This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/3d370c-3295-4306-98dc-f698b05ba971/1/loy4dq4keQGVVjd_GZNqzZEFuGk.roa
File:                     loy4dq4keQGVVjd_GZNqzZEFuGk.roa (raw, json)
Hash identifier:          xIPUz5Sh2e4Af6AHs7cOizEtdk/KROc6aaXyJduVd/w=
Subject key identifier:   96:8C:B8:76:AE:24:79:01:95:56:37:7F:19:93:6A:CD:91:05:B8:69
Certificate issuer:       /CN=fd818d93e68571f95c45ebc281598c7c98f32577
Certificate serial:       019B77C68BDC663202AC6B55177639C562C1
Authority key identifier: FD:81:8D:93:E6:85:71:F9:5C:45:EB:C2:81:59:8C:7C:98:F3:25:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_YGNk-aFcflcRevCgVmMfJjzJXc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/3d370c-3295-4306-98dc-f698b05ba971/1/loy4dq4keQGVVjd_GZNqzZEFuGk.roa
Signing time:             Thu 01 Jan 2026 04:17:39 +0000
ROA not before:           Thu 01 Jan 2026 04:17:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12779
IP address blocks:        194.28.116.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/3d370c-3295-4306-98dc-f698b05ba971/1/_YGNk-aFcflcRevCgVmMfJjzJXc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/3d370c-3295-4306-98dc-f698b05ba971/1/_YGNk-aFcflcRevCgVmMfJjzJXc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_YGNk-aFcflcRevCgVmMfJjzJXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:35:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:8b:dc:66:32:02:ac:6b:55:17:76:39:c5:62:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd818d93e68571f95c45ebc281598c7c98f32577
        Validity
            Not Before: Jan  1 04:17:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=968cb876ae2479019556377f19936acd9105b869
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:07:92:0e:55:30:6e:c8:4f:54:c3:f6:ee:79:
                    fe:5f:4e:79:3e:ad:1b:18:d6:24:24:d3:8f:6c:ca:
                    52:c6:f1:af:9d:7c:fa:a4:a2:21:2d:48:1f:cd:ab:
                    30:08:c6:f2:1e:85:f8:03:c8:2e:44:7c:ef:4e:ae:
                    aa:f1:eb:c8:0c:99:32:a9:e9:85:0d:ec:99:59:3a:
                    0f:8e:12:f0:43:df:c6:b1:36:c8:be:61:bd:7a:33:
                    d4:9d:e0:a1:71:0f:38:4d:98:a8:51:8f:6a:99:14:
                    16:ec:2f:42:6e:7b:0a:81:c9:93:ad:3c:7e:c3:d2:
                    2d:82:9a:06:cb:25:e9:1d:e1:7d:7c:61:45:e8:79:
                    3b:a0:fa:29:89:6d:4e:0f:dd:2e:2c:48:ba:a5:61:
                    4f:4e:a8:f1:a4:89:5a:fb:93:4a:be:55:b9:c6:f8:
                    cc:1f:67:be:d6:de:38:7b:f8:ef:46:92:7f:be:7e:
                    c1:24:73:05:57:16:e7:a8:33:c3:5d:1e:54:e4:dd:
                    7f:f4:dd:24:00:94:ee:e6:85:98:17:5a:17:fc:0c:
                    c8:d0:c5:75:68:34:85:39:05:c9:01:c3:b3:f5:c1:
                    4c:fa:a6:9e:8f:72:b4:01:82:75:f9:97:6d:77:1c:
                    dc:8b:1c:85:79:78:56:04:6b:16:14:31:88:01:27:
                    72:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:8C:B8:76:AE:24:79:01:95:56:37:7F:19:93:6A:CD:91:05:B8:69
            X509v3 Authority Key Identifier:
                keyid:FD:81:8D:93:E6:85:71:F9:5C:45:EB:C2:81:59:8C:7C:98:F3:25:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_YGNk-aFcflcRevCgVmMfJjzJXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/3d370c-3295-4306-98dc-f698b05ba971/1/loy4dq4keQGVVjd_GZNqzZEFuGk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/3d370c-3295-4306-98dc-f698b05ba971/1/_YGNk-aFcflcRevCgVmMfJjzJXc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.28.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8c:bd:f6:3e:fb:c5:20:7f:51:eb:b8:2e:f2:dd:72:9f:8a:e4:
         a9:49:98:69:b5:5a:3e:58:38:1a:f6:87:5b:cb:1b:88:b7:b3:
         39:90:bd:34:6a:45:0d:13:c1:58:35:b8:2f:bb:70:34:c0:d9:
         e6:35:0b:38:dd:09:8d:a7:4d:47:16:e3:f9:6c:61:ac:91:a0:
         05:4a:fd:4e:b3:5e:79:f0:4f:dd:71:59:88:ca:0e:a9:c1:76:
         05:37:5b:e5:a6:67:bb:1d:df:16:b3:35:1e:1b:94:65:b0:20:
         41:63:a6:6f:ce:03:7d:9c:ed:01:74:39:12:f5:bd:38:4e:ab:
         4a:46:46:12:6b:f2:6e:23:59:96:f7:c8:80:ef:13:fe:6a:54:
         c1:38:f8:0d:50:46:c6:e9:a7:65:ac:ea:50:cc:fb:1f:fe:38:
         dc:18:79:fa:65:b2:cc:80:27:a6:f1:88:90:e4:b5:bd:78:70:
         96:ad:a7:1a:74:8f:6a:c8:30:60:27:1d:2f:7f:4e:0c:ea:6e:
         3e:f1:6a:b4:20:e6:f8:7b:d9:7f:9e:3d:bb:f6:be:6e:aa:58:
         eb:c0:fe:ee:9c:c0:89:06:5c:1c:9e:7d:fe:d7:b8:1b:38:9e:
         cd:a9:96:da:37:c3:35:bd:ac:31:2e:e4:b1:6f:5e:e3:5e:e5:
         7c:a3:72:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xovcZjICrGtVF3Y5xWLBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkODE4ZDkzZTY4NTcxZjk1YzQ1ZWJjMjgxNTk4YzdjOThm
MzI1NzcwHhcNMjYwMTAxMDQxNzM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjhjYjg3NmFlMjQ3OTAxOTU1NjM3N2YxOTkzNmFjZDkxMDViODY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzQeSDlUwbshPVMP27nn+X055Pq0b
GNYkJNOPbMpSxvGvnXz6pKIhLUgfzaswCMbyHoX4A8guRHzvTq6q8evIDJkyqemF
DeyZWToPjhLwQ9/GsTbIvmG9ejPUneChcQ84TZioUY9qmRQW7C9CbnsKgcmTrTx+
w9ItgpoGyyXpHeF9fGFF6Hk7oPopiW1OD90uLEi6pWFPTqjxpIla+5NKvlW5xvjM
H2e+1t44e/jvRpJ/vn7BJHMFVxbnqDPDXR5U5N1/9N0kAJTu5oWYF1oX/AzI0MV1
aDSFOQXJAcOz9cFM+qaej3K0AYJ1+ZdtdxzcixyFeXhWBGsWFDGIASdyfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJaMuHauJHkBlVY3fxmTas2RBbhpMB8GA1UdIwQY
MBaAFP2BjZPmhXH5XEXrwoFZjHyY8yV3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1lHTmstYUZjZmxjUmV2Q2dWbU1mSmp6SlhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8zZDM3MGMtMzI5NS00MzA2LTk4ZGMt
ZjY5OGIwNWJhOTcxLzEvbG95NGRxNGtlUUdWVmpkX0daTnF6WkVGdUdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8zZDM3MGMtMzI5NS00MzA2LTk4ZGMtZjY5OGIwNWJhOTcx
LzEvX1lHTmstYUZjZmxjUmV2Q2dWbU1mSmp6SlhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwhx0MA0G
CSqGSIb3DQEBCwUAA4IBAQCMvfY++8Ugf1HruC7y3XKfiuSpSZhptVo+WDga9odb
yxuIt7M5kL00akUNE8FYNbgvu3A0wNnmNQs43QmNp01HFuP5bGGskaAFSv1Os155
8E/dcVmIyg6pwXYFN1vlpme7Hd8WszUeG5RlsCBBY6ZvzgN9nO0BdDkS9b04TqtK
RkYSa/JuI1mW98iA7xP+alTBOPgNUEbG6adlrOpQzPsf/jjcGHn6ZbLMgCem8YiQ
5LW9eHCWracadI9qyDBgJx0vf04M6m4+8Wq0IOb4e9l/nj279r5uqljrwP7unMCJ
Blwcnn3+17gbOJ7NqZbaN8M1vawxLuSxb17jXuV8o3IA
-----END CERTIFICATE-----