This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/68d143-1237-4912-a892-cef01d877ebe/1/08TX7zGJM_9SDvXsn_IRwc2BjrU.roa
File:                     08TX7zGJM_9SDvXsn_IRwc2BjrU.roa (raw, json)
Hash identifier:          jT+EKCy6Js0nlHIQwG+OyzWgM7mgDMvpygyb2+ijALI=
Subject key identifier:   D3:C4:D7:EF:31:89:33:FF:52:0E:F5:EC:9F:F2:11:C1:CD:81:8E:B5
Certificate issuer:       /CN=8d50b3a9a0503905596c77f5802bef9fc73d647d
Certificate serial:       019B7759124B79EF50D833944D82FCBDA439
Authority key identifier: 8D:50:B3:A9:A0:50:39:05:59:6C:77:F5:80:2B:EF:9F:C7:3D:64:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVCzqaBQOQVZbHf1gCvvn8c9ZH0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/68d143-1237-4912-a892-cef01d877ebe/1/08TX7zGJM_9SDvXsn_IRwc2BjrU.roa
Signing time:             Thu 01 Jan 2026 02:18:04 +0000
ROA not before:           Thu 01 Jan 2026 02:18:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34412
IP address blocks:        194.5.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/68d143-1237-4912-a892-cef01d877ebe/1/jVCzqaBQOQVZbHf1gCvvn8c9ZH0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/68d143-1237-4912-a892-cef01d877ebe/1/jVCzqaBQOQVZbHf1gCvvn8c9ZH0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVCzqaBQOQVZbHf1gCvvn8c9ZH0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:12:4b:79:ef:50:d8:33:94:4d:82:fc:bd:a4:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d50b3a9a0503905596c77f5802bef9fc73d647d
        Validity
            Not Before: Jan  1 02:18:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d3c4d7ef318933ff520ef5ec9ff211c1cd818eb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:39:f5:dd:7a:bb:d0:48:fe:74:69:fc:df:08:
                    2a:ee:52:db:8a:fa:10:23:ef:32:aa:c7:7e:e8:8e:
                    7e:b4:7b:16:ad:0f:3a:b1:54:77:21:10:3e:ae:76:
                    5b:08:4b:df:60:46:60:c3:f9:59:57:13:82:d2:d0:
                    36:45:0c:13:c4:6d:e8:df:62:d8:7c:ea:26:0a:e6:
                    94:90:72:6f:60:c0:37:91:3a:64:4d:5a:15:42:48:
                    35:36:48:2d:91:e5:c7:9f:ff:96:ec:be:be:4d:fa:
                    e1:a3:c3:51:b3:81:5c:d0:d4:cf:62:f1:3e:65:e7:
                    1c:b9:58:40:64:71:99:8f:ff:85:8a:64:ec:09:1f:
                    4b:4c:3c:f9:e4:ff:51:bf:91:06:7f:89:e1:1a:07:
                    da:52:e9:16:a8:f5:72:2f:46:14:47:28:d5:50:f1:
                    3d:98:69:05:43:fe:67:22:60:45:a6:a7:9e:4d:23:
                    d9:2b:f3:a4:c7:cc:b8:d2:2c:82:2c:fe:97:87:58:
                    ec:f9:2f:19:bd:e2:8c:2a:d7:be:5f:53:cb:cc:31:
                    68:69:cb:29:20:fc:2b:53:09:dc:3e:d8:cb:0b:72:
                    43:2e:38:7f:13:56:d0:b3:c2:46:32:c5:6f:6d:55:
                    52:3e:4d:e3:6f:d3:b8:c1:e2:e1:37:e3:a6:5d:ad:
                    12:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:C4:D7:EF:31:89:33:FF:52:0E:F5:EC:9F:F2:11:C1:CD:81:8E:B5
            X509v3 Authority Key Identifier:
                keyid:8D:50:B3:A9:A0:50:39:05:59:6C:77:F5:80:2B:EF:9F:C7:3D:64:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVCzqaBQOQVZbHf1gCvvn8c9ZH0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/68d143-1237-4912-a892-cef01d877ebe/1/08TX7zGJM_9SDvXsn_IRwc2BjrU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/68d143-1237-4912-a892-cef01d877ebe/1/jVCzqaBQOQVZbHf1gCvvn8c9ZH0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.5.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:a9:45:8a:07:57:fc:0d:d7:61:dd:ff:d3:8f:c1:91:5c:66:
         89:61:c9:00:53:d9:07:c2:40:a0:d7:72:93:d8:f8:62:86:f1:
         31:95:fb:bd:31:10:4c:8a:dc:6c:fb:21:ae:15:a8:c6:7e:10:
         03:c1:66:78:ee:04:5d:fa:ab:75:0c:fc:4a:da:09:49:91:53:
         ca:3a:1b:37:fd:36:23:87:2b:2b:76:7a:4a:b8:0d:01:11:e4:
         03:af:b6:42:05:05:d6:5e:a7:27:44:a7:f0:91:8e:d3:32:dd:
         98:76:61:9a:23:01:e2:49:67:c8:ad:28:58:0d:11:77:e9:80:
         33:27:e4:64:52:f0:8a:95:cf:93:d4:61:e8:8e:4d:1a:93:5e:
         27:0e:86:02:09:8f:bb:a3:29:c8:2b:5c:6b:9e:5f:47:42:70:
         f8:4b:f5:13:b3:27:49:92:4f:3a:5f:42:9e:cc:9c:b8:89:6c:
         1b:fd:b5:a5:76:f0:cd:48:11:74:cd:bc:ba:80:6c:1b:8e:81:
         df:c2:de:71:25:9e:ef:33:1f:89:73:2e:06:aa:a6:4d:c9:df:
         23:0b:fa:9a:e7:e1:a9:e7:bf:e0:3a:03:26:2c:21:23:3b:78:
         9c:dd:69:b3:37:53:01:c6:78:4d:54:bc:ae:4b:cb:93:57:39:
         64:9c:c3:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WRJLee9Q2DOUTYL8vaQ5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTBiM2E5YTA1MDM5MDU1OTZjNzdmNTgwMmJlZjlmYzcz
ZDY0N2QwHhcNMjYwMTAxMDIxODA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2M0ZDdlZjMxODkzM2ZmNTIwZWY1ZWM5ZmYyMTFjMWNkODE4ZWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyjn13Xq70Ej+dGn83wgq7lLbivoQ
I+8yqsd+6I5+tHsWrQ86sVR3IRA+rnZbCEvfYEZgw/lZVxOC0tA2RQwTxG3o32LY
fOomCuaUkHJvYMA3kTpkTVoVQkg1NkgtkeXHn/+W7L6+Tfrho8NRs4Fc0NTPYvE+
ZeccuVhAZHGZj/+FimTsCR9LTDz55P9Rv5EGf4nhGgfaUukWqPVyL0YURyjVUPE9
mGkFQ/5nImBFpqeeTSPZK/Okx8y40iyCLP6Xh1js+S8ZveKMKte+X1PLzDFoacsp
IPwrUwncPtjLC3JDLjh/E1bQs8JGMsVvbVVSPk3jb9O4weLhN+OmXa0SMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNPE1+8xiTP/Ug717J/yEcHNgY61MB8GA1UdIwQY
MBaAFI1Qs6mgUDkFWWx39YAr75/HPWR9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZDenFhQlFPUVZaYkhmMWdDdnZuOGM5WkgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82OGQxNDMtMTIzNy00OTEyLWE4OTIt
Y2VmMDFkODc3ZWJlLzEvMDhUWDd6R0pNXzlTRHZYc25fSVJ3YzJCanJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82OGQxNDMtMTIzNy00OTEyLWE4OTItY2VmMDFkODc3ZWJl
LzEvalZDenFhQlFPUVZaYkhmMWdDdnZuOGM5WkgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgUQMA0G
CSqGSIb3DQEBCwUAA4IBAQAQqUWKB1f8Dddh3f/Tj8GRXGaJYckAU9kHwkCg13KT
2PhihvExlfu9MRBMitxs+yGuFajGfhADwWZ47gRd+qt1DPxK2glJkVPKOhs3/TYj
hysrdnpKuA0BEeQDr7ZCBQXWXqcnRKfwkY7TMt2YdmGaIwHiSWfIrShYDRF36YAz
J+RkUvCKlc+T1GHojk0ak14nDoYCCY+7oynIK1xrnl9HQnD4S/UTsydJkk86X0Ke
zJy4iWwb/bWldvDNSBF0zby6gGwbjoHfwt5xJZ7vMx+Jcy4GqqZNyd8jC/qa5+Gp
57/gOgMmLCEjO3ic3WmzN1MBxnhNVLyuS8uTVzlknMNl
-----END CERTIFICATE-----