This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/bc53d2-9137-4799-9e41-e69a017485fb/1/L24zb2GPwHD-aPGno9VtNYT_9UA.roa
File:                     L24zb2GPwHD-aPGno9VtNYT_9UA.roa (raw, json)
Hash identifier:          TV8bwr8KXxyIpZ3hz+LfUH4wszhJw0hokfRXNpqsBSk=
Subject key identifier:   2F:6E:33:6F:61:8F:C0:70:FE:68:F1:A7:A3:D5:6D:35:84:FF:F5:40
Certificate issuer:       /CN=8e895f1e270c635ec61df9a97fc0f668c0a8f548
Certificate serial:       019B7F83299BE931B977DEE0E80F340FA264
Authority key identifier: 8E:89:5F:1E:27:0C:63:5E:C6:1D:F9:A9:7F:C0:F6:68:C0:A8:F5:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jolfHicMY17GHfmpf8D2aMCo9Ug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/bc53d2-9137-4799-9e41-e69a017485fb/1/L24zb2GPwHD-aPGno9VtNYT_9UA.roa
Signing time:             Fri 02 Jan 2026 16:21:00 +0000
ROA not before:           Fri 02 Jan 2026 16:21:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48172
IP address blocks:        194.33.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/bc53d2-9137-4799-9e41-e69a017485fb/1/jolfHicMY17GHfmpf8D2aMCo9Ug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/bc53d2-9137-4799-9e41-e69a017485fb/1/jolfHicMY17GHfmpf8D2aMCo9Ug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jolfHicMY17GHfmpf8D2aMCo9Ug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:01:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:83:29:9b:e9:31:b9:77:de:e0:e8:0f:34:0f:a2:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e895f1e270c635ec61df9a97fc0f668c0a8f548
        Validity
            Not Before: Jan  2 16:21:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2f6e336f618fc070fe68f1a7a3d56d3584fff540
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ff:a5:c1:34:b0:77:5d:35:cd:91:73:69:b1:
                    c2:e1:25:28:37:65:33:68:c1:17:bb:e8:93:67:c5:
                    23:99:45:72:02:bb:ed:76:04:01:0f:ae:b6:e0:8b:
                    74:e3:8e:21:cd:19:42:7e:d6:84:94:0e:42:75:25:
                    5f:dd:8b:93:d1:71:e7:ee:fc:8b:27:93:0c:4c:0b:
                    f4:fc:25:ae:7f:b5:e6:ac:0a:6d:81:6e:8a:29:82:
                    f0:b6:be:cc:9e:e5:fa:1c:69:a3:a2:a0:5d:8b:50:
                    b1:83:6f:11:d0:8a:6f:5a:f0:5c:ff:ee:10:af:3e:
                    e7:bd:aa:ec:58:77:39:cc:d2:f0:50:f8:5e:9e:56:
                    90:b9:95:10:36:42:38:92:18:dc:40:66:92:28:24:
                    40:62:33:0b:57:74:c0:e2:07:b7:e6:44:77:18:73:
                    df:23:c5:4b:27:ee:06:79:05:84:4b:5e:1c:70:3c:
                    f2:54:f0:47:c1:db:8f:67:21:62:ee:23:f2:e7:0e:
                    82:e8:e0:e6:82:e3:38:23:66:27:71:81:c0:5e:05:
                    39:8d:0b:12:c0:de:63:5d:8c:8a:77:a0:b8:81:20:
                    7b:f1:1d:bf:ea:ba:d0:40:fa:a1:c0:13:4c:81:6f:
                    06:c1:a5:1f:ea:c1:a3:13:f8:f2:20:42:d0:1a:e0:
                    8f:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:6E:33:6F:61:8F:C0:70:FE:68:F1:A7:A3:D5:6D:35:84:FF:F5:40
            X509v3 Authority Key Identifier:
                keyid:8E:89:5F:1E:27:0C:63:5E:C6:1D:F9:A9:7F:C0:F6:68:C0:A8:F5:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jolfHicMY17GHfmpf8D2aMCo9Ug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/bc53d2-9137-4799-9e41-e69a017485fb/1/L24zb2GPwHD-aPGno9VtNYT_9UA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/bc53d2-9137-4799-9e41-e69a017485fb/1/jolfHicMY17GHfmpf8D2aMCo9Ug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.33.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:b7:54:c4:82:79:ac:23:75:e7:7b:10:e5:89:c4:65:ec:8a:
         79:14:c3:2a:53:8d:09:58:1d:a0:e6:60:98:dd:96:b2:d0:d6:
         25:02:75:97:b3:aa:46:8e:36:fa:83:89:ef:f1:c2:9f:6a:92:
         37:06:40:a3:0c:d5:05:36:35:87:46:12:ab:13:03:04:fd:a4:
         b4:4d:5f:76:dd:eb:b0:2f:bb:5d:1e:26:5d:3e:7a:b9:8f:c4:
         78:a8:ad:76:93:57:2e:6f:cf:21:37:76:e9:f8:58:26:b0:84:
         d5:5c:ff:b7:9d:ee:c8:59:ec:d1:d0:88:e4:64:98:6f:6e:a3:
         11:34:48:1f:e3:96:f3:a1:b3:13:a9:80:0a:cf:9b:c8:bc:e4:
         f5:aa:f5:38:96:be:a6:d2:da:9a:be:c6:39:b6:08:42:0d:5c:
         14:ad:62:30:a3:0d:28:58:d2:7d:0a:b5:87:86:69:33:a6:40:
         5e:e6:49:67:7e:ba:3b:3e:c8:74:f6:c3:eb:b0:09:17:39:79:
         ca:57:4b:0e:73:6d:9b:37:3a:fb:5c:d6:99:a3:8f:59:c7:ed:
         fd:a2:59:b3:cb:70:b1:97:0c:a6:7d:a7:71:9b:5a:06:ba:09:
         2d:b4:ad:6f:87:d4:c6:f4:81:03:48:96:4a:78:0c:04:69:3d:
         9d:83:fb:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/gymb6TG5d97g6A80D6JkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlODk1ZjFlMjcwYzYzNWVjNjFkZjlhOTdmYzBmNjY4YzBh
OGY1NDgwHhcNMjYwMTAyMTYyMTAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjZlMzM2ZjYxOGZjMDcwZmU2OGYxYTdhM2Q1NmQzNTg0ZmZmNTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqv+lwTSwd101zZFzabHC4SUoN2Uz
aMEXu+iTZ8UjmUVyArvtdgQBD6624It0444hzRlCftaElA5CdSVf3YuT0XHn7vyL
J5MMTAv0/CWuf7XmrAptgW6KKYLwtr7MnuX6HGmjoqBdi1Cxg28R0IpvWvBc/+4Q
rz7nvarsWHc5zNLwUPhenlaQuZUQNkI4khjcQGaSKCRAYjMLV3TA4ge35kR3GHPf
I8VLJ+4GeQWES14ccDzyVPBHwduPZyFi7iPy5w6C6ODmguM4I2YncYHAXgU5jQsS
wN5jXYyKd6C4gSB78R2/6rrQQPqhwBNMgW8GwaUf6sGjE/jyIELQGuCPbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC9uM29hj8Bw/mjxp6PVbTWE//VAMB8GA1UdIwQY
MBaAFI6JXx4nDGNexh35qX/A9mjAqPVIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvam9sZkhpY01ZMTdHSGZtcGY4RDJhTUNvOVVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9iYzUzZDItOTEzNy00Nzk5LTllNDEt
ZTY5YTAxNzQ4NWZiLzEvTDI0emIyR1B3SEQtYVBHbm85VnROWVRfOVVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9iYzUzZDItOTEzNy00Nzk5LTllNDEtZTY5YTAxNzQ4NWZi
LzEvam9sZkhpY01ZMTdHSGZtcGY4RDJhTUNvOVVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiFyMA0G
CSqGSIb3DQEBCwUAA4IBAQB4t1TEgnmsI3XnexDlicRl7Ip5FMMqU40JWB2g5mCY
3Zay0NYlAnWXs6pGjjb6g4nv8cKfapI3BkCjDNUFNjWHRhKrEwME/aS0TV923euw
L7tdHiZdPnq5j8R4qK12k1cub88hN3bp+FgmsITVXP+3ne7IWezR0IjkZJhvbqMR
NEgf45bzobMTqYAKz5vIvOT1qvU4lr6m0tqavsY5tghCDVwUrWIwow0oWNJ9CrWH
hmkzpkBe5klnfro7Psh09sPrsAkXOXnKV0sOc22bNzr7XNaZo49Zx+39olmzy3Cx
lwymfadxm1oGugkttK1vh9TG9IEDSJZKeAwEaT2dg/vI
-----END CERTIFICATE-----