This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/de8662-993f-47f7-a27f-00b92c1c1ef4/1/jlFVDqu5eEvY4hcppuGoxG329Xk.roa
File:                     jlFVDqu5eEvY4hcppuGoxG329Xk.roa (raw, json)
Hash identifier:          sg7bhA6MrODM/82hHvHec0CZxFeKMYnKwUZdeRQd/VU=
Subject key identifier:   8E:51:55:0E:AB:B9:78:4B:D8:E2:17:29:A6:E1:A8:C4:6D:F6:F5:79
Certificate issuer:       /CN=f440e5eba2f8bfc8fe8fe56cc88a4289652390ba
Certificate serial:       019B797E5DE174B3BBE3C9F05F2950C4BBCB
Authority key identifier: F4:40:E5:EB:A2:F8:BF:C8:FE:8F:E5:6C:C8:8A:42:89:65:23:90:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9EDl66L4v8j-j-VsyIpCiWUjkLo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/de8662-993f-47f7-a27f-00b92c1c1ef4/1/jlFVDqu5eEvY4hcppuGoxG329Xk.roa
Signing time:             Thu 01 Jan 2026 12:18:03 +0000
ROA not before:           Thu 01 Jan 2026 12:18:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     394814
IP address blocks:        195.225.130.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/de8662-993f-47f7-a27f-00b92c1c1ef4/1/9EDl66L4v8j-j-VsyIpCiWUjkLo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/de8662-993f-47f7-a27f-00b92c1c1ef4/1/9EDl66L4v8j-j-VsyIpCiWUjkLo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9EDl66L4v8j-j-VsyIpCiWUjkLo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:5d:e1:74:b3:bb:e3:c9:f0:5f:29:50:c4:bb:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f440e5eba2f8bfc8fe8fe56cc88a4289652390ba
        Validity
            Not Before: Jan  1 12:18:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8e51550eabb9784bd8e21729a6e1a8c46df6f579
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:76:75:66:3b:5f:b8:1f:e0:30:87:03:21:07:
                    0f:55:7f:31:be:d7:34:53:50:89:07:d4:3a:87:ff:
                    d2:ef:e6:a1:50:9d:a8:40:d8:16:10:b1:d2:e0:18:
                    82:60:c1:d1:96:c0:0e:f4:90:70:ae:23:26:fd:0a:
                    44:e7:02:8a:aa:64:5e:55:fa:f1:85:f0:8f:a9:f7:
                    50:7c:37:3b:40:d2:b3:9b:ef:9d:54:94:22:79:30:
                    9e:eb:bc:23:8f:62:ff:41:bc:3c:7a:3d:19:cf:bb:
                    4e:ff:8e:42:b6:b1:e5:f8:48:d2:d8:ba:0c:70:e7:
                    3c:f0:5d:24:df:4f:ed:81:ad:49:6a:3b:c7:c5:42:
                    fd:28:35:0b:b3:c9:3a:53:89:7c:31:d7:d3:2b:e1:
                    d2:59:e9:e9:e3:12:1d:e3:38:15:32:59:6a:ee:10:
                    1a:a7:a7:23:4d:3d:e5:59:4d:52:f5:1f:df:33:dd:
                    8e:08:f1:e7:f4:13:dd:be:9d:26:43:95:07:c0:60:
                    a6:ba:83:48:cc:e8:22:7b:42:41:3c:55:93:9c:f0:
                    e1:d9:16:67:d1:d8:c5:04:d2:49:fe:fc:6e:81:f1:
                    9f:f8:1e:54:3f:2e:a7:fe:50:50:60:78:b1:cd:5a:
                    d0:8a:c9:9d:f9:9c:d8:e6:fe:fb:cb:02:4f:02:17:
                    9b:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:51:55:0E:AB:B9:78:4B:D8:E2:17:29:A6:E1:A8:C4:6D:F6:F5:79
            X509v3 Authority Key Identifier:
                keyid:F4:40:E5:EB:A2:F8:BF:C8:FE:8F:E5:6C:C8:8A:42:89:65:23:90:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9EDl66L4v8j-j-VsyIpCiWUjkLo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/de8662-993f-47f7-a27f-00b92c1c1ef4/1/jlFVDqu5eEvY4hcppuGoxG329Xk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/de8662-993f-47f7-a27f-00b92c1c1ef4/1/9EDl66L4v8j-j-VsyIpCiWUjkLo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.225.130.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a0:68:2e:af:0d:76:5a:64:84:d6:e0:a5:4d:4f:2b:92:b9:8e:
         22:7b:3d:74:b5:26:bc:33:3a:16:6b:47:9b:a0:41:fb:27:3b:
         d2:dd:6a:cd:2b:9c:37:49:a3:94:24:2d:fb:d9:00:70:82:1a:
         74:92:35:cb:6e:bc:2e:83:6c:c6:21:f8:30:d2:aa:c5:9b:27:
         10:93:66:b6:80:ec:20:89:d6:7b:9b:a6:18:ed:83:0e:16:16:
         fe:e0:09:44:6c:d7:81:e2:71:e5:1c:1c:30:a6:94:5a:c0:f1:
         e2:c6:30:aa:b7:da:50:08:0e:7c:f5:df:e6:33:e3:2e:36:a2:
         f1:76:d0:7b:9f:a1:bf:15:4e:9d:e6:5f:9f:12:e8:29:75:b8:
         1c:9a:89:68:76:da:b2:2b:de:aa:cd:bc:6f:fd:90:31:e1:c7:
         12:00:67:41:fe:ab:f5:ae:f0:2f:51:c2:23:31:d2:f7:2b:8f:
         88:06:c3:96:00:a1:ef:1a:b6:de:74:ce:49:62:75:f8:bc:c7:
         29:94:08:c6:74:d6:d1:5d:d8:59:45:17:ab:32:0c:c1:45:1d:
         3c:65:0f:5d:13:41:23:4f:5a:33:01:38:6c:96:c1:37:08:66:
         ea:c0:f3:15:67:4c:db:bc:be:d2:c4:41:07:b8:5f:21:4f:6b:
         2c:d6:ea:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fl3hdLO748nwXylQxLvLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0NDBlNWViYTJmOGJmYzhmZThmZTU2Y2M4OGE0Mjg5NjUy
MzkwYmEwHhcNMjYwMTAxMTIxODAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTUxNTUwZWFiYjk3ODRiZDhlMjE3MjlhNmUxYThjNDZkZjZmNTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuXZ1ZjtfuB/gMIcDIQcPVX8xvtc0
U1CJB9Q6h//S7+ahUJ2oQNgWELHS4BiCYMHRlsAO9JBwriMm/QpE5wKKqmReVfrx
hfCPqfdQfDc7QNKzm++dVJQieTCe67wjj2L/Qbw8ej0Zz7tO/45CtrHl+EjS2LoM
cOc88F0k30/tga1JajvHxUL9KDULs8k6U4l8MdfTK+HSWenp4xId4zgVMllq7hAa
p6cjTT3lWU1S9R/fM92OCPHn9BPdvp0mQ5UHwGCmuoNIzOgie0JBPFWTnPDh2RZn
0djFBNJJ/vxugfGf+B5UPy6n/lBQYHixzVrQismd+ZzY5v77ywJPAheblQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI5RVQ6ruXhL2OIXKabhqMRt9vV5MB8GA1UdIwQY
MBaAFPRA5eui+L/I/o/lbMiKQollI5C6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUVEbDY2TDR2OGotai1Wc3lJcENpV1Vqa0xvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC9kZTg2NjItOTkzZi00N2Y3LWEyN2Yt
MDBiOTJjMWMxZWY0LzEvamxGVkRxdTVlRXZZNGhjcHB1R294RzMyOVhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC9kZTg2NjItOTkzZi00N2Y3LWEyN2YtMDBiOTJjMWMxZWY0
LzEvOUVEbDY2TDR2OGotai1Wc3lJcENpV1Vqa0xvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw+GCMA0G
CSqGSIb3DQEBCwUAA4IBAQCgaC6vDXZaZITW4KVNTyuSuY4iez10tSa8MzoWa0eb
oEH7JzvS3WrNK5w3SaOUJC372QBwghp0kjXLbrwug2zGIfgw0qrFmycQk2a2gOwg
idZ7m6YY7YMOFhb+4AlEbNeB4nHlHBwwppRawPHixjCqt9pQCA589d/mM+MuNqLx
dtB7n6G/FU6d5l+fEugpdbgcmolodtqyK96qzbxv/ZAx4ccSAGdB/qv1rvAvUcIj
MdL3K4+IBsOWAKHvGrbedM5JYnX4vMcplAjGdNbRXdhZRRerMgzBRR08ZQ9dE0Ej
T1ozAThslsE3CGbqwPMVZ0zbvL7SxEEHuF8hT2ss1uqd
-----END CERTIFICATE-----