This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/pJAVbgi9uaf5nf8_qEz50NNIhnQ.roa
File:                     pJAVbgi9uaf5nf8_qEz50NNIhnQ.roa (raw, json)
Hash identifier:          qyo9WsdMQTxh9RhYGvavCPJWOZfI7qs/fZyRhZ+/now=
Subject key identifier:   A4:90:15:6E:08:BD:B9:A7:F9:9D:FF:3F:A8:4C:F9:D0:D3:48:86:74
Certificate issuer:       /CN=30c409613fea0a2b442ce112e9cbdb485e01188f
Certificate serial:       019B79ED16431F106ADCF1CDEC849F30316D
Authority key identifier: 30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/pJAVbgi9uaf5nf8_qEz50NNIhnQ.roa
Signing time:             Thu 01 Jan 2026 14:18:59 +0000
ROA not before:           Thu 01 Jan 2026 14:18:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21324
IP address blocks:        195.187.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:16:43:1f:10:6a:dc:f1:cd:ec:84:9f:30:31:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30c409613fea0a2b442ce112e9cbdb485e01188f
        Validity
            Not Before: Jan  1 14:18:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a490156e08bdb9a7f99dff3fa84cf9d0d3488674
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:26:f5:db:87:24:0e:a5:f1:be:24:b4:e3:dd:
                    a5:9a:f0:bf:c3:d9:80:c6:7e:f3:42:a5:06:2b:fc:
                    74:b0:b7:a1:71:8a:7e:f0:c7:1d:f2:92:7c:5a:e7:
                    da:53:80:6e:3a:ec:38:15:f2:ff:87:d4:6d:0f:59:
                    dc:d7:a2:d6:32:27:fd:e2:e6:e6:bd:bd:be:26:b7:
                    da:62:51:fd:1d:55:f8:9e:78:94:b5:94:92:d3:d1:
                    06:a6:e7:db:0b:db:2e:13:8a:b4:f9:dc:eb:3a:ad:
                    b5:65:f4:6f:10:91:b5:fe:ab:b7:48:ca:b5:6b:02:
                    f9:02:d1:8b:b5:9b:45:a9:56:81:23:e9:fd:da:77:
                    25:0d:0e:0d:23:0c:80:4f:72:58:d4:53:52:56:49:
                    b5:ea:d3:6f:48:60:5a:12:20:6e:9c:58:92:70:32:
                    0e:60:3a:0d:e8:5a:b5:3c:93:42:7d:80:49:a6:13:
                    ba:a8:a6:aa:39:47:a8:b9:49:d9:4a:c1:03:55:6e:
                    bd:8d:0e:52:11:c9:a9:66:94:eb:ac:0a:de:be:b9:
                    f2:20:10:ce:fa:4d:ea:fc:65:54:9d:cf:a7:f1:da:
                    42:bd:a6:fd:bd:78:81:18:c3:7b:fd:6a:67:32:51:
                    52:56:6d:1e:b7:82:83:40:34:f3:ba:d8:b3:ad:c2:
                    70:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:90:15:6E:08:BD:B9:A7:F9:9D:FF:3F:A8:4C:F9:D0:D3:48:86:74
            X509v3 Authority Key Identifier:
                keyid:30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/pJAVbgi9uaf5nf8_qEz50NNIhnQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.187.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:1e:9f:ae:f8:1b:92:ad:4c:66:90:72:da:43:62:a6:56:aa:
         e2:52:5e:c8:b1:95:b1:1b:89:e5:37:d2:ce:09:31:9d:c3:b6:
         f9:b8:e8:79:c7:5b:41:0a:0f:de:af:cb:e8:45:54:54:fa:c7:
         96:73:f4:5e:48:23:27:d1:7c:3b:17:bf:e4:85:53:e1:02:57:
         5a:41:10:65:58:3a:5f:b9:9c:1a:30:82:90:c4:46:10:c3:99:
         e2:ea:ba:7d:55:8f:e7:0b:38:e1:b0:85:20:83:ba:d0:11:84:
         98:5f:92:42:97:51:4c:5a:cc:a9:85:3e:24:48:2e:80:58:06:
         97:7b:4e:02:b0:b9:fc:c2:9f:71:74:82:1e:89:b3:03:1c:98:
         3c:ae:c3:af:9f:43:2f:95:81:fc:bf:15:20:7a:98:ca:22:3c:
         b8:46:30:83:7c:7a:3f:1b:3e:38:f8:fc:67:69:2b:a5:88:fc:
         bf:68:c4:05:b7:b2:d1:fa:53:dd:5a:8e:d5:d3:15:ca:b5:c7:
         8a:8f:b6:40:9a:0a:2d:cd:27:af:0f:e0:56:98:17:02:28:94:
         ef:96:89:2b:58:39:eb:54:ee:6a:ff:aa:16:f4:07:e8:2b:15:
         0a:c1:32:f3:99:45:ba:ec:6d:fd:86:f8:b4:fb:57:9b:75:5c:
         4e:86:c3:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57RZDHxBq3PHN7ISfMDFtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwYzQwOTYxM2ZlYTBhMmI0NDJjZTExMmU5Y2JkYjQ4NWUw
MTE4OGYwHhcNMjYwMTAxMTQxODU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDkwMTU2ZTA4YmRiOWE3Zjk5ZGZmM2ZhODRjZjlkMGQzNDg4Njc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyb124ckDqXxviS0492lmvC/w9mA
xn7zQqUGK/x0sLehcYp+8Mcd8pJ8WufaU4BuOuw4FfL/h9RtD1nc16LWMif94ubm
vb2+JrfaYlH9HVX4nniUtZSS09EGpufbC9suE4q0+dzrOq21ZfRvEJG1/qu3SMq1
awL5AtGLtZtFqVaBI+n92nclDQ4NIwyAT3JY1FNSVkm16tNvSGBaEiBunFiScDIO
YDoN6Fq1PJNCfYBJphO6qKaqOUeouUnZSsEDVW69jQ5SEcmpZpTrrArevrnyIBDO
+k3q/GVUnc+n8dpCvab9vXiBGMN7/WpnMlFSVm0et4KDQDTzutizrcJwJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKSQFW4Ivbmn+Z3/P6hM+dDTSIZ0MB8GA1UdIwQY
MBaAFDDECWE/6gorRCzhEunL20heARiPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYt
YzA2NzFiZjRjZjNlLzEvcEpBVmJnaTl1YWY1bmY4X3FFejUwTk5JaG5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYtYzA2NzFiZjRjZjNl
LzEvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7uFMA0G
CSqGSIb3DQEBCwUAA4IBAQAWHp+u+BuSrUxmkHLaQ2KmVqriUl7IsZWxG4nlN9LO
CTGdw7b5uOh5x1tBCg/er8voRVRU+seWc/ReSCMn0Xw7F7/khVPhAldaQRBlWDpf
uZwaMIKQxEYQw5ni6rp9VY/nCzjhsIUgg7rQEYSYX5JCl1FMWsyphT4kSC6AWAaX
e04CsLn8wp9xdIIeibMDHJg8rsOvn0MvlYH8vxUgepjKIjy4RjCDfHo/Gz44+Pxn
aSuliPy/aMQFt7LR+lPdWo7V0xXKtceKj7ZAmgotzSevD+BWmBcCKJTvlokrWDnr
VO5q/6oW9AfoKxUKwTLzmUW67G39hvi0+1ebdVxOhsM/
-----END CERTIFICATE-----