This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/db8258-2f18-4f48-89a7-fc50566b118f/1/SKcRCi3MhMhPXXjYBQ-YY8usu_I.roa
File:                     SKcRCi3MhMhPXXjYBQ-YY8usu_I.roa (raw, json)
Hash identifier:          JBdQV9mE5RLBEdRJXZYRJ2qitMx8tzIF6I1KNvvN/sg=
Subject key identifier:   48:A7:11:0A:2D:CC:84:C8:4F:5D:78:D8:05:0F:98:63:CB:AC:BB:F2
Certificate issuer:       /CN=e518045cfbd96a376ec98e3f5e8b2afb14cca93c
Certificate serial:       019B797F167E5673103B52D96CA24F9AF183
Authority key identifier: E5:18:04:5C:FB:D9:6A:37:6E:C9:8E:3F:5E:8B:2A:FB:14:CC:A9:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5RgEXPvZajduyY4_Xosq-xTMqTw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/db8258-2f18-4f48-89a7-fc50566b118f/1/SKcRCi3MhMhPXXjYBQ-YY8usu_I.roa
Signing time:             Thu 01 Jan 2026 12:18:50 +0000
ROA not before:           Thu 01 Jan 2026 12:18:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31374
IP address blocks:        193.200.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/db8258-2f18-4f48-89a7-fc50566b118f/1/5RgEXPvZajduyY4_Xosq-xTMqTw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/db8258-2f18-4f48-89a7-fc50566b118f/1/5RgEXPvZajduyY4_Xosq-xTMqTw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5RgEXPvZajduyY4_Xosq-xTMqTw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7f:16:7e:56:73:10:3b:52:d9:6c:a2:4f:9a:f1:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e518045cfbd96a376ec98e3f5e8b2afb14cca93c
        Validity
            Not Before: Jan  1 12:18:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=48a7110a2dcc84c84f5d78d8050f9863cbacbbf2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:67:23:f1:f7:5d:0b:93:32:ae:32:8e:9f:e2:
                    2a:5a:5b:c2:c3:f9:cd:31:a7:59:c4:55:47:77:d3:
                    e8:8a:6c:d2:4a:ed:4d:23:0d:d5:54:d9:5a:1b:5a:
                    d4:f1:9b:ef:37:08:a0:72:e3:c9:64:e8:7d:1b:65:
                    53:5b:76:21:aa:f1:a8:10:bf:74:04:d8:ce:76:d6:
                    58:92:8f:44:00:3c:7e:39:6f:d1:00:f7:05:57:34:
                    79:9c:ab:d9:04:c1:58:ba:b7:76:9b:e9:58:7e:01:
                    6d:b7:a9:ba:47:31:7a:58:95:60:d0:49:1a:cb:b5:
                    5f:07:3b:ce:85:ec:ad:d0:2e:27:16:c4:ee:e6:6b:
                    0e:de:c1:db:ef:0a:78:57:1b:d7:2a:bb:8e:51:b5:
                    31:dc:c2:ab:55:41:d9:73:5d:63:6f:dd:ef:02:b8:
                    65:1d:b2:e9:3f:06:e3:87:47:c9:f5:4d:b3:f9:d9:
                    4e:23:c1:6d:21:e9:88:dd:5b:0c:14:06:4e:92:82:
                    07:cc:dc:2f:27:5c:ee:57:53:e7:35:52:67:2e:74:
                    6b:bd:5a:fd:1d:27:fb:30:f7:f4:57:b0:59:37:39:
                    e3:33:bd:93:7a:66:aa:37:ee:e6:18:09:84:ee:71:
                    c3:cb:7c:85:a2:a3:da:84:29:cd:7b:05:b1:f8:c3:
                    65:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:A7:11:0A:2D:CC:84:C8:4F:5D:78:D8:05:0F:98:63:CB:AC:BB:F2
            X509v3 Authority Key Identifier:
                keyid:E5:18:04:5C:FB:D9:6A:37:6E:C9:8E:3F:5E:8B:2A:FB:14:CC:A9:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5RgEXPvZajduyY4_Xosq-xTMqTw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/db8258-2f18-4f48-89a7-fc50566b118f/1/SKcRCi3MhMhPXXjYBQ-YY8usu_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/db8258-2f18-4f48-89a7-fc50566b118f/1/5RgEXPvZajduyY4_Xosq-xTMqTw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:c3:cd:d6:6e:15:0b:60:b7:20:e0:78:aa:ca:c8:fa:51:06:
         e3:61:c3:84:ca:25:2a:03:b6:90:a6:56:76:c9:8f:3b:0d:5f:
         0a:20:c1:70:20:de:48:69:86:e4:8d:63:6b:c3:70:77:eb:f7:
         e0:f4:87:b8:80:e5:f5:17:13:8e:da:9e:9d:24:9d:43:ad:70:
         a2:2d:30:1b:f5:10:1a:3a:eb:61:cc:60:65:91:fd:75:01:ec:
         a9:37:bd:71:e9:bf:e2:55:6e:f5:58:0e:e2:df:35:ed:cc:10:
         ab:f2:d7:a9:a5:f0:c4:24:6d:7a:70:2e:34:b5:22:f8:54:22:
         da:41:52:51:d3:7e:79:0f:54:56:f0:69:39:74:2e:3e:9a:22:
         db:04:01:d7:bd:ea:fa:6c:bb:c6:b6:8e:81:e7:a4:82:fb:c6:
         df:14:bb:9f:8e:88:93:96:71:4b:87:b8:26:c5:66:57:10:53:
         2c:5a:d0:a0:10:1a:31:a3:5e:b2:d7:a3:f1:57:fe:bf:71:90:
         4a:fe:07:05:b5:82:98:f4:37:a7:8d:13:68:26:96:21:6b:62:
         6f:42:53:69:5e:5c:7d:35:dd:04:11:71:99:a9:f8:39:3b:eb:
         d2:2e:d2:49:03:ce:15:8b:48:0e:8a:c3:48:e8:ee:40:0c:f2:
         38:bf:e4:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fxZ+VnMQO1LZbKJPmvGDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1MTgwNDVjZmJkOTZhMzc2ZWM5OGUzZjVlOGIyYWZiMTRj
Y2E5M2MwHhcNMjYwMTAxMTIxODUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGE3MTEwYTJkY2M4NGM4NGY1ZDc4ZDgwNTBmOTg2M2NiYWNiYmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmWcj8fddC5MyrjKOn+IqWlvCw/nN
MadZxFVHd9PoimzSSu1NIw3VVNlaG1rU8ZvvNwigcuPJZOh9G2VTW3YhqvGoEL90
BNjOdtZYko9EADx+OW/RAPcFVzR5nKvZBMFYurd2m+lYfgFtt6m6RzF6WJVg0Eka
y7VfBzvOheyt0C4nFsTu5msO3sHb7wp4VxvXKruOUbUx3MKrVUHZc11jb93vArhl
HbLpPwbjh0fJ9U2z+dlOI8FtIemI3VsMFAZOkoIHzNwvJ1zuV1PnNVJnLnRrvVr9
HSf7MPf0V7BZNznjM72TemaqN+7mGAmE7nHDy3yFoqPahCnNewWx+MNlPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEinEQotzITIT1142AUPmGPLrLvyMB8GA1UdIwQY
MBaAFOUYBFz72Wo3bsmOP16LKvsUzKk8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVJnRVhQdlphamR1eVk0X1hvc3EteFRNcVR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS9kYjgyNTgtMmYxOC00ZjQ4LTg5YTct
ZmM1MDU2NmIxMThmLzEvU0tjUkNpM01oTWhQWFhqWUJRLVlZOHVzdV9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS9kYjgyNTgtMmYxOC00ZjQ4LTg5YTctZmM1MDU2NmIxMThm
LzEvNVJnRVhQdlphamR1eVk0X1hvc3EteFRNcVR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcjkMA0G
CSqGSIb3DQEBCwUAA4IBAQCIw83WbhULYLcg4Hiqysj6UQbjYcOEyiUqA7aQplZ2
yY87DV8KIMFwIN5IaYbkjWNrw3B36/fg9Ie4gOX1FxOO2p6dJJ1DrXCiLTAb9RAa
OuthzGBlkf11AeypN71x6b/iVW71WA7i3zXtzBCr8teppfDEJG16cC40tSL4VCLa
QVJR0355D1RW8Gk5dC4+miLbBAHXver6bLvGto6B56SC+8bfFLufjoiTlnFLh7gm
xWZXEFMsWtCgEBoxo16y16PxV/6/cZBK/gcFtYKY9DenjRNoJpYha2JvQlNpXlx9
Nd0EEXGZqfg5O+vSLtJJA84Vi0gOisNI6O5ADPI4v+Qr
-----END CERTIFICATE-----