This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/c1ca07-9658-4446-8cb5-60cf9ab1b13e/1/JhlPUIaiuE2YohDfzMjZESoyDBM.roa
File:                     JhlPUIaiuE2YohDfzMjZESoyDBM.roa (raw, json)
Hash identifier:          7exMhOdMj9M/aNI0j3yYX3O6VN6kNC8RAmHhooROzJc=
Subject key identifier:   26:19:4F:50:86:A2:B8:4D:98:A2:10:DF:CC:C8:D9:11:2A:32:0C:13
Certificate issuer:       /CN=5cf4501b755002d9143e8fa6736815e9f0f93695
Certificate serial:       019B7C11AAB65F753DF3BF1F3F6D1C6DA1ED
Authority key identifier: 5C:F4:50:1B:75:50:02:D9:14:3E:8F:A6:73:68:15:E9:F0:F9:36:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XPRQG3VQAtkUPo-mc2gV6fD5NpU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/c1ca07-9658-4446-8cb5-60cf9ab1b13e/1/JhlPUIaiuE2YohDfzMjZESoyDBM.roa
Signing time:             Fri 02 Jan 2026 00:18:11 +0000
ROA not before:           Fri 02 Jan 2026 00:18:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49440
IP address blocks:        88.97.168.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/c1ca07-9658-4446-8cb5-60cf9ab1b13e/1/XPRQG3VQAtkUPo-mc2gV6fD5NpU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/c1ca07-9658-4446-8cb5-60cf9ab1b13e/1/XPRQG3VQAtkUPo-mc2gV6fD5NpU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XPRQG3VQAtkUPo-mc2gV6fD5NpU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 19:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:11:aa:b6:5f:75:3d:f3:bf:1f:3f:6d:1c:6d:a1:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5cf4501b755002d9143e8fa6736815e9f0f93695
        Validity
            Not Before: Jan  2 00:18:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=26194f5086a2b84d98a210dfccc8d9112a320c13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:7d:df:69:d1:24:f6:f7:78:03:20:86:5d:27:
                    bb:4c:6f:83:02:21:4c:9a:58:8d:b4:6e:ad:49:65:
                    bb:e3:85:b3:46:f2:d8:01:89:fc:de:cc:df:a3:ce:
                    e9:b3:1a:6d:93:33:53:3f:84:fb:32:c5:1a:83:01:
                    9a:d2:e2:51:1e:3f:21:b4:c7:30:e8:ed:2f:77:ff:
                    94:a9:cf:07:ea:6c:ee:c5:1c:fc:6b:33:6c:18:5e:
                    5a:d2:1b:52:49:17:4e:cc:3d:e3:e9:55:3d:00:c5:
                    b0:3e:a8:68:9c:9d:29:d0:61:64:9f:4f:71:17:2e:
                    66:85:db:26:60:4a:f5:7b:45:27:fa:d5:8a:4b:e2:
                    25:1a:23:53:4d:3f:97:1b:78:8e:9f:71:08:99:11:
                    42:d6:37:db:be:2e:6f:1c:61:00:d5:2e:44:f9:b3:
                    79:8d:55:0c:a2:8b:48:21:84:fe:36:6d:be:71:03:
                    7b:75:2d:45:27:76:f3:b0:68:44:1b:09:19:cd:71:
                    86:5c:e6:3c:72:e8:cf:1e:69:53:5d:39:08:d6:49:
                    af:e1:45:4d:55:e0:cf:08:6c:53:8e:6b:a6:e8:02:
                    a1:52:63:d8:c8:af:5f:43:b1:70:07:b1:24:a5:bd:
                    57:ab:45:4c:23:4f:ed:5f:b8:c6:c0:4f:c3:db:fd:
                    8f:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:19:4F:50:86:A2:B8:4D:98:A2:10:DF:CC:C8:D9:11:2A:32:0C:13
            X509v3 Authority Key Identifier:
                keyid:5C:F4:50:1B:75:50:02:D9:14:3E:8F:A6:73:68:15:E9:F0:F9:36:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XPRQG3VQAtkUPo-mc2gV6fD5NpU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/c1ca07-9658-4446-8cb5-60cf9ab1b13e/1/JhlPUIaiuE2YohDfzMjZESoyDBM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/c1ca07-9658-4446-8cb5-60cf9ab1b13e/1/XPRQG3VQAtkUPo-mc2gV6fD5NpU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.97.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2c:ac:3e:11:61:24:aa:2c:fb:86:c3:2b:4b:d8:88:f4:83:bc:
         69:6d:c8:fc:08:33:49:86:4d:bc:b3:a9:08:69:32:7b:8c:b0:
         bd:01:3b:53:e1:91:4b:97:ba:6b:44:65:99:6e:57:b8:21:35:
         5c:9c:36:56:01:06:69:b8:1d:04:8b:03:18:85:83:fe:ea:6d:
         8b:63:8d:e8:24:77:1e:8e:0f:26:c6:17:65:5e:09:11:d0:20:
         ce:4d:0e:f8:c1:ff:ef:9b:00:8c:b4:22:de:d6:0e:61:f3:db:
         c5:11:8e:07:fa:51:63:49:0c:ad:cc:d8:4a:3e:5e:ea:0d:b7:
         d7:fc:35:fb:77:c2:04:94:43:32:e1:95:1b:f5:b5:1e:cf:9b:
         e8:d9:8c:a4:36:0b:ed:ef:30:98:16:65:0a:ba:11:a3:9a:13:
         05:ce:8c:68:4b:c1:10:c8:f3:e6:03:62:9b:5d:d7:fc:e7:63:
         93:b4:2c:0b:52:c0:3b:af:50:4c:03:53:cc:b0:2d:ff:e1:3d:
         94:b3:cc:9b:48:5d:cf:35:f1:32:27:b9:41:45:7e:92:26:fb:
         99:2a:e7:21:bb:43:09:b8:4d:56:62:82:b5:8f:0d:24:eb:5a:
         cb:d3:c0:58:b9:fb:47:c8:cf:ab:d8:de:2e:2e:c6:31:45:41:
         59:83:db:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8Eaq2X3U9878fP20cbaHtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjZjQ1MDFiNzU1MDAyZDkxNDNlOGZhNjczNjgxNWU5ZjBm
OTM2OTUwHhcNMjYwMTAyMDAxODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjE5NGY1MDg2YTJiODRkOThhMjEwZGZjY2M4ZDkxMTJhMzIwYzEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt33fadEk9vd4AyCGXSe7TG+DAiFM
mliNtG6tSWW744WzRvLYAYn83szfo87psxptkzNTP4T7MsUagwGa0uJRHj8htMcw
6O0vd/+Uqc8H6mzuxRz8azNsGF5a0htSSRdOzD3j6VU9AMWwPqhonJ0p0GFkn09x
Fy5mhdsmYEr1e0Un+tWKS+IlGiNTTT+XG3iOn3EImRFC1jfbvi5vHGEA1S5E+bN5
jVUMootIIYT+Nm2+cQN7dS1FJ3bzsGhEGwkZzXGGXOY8cujPHmlTXTkI1kmv4UVN
VeDPCGxTjmum6AKhUmPYyK9fQ7FwB7Ekpb1Xq0VMI0/tX7jGwE/D2/2PZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCYZT1CGorhNmKIQ38zI2REqMgwTMB8GA1UdIwQY
MBaAFFz0UBt1UALZFD6PpnNoFenw+TaVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFBSUUczVlFBdGtVUG8tbWMyZ1Y2ZkQ1TnBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9jMWNhMDctOTY1OC00NDQ2LThjYjUt
NjBjZjlhYjFiMTNlLzEvSmhsUFVJYWl1RTJZb2hEZnpNalpFU295REJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9jMWNhMDctOTY1OC00NDQ2LThjYjUtNjBjZjlhYjFiMTNl
LzEvWFBSUUczVlFBdGtVUG8tbWMyZ1Y2ZkQ1TnBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWGGoMA0G
CSqGSIb3DQEBCwUAA4IBAQAsrD4RYSSqLPuGwytL2Ij0g7xpbcj8CDNJhk28s6kI
aTJ7jLC9ATtT4ZFLl7prRGWZble4ITVcnDZWAQZpuB0EiwMYhYP+6m2LY43oJHce
jg8mxhdlXgkR0CDOTQ74wf/vmwCMtCLe1g5h89vFEY4H+lFjSQytzNhKPl7qDbfX
/DX7d8IElEMy4ZUb9bUez5vo2YykNgvt7zCYFmUKuhGjmhMFzoxoS8EQyPPmA2Kb
Xdf852OTtCwLUsA7r1BMA1PMsC3/4T2Us8ybSF3PNfEyJ7lBRX6SJvuZKuchu0MJ
uE1WYoK1jw0k61rL08BYuftHyM+r2N4uLsYxRUFZg9vL
-----END CERTIFICATE-----