This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/CcI5yTI_dMEGVlqYsI16XhOMmpE.roa
File:                     CcI5yTI_dMEGVlqYsI16XhOMmpE.roa (raw, json)
Hash identifier:          /IA2iecWNx3ne5Gi3nuqxex1BMuFaK37QZN1zjIT96E=
Subject key identifier:   09:C2:39:C9:32:3F:74:C1:06:56:5A:98:B0:8D:7A:5E:13:8C:9A:91
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       019B7FF2A9D501FB2D8062C18C64BA8F4045
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/CcI5yTI_dMEGVlqYsI16XhOMmpE.roa
Signing time:             Fri 02 Jan 2026 18:22:48 +0000
ROA not before:           Fri 02 Jan 2026 18:22:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     998
IP address blocks:        193.25.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 15:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f2:a9:d5:01:fb:2d:80:62:c1:8c:64:ba:8f:40:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: Jan  2 18:22:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=09c239c9323f74c106565a98b08d7a5e138c9a91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:6e:5c:bb:c8:a4:78:4d:29:e6:6b:35:05:cf:
                    5d:55:2c:f4:31:26:d2:22:f5:db:42:1f:6b:2b:c7:
                    a3:c3:ce:73:0f:d0:34:e7:72:3a:25:70:49:25:0e:
                    a0:83:a7:d8:0a:32:d2:d5:22:f1:7e:56:f8:cb:98:
                    74:0d:1b:7b:bf:b7:5f:2d:e6:16:70:81:ab:74:09:
                    30:0f:6a:a3:75:10:2e:88:fc:c1:a9:0b:ce:46:80:
                    ce:f4:00:fc:c8:d8:46:50:7b:37:4f:02:93:c6:1c:
                    a6:1c:b7:35:9d:02:ba:1a:d5:e1:6c:b5:e8:76:d9:
                    df:ba:b6:47:b7:fe:dc:e9:d1:ca:d8:63:46:63:50:
                    53:ee:9e:6b:b4:02:89:fe:88:03:b0:0b:8f:03:cf:
                    b0:27:66:dc:ba:10:02:9f:22:ff:f1:71:82:73:8a:
                    29:29:9e:83:d7:a3:b9:b3:14:a5:7d:c2:60:37:91:
                    7f:fb:62:f7:f7:fe:1d:7f:69:93:60:2c:bc:86:5b:
                    81:c8:63:42:6f:6b:d9:9d:42:33:17:24:3c:18:51:
                    eb:39:bc:56:9d:33:40:81:3a:7c:e6:fd:5f:f1:50:
                    3d:a2:0a:6a:37:1d:91:2c:bb:ce:35:18:4f:ce:19:
                    7c:7b:66:2d:8b:97:3e:ac:d1:9c:c5:41:52:e1:5b:
                    13:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:C2:39:C9:32:3F:74:C1:06:56:5A:98:B0:8D:7A:5E:13:8C:9A:91
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/CcI5yTI_dMEGVlqYsI16XhOMmpE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.25.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:7f:8d:e7:bc:ee:70:c0:71:c3:47:26:3a:69:e1:47:89:7d:
         64:55:9b:89:a4:a8:a5:53:5d:98:61:a0:e7:95:40:9c:f8:72:
         2e:50:f9:2f:c4:2a:bf:76:15:57:1e:f3:58:21:fb:4a:13:cc:
         ea:ad:4c:14:3b:08:4b:29:9f:1d:28:23:89:6f:57:14:d2:5e:
         21:6d:c2:2a:42:4a:93:9c:b1:fb:b6:52:36:a6:ad:95:28:74:
         ba:4a:0a:f1:69:d4:5f:7d:d6:5b:56:68:e5:b9:be:c7:45:64:
         c1:0d:c1:f8:64:a5:2a:23:18:db:0d:3f:e5:d2:32:e7:6b:f6:
         38:e8:e6:8e:c0:d3:de:dc:6f:c6:eb:2a:cc:36:01:a8:40:83:
         46:7f:1d:46:b5:6b:7f:a4:18:04:0f:40:d7:2a:6e:34:e4:ae:
         2d:6a:f2:2c:de:db:65:52:b9:7f:6f:d2:ec:2c:9a:2e:30:a9:
         87:d4:48:d7:86:48:f1:46:30:4c:91:ae:33:3e:e8:b3:5f:28:
         4c:40:2c:d1:00:1a:c8:f8:4c:18:93:96:f8:b5:e2:2e:14:25:
         cb:45:ad:29:1e:8e:24:a5:66:64:70:b1:51:e2:8a:bd:cb:46:
         df:ba:d4:45:96:35:6b:23:35:49:52:a0:04:8b:06:51:93:fe:
         e4:ed:3f:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/8qnVAfstgGLBjGS6j0BFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjYwMTAyMTgyMjQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWMyMzljOTMyM2Y3NGMxMDY1NjVhOThiMDhkN2E1ZTEzOGM5YTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmG5cu8ikeE0p5ms1Bc9dVSz0MSbS
IvXbQh9rK8ejw85zD9A053I6JXBJJQ6gg6fYCjLS1SLxflb4y5h0DRt7v7dfLeYW
cIGrdAkwD2qjdRAuiPzBqQvORoDO9AD8yNhGUHs3TwKTxhymHLc1nQK6GtXhbLXo
dtnfurZHt/7c6dHK2GNGY1BT7p5rtAKJ/ogDsAuPA8+wJ2bcuhACnyL/8XGCc4op
KZ6D16O5sxSlfcJgN5F/+2L39/4df2mTYCy8hluByGNCb2vZnUIzFyQ8GFHrObxW
nTNAgTp85v1f8VA9ogpqNx2RLLvONRhPzhl8e2Yti5c+rNGcxUFS4VsTrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAnCOckyP3TBBlZamLCNel4TjJqRMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvQ2NJNXlUSV9kTUVHVmxxWXNJMTZYaE9NbXBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRmmMA0G
CSqGSIb3DQEBCwUAA4IBAQC8f43nvO5wwHHDRyY6aeFHiX1kVZuJpKilU12YYaDn
lUCc+HIuUPkvxCq/dhVXHvNYIftKE8zqrUwUOwhLKZ8dKCOJb1cU0l4hbcIqQkqT
nLH7tlI2pq2VKHS6SgrxadRffdZbVmjlub7HRWTBDcH4ZKUqIxjbDT/l0jLna/Y4
6OaOwNPe3G/G6yrMNgGoQINGfx1GtWt/pBgED0DXKm405K4tavIs3ttlUrl/b9Ls
LJouMKmH1EjXhkjxRjBMka4zPuizXyhMQCzRABrI+EwYk5b4teIuFCXLRa0pHo4k
pWZkcLFR4oq9y0bfutRFljVrIzVJUqAEiwZRk/7k7T8Y
-----END CERTIFICATE-----