This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/dKQYoEGKHFmF0nSruT0wRrPk-Rg.roa
File:                     dKQYoEGKHFmF0nSruT0wRrPk-Rg.roa (raw, json)
Hash identifier:          S99ZXCrFRc8d8jC9aMirKUzt3whq2/K4lnlCAFLOb/k=
Subject key identifier:   74:A4:18:A0:41:8A:1C:59:85:D2:74:AB:B9:3D:30:46:B3:E4:F9:18
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       019B77C72F458A222FF0EFB3C62AA347C1D1
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/dKQYoEGKHFmF0nSruT0wRrPk-Rg.roa
Signing time:             Thu 01 Jan 2026 04:18:21 +0000
ROA not before:           Thu 01 Jan 2026 04:18:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     33844
IP address blocks:        193.232.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:2f:45:8a:22:2f:f0:ef:b3:c6:2a:a3:47:c1:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  1 04:18:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=74a418a0418a1c5985d274abb93d3046b3e4f918
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:da:c4:4e:fe:ea:39:22:29:b5:cb:03:32:59:
                    54:4d:84:bb:74:fb:7b:84:0e:80:65:18:8c:af:66:
                    c7:63:8f:d3:dc:70:3b:58:2b:76:65:5f:fc:0d:6c:
                    0b:a7:34:6d:29:e9:7f:fd:e6:3b:8d:92:b8:74:f3:
                    66:15:27:9c:98:83:d2:4a:b5:a5:46:bc:89:0e:77:
                    a6:e5:a6:00:fd:d6:63:5f:cf:ce:c3:9c:c6:0f:8d:
                    10:a9:b1:a8:cb:2a:34:10:f5:18:f1:e7:f3:e7:17:
                    6c:97:b8:8b:82:40:50:6d:04:fe:62:28:7d:be:1a:
                    76:a7:6b:46:96:dc:f9:74:78:b8:6d:ae:8d:be:52:
                    f4:d9:13:6c:af:c9:b8:f1:06:e8:a9:cb:3f:39:af:
                    3f:02:92:6b:95:14:4b:3f:c8:ee:44:7c:0a:a2:61:
                    35:03:ba:2d:57:e3:90:9d:84:9f:8b:a1:49:88:76:
                    87:a5:80:56:73:97:f5:aa:af:46:5e:7a:3e:5b:cb:
                    cf:3f:41:3f:de:96:f3:14:9e:cf:8b:02:64:69:3c:
                    74:f1:6b:a0:40:00:75:e7:a4:af:5c:8a:80:dd:4d:
                    bd:d9:1f:ee:00:89:21:f1:48:0c:be:52:06:ec:cc:
                    e8:f8:cd:56:82:b5:7a:a6:99:7c:ef:c2:be:2e:d6:
                    54:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:A4:18:A0:41:8A:1C:59:85:D2:74:AB:B9:3D:30:46:B3:E4:F9:18
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/dKQYoEGKHFmF0nSruT0wRrPk-Rg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.232.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:ed:7b:36:da:e9:3f:5d:01:ac:b5:ef:09:a8:99:79:ce:ef:
         85:a4:f6:b2:e5:ae:2b:cc:23:c9:44:63:90:c8:ff:a9:7f:d3:
         fd:2b:04:7c:7b:3b:aa:9e:96:82:ee:80:a5:5e:1b:77:73:41:
         a9:58:00:e2:df:6f:bc:6b:a2:fc:75:ff:03:99:0c:f3:2d:33:
         4c:e0:35:27:0a:64:6e:3f:25:83:04:03:0f:fe:02:ad:bb:3f:
         b4:91:b7:b3:77:e2:70:68:14:b1:64:4f:3c:b5:6a:44:11:5e:
         b1:eb:5e:29:49:55:cb:18:c7:03:97:ce:74:b1:d8:20:be:cb:
         20:d8:84:ad:cc:4f:56:2c:af:00:66:9a:e3:8c:10:12:00:04:
         d4:38:b4:5b:ed:1f:04:d8:7b:84:a6:be:42:e4:9d:55:bb:f0:
         6b:ec:22:ec:18:7f:55:50:22:2c:14:e9:41:dc:1a:e3:99:ee:
         b2:a0:cb:7f:11:e4:c3:51:58:27:b9:c5:33:fd:0b:48:18:6d:
         2b:db:7c:f3:f8:75:ff:03:38:d0:dc:e0:56:52:e5:0b:76:75:
         46:15:8f:36:40:7e:48:46:c5:0b:46:41:cf:59:11:0a:0f:ea:
         85:29:8e:ac:7f:aa:80:5b:8a:88:41:4a:4b:c4:c6:1c:01:83:
         20:9b:5d:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xy9FiiIv8O+zxiqjR8HRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjYwMTAxMDQxODIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGE0MThhMDQxOGExYzU5ODVkMjc0YWJiOTNkMzA0NmIzZTRmOTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqNrETv7qOSIptcsDMllUTYS7dPt7
hA6AZRiMr2bHY4/T3HA7WCt2ZV/8DWwLpzRtKel//eY7jZK4dPNmFSecmIPSSrWl
RryJDnem5aYA/dZjX8/Ow5zGD40QqbGoyyo0EPUY8efz5xdsl7iLgkBQbQT+Yih9
vhp2p2tGltz5dHi4ba6NvlL02RNsr8m48Qboqcs/Oa8/ApJrlRRLP8juRHwKomE1
A7otV+OQnYSfi6FJiHaHpYBWc5f1qq9GXno+W8vPP0E/3pbzFJ7PiwJkaTx08Wug
QAB156SvXIqA3U292R/uAIkh8UgMvlIG7Mzo+M1WgrV6ppl878K+LtZU9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHSkGKBBihxZhdJ0q7k9MEaz5PkYMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvZEtRWW9FR0tIRm1GMG5TcnVUMHdSclBrLVJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAweh7MA0G
CSqGSIb3DQEBCwUAA4IBAQBo7Xs22uk/XQGste8JqJl5zu+FpPay5a4rzCPJRGOQ
yP+pf9P9KwR8ezuqnpaC7oClXht3c0GpWADi32+8a6L8df8DmQzzLTNM4DUnCmRu
PyWDBAMP/gKtuz+0kbezd+JwaBSxZE88tWpEEV6x614pSVXLGMcDl850sdggvssg
2IStzE9WLK8AZprjjBASAATUOLRb7R8E2HuEpr5C5J1Vu/Br7CLsGH9VUCIsFOlB
3Brjme6yoMt/EeTDUVgnucUz/QtIGG0r23zz+HX/AzjQ3OBWUuULdnVGFY82QH5I
RsULRkHPWREKD+qFKY6sf6qAW4qIQUpLxMYcAYMgm10W
-----END CERTIFICATE-----