This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/fa110d-e6e5-4bf9-84fe-bf26a7faa603/1/JOBZiyk3WSexjylGrFqWtpIvVNI.roa
File:                     JOBZiyk3WSexjylGrFqWtpIvVNI.roa (raw, json)
Hash identifier:          pYC05xXD+D4uXeUnMdxT9uc+YVOaCRlDkwK83r1kNWw=
Subject key identifier:   24:E0:59:8B:29:37:59:27:B1:8F:29:46:AC:5A:96:B6:92:2F:54:D2
Certificate issuer:       /CN=9915f0d6a961aaebc6b0b5089da02939b310a51c
Certificate serial:       019B797E74664F31FFF2FD42434FDE6A0124
Authority key identifier: 99:15:F0:D6:A9:61:AA:EB:C6:B0:B5:08:9D:A0:29:39:B3:10:A5:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mRXw1qlhquvGsLUInaApObMQpRw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/fa110d-e6e5-4bf9-84fe-bf26a7faa603/1/JOBZiyk3WSexjylGrFqWtpIvVNI.roa
Signing time:             Thu 01 Jan 2026 12:18:09 +0000
ROA not before:           Thu 01 Jan 2026 12:18:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     137
IP address blocks:        192.156.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/fa110d-e6e5-4bf9-84fe-bf26a7faa603/1/mRXw1qlhquvGsLUInaApObMQpRw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/fa110d-e6e5-4bf9-84fe-bf26a7faa603/1/mRXw1qlhquvGsLUInaApObMQpRw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mRXw1qlhquvGsLUInaApObMQpRw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:74:66:4f:31:ff:f2:fd:42:43:4f:de:6a:01:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9915f0d6a961aaebc6b0b5089da02939b310a51c
        Validity
            Not Before: Jan  1 12:18:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=24e0598b29375927b18f2946ac5a96b6922f54d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:ce:3d:09:30:f1:f3:0d:2d:67:8c:f7:b6:c6:
                    87:5d:dd:c6:96:7d:b3:fa:da:bb:af:cb:a6:55:51:
                    a9:68:50:52:2f:5f:a3:d2:ba:a4:0d:1f:ea:4d:2e:
                    f4:64:c1:6e:f1:78:fd:b0:d6:9c:68:e6:c4:64:f0:
                    98:ef:38:04:f0:19:ad:48:74:9e:d8:c6:9b:04:bf:
                    9d:74:85:54:f9:2e:2c:6c:b8:14:45:60:18:3d:c4:
                    66:71:2a:12:d9:d6:fc:80:fe:a9:5a:91:10:a1:78:
                    00:5a:aa:c9:be:05:aa:d6:e1:c5:53:fe:55:45:e5:
                    88:4c:21:ab:07:91:8d:37:8c:cf:25:c2:39:ff:a8:
                    af:f4:96:08:f8:00:a2:3a:a6:51:18:e4:8e:9f:16:
                    74:5f:e9:d6:b3:1d:6e:c1:4b:c1:13:d2:34:a0:25:
                    80:b2:ee:9c:d3:66:c7:23:11:81:d2:65:cc:e8:f6:
                    af:0e:c4:56:7a:61:8f:61:59:7e:d5:02:7d:98:7e:
                    25:4a:3f:19:cf:88:69:62:0c:25:d1:f7:fa:2f:b5:
                    cd:9a:31:34:02:d1:fa:56:64:3c:19:dc:6e:19:be:
                    9d:0e:de:41:43:65:c2:79:61:98:d9:4e:c3:78:79:
                    ac:f9:af:e3:7d:6c:42:5f:dd:98:36:e0:26:67:ad:
                    68:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:E0:59:8B:29:37:59:27:B1:8F:29:46:AC:5A:96:B6:92:2F:54:D2
            X509v3 Authority Key Identifier:
                keyid:99:15:F0:D6:A9:61:AA:EB:C6:B0:B5:08:9D:A0:29:39:B3:10:A5:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mRXw1qlhquvGsLUInaApObMQpRw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/fa110d-e6e5-4bf9-84fe-bf26a7faa603/1/JOBZiyk3WSexjylGrFqWtpIvVNI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/fa110d-e6e5-4bf9-84fe-bf26a7faa603/1/mRXw1qlhquvGsLUInaApObMQpRw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.156.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:18:04:b7:37:5f:b7:61:e8:ff:93:7d:6a:b4:90:75:a9:48:
         5c:82:29:5d:f7:81:8a:b0:79:1b:82:88:da:e4:69:63:47:6c:
         63:83:0f:ac:fb:54:6b:d3:8c:d8:cd:ba:4f:f9:bf:74:e5:3b:
         a1:41:4c:6d:fe:f7:84:87:e7:5a:7f:d6:86:18:06:75:52:d4:
         84:7f:84:82:e4:88:1f:fa:86:0e:23:ee:18:a1:7e:ce:98:06:
         25:5f:ea:f1:c3:0a:39:9e:9a:2c:94:b0:04:53:02:13:04:b6:
         4f:29:12:0a:f5:d2:1c:18:0a:3b:f4:92:be:0c:bd:3f:c3:de:
         36:4e:cf:71:1f:6e:7c:a2:10:14:dc:33:2c:a2:48:8d:a3:e5:
         1c:92:07:49:49:47:d2:8a:cd:b2:17:01:f0:26:3b:21:1a:1f:
         92:ce:5c:22:55:b1:db:74:23:ab:73:cf:08:9c:ed:e8:4a:ab:
         c4:e3:85:ef:0c:89:b0:b3:a2:11:40:d6:6d:e3:c0:dd:ac:a8:
         24:f9:23:60:67:4f:7b:ef:6b:53:d1:e3:69:69:8d:93:45:33:
         42:bd:11:d0:33:0a:2d:50:a7:53:dc:a9:09:34:64:39:47:6b:
         f1:15:e9:0f:95:70:9d:e7:0c:b8:38:d8:ee:5f:55:8c:85:c6:
         23:a0:c2:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fnRmTzH/8v1CQ0/eagEkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MTVmMGQ2YTk2MWFhZWJjNmIwYjUwODlkYTAyOTM5YjMx
MGE1MWMwHhcNMjYwMTAxMTIxODA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGUwNTk4YjI5Mzc1OTI3YjE4ZjI5NDZhYzVhOTZiNjkyMmY1NGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkM49CTDx8w0tZ4z3tsaHXd3Gln2z
+tq7r8umVVGpaFBSL1+j0rqkDR/qTS70ZMFu8Xj9sNacaObEZPCY7zgE8BmtSHSe
2MabBL+ddIVU+S4sbLgURWAYPcRmcSoS2db8gP6pWpEQoXgAWqrJvgWq1uHFU/5V
ReWITCGrB5GNN4zPJcI5/6iv9JYI+ACiOqZRGOSOnxZ0X+nWsx1uwUvBE9I0oCWA
su6c02bHIxGB0mXM6PavDsRWemGPYVl+1QJ9mH4lSj8Zz4hpYgwl0ff6L7XNmjE0
AtH6VmQ8GdxuGb6dDt5BQ2XCeWGY2U7DeHms+a/jfWxCX92YNuAmZ61oxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCTgWYspN1knsY8pRqxalraSL1TSMB8GA1UdIwQY
MBaAFJkV8NapYarrxrC1CJ2gKTmzEKUcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVJYdzFxbGhxdXZHc0xVSW5hQXBPYk1RcFJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9mYTExMGQtZTZlNS00YmY5LTg0ZmUt
YmYyNmE3ZmFhNjAzLzEvSk9CWml5azNXU2V4anlsR3JGcVd0cEl2Vk5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9mYTExMGQtZTZlNS00YmY5LTg0ZmUtYmYyNmE3ZmFhNjAz
LzEvbVJYdzFxbGhxdXZHc0xVSW5hQXBPYk1RcFJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwJzVMA0G
CSqGSIb3DQEBCwUAA4IBAQCQGAS3N1+3Yej/k31qtJB1qUhcgild94GKsHkbgoja
5GljR2xjgw+s+1Rr04zYzbpP+b905TuhQUxt/veEh+daf9aGGAZ1UtSEf4SC5Igf
+oYOI+4YoX7OmAYlX+rxwwo5nposlLAEUwITBLZPKRIK9dIcGAo79JK+DL0/w942
Ts9xH258ohAU3DMsokiNo+UckgdJSUfSis2yFwHwJjshGh+SzlwiVbHbdCOrc88I
nO3oSqvE44XvDImws6IRQNZt48DdrKgk+SNgZ09772tT0eNpaY2TRTNCvRHQMwot
UKdT3KkJNGQ5R2vxFekPlXCd5wy4ONjuX1WMhcYjoMKB
-----END CERTIFICATE-----