This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/JVhHxxAV1tsN7dw-2KtWSKtn23E.roa
File:                     JVhHxxAV1tsN7dw-2KtWSKtn23E.roa (raw, json)
Hash identifier:          pg9BA77s43yWn1Pll96FD5PlcgJAl+qrWVk2Vsx3XeM=
Subject key identifier:   25:58:47:C7:10:15:D6:DB:0D:ED:DC:3E:D8:AB:56:48:AB:67:DB:71
Certificate issuer:       /CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Certificate serial:       019B7E38085A8924422F44259005204D997A
Authority key identifier: 44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/JVhHxxAV1tsN7dw-2KtWSKtn23E.roa
Signing time:             Fri 02 Jan 2026 10:19:19 +0000
ROA not before:           Fri 02 Jan 2026 10:19:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49981
IP address blocks:        130.49.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:08:5a:89:24:42:2f:44:25:90:05:20:4d:99:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
        Validity
            Not Before: Jan  2 10:19:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=255847c71015d6db0deddc3ed8ab5648ab67db71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:b4:85:24:d6:f1:75:b4:35:d7:58:97:2b:f0:
                    53:25:66:3c:12:ac:7c:ad:32:77:ac:48:16:af:b7:
                    58:3e:d5:d5:c7:f3:e1:66:bb:f1:f1:f0:a0:24:90:
                    7c:42:5f:80:04:ce:43:a1:6c:25:cb:4c:4d:f6:3b:
                    ed:fb:c8:03:da:7c:9f:2c:1c:ef:0f:81:aa:76:b0:
                    32:4f:12:60:4e:50:64:3d:bc:b4:d6:27:5e:b9:8c:
                    84:00:b2:61:ab:b2:bb:ce:81:e4:cd:bb:0f:1a:c7:
                    a8:15:ef:f8:c7:46:68:d8:41:d7:71:08:4d:04:ff:
                    91:88:7c:b6:f5:8a:73:23:c6:c7:16:50:fd:7c:e7:
                    8e:ce:8e:97:b0:9c:09:4f:2e:ce:d7:7b:ea:e0:88:
                    f5:a2:32:48:30:4b:20:be:5d:4f:fc:61:74:6a:39:
                    25:0a:97:06:48:de:44:0f:75:a8:84:43:e5:c7:29:
                    3f:65:8c:62:de:ae:27:d3:84:ec:b5:c8:4f:bb:3b:
                    2a:28:4b:75:6b:da:8c:29:b0:e5:9a:bc:11:ec:3f:
                    fe:c8:89:95:09:7c:5e:31:21:f3:3b:64:85:c5:bf:
                    fc:b1:b3:e7:f7:c5:85:19:2a:4b:df:1a:c3:c3:ee:
                    f9:e9:b9:aa:ad:75:02:fc:75:aa:80:fb:91:a7:8f:
                    ab:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:58:47:C7:10:15:D6:DB:0D:ED:DC:3E:D8:AB:56:48:AB:67:DB:71
            X509v3 Authority Key Identifier:
                keyid:44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/JVhHxxAV1tsN7dw-2KtWSKtn23E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.49.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:65:99:2e:bc:ba:52:c1:fd:ed:7e:4a:ec:eb:be:0c:b3:e4:
         8c:52:da:51:86:78:9e:34:a2:97:73:1f:a1:f5:4d:7b:7a:2f:
         e8:04:44:ea:2f:93:87:84:0d:46:9f:66:bb:84:09:fe:fd:ce:
         ec:c0:e0:fe:37:83:28:d1:2a:5a:15:35:3c:26:86:a4:0c:e4:
         71:65:1f:40:94:55:38:46:47:73:7a:37:82:08:8e:4d:a7:92:
         5b:32:7e:c7:d4:3d:6b:62:0c:10:41:ea:79:d7:88:97:36:ce:
         6e:98:11:8e:31:d2:bd:47:39:6c:c4:84:c3:c6:41:cf:4c:2d:
         64:2b:eb:0d:fa:53:b3:b5:f8:3d:62:31:83:2d:80:72:09:ac:
         4c:35:ea:65:44:fc:8f:a2:42:2f:ea:dc:ed:b0:fa:bb:01:a2:
         76:8b:00:d3:05:84:0e:8f:10:92:04:40:ad:6a:43:ea:14:6b:
         43:ee:0b:13:aa:e5:1e:0f:73:8a:5d:20:aa:e8:6f:ae:50:49:
         88:84:20:57:b3:e1:af:d8:f7:02:8b:dd:a1:88:8e:ad:62:77:
         78:7a:ef:f6:ee:15:bb:97:c6:24:33:b6:32:82:0d:c7:72:58:
         fa:21:6b:33:2c:0e:2f:4d:07:c0:5a:a5:45:cc:6d:02:6a:56:
         2d:a0:df:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OAhaiSRCL0QlkAUgTZl6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTllYzJhNWZkNTM5MDljNTIzOWY0Y2M4ZDZkMzI5YTI3
NzliYjEwHhcNMjYwMTAyMTAxOTE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTU4NDdjNzEwMTVkNmRiMGRlZGRjM2VkOGFiNTY0OGFiNjdkYjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhrSFJNbxdbQ111iXK/BTJWY8Eqx8
rTJ3rEgWr7dYPtXVx/PhZrvx8fCgJJB8Ql+ABM5DoWwly0xN9jvt+8gD2nyfLBzv
D4GqdrAyTxJgTlBkPby01ideuYyEALJhq7K7zoHkzbsPGseoFe/4x0Zo2EHXcQhN
BP+RiHy29YpzI8bHFlD9fOeOzo6XsJwJTy7O13vq4Ij1ojJIMEsgvl1P/GF0ajkl
CpcGSN5ED3WohEPlxyk/ZYxi3q4n04TstchPuzsqKEt1a9qMKbDlmrwR7D/+yImV
CXxeMSHzO2SFxb/8sbPn98WFGSpL3xrDw+756bmqrXUC/HWqgPuRp4+rfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCVYR8cQFdbbDe3cPtirVkirZ9txMB8GA1UdIwQY
MBaAFERZ7Cpf1TkJxSOfTMjW0ymid5uxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTkt
NmI0MzcyNjAyMDk2LzEvSlZoSHh4QVYxdHNON2R3LTJLdFdTS3RuMjNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTktNmI0MzcyNjAyMDk2
LzEvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAgjHYMA0G
CSqGSIb3DQEBCwUAA4IBAQCHZZkuvLpSwf3tfkrs674Ms+SMUtpRhnieNKKXcx+h
9U17ei/oBETqL5OHhA1Gn2a7hAn+/c7swOD+N4Mo0SpaFTU8JoakDORxZR9AlFU4
RkdzejeCCI5Np5JbMn7H1D1rYgwQQep514iXNs5umBGOMdK9RzlsxITDxkHPTC1k
K+sN+lOztfg9YjGDLYByCaxMNeplRPyPokIv6tztsPq7AaJ2iwDTBYQOjxCSBECt
akPqFGtD7gsTquUeD3OKXSCq6G+uUEmIhCBXs+Gv2PcCi92hiI6tYnd4eu/27hW7
l8YkM7Yygg3Hclj6IWszLA4vTQfAWqVFzG0CalYtoN8d
-----END CERTIFICATE-----