This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/e0059f-b910-4bb7-9341-7750972265aa/1/Kjv5ZqAKlQ-u26S6yymzYFVvtRA.roa
File:                     Kjv5ZqAKlQ-u26S6yymzYFVvtRA.roa (raw, json)
Hash identifier:          sOevRBDCcbgFby2Me1gEDOPKrFjBhZ/Oz4Fc5/D3wtA=
Subject key identifier:   2A:3B:F9:66:A0:0A:95:0F:AE:DB:A4:BA:CB:29:B3:60:55:6F:B5:10
Certificate issuer:       /CN=37ff55b95743a915b793d72de71ac96ce6198a97
Certificate serial:       019B7F818BDB37D367AE52A3008D04FAA367
Authority key identifier: 37:FF:55:B9:57:43:A9:15:B7:93:D7:2D:E7:1A:C9:6C:E6:19:8A:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N_9VuVdDqRW3k9ct5xrJbOYZipc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/e0059f-b910-4bb7-9341-7750972265aa/1/Kjv5ZqAKlQ-u26S6yymzYFVvtRA.roa
Signing time:             Fri 02 Jan 2026 16:19:14 +0000
ROA not before:           Fri 02 Jan 2026 16:19:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39702
IP address blocks:        193.31.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/e0059f-b910-4bb7-9341-7750972265aa/1/N_9VuVdDqRW3k9ct5xrJbOYZipc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/e0059f-b910-4bb7-9341-7750972265aa/1/N_9VuVdDqRW3k9ct5xrJbOYZipc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N_9VuVdDqRW3k9ct5xrJbOYZipc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 28 Jan 2026 09:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:81:8b:db:37:d3:67:ae:52:a3:00:8d:04:fa:a3:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37ff55b95743a915b793d72de71ac96ce6198a97
        Validity
            Not Before: Jan  2 16:19:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2a3bf966a00a950faedba4bacb29b360556fb510
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:ae:c9:2d:db:ce:16:12:e3:20:78:de:bd:50:
                    94:59:87:8e:bc:72:ea:b3:f2:5a:83:90:2c:e7:3c:
                    65:bf:3c:f6:37:da:3c:c0:5b:52:d0:ec:83:d6:a8:
                    fd:fb:ef:c2:3e:17:c9:25:ab:85:62:37:f1:43:91:
                    12:87:dc:99:b1:85:7e:15:15:0a:4a:a7:ed:ea:16:
                    26:94:e0:2c:23:11:67:ba:f8:0f:29:72:ca:ae:db:
                    7e:f4:ef:82:c2:b0:78:ad:3c:cd:6e:43:b4:12:91:
                    13:95:e1:67:93:76:7b:32:c7:48:81:7e:4e:1d:4c:
                    af:6a:57:84:12:9b:38:98:b7:0c:1d:c3:48:fb:98:
                    62:51:d6:b3:21:fa:0f:c1:00:01:81:8d:91:f9:b9:
                    6b:74:11:66:85:79:9f:03:16:1a:a3:f9:6a:3c:cc:
                    ad:b9:ae:9c:5a:af:d5:d2:76:63:c3:7d:3b:7b:0d:
                    57:59:36:b7:94:4b:57:57:de:b2:52:28:c8:70:46:
                    2b:2c:71:41:99:c6:68:3e:01:65:e0:38:41:10:8f:
                    65:7d:1d:a6:bf:f9:62:75:b7:a1:d5:23:49:89:18:
                    6a:8a:a7:51:2c:7f:3e:d7:d6:6f:70:58:53:db:ab:
                    82:9e:5b:fb:1e:95:84:55:e8:6a:dd:24:b2:8f:62:
                    e0:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:3B:F9:66:A0:0A:95:0F:AE:DB:A4:BA:CB:29:B3:60:55:6F:B5:10
            X509v3 Authority Key Identifier:
                keyid:37:FF:55:B9:57:43:A9:15:B7:93:D7:2D:E7:1A:C9:6C:E6:19:8A:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N_9VuVdDqRW3k9ct5xrJbOYZipc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/e0059f-b910-4bb7-9341-7750972265aa/1/Kjv5ZqAKlQ-u26S6yymzYFVvtRA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/e0059f-b910-4bb7-9341-7750972265aa/1/N_9VuVdDqRW3k9ct5xrJbOYZipc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.31.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:1c:17:3e:65:b2:d9:01:80:b7:b5:84:a6:41:84:9b:cb:a7:
         5b:07:e6:5b:87:e9:56:a5:35:d9:b1:72:39:03:88:0b:a8:a1:
         ff:e4:21:51:1c:d4:f7:17:56:fe:50:07:bf:2d:ec:83:0e:a6:
         d8:e2:d1:1c:96:0a:3f:a6:59:80:72:fa:56:0a:1e:45:56:f6:
         de:58:3a:8b:63:7a:ca:74:c7:cc:e7:59:9e:31:a0:69:e1:b7:
         70:80:41:d1:5a:05:bc:9c:a7:42:f6:eb:b7:78:b9:b2:66:4f:
         6d:00:f9:56:7c:4e:87:4e:5a:05:ed:19:34:b1:54:13:7c:6d:
         e4:b9:ea:5d:f5:f8:74:fd:83:5c:48:13:54:26:fc:c3:1e:e6:
         f4:45:47:e1:ff:29:55:d2:24:84:83:b6:87:8e:c8:7b:ca:24:
         4f:08:74:79:bc:a7:87:09:1b:73:62:cd:e3:4e:79:e8:00:26:
         49:c0:27:ec:b9:e1:47:b0:e1:77:eb:5a:95:87:73:10:c2:61:
         bf:e4:60:dc:6b:d5:73:28:9e:52:60:9b:8c:6c:cf:1d:1d:cd:
         69:6d:3b:4f:34:a0:5c:d1:2b:e1:1d:d7:02:46:22:3a:ff:4c:
         6e:97:23:8f:e1:91:6c:37:be:a9:37:33:0f:a6:2b:c5:72:68:
         7b:e8:5f:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/gYvbN9NnrlKjAI0E+qNnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ZmY1NWI5NTc0M2E5MTViNzkzZDcyZGU3MWFjOTZjZTYx
OThhOTcwHhcNMjYwMTAyMTYxOTE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTNiZjk2NmEwMGE5NTBmYWVkYmE0YmFjYjI5YjM2MDU1NmZiNTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxa7JLdvOFhLjIHjevVCUWYeOvHLq
s/Jag5As5zxlvzz2N9o8wFtS0OyD1qj9++/CPhfJJauFYjfxQ5ESh9yZsYV+FRUK
Sqft6hYmlOAsIxFnuvgPKXLKrtt+9O+CwrB4rTzNbkO0EpETleFnk3Z7MsdIgX5O
HUyvaleEEps4mLcMHcNI+5hiUdazIfoPwQABgY2R+blrdBFmhXmfAxYao/lqPMyt
ua6cWq/V0nZjw307ew1XWTa3lEtXV96yUijIcEYrLHFBmcZoPgFl4DhBEI9lfR2m
v/lidbeh1SNJiRhqiqdRLH8+19ZvcFhT26uCnlv7HpWEVehq3SSyj2Lg+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCo7+WagCpUPrtukussps2BVb7UQMB8GA1UdIwQY
MBaAFDf/VblXQ6kVt5PXLecayWzmGYqXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTl85VnVWZERxUlczazljdDV4ckpiT1laaXBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi9lMDA1OWYtYjkxMC00YmI3LTkzNDEt
Nzc1MDk3MjI2NWFhLzEvS2p2NVpxQUtsUS11MjZTNnl5bXpZRlZ2dFJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi9lMDA1OWYtYjkxMC00YmI3LTkzNDEtNzc1MDk3MjI2NWFh
LzEvTl85VnVWZERxUlczazljdDV4ckpiT1laaXBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwR8SMA0G
CSqGSIb3DQEBCwUAA4IBAQBiHBc+ZbLZAYC3tYSmQYSby6dbB+Zbh+lWpTXZsXI5
A4gLqKH/5CFRHNT3F1b+UAe/LeyDDqbY4tEclgo/plmAcvpWCh5FVvbeWDqLY3rK
dMfM51meMaBp4bdwgEHRWgW8nKdC9uu3eLmyZk9tAPlWfE6HTloF7Rk0sVQTfG3k
uepd9fh0/YNcSBNUJvzDHub0RUfh/ylV0iSEg7aHjsh7yiRPCHR5vKeHCRtzYs3j
TnnoACZJwCfsueFHsOF361qVh3MQwmG/5GDca9VzKJ5SYJuMbM8dHc1pbTtPNKBc
0SvhHdcCRiI6/0xulyOP4ZFsN76pNzMPpivFcmh76F9t
-----END CERTIFICATE-----