This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/e7b304-e779-421d-b0a6-04320b1fc227/1/iS_RjiJ5hKPzS36a9K6GI2jCpSc.roa
File:                     iS_RjiJ5hKPzS36a9K6GI2jCpSc.roa (raw, json)
Hash identifier:          oKmLMmS60dhNLyeJppUGpS47iPqdNIjtFfF23b9zJgg=
Subject key identifier:   89:2F:D1:8E:22:79:84:A3:F3:4B:7E:9A:F4:AE:86:23:68:C2:A5:27
Certificate issuer:       /CN=98a3d09d2b456125a15d53f5520925f4fbf61728
Certificate serial:       019BA22551360E7DB9D5395B7411AEA5D704
Authority key identifier: 98:A3:D0:9D:2B:45:61:25:A1:5D:53:F5:52:09:25:F4:FB:F6:17:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mKPQnStFYSWhXVP1Ugkl9Pv2Fyg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/e7b304-e779-421d-b0a6-04320b1fc227/1/iS_RjiJ5hKPzS36a9K6GI2jCpSc.roa
Signing time:             Fri 09 Jan 2026 09:45:13 +0000
ROA not before:           Fri 09 Jan 2026 09:45:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42729
IP address blocks:        193.33.150.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/e7b304-e779-421d-b0a6-04320b1fc227/1/mKPQnStFYSWhXVP1Ugkl9Pv2Fyg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/e7b304-e779-421d-b0a6-04320b1fc227/1/mKPQnStFYSWhXVP1Ugkl9Pv2Fyg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mKPQnStFYSWhXVP1Ugkl9Pv2Fyg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Feb 2026 21:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:a2:25:51:36:0e:7d:b9:d5:39:5b:74:11:ae:a5:d7:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98a3d09d2b456125a15d53f5520925f4fbf61728
        Validity
            Not Before: Jan  9 09:45:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=892fd18e227984a3f34b7e9af4ae862368c2a527
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:60:d4:e6:f3:93:50:5d:5b:f8:8b:d8:00:be:
                    63:cf:9c:ac:52:2a:65:c1:5d:b9:4f:2f:7d:38:89:
                    a0:1f:9b:ca:e7:63:fd:ea:9e:99:0e:a8:9c:fc:58:
                    bc:f8:1a:5d:10:61:97:a2:6d:f1:9c:f5:81:9c:aa:
                    d2:9c:8a:e0:0f:dd:e5:9a:aa:70:db:5f:42:02:18:
                    d2:46:75:7a:38:c8:3a:33:4c:91:99:ec:ed:62:4c:
                    97:50:c3:3b:8b:0f:c1:b4:af:d1:12:d5:10:13:8e:
                    b1:68:14:82:a9:d6:3a:68:9b:51:9c:bd:7a:67:fa:
                    9e:5e:a5:a1:21:32:91:2c:e9:7f:58:6c:20:47:22:
                    af:43:c7:e7:4f:ad:40:12:07:7f:c9:b9:81:ba:89:
                    d2:68:f4:2a:26:92:cd:0d:24:4a:bd:89:5c:e3:49:
                    bb:b3:c8:f6:40:71:b9:13:20:b5:0a:2f:4a:cd:0d:
                    46:7a:57:4a:25:d4:d0:49:c5:f9:56:79:91:ad:4c:
                    04:3f:ea:6c:e8:db:6f:6d:ad:2c:d5:e7:4d:47:a5:
                    cd:4f:11:eb:ea:f7:7c:11:80:00:0f:63:a0:a2:ce:
                    43:7d:80:83:e3:a0:31:78:78:6c:84:69:8f:43:66:
                    ff:a0:fb:05:fd:1e:ec:88:52:72:c8:47:d2:b6:c8:
                    75:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:2F:D1:8E:22:79:84:A3:F3:4B:7E:9A:F4:AE:86:23:68:C2:A5:27
            X509v3 Authority Key Identifier:
                keyid:98:A3:D0:9D:2B:45:61:25:A1:5D:53:F5:52:09:25:F4:FB:F6:17:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mKPQnStFYSWhXVP1Ugkl9Pv2Fyg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/e7b304-e779-421d-b0a6-04320b1fc227/1/iS_RjiJ5hKPzS36a9K6GI2jCpSc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/e7b304-e779-421d-b0a6-04320b1fc227/1/mKPQnStFYSWhXVP1Ugkl9Pv2Fyg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.33.150.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0e:1d:d4:65:90:1d:f0:66:bb:ce:fa:33:b9:f0:6a:ee:9c:fe:
         d3:4c:1d:01:4e:c6:b7:b1:e0:01:13:9b:a1:3c:06:d9:ed:64:
         68:5b:ca:b3:d2:a1:68:e1:2f:3d:18:d5:ec:39:fe:b5:aa:09:
         91:cd:76:56:85:8b:2b:9e:83:d0:47:65:05:a1:e4:5e:8f:71:
         e5:b3:8b:6f:fc:02:da:15:a7:d9:e4:fb:cf:07:b6:62:e6:ff:
         fa:c4:20:bf:59:51:71:81:9b:ef:58:d0:c2:c0:29:4e:b8:a9:
         87:1f:88:00:31:b1:f8:8e:a6:4c:2a:48:56:87:12:de:00:f8:
         76:b7:a1:0f:bd:d1:17:a2:33:c9:80:ed:47:11:3d:1b:e9:10:
         1b:ef:08:74:08:6b:b2:65:0e:b8:07:86:89:6a:f7:65:87:d9:
         ab:9c:89:49:5e:92:22:64:cf:62:45:02:da:ac:aa:ac:39:01:
         ea:30:14:4e:4a:d6:46:1e:ab:87:8c:97:ba:3b:0a:f8:c0:28:
         93:6e:b5:6e:aa:3c:c7:db:a7:fb:ee:c4:84:c6:14:8b:99:54:
         d4:57:92:1a:69:29:c8:38:0d:4a:be:ae:72:54:ce:54:ad:6e:
         d0:87:3a:97:6a:c9:a2:35:3d:b0:a8:ab:67:cf:9d:94:94:31:
         8c:6c:3b:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZuiJVE2Dn251TlbdBGupdcEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4YTNkMDlkMmI0NTYxMjVhMTVkNTNmNTUyMDkyNWY0ZmJm
NjE3MjgwHhcNMjYwMTA5MDk0NTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTJmZDE4ZTIyNzk4NGEzZjM0YjdlOWFmNGFlODYyMzY4YzJhNTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzWDU5vOTUF1b+IvYAL5jz5ysUipl
wV25Ty99OImgH5vK52P96p6ZDqic/Fi8+BpdEGGXom3xnPWBnKrSnIrgD93lmqpw
219CAhjSRnV6OMg6M0yRmeztYkyXUMM7iw/BtK/REtUQE46xaBSCqdY6aJtRnL16
Z/qeXqWhITKRLOl/WGwgRyKvQ8fnT61AEgd/ybmBuonSaPQqJpLNDSRKvYlc40m7
s8j2QHG5EyC1Ci9KzQ1GeldKJdTQScX5VnmRrUwEP+ps6Ntvba0s1edNR6XNTxHr
6vd8EYAAD2Ogos5DfYCD46AxeHhshGmPQ2b/oPsF/R7siFJyyEfStsh14wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIkv0Y4ieYSj80t+mvSuhiNowqUnMB8GA1UdIwQY
MBaAFJij0J0rRWEloV1T9VIJJfT79hcoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUtQUW5TdEZZU1doWFZQMVVna2w5UHYyRnlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy9lN2IzMDQtZTc3OS00MjFkLWIwYTYt
MDQzMjBiMWZjMjI3LzEvaVNfUmppSjVoS1B6UzM2YTlLNkdJMmpDcFNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy9lN2IzMDQtZTc3OS00MjFkLWIwYTYtMDQzMjBiMWZjMjI3
LzEvbUtQUW5TdEZZU1doWFZQMVVna2w5UHYyRnlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwSGWMA0G
CSqGSIb3DQEBCwUAA4IBAQAOHdRlkB3wZrvO+jO58GrunP7TTB0BTsa3seABE5uh
PAbZ7WRoW8qz0qFo4S89GNXsOf61qgmRzXZWhYsrnoPQR2UFoeRej3Hls4tv/ALa
FafZ5PvPB7Zi5v/6xCC/WVFxgZvvWNDCwClOuKmHH4gAMbH4jqZMKkhWhxLeAPh2
t6EPvdEXojPJgO1HET0b6RAb7wh0CGuyZQ64B4aJavdlh9mrnIlJXpIiZM9iRQLa
rKqsOQHqMBROStZGHquHjJe6Owr4wCiTbrVuqjzH26f77sSExhSLmVTUV5IaaSnI
OA1Kvq5yVM5UrW7QhzqXasmiNT2wqKtnz52UlDGMbDuC
-----END CERTIFICATE-----