This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/655a1c-baf5-475f-a308-932ab341a367/1/jbafLlCB65wc3lu8qCmYl11AIFk.roa
File:                     jbafLlCB65wc3lu8qCmYl11AIFk.roa (raw, json)
Hash identifier:          K+M36ULpoKKc2R4rksKlSojLYrf7EhhEe4ldkXRNVqc=
Subject key identifier:   8D:B6:9F:2E:50:81:EB:9C:1C:DE:5B:BC:A8:29:98:97:5D:40:20:59
Certificate issuer:       /CN=e29f4964009c74bb81aed9c67078013dc868ef17
Certificate serial:       019B79EC442D05959A612EB83BEE4DB836A2
Authority key identifier: E2:9F:49:64:00:9C:74:BB:81:AE:D9:C6:70:78:01:3D:C8:68:EF:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4p9JZACcdLuBrtnGcHgBPcho7xc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/655a1c-baf5-475f-a308-932ab341a367/1/jbafLlCB65wc3lu8qCmYl11AIFk.roa
Signing time:             Thu 01 Jan 2026 14:18:05 +0000
ROA not before:           Thu 01 Jan 2026 14:18:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34086
IP address blocks:        193.222.200.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/655a1c-baf5-475f-a308-932ab341a367/1/4p9JZACcdLuBrtnGcHgBPcho7xc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/655a1c-baf5-475f-a308-932ab341a367/1/4p9JZACcdLuBrtnGcHgBPcho7xc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4p9JZACcdLuBrtnGcHgBPcho7xc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 Jan 2026 23:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:44:2d:05:95:9a:61:2e:b8:3b:ee:4d:b8:36:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e29f4964009c74bb81aed9c67078013dc868ef17
        Validity
            Not Before: Jan  1 14:18:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8db69f2e5081eb9c1cde5bbca82998975d402059
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:27:15:36:3d:69:14:70:9e:97:46:95:f5:81:
                    ae:92:88:d9:0b:35:ab:77:96:5a:28:dc:d6:b1:69:
                    28:a5:86:71:32:3c:cb:06:ce:44:b3:16:e6:35:17:
                    14:0e:45:90:e3:4a:25:24:ad:16:dc:53:e9:f3:e8:
                    3a:33:15:de:f9:ab:fc:77:02:d8:25:4a:13:24:58:
                    88:6d:3e:fc:6d:0d:ea:26:45:fb:4b:ec:a5:87:a6:
                    0b:9b:4a:49:9e:03:b6:d7:53:2f:17:25:b7:2c:d0:
                    98:7c:53:80:1d:63:fb:de:75:1d:22:e8:96:73:dc:
                    3b:b7:84:11:dc:8d:4e:8e:86:80:1d:da:79:9c:38:
                    de:9d:b0:c6:05:7d:a7:1d:bd:4c:98:76:b8:ba:44:
                    78:d2:e4:de:df:3d:eb:c9:ac:bb:1b:84:ae:76:8d:
                    46:f3:95:6a:c7:81:23:f3:14:80:ce:19:8f:f2:5b:
                    b2:69:d4:7a:24:22:c2:4e:bf:d6:41:a0:62:b3:47:
                    1e:65:5a:d0:0a:6c:c5:05:88:39:96:8a:e7:a7:e1:
                    1d:95:97:7b:9f:64:5a:31:ed:27:26:81:ef:49:38:
                    3c:4d:f6:23:f8:df:10:85:02:b1:7d:55:9c:d7:d3:
                    a0:d4:57:93:dd:b0:c8:26:fc:49:91:67:9a:7a:6e:
                    c2:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:B6:9F:2E:50:81:EB:9C:1C:DE:5B:BC:A8:29:98:97:5D:40:20:59
            X509v3 Authority Key Identifier:
                keyid:E2:9F:49:64:00:9C:74:BB:81:AE:D9:C6:70:78:01:3D:C8:68:EF:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4p9JZACcdLuBrtnGcHgBPcho7xc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/655a1c-baf5-475f-a308-932ab341a367/1/jbafLlCB65wc3lu8qCmYl11AIFk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/655a1c-baf5-475f-a308-932ab341a367/1/4p9JZACcdLuBrtnGcHgBPcho7xc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.222.200.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8b:7b:f9:d4:a4:10:9a:cb:b6:98:d5:82:67:04:4d:00:29:63:
         28:e0:0f:8d:5d:41:e2:a1:90:7d:e4:43:a8:e7:04:82:08:fb:
         26:7d:4d:30:bb:94:77:18:01:91:0b:a0:bc:fe:12:9d:35:af:
         08:da:e1:e1:45:4f:94:4b:32:a8:02:95:d6:85:0c:27:d1:20:
         a9:24:1b:32:a9:72:f4:bf:88:60:ef:d8:b4:9a:cb:53:be:0e:
         6b:2d:57:ae:11:3e:61:20:0e:dd:13:20:b1:72:cf:9e:59:12:
         f5:04:15:26:c7:77:73:8e:df:5c:65:99:aa:3b:de:82:36:cc:
         67:a9:64:6f:34:aa:7e:f5:d7:1d:aa:a8:66:05:ed:e0:b4:b4:
         a3:78:3b:b6:38:7f:6c:01:2c:05:f0:af:e8:53:f4:6f:8d:90:
         76:20:7d:61:50:a7:28:6e:09:d0:00:f3:0b:96:b8:3e:9c:82:
         ac:c5:39:fe:33:aa:d8:42:b6:cc:18:f1:ed:df:e7:4b:fe:d5:
         6f:35:07:15:39:c3:67:03:9c:7c:03:eb:57:5e:44:84:34:34:
         69:c8:79:8a:a2:8e:ff:a5:10:ab:2f:05:2b:04:5d:c4:a7:78:
         c3:69:da:61:9c:17:7e:26:58:bc:39:f5:e8:69:ae:d7:16:c3:
         73:15:ba:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57EQtBZWaYS64O+5NuDaiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyOWY0OTY0MDA5Yzc0YmI4MWFlZDljNjcwNzgwMTNkYzg2
OGVmMTcwHhcNMjYwMTAxMTQxODA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGI2OWYyZTUwODFlYjljMWNkZTViYmNhODI5OTg5NzVkNDAyMDU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtScVNj1pFHCel0aV9YGukojZCzWr
d5ZaKNzWsWkopYZxMjzLBs5EsxbmNRcUDkWQ40olJK0W3FPp8+g6MxXe+av8dwLY
JUoTJFiIbT78bQ3qJkX7S+ylh6YLm0pJngO211MvFyW3LNCYfFOAHWP73nUdIuiW
c9w7t4QR3I1OjoaAHdp5nDjenbDGBX2nHb1MmHa4ukR40uTe3z3ryay7G4Sudo1G
85Vqx4Ej8xSAzhmP8luyadR6JCLCTr/WQaBis0ceZVrQCmzFBYg5lornp+EdlZd7
n2RaMe0nJoHvSTg8TfYj+N8QhQKxfVWc19Og1FeT3bDIJvxJkWeaem7CIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI22ny5QgeucHN5bvKgpmJddQCBZMB8GA1UdIwQY
MBaAFOKfSWQAnHS7ga7ZxnB4AT3IaO8XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHA5SlpBQ2NkTHVCcnRuR2NIZ0JQY2hvN3hjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS82NTVhMWMtYmFmNS00NzVmLWEzMDgt
OTMyYWIzNDFhMzY3LzEvamJhZkxsQ0I2NXdjM2x1OHFDbVlsMTFBSUZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS82NTVhMWMtYmFmNS00NzVmLWEzMDgtOTMyYWIzNDFhMzY3
LzEvNHA5SlpBQ2NkTHVCcnRuR2NIZ0JQY2hvN3hjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwd7IMA0G
CSqGSIb3DQEBCwUAA4IBAQCLe/nUpBCay7aY1YJnBE0AKWMo4A+NXUHioZB95EOo
5wSCCPsmfU0wu5R3GAGRC6C8/hKdNa8I2uHhRU+USzKoApXWhQwn0SCpJBsyqXL0
v4hg79i0mstTvg5rLVeuET5hIA7dEyCxcs+eWRL1BBUmx3dzjt9cZZmqO96CNsxn
qWRvNKp+9dcdqqhmBe3gtLSjeDu2OH9sASwF8K/oU/RvjZB2IH1hUKcobgnQAPML
lrg+nIKsxTn+M6rYQrbMGPHt3+dL/tVvNQcVOcNnA5x8A+tXXkSENDRpyHmKoo7/
pRCrLwUrBF3Ep3jDadphnBd+Jli8OfXoaa7XFsNzFbpN
-----END CERTIFICATE-----