:59:87:74:21:4f:70:f3:ea:5c:27:e2:
                    aa:e6:d3:c6:a2:6f:73:e3:ca:d0:3b:77:64:9b:fd:
                    ff:67:81:f0:46:1c:65:69:7c:d5:2b:86:4a:3c:9d:
                    b4:66:97:bd:0c:62:df:94:e1:4f:e7:51:3c:26:49:
                    f6:fd:0d:34:5c:a2:9e:d2:55:f2:09:6b:48:42:80:
                    91:24:6a:77:ba:2c:1b:58:4d:36:b5:94:a3:ea:de:
                    e9:3f:0d:43:e2:1d:83:72:30:fb:b8:ea:d1:fa:d7:
                    f7:07:f1:c9:8b:78:e4:0a:74:b7:1d:0c:d3:6a:a3:
                    86:1f:a9:f1:1a:fb:d8:bf:bf:f2:c6:a5:df:be:99:
                    19:85:e9:6c:fe:23:af:7a:00:12:6c:24:f7:df:e9:
                    53:af:27:03:e8:20:25:4e:31:e2:29:4a:f3:6c:a4:
                    bf:9e:1c:f5:9e:9e:43:62:8d:85:60:9e:d3:af:c0:
                    8f:97:0f:80:b8:78:53:39:20:b6:61:86:47:67:1d:
                    d8:e0:77:ff:b4:6a:8f:13:0a:5d:f1:94:9d:4b:57:
                    47:fe:2a:a9:3c:01:f3:ed:36:5b:fd:86:c9:d5:b5:
                    50:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:08:0E:47:C4:A9:10:27:4B:8C:31:73:CF:43:3D:03:77:93:A8:77
            X509v3 Authority Key Identifier:
                keyid:98:8A:01:E2:52:6E:39:50:41:92:C3:02:72:F3:80:B3:9A:E3:F2:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mIoB4lJuOVBBksMCcvOAs5rj8qY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/fa3603-c2ca-4577-b7eb-772f841c4393/1/IwgOR8SpECdLjDFzz0M9A3eTqHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/fa3603-c2ca-4577-b7eb-772f841c4393/1/mIoB4lJuOVBBksMCcvOAs5rj8qY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.1.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:f9:14:21:c3:09:44:d3:20:e2:d0:08:fd:65:b4:69:ed:c8:
         29:9a:49:bd:22:37:0d:fe:c7:68:0f:79:f9:a1:86:c9:19:16:
         bc:a2:f1:d3:23:65:9a:29:ed:12:a1:ba:4d:87:31:30:23:41:
         78:93:7b:f4:a5:18:ae:0a:39:93:fc:86:6f:f9:25:c8:b4:14:
         5f:ae:51:64:20:f3:06:ea:4a:cb:b4:b1:0a:1b:fb:24:da:ea:
         e5:2a:91:60:a2:3a:30:93:8f:df:b1:e6:9d:1d:c3:44:d0:59:
         11:5a:01:8d:6e:d2:b8:d4:48:29:40:21:20:91:16:b7:fa:dd:
         c7:72:ea:1b:56:82:e8:c1:37:37:16:e2:d3:a6:18:b5:6c:8a:
         bb:73:9c:8f:60:d5:81:e6:87:65:1d:56:d1:8b:4b:a4:38:d9:
         d0:cb:38:96:11:06:67:d3:1b:dc:e6:61:13:28:35:7b:e2:09:
         f8:b7:d2:04:01:c4:2a:63:3f:15:c9:d0:09:0b:c7:93:c4:54:
         33:1a:98:56:97:8a:0c:9f:1e:32:ea:5f:a8:e5:15:d2:64:3a:
         62:55:a3:d8:6e:19:48:d2:b5:cd:70:2f:a5:ea:7c:c9:8a:e5:
         c5:ea:63:35:40:4b:20:73:6b:79:79:8c:c5:22:c2:ff:c9:7a:
         aa:45:1c:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8f/FOHaBOuzVxi9wEcnqwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4OGEwMWUyNTI2ZTM5NTA0MTkyYzMwMjcyZjM4MGIzOWFl
M2YyYTYwHhcNMjYwMTAyMDIxODM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzA4MGU0N2M0YTkxMDI3NGI4YzMxNzNjZjQzM2QwMzc3OTNhODc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApSw+Z3OK6NO1Sxhectp4cHGPCaLK
a3P6fByJAn8HHIe6WYd0IU9w8+pcJ+Kq5tPGom9z48rQO3dkm/3/Z4HwRhxlaXzV
K4ZKPJ20Zpe9DGLflOFP51E8Jkn2/Q00XKKe0lXyCWtIQoCRJGp3uiwbWE02tZSj
6t7pPw1D4h2DcjD7uOrR+tf3B/HJi3jkCnS3HQzTaqOGH6nxGvvYv7/yxqXfvpkZ
hels/iOvegASbCT33+lTrycD6CAlTjHiKUrzbKS/nhz1np5DYo2FYJ7Tr8CPlw+A
uHhTOSC2YYZHZx3Y4Hf/tGqPEwpd8ZSdS1dH/iqpPAHz7TZb/YbJ1bVQ+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCMIDkfEqRAnS4wxc89DPQN3k6h3MB8GA1UdIwQY
MBaAFJiKAeJSbjlQQZLDAnLzgLOa4/KmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUlvQjRsSnVPVkJCa3NNQ2N2T0FzNXJqOHFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi9mYTM2MDMtYzJjYS00NTc3LWI3ZWIt
NzcyZjg0MWM0MzkzLzEvSXdnT1I4U3BFQ2RMakRGenowTTlBM2VUcUhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi9mYTM2MDMtYzJjYS00NTc3LWI3ZWItNzcyZjg0MWM0Mzkz
LzEvbUlvQjRsSnVPVkJCa3NNQ2N2T0FzNXJqOHFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgG5MA0G
CSqGSIb3DQEBCwUAA4IBAQCU+RQhwwlE0yDi0Aj9ZbRp7cgpmkm9IjcN/sdoD3n5
oYbJGRa8ovHTI2WaKe0SobpNhzEwI0F4k3v0pRiuCjmT/IZv+SXItBRfrlFkIPMG
6krLtLEKG/sk2urlKpFgojowk4/fseadHcNE0FkRWgGNbtK41EgpQCEgkRa3+t3H
cuobVoLowTc3FuLTphi1bIq7c5yPYNWB5odlHVbRi0ukONnQyziWEQZn0xvc5mET
KDV74gn4t9IEAcQqYz8VydAJC8eTxFQzGphWl4oMnx4y6l+o5RXSZDpiVaPYbhlI
0rXNcC+l6nzJiuXF6mM1QEsgc2t5eYzFIsL/yXqqRRzA
-----END CERTIFICATE-----