This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/e64625-cb8b-49cb-8569-266ac104f7b4/1/ICqVIuqnGDQ2U9fP3d1W-e4TDf8.roa
File:                     ICqVIuqnGDQ2U9fP3d1W-e4TDf8.roa (raw, json)
Hash identifier:          60NTvkE84gguHU2fFEBFq8qOMCvmzn8pCex8KwPB/e0=
Subject key identifier:   20:2A:95:22:EA:A7:18:34:36:53:D7:CF:DD:DD:56:F9:EE:13:0D:FF
Certificate issuer:       /CN=954b071a03db5d233d05ab0394548007767f83e7
Certificate serial:       019B7F14D4C13462946E3F9951C62B798D96
Authority key identifier: 95:4B:07:1A:03:DB:5D:23:3D:05:AB:03:94:54:80:07:76:7F:83:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lUsHGgPbXSM9BasDlFSAB3Z_g-c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/e64625-cb8b-49cb-8569-266ac104f7b4/1/ICqVIuqnGDQ2U9fP3d1W-e4TDf8.roa
Signing time:             Fri 02 Jan 2026 14:20:30 +0000
ROA not before:           Fri 02 Jan 2026 14:20:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47204
IP address blocks:        194.88.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/e64625-cb8b-49cb-8569-266ac104f7b4/1/lUsHGgPbXSM9BasDlFSAB3Z_g-c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/e64625-cb8b-49cb-8569-266ac104f7b4/1/lUsHGgPbXSM9BasDlFSAB3Z_g-c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lUsHGgPbXSM9BasDlFSAB3Z_g-c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:14:d4:c1:34:62:94:6e:3f:99:51:c6:2b:79:8d:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=954b071a03db5d233d05ab0394548007767f83e7
        Validity
            Not Before: Jan  2 14:20:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=202a9522eaa718343653d7cfdddd56f9ee130dff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:0a:fb:c1:15:a1:c0:97:76:a3:3d:1b:03:66:
                    ba:d9:60:58:00:e9:33:e2:1c:08:f7:74:fe:b9:1d:
                    5c:8e:5f:65:bc:68:fb:6f:1b:a5:50:21:36:41:a8:
                    95:20:16:3d:cb:12:bc:b7:c3:12:23:44:c8:f4:0c:
                    31:e1:f5:13:4e:80:50:1b:be:fd:40:5f:e3:29:ad:
                    1f:11:d1:c3:95:a4:bf:4e:27:e1:a1:b1:f8:c2:d6:
                    87:cb:75:d9:44:2d:52:a8:de:93:9c:c8:7f:89:d2:
                    e1:54:6e:92:dd:1f:30:2e:57:5b:3f:3d:08:81:b1:
                    6e:0c:c7:32:62:23:97:72:7c:64:fb:12:e1:12:46:
                    02:7c:77:51:06:e8:5f:2c:b5:a3:d4:9d:5f:88:fb:
                    fd:2f:10:be:5b:95:7e:c1:42:3f:ac:e7:2e:bb:f2:
                    70:9c:7b:a8:84:31:6f:33:5b:b0:87:a6:90:2b:4b:
                    ba:0d:1c:2e:a8:c8:bd:17:83:b8:f5:53:9f:13:ab:
                    c0:ed:16:f0:09:13:c2:46:80:78:ed:d9:94:7f:a2:
                    ca:8b:33:34:28:1e:a1:6f:49:c4:1f:4f:a8:67:73:
                    c2:5a:31:ef:dc:f7:6e:80:2b:bb:b3:44:3a:5e:e2:
                    7b:3d:3e:30:f4:a8:61:00:53:58:d5:ad:1c:12:7e:
                    bc:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:2A:95:22:EA:A7:18:34:36:53:D7:CF:DD:DD:56:F9:EE:13:0D:FF
            X509v3 Authority Key Identifier:
                keyid:95:4B:07:1A:03:DB:5D:23:3D:05:AB:03:94:54:80:07:76:7F:83:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lUsHGgPbXSM9BasDlFSAB3Z_g-c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/e64625-cb8b-49cb-8569-266ac104f7b4/1/ICqVIuqnGDQ2U9fP3d1W-e4TDf8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/e64625-cb8b-49cb-8569-266ac104f7b4/1/lUsHGgPbXSM9BasDlFSAB3Z_g-c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.88.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:2b:27:53:de:df:92:18:dd:5d:5c:f4:e7:19:0c:e7:97:08:
         fe:85:c5:e6:76:96:8c:3d:38:3c:06:3c:67:23:cf:73:e4:ba:
         11:be:87:e9:08:0e:a4:b2:95:5e:78:db:5d:be:15:2e:1d:4c:
         3e:d5:27:94:6e:9d:e9:ae:fc:3f:3b:9c:b1:9b:ce:f9:db:21:
         3c:e8:15:54:bf:9a:8d:82:e0:f4:56:9c:9f:dc:fc:8e:59:bf:
         ce:df:64:07:f0:20:cf:61:d5:a4:37:ba:c3:15:25:65:22:27:
         8d:62:66:b9:38:e4:b0:52:e6:91:5c:9f:4f:96:52:a9:e4:68:
         c9:9d:93:98:6a:fe:de:ff:17:fb:b2:d7:01:f3:ce:39:33:75:
         dc:74:52:e1:09:93:d1:84:68:5e:f5:7d:5b:f7:58:a5:59:fc:
         ce:8c:8d:36:c7:ff:c0:42:18:ed:43:ff:d5:0c:ab:3c:71:8b:
         f2:9e:31:8b:f3:e4:c4:eb:47:e7:8e:be:a8:3f:cb:3f:b8:a5:
         eb:97:66:21:f5:41:dd:21:a3:2a:3f:05:f5:56:95:43:91:d5:
         89:de:dd:aa:85:ca:5c:de:07:58:71:4d:ad:f4:eb:2a:38:e5:
         e1:e6:ef:4f:f5:47:4e:dc:1d:22:8f:5a:d3:3d:49:54:46:c6:
         4a:33:3e:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FNTBNGKUbj+ZUcYreY2WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1NGIwNzFhMDNkYjVkMjMzZDA1YWIwMzk0NTQ4MDA3NzY3
ZjgzZTcwHhcNMjYwMTAyMTQyMDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDJhOTUyMmVhYTcxODM0MzY1M2Q3Y2ZkZGRkNTZmOWVlMTMwZGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzAr7wRWhwJd2oz0bA2a62WBYAOkz
4hwI93T+uR1cjl9lvGj7bxulUCE2QaiVIBY9yxK8t8MSI0TI9Awx4fUTToBQG779
QF/jKa0fEdHDlaS/TifhobH4wtaHy3XZRC1SqN6TnMh/idLhVG6S3R8wLldbPz0I
gbFuDMcyYiOXcnxk+xLhEkYCfHdRBuhfLLWj1J1fiPv9LxC+W5V+wUI/rOcuu/Jw
nHuohDFvM1uwh6aQK0u6DRwuqMi9F4O49VOfE6vA7RbwCRPCRoB47dmUf6LKizM0
KB6hb0nEH0+oZ3PCWjHv3PdugCu7s0Q6XuJ7PT4w9KhhAFNY1a0cEn68OQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCAqlSLqpxg0NlPXz93dVvnuEw3/MB8GA1UdIwQY
MBaAFJVLBxoD210jPQWrA5RUgAd2f4PnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFVzSEdnUGJYU005QmFzRGxGU0FCM1pfZy1jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9lNjQ2MjUtY2I4Yi00OWNiLTg1Njkt
MjY2YWMxMDRmN2I0LzEvSUNxVkl1cW5HRFEyVTlmUDNkMVctZTRURGY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9lNjQ2MjUtY2I4Yi00OWNiLTg1NjktMjY2YWMxMDRmN2I0
LzEvbFVzSEdnUGJYU005QmFzRGxGU0FCM1pfZy1jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwljHMA0G
CSqGSIb3DQEBCwUAA4IBAQA0KydT3t+SGN1dXPTnGQznlwj+hcXmdpaMPTg8Bjxn
I89z5LoRvofpCA6kspVeeNtdvhUuHUw+1SeUbp3prvw/O5yxm8752yE86BVUv5qN
guD0Vpyf3PyOWb/O32QH8CDPYdWkN7rDFSVlIieNYma5OOSwUuaRXJ9PllKp5GjJ
nZOYav7e/xf7stcB8845M3XcdFLhCZPRhGhe9X1b91ilWfzOjI02x//AQhjtQ//V
DKs8cYvynjGL8+TE60fnjr6oP8s/uKXrl2Yh9UHdIaMqPwX1VpVDkdWJ3t2qhcpc
3gdYcU2t9OsqOOXh5u9P9UdO3B0ij1rTPUlURsZKMz6V
-----END CERTIFICATE-----