This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/kJ0DgJ8GncRn7ZZPIIWQuMqNGDU.roa
File:                     kJ0DgJ8GncRn7ZZPIIWQuMqNGDU.roa (raw, json)
Hash identifier:          B/NzJ7GlRVz7Qb3N74n5NGR3KvZ1Kbru2Tpi67t35QU=
Subject key identifier:   90:9D:03:80:9F:06:9D:C4:67:ED:96:4F:20:85:90:B8:CA:8D:18:35
Certificate issuer:       /CN=44fc887c977393575de6257e75fa99cde2037c6c
Certificate serial:       019B7C7F48BFF1A4FE4B05BD107720011D18
Authority key identifier: 44:FC:88:7C:97:73:93:57:5D:E6:25:7E:75:FA:99:CD:E2:03:7C:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RPyIfJdzk1dd5iV-dfqZzeIDfGw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/kJ0DgJ8GncRn7ZZPIIWQuMqNGDU.roa
Signing time:             Fri 02 Jan 2026 02:17:55 +0000
ROA not before:           Fri 02 Jan 2026 02:17:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202656
IP address blocks:        193.43.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/RPyIfJdzk1dd5iV-dfqZzeIDfGw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/RPyIfJdzk1dd5iV-dfqZzeIDfGw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RPyIfJdzk1dd5iV-dfqZzeIDfGw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 07:52:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:7f:48:bf:f1:a4:fe:4b:05:bd:10:77:20:01:1d:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44fc887c977393575de6257e75fa99cde2037c6c
        Validity
            Not Before: Jan  2 02:17:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=909d03809f069dc467ed964f208590b8ca8d1835
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:23:6e:70:14:c7:81:38:3d:69:6a:93:ed:91:
                    47:2f:fb:d1:d3:86:c2:3f:33:80:34:fb:7f:9c:4c:
                    6c:be:5d:d0:d5:e4:20:02:ab:66:59:e9:80:a6:dd:
                    39:56:bd:fa:66:d8:59:05:d8:b6:ad:3f:c9:57:da:
                    80:0c:49:a3:07:0c:15:12:61:31:62:89:b4:b9:0d:
                    37:d2:ba:a3:6f:5d:0a:b2:56:41:e1:82:46:20:fc:
                    ec:b8:e7:b5:6c:22:7d:c6:b3:52:b0:5a:c9:31:fa:
                    20:62:68:14:f7:16:3d:b1:d6:7e:01:f8:17:a5:94:
                    77:70:ba:5f:a1:5a:5a:44:09:ac:bb:d1:3c:f1:dc:
                    63:f7:5f:b6:8a:4e:38:aa:58:5f:6a:be:17:54:69:
                    8a:97:c5:43:bb:a2:c8:47:8d:0a:ed:48:c2:a8:52:
                    41:70:b6:03:9c:58:00:e7:7d:07:83:fb:a3:6f:b9:
                    1f:6e:26:65:56:75:70:64:15:1e:09:78:f7:23:e8:
                    89:be:44:fe:a8:38:ae:e9:c5:62:63:cc:4f:ce:7c:
                    03:af:9b:c2:68:8a:0b:3a:ba:81:bc:f3:4f:2c:5a:
                    0c:51:96:95:7f:d6:ea:81:30:e8:27:5e:3f:d8:e0:
                    40:91:9a:da:f4:a4:7f:c9:de:17:41:99:3d:f1:2f:
                    d2:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:9D:03:80:9F:06:9D:C4:67:ED:96:4F:20:85:90:B8:CA:8D:18:35
            X509v3 Authority Key Identifier:
                keyid:44:FC:88:7C:97:73:93:57:5D:E6:25:7E:75:FA:99:CD:E2:03:7C:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RPyIfJdzk1dd5iV-dfqZzeIDfGw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/kJ0DgJ8GncRn7ZZPIIWQuMqNGDU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/RPyIfJdzk1dd5iV-dfqZzeIDfGw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.43.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:db:1e:19:73:42:9e:68:c2:65:0e:a5:aa:08:02:c0:d7:51:
         17:4f:b3:6b:a5:6f:2b:30:d5:0b:c9:21:71:cf:5a:5b:97:aa:
         41:0a:f2:6f:29:8f:3e:6f:69:84:fd:e6:36:ba:0f:f9:67:1c:
         28:38:5c:9a:00:ec:c1:f0:03:ff:82:69:d7:ba:a7:12:50:df:
         7c:d7:8a:b9:40:6f:2b:d1:3d:9c:d6:55:1c:21:26:94:99:a4:
         80:7c:41:67:c0:77:ac:d8:07:e1:0b:e2:52:0c:7e:d8:b5:d0:
         05:4e:0a:ba:a5:c5:89:b9:54:94:01:1b:de:34:13:a2:78:ad:
         c5:08:de:17:0f:90:4b:55:43:06:ca:50:20:dd:2c:2f:d4:fe:
         be:1d:ba:ec:28:eb:40:d6:35:72:8b:18:79:9a:b4:1f:37:0e:
         37:9b:a4:ac:cc:a7:19:da:bf:1c:66:b8:3b:7d:66:eb:78:52:
         cc:c8:9f:5f:15:00:54:8c:ff:fb:af:ff:cd:58:cf:b9:92:dc:
         88:9d:ee:88:f3:07:c5:d3:d7:bf:89:07:d5:5b:44:61:e7:bb:
         6f:0c:b9:bf:b9:e5:19:ad:d0:f3:a2:2a:4f:b8:1f:ad:82:7e:
         df:d6:7d:3a:65:86:2a:d7:11:2f:15:9c:63:4c:b6:55:dc:b6:
         c4:d6:d2:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8f0i/8aT+SwW9EHcgAR0YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0ZmM4ODdjOTc3MzkzNTc1ZGU2MjU3ZTc1ZmE5OWNkZTIw
MzdjNmMwHhcNMjYwMTAyMDIxNzU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDlkMDM4MDlmMDY5ZGM0NjdlZDk2NGYyMDg1OTBiOGNhOGQxODM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqiNucBTHgTg9aWqT7ZFHL/vR04bC
PzOANPt/nExsvl3Q1eQgAqtmWemApt05Vr36ZthZBdi2rT/JV9qADEmjBwwVEmEx
Yom0uQ030rqjb10KslZB4YJGIPzsuOe1bCJ9xrNSsFrJMfogYmgU9xY9sdZ+AfgX
pZR3cLpfoVpaRAmsu9E88dxj91+2ik44qlhfar4XVGmKl8VDu6LIR40K7UjCqFJB
cLYDnFgA530Hg/ujb7kfbiZlVnVwZBUeCXj3I+iJvkT+qDiu6cViY8xPznwDr5vC
aIoLOrqBvPNPLFoMUZaVf9bqgTDoJ14/2OBAkZra9KR/yd4XQZk98S/SeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJCdA4CfBp3EZ+2WTyCFkLjKjRg1MB8GA1UdIwQY
MBaAFET8iHyXc5NXXeYlfnX6mc3iA3xsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlB5SWZKZHprMWRkNWlWLWRmcVp6ZUlEZkd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9mMDdjNjYtNDczZC00MzVhLWI2OTMt
YzM2OWMxZDRjMzM3LzEva0owRGdKOEduY1JuN1paUElJV1F1TXFOR0RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9mMDdjNjYtNDczZC00MzVhLWI2OTMtYzM2OWMxZDRjMzM3
LzEvUlB5SWZKZHprMWRkNWlWLWRmcVp6ZUlEZkd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSuKMA0G
CSqGSIb3DQEBCwUAA4IBAQBA2x4Zc0KeaMJlDqWqCALA11EXT7NrpW8rMNULySFx
z1pbl6pBCvJvKY8+b2mE/eY2ug/5ZxwoOFyaAOzB8AP/gmnXuqcSUN9814q5QG8r
0T2c1lUcISaUmaSAfEFnwHes2AfhC+JSDH7YtdAFTgq6pcWJuVSUARveNBOieK3F
CN4XD5BLVUMGylAg3Swv1P6+HbrsKOtA1jVyixh5mrQfNw43m6SszKcZ2r8cZrg7
fWbreFLMyJ9fFQBUjP/7r//NWM+5ktyIne6I8wfF09e/iQfVW0Rh57tvDLm/ueUZ
rdDzoipPuB+tgn7f1n06ZYYq1xEvFZxjTLZV3LbE1tI6
-----END CERTIFICATE-----