This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/KsD_7Iotfzfq4y-64mhkIa-DVvE.roa
File:                     KsD_7Iotfzfq4y-64mhkIa-DVvE.roa (raw, json)
Hash identifier:          9JsO4tST6TY/O7d6wM3aKdcXxdP+ZHZKhOJszHvthYs=
Subject key identifier:   2A:C0:FF:EC:8A:2D:7F:37:EA:E3:2F:BA:E2:68:64:21:AF:83:56:F1
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019B79EC5CF378673FD0D801925CCA6AA803
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/KsD_7Iotfzfq4y-64mhkIa-DVvE.roa
Signing time:             Thu 01 Jan 2026 14:18:11 +0000
ROA not before:           Thu 01 Jan 2026 14:18:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2914
IP address blocks:        193.23.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 Jan 2026 15:30:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:5c:f3:78:67:3f:d0:d8:01:92:5c:ca:6a:a8:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jan  1 14:18:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2ac0ffec8a2d7f37eae32fbae2686421af8356f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:34:53:09:02:3a:f4:54:b3:1b:b7:79:5d:7b:
                    12:99:cc:48:9c:77:a8:db:2c:c9:51:55:0e:81:b5:
                    2e:fb:e1:17:4e:61:f9:6a:60:fd:3c:c7:18:1e:b3:
                    c6:b7:53:02:51:4a:0a:97:26:19:a4:6d:88:58:78:
                    9c:fa:a9:10:9c:97:43:e3:64:99:1a:4a:95:1b:0f:
                    b0:3d:56:f1:b8:cf:ee:7c:07:d0:e1:7a:57:5e:d5:
                    ef:d4:09:4b:fd:79:57:36:09:0c:d4:38:eb:cc:01:
                    94:71:31:c3:9e:2a:4e:e5:0e:4b:4c:96:91:c7:3b:
                    53:20:db:84:5c:d2:a3:15:f3:53:6f:a1:c0:2c:66:
                    4b:71:df:47:e2:75:90:c1:2c:32:ac:12:64:e3:f9:
                    2c:f7:87:aa:97:d6:09:65:67:36:f4:58:b5:a0:2d:
                    f7:bd:c8:8d:c4:d4:1e:84:a1:c5:80:32:4e:e3:15:
                    3a:e2:bd:55:b5:3d:c7:97:88:89:9c:87:e7:61:bb:
                    a1:65:1f:e7:12:68:6d:7a:6a:1e:eb:0d:10:06:05:
                    c8:2f:8b:0f:59:e0:17:2b:4b:34:0a:7e:48:dc:28:
                    83:9a:b7:8c:93:e3:00:84:a9:67:6b:47:16:22:dc:
                    89:54:5a:83:0e:35:28:b9:2d:d1:20:6c:bf:91:af:
                    b6:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:C0:FF:EC:8A:2D:7F:37:EA:E3:2F:BA:E2:68:64:21:AF:83:56:F1
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/KsD_7Iotfzfq4y-64mhkIa-DVvE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.23.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:70:90:e6:bf:2c:45:5d:d3:ba:72:1d:4d:e6:c9:6a:29:6e:
         94:86:c3:a5:01:7a:16:91:a2:74:1b:9a:ec:a3:85:00:66:82:
         d5:87:4e:d1:22:80:cf:11:24:0b:6d:11:4f:28:8c:4e:d8:f2:
         6d:07:d0:e7:29:dc:26:12:b8:96:da:fa:ca:57:4c:c9:e1:ad:
         96:b5:25:5a:f3:2a:ec:62:91:f5:91:4b:f0:f0:07:20:b9:cc:
         2a:b3:0b:36:2c:16:56:71:31:30:34:0b:23:41:29:67:49:a6:
         af:93:43:fc:3c:d3:57:84:53:2a:49:cd:a6:c9:dc:a2:77:b3:
         f3:3d:0b:39:88:7c:5c:d2:4a:44:66:c4:77:ed:ea:02:47:98:
         2f:88:76:5a:8e:39:18:fa:82:64:34:99:77:94:f6:94:d9:94:
         e3:6d:3a:7e:03:b8:56:22:a5:82:72:60:39:ae:97:9d:66:bc:
         b2:6e:64:42:df:c1:53:bb:b9:b5:ed:c3:ff:1a:f1:60:9a:77:
         de:13:61:bf:ed:86:be:d3:d0:36:b1:ab:89:cc:44:62:59:32:
         6e:9a:ac:60:88:e2:d3:d3:2e:7e:7e:53:e7:9b:16:a2:ed:d6:
         78:0f:6f:27:c4:a3:87:da:a9:cd:c4:4f:93:5e:71:e3:dc:f5:
         55:7f:59:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57FzzeGc/0NgBklzKaqgDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMTAxMTQxODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWMwZmZlYzhhMmQ3ZjM3ZWFlMzJmYmFlMjY4NjQyMWFmODM1NmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5DRTCQI69FSzG7d5XXsSmcxInHeo
2yzJUVUOgbUu++EXTmH5amD9PMcYHrPGt1MCUUoKlyYZpG2IWHic+qkQnJdD42SZ
GkqVGw+wPVbxuM/ufAfQ4XpXXtXv1AlL/XlXNgkM1DjrzAGUcTHDnipO5Q5LTJaR
xztTINuEXNKjFfNTb6HALGZLcd9H4nWQwSwyrBJk4/ks94eql9YJZWc29Fi1oC33
vciNxNQehKHFgDJO4xU64r1VtT3Hl4iJnIfnYbuhZR/nEmhtemoe6w0QBgXIL4sP
WeAXK0s0Cn5I3CiDmreMk+MAhKlna0cWItyJVFqDDjUouS3RIGy/ka+2DQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCrA/+yKLX836uMvuuJoZCGvg1bxMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvS3NEXzdJb3RmemZxNHktNjRtaGtJYS1EVnZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRfZMA0G
CSqGSIb3DQEBCwUAA4IBAQBhcJDmvyxFXdO6ch1N5slqKW6UhsOlAXoWkaJ0G5rs
o4UAZoLVh07RIoDPESQLbRFPKIxO2PJtB9DnKdwmEriW2vrKV0zJ4a2WtSVa8yrs
YpH1kUvw8Acgucwqsws2LBZWcTEwNAsjQSlnSaavk0P8PNNXhFMqSc2mydyid7Pz
PQs5iHxc0kpEZsR37eoCR5gviHZajjkY+oJkNJl3lPaU2ZTjbTp+A7hWIqWCcmA5
rpedZryybmRC38FTu7m17cP/GvFgmnfeE2G/7Ya+09A2sauJzERiWTJumqxgiOLT
0y5+flPnmxai7dZ4D28nxKOH2qnNxE+TXnHj3PVVf1nM
-----END CERTIFICATE-----