This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/AxjUEdybeN0oWszwYHOlETV98L8.roa
File:                     AxjUEdybeN0oWszwYHOlETV98L8.roa (raw, json)
Hash identifier:          OUN3sjD2dJTlWtlwuzyGg1nMoTSCfMmuXzbfCpfLGqg=
Subject key identifier:   03:18:D4:11:DC:9B:78:DD:28:5A:CC:F0:60:73:A5:11:35:7D:F0:BF
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019B7F149A6FCCC7549442AD4C15C4677EDC
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/AxjUEdybeN0oWszwYHOlETV98L8.roa
Signing time:             Fri 02 Jan 2026 14:20:15 +0000
ROA not before:           Fri 02 Jan 2026 14:20:15 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3291
IP address blocks:        194.158.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 06:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:14:9a:6f:cc:c7:54:94:42:ad:4c:15:c4:67:7e:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jan  2 14:20:15 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0318d411dc9b78dd285accf06073a511357df0bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:5a:97:d7:14:b0:d2:f0:8f:28:7a:cb:c9:33:
                    57:31:ff:ef:ec:56:9a:0f:7c:e1:7a:ed:b9:54:6f:
                    d1:4d:f9:6c:78:13:c3:e8:1b:d4:66:a8:0d:5e:a8:
                    63:4e:da:50:18:d8:f0:cc:ac:8a:3d:61:ef:c2:c9:
                    be:db:94:a7:8c:7b:a1:f0:2b:7a:72:3b:f0:73:be:
                    8d:b5:e9:21:f6:59:d2:ff:0d:be:0b:93:0d:3b:5e:
                    be:c6:1c:2a:0a:bc:08:04:eb:91:c0:59:f2:b9:90:
                    79:67:f3:b2:41:ec:36:64:10:4b:ec:da:98:32:af:
                    cb:00:20:40:02:0a:4a:5e:d7:96:41:69:31:b1:7a:
                    14:1d:2f:2d:6b:58:a1:9e:56:74:0e:05:5b:eb:95:
                    aa:ed:b0:bd:1a:a6:7c:7c:24:4d:f4:fd:2b:ec:97:
                    02:44:7b:31:29:31:e0:2f:b2:2b:93:67:a5:bf:11:
                    1f:9e:87:ce:3b:c7:6c:ad:d7:27:32:15:ed:9c:6a:
                    4c:06:87:d3:e6:41:1d:9b:4b:6a:88:b6:22:97:f9:
                    c3:2c:b6:60:0d:5d:35:f4:fd:b6:ee:75:a2:99:7f:
                    8f:c9:20:b4:6a:d0:ac:bd:d0:c5:fc:32:b7:28:1c:
                    09:12:f7:6c:df:c0:65:8f:d9:52:8c:2a:09:c2:2e:
                    6b:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:18:D4:11:DC:9B:78:DD:28:5A:CC:F0:60:73:A5:11:35:7D:F0:BF
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/AxjUEdybeN0oWszwYHOlETV98L8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.158.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c1:8a:40:7e:42:e6:d0:e4:7a:3a:0c:92:3c:3e:fc:06:81:40:
         7b:81:6f:bc:27:10:91:78:ed:53:d3:d5:9b:23:60:d4:6e:84:
         f3:93:16:22:85:10:a6:73:48:2d:84:f4:4b:dc:ea:86:07:18:
         c5:ef:81:db:f6:b1:5e:bb:fb:a7:c0:11:82:5c:60:5d:a7:93:
         11:79:64:e6:40:8e:27:07:cd:1f:e8:ac:bf:8f:42:f4:40:d8:
         7a:cd:4f:7f:12:2a:0a:f1:99:75:09:75:7e:d8:84:69:2e:96:
         89:dd:32:ad:66:11:76:26:f9:d7:e9:eb:49:9a:44:f7:87:38:
         fd:77:0a:8f:36:23:7d:be:fa:67:d3:78:f2:9c:35:a5:72:2b:
         d6:12:66:df:ea:46:5f:4a:a9:0a:d6:3b:6e:d4:31:35:7f:4c:
         b8:26:ab:2c:c0:f3:a5:1b:cc:20:0a:dc:e6:79:70:ac:91:c9:
         c0:d2:00:e6:47:b4:fe:18:ca:00:72:9f:aa:2b:42:83:c7:be:
         53:61:a6:84:c2:cd:7e:59:7c:92:7a:e7:4d:67:6e:4a:5c:52:
         5c:2e:70:d1:46:5d:f4:24:42:c6:8b:b2:20:2c:1d:3e:bc:e0:
         d2:89:fc:38:a0:7c:36:71:14:7c:f3:b4:99:01:a1:71:7d:84:
         b5:9a:bb:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FJpvzMdUlEKtTBXEZ37cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwMTAyMTQyMDE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzE4ZDQxMWRjOWI3OGRkMjg1YWNjZjA2MDczYTUxMTM1N2RmMGJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuVqX1xSw0vCPKHrLyTNXMf/v7Faa
D3zheu25VG/RTflseBPD6BvUZqgNXqhjTtpQGNjwzKyKPWHvwsm+25SnjHuh8Ct6
cjvwc76Ntekh9lnS/w2+C5MNO16+xhwqCrwIBOuRwFnyuZB5Z/OyQew2ZBBL7NqY
Mq/LACBAAgpKXteWQWkxsXoUHS8ta1ihnlZ0DgVb65Wq7bC9GqZ8fCRN9P0r7JcC
RHsxKTHgL7Irk2elvxEfnofOO8dsrdcnMhXtnGpMBofT5kEdm0tqiLYil/nDLLZg
DV019P227nWimX+PySC0atCsvdDF/DK3KBwJEvds38Blj9lSjCoJwi5rEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAMY1BHcm3jdKFrM8GBzpRE1ffC/MB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvQXhqVUVkeWJlTjBvV3N6d1lIT2xFVFY5OEw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwp4aMA0G
CSqGSIb3DQEBCwUAA4IBAQDBikB+QubQ5Ho6DJI8PvwGgUB7gW+8JxCReO1T09Wb
I2DUboTzkxYihRCmc0gthPRL3OqGBxjF74Hb9rFeu/unwBGCXGBdp5MReWTmQI4n
B80f6Ky/j0L0QNh6zU9/EioK8Zl1CXV+2IRpLpaJ3TKtZhF2JvnX6etJmkT3hzj9
dwqPNiN9vvpn03jynDWlcivWEmbf6kZfSqkK1jtu1DE1f0y4JqsswPOlG8wgCtzm
eXCskcnA0gDmR7T+GMoAcp+qK0KDx75TYaaEws1+WXySeudNZ25KXFJcLnDRRl30
JELGi7IgLB0+vODSifw4oHw2cRR887SZAaFxfYS1mru9
-----END CERTIFICATE-----