This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/G2x8NDr9LHSkINrH0XgS_O7t-Ac.roa
File:                     G2x8NDr9LHSkINrH0XgS_O7t-Ac.roa (raw, json)
Hash identifier:          7q25uWkfgn8bVTorZp4GW1kItUx8sXbKUKO01jUtesY=
Subject key identifier:   1B:6C:7C:34:3A:FD:2C:74:A4:20:DA:C7:D1:78:12:FC:EE:ED:F8:07
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       019B7B36161FBEAAB868810AA83BB305D2E5
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/G2x8NDr9LHSkINrH0XgS_O7t-Ac.roa
Signing time:             Thu 01 Jan 2026 20:18:20 +0000
ROA not before:           Thu 01 Jan 2026 20:18:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     400687
IP address blocks:        194.76.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 00:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:16:1f:be:aa:b8:68:81:0a:a8:3b:b3:05:d2:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Jan  1 20:18:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1b6c7c343afd2c74a420dac7d17812fceeedf807
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:0e:fd:9f:8d:c9:8e:5c:da:e5:28:e9:33:80:
                    70:34:70:db:b3:79:9e:21:4e:2d:ab:70:a4:7c:ad:
                    7d:ac:dc:a7:83:ab:c1:7d:87:e0:7a:cd:70:c8:0f:
                    67:6b:b1:01:99:7d:3c:88:71:a2:e5:bb:c6:71:86:
                    25:8c:ed:92:50:7c:35:bf:bb:d5:ea:60:99:2c:2a:
                    b8:39:cf:06:e6:f1:f2:92:a0:16:c6:2b:3f:a1:6c:
                    6e:bc:6c:a2:5d:7e:60:3a:50:3e:ff:52:ba:cb:11:
                    37:8f:30:b5:ff:ed:0f:94:75:61:93:27:e8:ff:43:
                    a1:11:43:38:73:6f:c0:99:b8:4d:2a:2f:b5:18:0f:
                    1d:ba:b3:38:f7:12:0c:40:94:08:15:72:4f:b3:a8:
                    4b:3b:35:dc:4f:a7:2d:c1:e0:c9:ff:45:f7:9c:de:
                    92:e9:9b:fd:86:c6:e9:63:cc:12:30:e6:58:88:32:
                    6a:47:a2:a7:30:09:1f:1d:53:1c:5f:5d:17:61:52:
                    3d:23:cf:c6:19:26:2f:a1:63:b0:f6:2a:99:e3:2d:
                    78:0c:8b:e4:04:a2:57:ab:ad:65:09:b4:d9:aa:3b:
                    6e:46:80:30:73:78:28:92:e0:7a:65:1c:1f:fa:00:
                    c5:75:d8:a3:73:09:f3:6a:ab:a7:99:ff:1c:d8:3e:
                    79:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:6C:7C:34:3A:FD:2C:74:A4:20:DA:C7:D1:78:12:FC:EE:ED:F8:07
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/G2x8NDr9LHSkINrH0XgS_O7t-Ac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.76.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:4c:be:da:79:3a:0b:42:2f:66:f9:88:df:69:f7:18:7c:af:
         7c:b6:a7:92:64:2c:99:bd:cb:96:d8:ed:ff:03:ce:c0:d4:bf:
         79:7c:c8:d2:da:d2:fc:01:76:85:66:64:df:5c:5b:7a:d9:5c:
         91:3f:71:ae:36:2d:9b:d2:38:01:0c:6a:4f:93:63:24:bf:4d:
         08:82:f5:0b:44:c7:cf:3d:db:21:67:8e:85:87:9e:12:76:5a:
         95:57:49:89:8d:cd:27:fd:27:ef:16:e6:95:00:b9:a5:c4:1e:
         cb:e6:97:30:52:47:03:9a:e5:ec:30:ba:d4:cb:60:68:b3:51:
         01:d7:4a:dc:97:45:ed:b6:5b:3f:ec:42:e0:a3:a1:01:12:74:
         84:a5:e8:68:b6:f5:73:e2:a0:dd:3f:9c:38:fd:12:29:ce:70:
         18:2a:91:82:6d:74:dd:90:28:12:02:4f:25:c5:2c:17:59:25:
         29:af:51:bf:8b:96:0c:63:84:5c:c8:bb:4e:7a:ac:f1:9c:a7:
         cf:8b:bb:06:62:42:0f:17:c0:ee:88:e8:b9:74:a1:5a:b6:0f:
         de:3d:c5:a3:93:24:88:fe:86:a1:8d:f6:3c:14:82:e3:00:31:
         72:fc:cc:c9:b8:88:9c:ad:30:bf:c3:77:59:bb:ff:af:66:44:
         cc:32:29:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NhYfvqq4aIEKqDuzBdLlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjYwMTAxMjAxODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjZjN2MzNDNhZmQyYzc0YTQyMGRhYzdkMTc4MTJmY2VlZWRmODA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvA79n43Jjlza5SjpM4BwNHDbs3me
IU4tq3CkfK19rNyng6vBfYfges1wyA9na7EBmX08iHGi5bvGcYYljO2SUHw1v7vV
6mCZLCq4Oc8G5vHykqAWxis/oWxuvGyiXX5gOlA+/1K6yxE3jzC1/+0PlHVhkyfo
/0OhEUM4c2/AmbhNKi+1GA8durM49xIMQJQIFXJPs6hLOzXcT6ctweDJ/0X3nN6S
6Zv9hsbpY8wSMOZYiDJqR6KnMAkfHVMcX10XYVI9I8/GGSYvoWOw9iqZ4y14DIvk
BKJXq61lCbTZqjtuRoAwc3gokuB6ZRwf+gDFddijcwnzaqunmf8c2D55pwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBtsfDQ6/Sx0pCDax9F4Evzu7fgHMB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvRzJ4OE5EcjlMSFNrSU5ySDBYZ1NfTzd0LUFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwkwBMA0G
CSqGSIb3DQEBCwUAA4IBAQA8TL7aeToLQi9m+YjfafcYfK98tqeSZCyZvcuW2O3/
A87A1L95fMjS2tL8AXaFZmTfXFt62VyRP3GuNi2b0jgBDGpPk2Mkv00IgvULRMfP
PdshZ46Fh54SdlqVV0mJjc0n/SfvFuaVALmlxB7L5pcwUkcDmuXsMLrUy2Bos1EB
10rcl0Xttls/7ELgo6EBEnSEpehotvVz4qDdP5w4/RIpznAYKpGCbXTdkCgSAk8l
xSwXWSUpr1G/i5YMY4RcyLtOeqzxnKfPi7sGYkIPF8DuiOi5dKFatg/ePcWjkySI
/oahjfY8FILjADFy/MzJuIicrTC/w3dZu/+vZkTMMilm
-----END CERTIFICATE-----