This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/jSXCL2nU6ig_-VGukqzzbg83BZk.roa
File:                     jSXCL2nU6ig_-VGukqzzbg83BZk.roa (raw, json)
Hash identifier:          Az+cF5wKpW/d6F9stZPF4IUccQjeYz6jWseSjP0L2T0=
Subject key identifier:   8D:25:C2:2F:69:D4:EA:28:3F:F9:51:AE:92:AC:F3:6E:0F:37:05:99
Certificate issuer:       /CN=4dd1b2587490ad061cb207176bdeec81a531588c
Certificate serial:       019B7AC94A27890816D0F229D7F0A0EEB585
Authority key identifier: 4D:D1:B2:58:74:90:AD:06:1C:B2:07:17:6B:DE:EC:81:A5:31:58:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/jSXCL2nU6ig_-VGukqzzbg83BZk.roa
Signing time:             Thu 01 Jan 2026 18:19:30 +0000
ROA not before:           Thu 01 Jan 2026 18:19:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12670
IP address blocks:        80.231.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c9:4a:27:89:08:16:d0:f2:29:d7:f0:a0:ee:b5:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd1b2587490ad061cb207176bdeec81a531588c
        Validity
            Not Before: Jan  1 18:19:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8d25c22f69d4ea283ff951ae92acf36e0f370599
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:e2:45:ef:23:3b:13:39:f4:10:7e:40:88:51:
                    15:0e:57:4f:d8:a8:b1:cb:fc:bf:61:0c:67:39:e5:
                    64:8d:72:d9:a0:14:14:a0:39:f9:6f:85:76:d3:76:
                    3f:72:c3:bb:40:35:db:e1:3b:d1:5b:77:49:76:43:
                    0d:4a:35:8a:45:7b:51:22:3e:f4:35:49:fa:b5:4c:
                    a8:48:54:98:86:6b:bc:aa:72:07:b4:b5:b7:84:33:
                    90:68:55:60:29:0c:28:73:8c:07:d5:47:e9:fe:55:
                    55:f2:64:c0:4a:1b:08:ab:6f:6d:8b:01:c7:f5:bd:
                    51:a0:17:4c:81:63:c8:6c:d3:01:83:03:66:e8:bd:
                    2e:57:c0:b5:1e:5b:a4:b0:11:b1:f9:08:60:cb:09:
                    6c:48:15:9f:1e:d4:56:54:19:bd:c7:13:be:4c:a9:
                    85:0c:cd:61:4a:a9:75:7d:8d:98:68:5c:16:4c:82:
                    f0:4c:bb:b5:cb:3b:51:cd:6b:bc:60:5a:14:3b:6b:
                    4b:90:df:a4:56:b9:4e:f3:39:26:fe:f3:45:5b:a3:
                    30:53:fb:78:e0:7f:02:72:fb:62:a4:89:e0:76:c6:
                    95:4d:b2:3b:17:1c:95:00:74:9a:62:26:4f:d0:05:
                    f7:61:da:92:e1:86:99:b3:79:5d:2b:c9:4a:0d:cd:
                    52:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:25:C2:2F:69:D4:EA:28:3F:F9:51:AE:92:AC:F3:6E:0F:37:05:99
            X509v3 Authority Key Identifier:
                keyid:4D:D1:B2:58:74:90:AD:06:1C:B2:07:17:6B:DE:EC:81:A5:31:58:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/jSXCL2nU6ig_-VGukqzzbg83BZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.231.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:31:be:58:52:53:e6:f3:a8:41:9e:b6:8e:c1:e8:94:3e:2b:
         2d:94:6e:dd:8d:57:93:c8:cf:35:91:ac:14:d5:d6:46:b2:d4:
         21:98:15:a1:56:82:c7:34:52:9c:0a:bb:27:e7:57:37:ef:73:
         55:09:14:3c:ab:b4:5e:97:d2:a9:84:2e:b6:a8:e0:f8:26:07:
         5d:3d:7b:12:e8:7b:cc:1b:e9:a0:ba:c1:5f:d3:25:99:52:41:
         15:0b:c5:1c:b5:4f:c8:59:0a:75:ca:37:a6:44:ef:cb:d5:5c:
         39:c3:3a:6f:f6:d7:d3:f7:9f:21:cb:2d:0f:68:38:96:64:5d:
         0a:79:47:80:3e:c4:bc:85:6f:33:08:f1:88:67:f1:8b:6f:2f:
         0a:96:8a:ac:0b:e4:84:d2:8f:33:40:e5:af:ac:22:fc:8d:56:
         e3:9d:42:d1:47:7c:59:6d:d3:ea:07:ff:20:21:17:36:c9:f5:
         43:2f:b2:af:73:03:f4:32:66:32:87:37:3d:8f:ea:9f:b3:81:
         a6:a1:37:98:1d:c7:d5:54:ac:e2:85:05:54:07:f1:e0:55:ba:
         30:7d:12:44:1f:78:83:d6:66:85:78:62:b7:f9:e2:cc:0a:b2:
         2f:d8:07:24:5c:75:34:df:18:99:98:25:ac:91:4a:ae:9c:92:
         b8:2b:63:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yUoniQgW0PIp1/Cg7rWFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDFiMjU4NzQ5MGFkMDYxY2IyMDcxNzZiZGVlYzgxYTUz
MTU4OGMwHhcNMjYwMTAxMTgxOTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDI1YzIyZjY5ZDRlYTI4M2ZmOTUxYWU5MmFjZjM2ZTBmMzcwNTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoeJF7yM7Ezn0EH5AiFEVDldP2Kix
y/y/YQxnOeVkjXLZoBQUoDn5b4V203Y/csO7QDXb4TvRW3dJdkMNSjWKRXtRIj70
NUn6tUyoSFSYhmu8qnIHtLW3hDOQaFVgKQwoc4wH1Ufp/lVV8mTAShsIq29tiwHH
9b1RoBdMgWPIbNMBgwNm6L0uV8C1HluksBGx+QhgywlsSBWfHtRWVBm9xxO+TKmF
DM1hSql1fY2YaFwWTILwTLu1yztRzWu8YFoUO2tLkN+kVrlO8zkm/vNFW6MwU/t4
4H8CcvtipIngdsaVTbI7FxyVAHSaYiZP0AX3YdqS4YaZs3ldK8lKDc1SvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI0lwi9p1OooP/lRrpKs824PNwWZMB8GA1UdIwQY
MBaAFE3Rslh0kK0GHLIHF2ve7IGlMViMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRHeVdIU1FyUVljc2djWGE5N3NnYVV4V0l3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8wMWQyYWYtMWYyMS00YjgwLWI2NjUt
ZGI0NjNjNWZiMGI0LzEvalNYQ0wyblU2aWdfLVZHdWtxenpiZzgzQlprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8wMWQyYWYtMWYyMS00YjgwLWI2NjUtZGI0NjNjNWZiMGI0
LzEvVGRHeVdIU1FyUVljc2djWGE5N3NnYVV4V0l3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUOcJMA0G
CSqGSIb3DQEBCwUAA4IBAQBoMb5YUlPm86hBnraOweiUPistlG7djVeTyM81kawU
1dZGstQhmBWhVoLHNFKcCrsn51c373NVCRQ8q7Rel9KphC62qOD4JgddPXsS6HvM
G+mgusFf0yWZUkEVC8UctU/IWQp1yjemRO/L1Vw5wzpv9tfT958hyy0PaDiWZF0K
eUeAPsS8hW8zCPGIZ/GLby8KloqsC+SE0o8zQOWvrCL8jVbjnULRR3xZbdPqB/8g
IRc2yfVDL7KvcwP0MmYyhzc9j+qfs4GmoTeYHcfVVKzihQVUB/HgVbowfRJEH3iD
1maFeGK3+eLMCrIv2AckXHU03xiZmCWskUqunJK4K2O1
-----END CERTIFICATE-----