This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/35b6bd-14b6-43dc-8384-7b7615ff0e96/1/Cyn38xr_aKjpDo4P5qrp-xma_-Q.roa
File:                     Cyn38xr_aKjpDo4P5qrp-xma_-Q.roa (raw, json)
Hash identifier:          EIt3b7IJ5biIXSp4ZF9k1ni8CNt6QRDhPAAZE5+8sT4=
Subject key identifier:   0B:29:F7:F3:1A:FF:68:A8:E9:0E:8E:0F:E6:AA:E9:FB:19:9A:FF:E4
Certificate issuer:       /CN=385cf4939beeeaeaf4409c2840eb344cab0850e0
Certificate serial:       019B79EBEAABFAC8905776145F530733FAE5
Authority key identifier: 38:5C:F4:93:9B:EE:EA:EA:F4:40:9C:28:40:EB:34:4C:AB:08:50:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OFz0k5vu6ur0QJwoQOs0TKsIUOA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/35b6bd-14b6-43dc-8384-7b7615ff0e96/1/Cyn38xr_aKjpDo4P5qrp-xma_-Q.roa
Signing time:             Thu 01 Jan 2026 14:17:42 +0000
ROA not before:           Thu 01 Jan 2026 14:17:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31510
IP address blocks:        193.228.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/35b6bd-14b6-43dc-8384-7b7615ff0e96/1/OFz0k5vu6ur0QJwoQOs0TKsIUOA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/35b6bd-14b6-43dc-8384-7b7615ff0e96/1/OFz0k5vu6ur0QJwoQOs0TKsIUOA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OFz0k5vu6ur0QJwoQOs0TKsIUOA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 14:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:eb:ea:ab:fa:c8:90:57:76:14:5f:53:07:33:fa:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=385cf4939beeeaeaf4409c2840eb344cab0850e0
        Validity
            Not Before: Jan  1 14:17:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0b29f7f31aff68a8e90e8e0fe6aae9fb199affe4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:d1:4c:39:a5:27:a6:ac:e0:ab:fb:13:94:49:
                    db:e2:c9:eb:e9:54:a4:4b:76:b2:95:0d:1d:59:83:
                    17:16:6d:e1:19:76:15:85:dd:20:c8:ca:22:e3:12:
                    39:bd:7f:da:34:7d:65:57:bf:82:3e:2c:e7:47:24:
                    fa:a8:5a:f6:7c:cb:26:8e:72:88:36:d6:b2:c0:27:
                    94:f6:39:df:a2:ba:2b:86:86:ce:2b:fd:27:b1:1c:
                    a2:7f:b8:4c:5e:5f:26:8f:ec:9d:4d:21:6d:71:a3:
                    00:03:72:d2:78:73:01:94:a8:36:79:9d:df:58:61:
                    5d:ad:09:0d:37:78:1d:93:9b:c3:f8:e4:56:46:8a:
                    f5:9d:c8:10:c1:d9:43:d6:1c:04:15:7f:ff:e8:bc:
                    1f:a4:63:88:e6:f1:a5:8f:2d:4e:75:c7:9e:b0:cb:
                    95:2a:62:ff:1b:ea:24:db:ca:71:c8:1e:e3:39:ef:
                    6c:dd:aa:64:ed:67:fb:50:13:3f:9f:fd:3f:b4:b9:
                    ad:4d:1a:ef:6d:6c:e8:47:51:74:82:fa:c3:9b:be:
                    cf:be:c2:74:ac:cd:00:1d:47:5d:88:f1:22:e3:e2:
                    b3:d7:76:9b:4a:cd:eb:d8:69:f6:d4:40:0f:e6:a7:
                    01:b5:ab:83:5a:8e:84:67:70:fc:54:95:93:5f:5e:
                    f5:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:29:F7:F3:1A:FF:68:A8:E9:0E:8E:0F:E6:AA:E9:FB:19:9A:FF:E4
            X509v3 Authority Key Identifier:
                keyid:38:5C:F4:93:9B:EE:EA:EA:F4:40:9C:28:40:EB:34:4C:AB:08:50:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OFz0k5vu6ur0QJwoQOs0TKsIUOA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/35b6bd-14b6-43dc-8384-7b7615ff0e96/1/Cyn38xr_aKjpDo4P5qrp-xma_-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/35b6bd-14b6-43dc-8384-7b7615ff0e96/1/OFz0k5vu6ur0QJwoQOs0TKsIUOA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.228.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:a8:0c:0b:e0:dd:dc:3d:3f:f5:07:d9:92:e8:46:ed:c2:23:
         0a:4c:87:1d:ab:e2:a5:ab:20:1f:08:27:90:77:4c:f2:ce:1c:
         a2:5c:ce:90:d3:0a:72:90:7f:42:1e:f6:9c:b4:3e:50:5e:25:
         5b:f2:7d:db:38:ea:4d:3f:eb:5f:5f:be:1c:a1:82:f4:24:ad:
         11:30:15:db:99:8d:6e:27:c6:97:b3:ad:26:cc:b8:0b:a7:e5:
         6a:fc:41:97:41:5c:3a:df:6d:f3:43:bd:51:d8:a9:c8:ef:30:
         c7:b4:97:61:ce:3e:b0:73:af:e5:c2:38:c6:f3:32:ee:da:b1:
         ea:80:ec:35:84:ac:86:ab:70:c3:6c:19:95:33:6a:61:df:88:
         1d:65:63:92:77:ea:58:2d:54:b3:20:e6:b8:b8:e9:4d:78:e6:
         b0:2a:94:be:21:f3:3a:2c:47:ff:bf:00:ed:06:bf:e6:e7:8c:
         3b:d2:c2:fa:a0:0e:ea:8b:e9:f2:96:76:65:db:ff:76:d5:86:
         07:50:9c:31:36:6a:d0:4b:3a:ee:f4:bb:5b:b2:fe:9a:e8:11:
         a7:14:fb:41:d7:c8:d7:43:e8:7a:3c:b9:7d:ae:06:ac:79:49:
         fc:5b:72:c2:be:53:72:e2:23:56:93:c2:a3:23:df:66:ac:5f:
         8a:d9:d9:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt56+qr+siQV3YUX1MHM/rlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4NWNmNDkzOWJlZWVhZWFmNDQwOWMyODQwZWIzNDRjYWIw
ODUwZTAwHhcNMjYwMTAxMTQxNzQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjI5ZjdmMzFhZmY2OGE4ZTkwZThlMGZlNmFhZTlmYjE5OWFmZmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvdFMOaUnpqzgq/sTlEnb4snr6VSk
S3aylQ0dWYMXFm3hGXYVhd0gyMoi4xI5vX/aNH1lV7+CPiznRyT6qFr2fMsmjnKI
NtaywCeU9jnfororhobOK/0nsRyif7hMXl8mj+ydTSFtcaMAA3LSeHMBlKg2eZ3f
WGFdrQkNN3gdk5vD+ORWRor1ncgQwdlD1hwEFX//6LwfpGOI5vGljy1OdceesMuV
KmL/G+ok28pxyB7jOe9s3apk7Wf7UBM/n/0/tLmtTRrvbWzoR1F0gvrDm77PvsJ0
rM0AHUddiPEi4+Kz13abSs3r2Gn21EAP5qcBtauDWo6EZ3D8VJWTX171BQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAsp9/Ma/2io6Q6OD+aq6fsZmv/kMB8GA1UdIwQY
MBaAFDhc9JOb7urq9ECcKEDrNEyrCFDgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0Z6MGs1dnU2dXIwUUp3b1FPczBUS3NJVU9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi8zNWI2YmQtMTRiNi00M2RjLTgzODQt
N2I3NjE1ZmYwZTk2LzEvQ3luMzh4cl9hS2pwRG80UDVxcnAteG1hXy1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi8zNWI2YmQtMTRiNi00M2RjLTgzODQtN2I3NjE1ZmYwZTk2
LzEvT0Z6MGs1dnU2dXIwUUp3b1FPczBUS3NJVU9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAweRdMA0G
CSqGSIb3DQEBCwUAA4IBAQBsqAwL4N3cPT/1B9mS6EbtwiMKTIcdq+KlqyAfCCeQ
d0zyzhyiXM6Q0wpykH9CHvactD5QXiVb8n3bOOpNP+tfX74coYL0JK0RMBXbmY1u
J8aXs60mzLgLp+Vq/EGXQVw6323zQ71R2KnI7zDHtJdhzj6wc6/lwjjG8zLu2rHq
gOw1hKyGq3DDbBmVM2ph34gdZWOSd+pYLVSzIOa4uOlNeOawKpS+IfM6LEf/vwDt
Br/m54w70sL6oA7qi+nylnZl2/921YYHUJwxNmrQSzru9Ltbsv6a6BGnFPtB18jX
Q+h6PLl9rgaseUn8W3LCvlNy4iNWk8KjI99mrF+K2dlf
-----END CERTIFICATE-----