This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/JIIXr3X9vCQszAbNslU1l97JDHE.roa
File:                     JIIXr3X9vCQszAbNslU1l97JDHE.roa (raw, json)
Hash identifier:          1cSDQwO2+YC255/v6AV3wkUxgfk6+iiyEcMIh68CJvY=
Subject key identifier:   24:82:17:AF:75:FD:BC:24:2C:CC:06:CD:B2:55:35:97:DE:C9:0C:71
Certificate issuer:       /CN=b393df877bf2f0cf01a9718973eaeee87b0697d9
Certificate serial:       019B7B36AB82C63482FB53C93EFA0AE97F28
Authority key identifier: B3:93:DF:87:7B:F2:F0:CF:01:A9:71:89:73:EA:EE:E8:7B:06:97:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/JIIXr3X9vCQszAbNslU1l97JDHE.roa
Signing time:             Thu 01 Jan 2026 20:18:58 +0000
ROA not before:           Thu 01 Jan 2026 20:18:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57076
IP address blocks:        89.22.200.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:ab:82:c6:34:82:fb:53:c9:3e:fa:0a:e9:7f:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b393df877bf2f0cf01a9718973eaeee87b0697d9
        Validity
            Not Before: Jan  1 20:18:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=248217af75fdbc242ccc06cdb2553597dec90c71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:c2:f2:c5:e6:23:e5:c1:06:8a:68:53:a4:1c:
                    26:79:17:68:c4:eb:0e:79:83:24:01:29:aa:08:db:
                    d9:9d:50:d1:73:3d:e1:b8:3f:a8:17:e1:19:94:07:
                    be:9f:48:87:c8:ea:a5:d2:cc:89:5b:bc:d9:4f:79:
                    1c:11:c6:76:d4:93:83:36:bf:f7:15:61:23:41:b0:
                    89:4a:46:e9:64:f8:9a:72:0d:9c:26:bf:1f:af:1f:
                    98:8b:77:04:5f:d8:9d:a8:ea:10:38:79:a3:6e:3d:
                    8d:ba:2d:df:bf:6b:89:10:62:fb:52:73:00:57:58:
                    64:d0:96:60:47:f9:f0:52:f7:4a:bc:13:95:56:8d:
                    da:7b:83:71:93:a7:48:d2:ec:94:7e:f2:a1:34:0f:
                    f7:d3:af:fa:c7:2d:b3:de:36:da:1d:eb:e5:5b:9f:
                    ce:05:23:1d:26:93:60:e9:cd:46:c3:2a:2e:7f:d2:
                    5c:a2:4d:57:ce:d3:75:a9:e6:5e:ff:c2:a9:c5:81:
                    09:2e:36:ab:84:4b:b1:b8:d5:c1:26:ae:e8:5b:c5:
                    2f:d7:8c:5f:63:2b:6e:19:f6:0e:ef:7b:ef:f9:bc:
                    05:2b:31:ee:f3:16:40:48:b4:3a:13:74:24:30:04:
                    76:bf:e1:e6:c9:3c:4a:d9:7e:29:86:02:29:85:ea:
                    56:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:82:17:AF:75:FD:BC:24:2C:CC:06:CD:B2:55:35:97:DE:C9:0C:71
            X509v3 Authority Key Identifier:
                keyid:B3:93:DF:87:7B:F2:F0:CF:01:A9:71:89:73:EA:EE:E8:7B:06:97:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/JIIXr3X9vCQszAbNslU1l97JDHE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.22.200.0/21

    Signature Algorithm: sha256WithRSAEncryption
         35:f9:50:a1:cf:c9:06:de:2a:59:68:21:67:97:84:6d:1c:cb:
         21:6e:de:e0:47:df:8c:52:16:18:35:a9:bb:d0:21:06:f7:80:
         4e:21:a6:d6:e0:19:ee:97:25:8d:30:05:02:56:2c:b8:d4:75:
         18:04:91:e6:ee:57:27:05:fd:a4:89:9b:f0:28:8a:de:2d:de:
         98:0c:a7:ee:e3:ce:1f:02:94:6e:df:d5:56:e8:27:94:22:cf:
         02:d9:e0:28:ce:6d:70:be:df:8f:c9:a2:c4:47:2a:df:2a:98:
         ff:01:28:32:a0:35:77:aa:03:d2:13:db:21:bd:27:37:a4:14:
         a3:d0:25:93:c0:16:ba:b0:0e:71:76:4f:34:70:77:7e:3a:c3:
         72:69:7f:8e:9b:e4:ee:32:f2:3d:45:be:63:5b:25:57:3a:f2:
         67:35:c9:27:72:27:bf:a9:8c:30:ad:20:78:41:4f:00:c1:99:
         a1:16:ef:0b:25:94:ab:dc:00:3d:67:ad:2f:19:45:32:24:fb:
         9d:ec:0b:12:6f:c6:9b:69:f5:09:e5:99:76:93:ca:63:73:b7:
         d8:ad:6f:7f:8c:8d:98:4f:c7:cd:45:aa:72:84:21:de:03:51:
         e8:f9:0a:70:46:ea:b4:eb:47:b9:9c:86:41:09:e1:c9:28:1c:
         05:f2:89:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NquCxjSC+1PJPvoK6X8oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzOTNkZjg3N2JmMmYwY2YwMWE5NzE4OTczZWFlZWU4N2Iw
Njk3ZDkwHhcNMjYwMTAxMjAxODU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDgyMTdhZjc1ZmRiYzI0MmNjYzA2Y2RiMjU1MzU5N2RlYzkwYzcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5cLyxeYj5cEGimhTpBwmeRdoxOsO
eYMkASmqCNvZnVDRcz3huD+oF+EZlAe+n0iHyOql0syJW7zZT3kcEcZ21JODNr/3
FWEjQbCJSkbpZPiacg2cJr8frx+Yi3cEX9idqOoQOHmjbj2Nui3fv2uJEGL7UnMA
V1hk0JZgR/nwUvdKvBOVVo3ae4Nxk6dI0uyUfvKhNA/306/6xy2z3jbaHevlW5/O
BSMdJpNg6c1Gwyouf9Jcok1XztN1qeZe/8KpxYEJLjarhEuxuNXBJq7oW8Uv14xf
YytuGfYO73vv+bwFKzHu8xZASLQ6E3QkMAR2v+HmyTxK2X4phgIphepWOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCSCF691/bwkLMwGzbJVNZfeyQxxMB8GA1UdIwQY
MBaAFLOT34d78vDPAalxiXPq7uh7BpfZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczVQZmgzdnk4TThCcVhHSmMtcnU2SHNHbDlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi85Mzc1ZTMtMzc3ZS00YjcwLWJhMzYt
Mzk2YmM3MjBlMmI0LzEvSklJWHIzWDl2Q1FzekFiTnNsVTFsOTdKREhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi85Mzc1ZTMtMzc3ZS00YjcwLWJhMzYtMzk2YmM3MjBlMmI0
LzEvczVQZmgzdnk4TThCcVhHSmMtcnU2SHNHbDlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDWRbIMA0G
CSqGSIb3DQEBCwUAA4IBAQA1+VChz8kG3ipZaCFnl4RtHMshbt7gR9+MUhYYNam7
0CEG94BOIabW4BnulyWNMAUCViy41HUYBJHm7lcnBf2kiZvwKIreLd6YDKfu484f
ApRu39VW6CeUIs8C2eAozm1wvt+PyaLERyrfKpj/ASgyoDV3qgPSE9shvSc3pBSj
0CWTwBa6sA5xdk80cHd+OsNyaX+Om+TuMvI9Rb5jWyVXOvJnNckncie/qYwwrSB4
QU8AwZmhFu8LJZSr3AA9Z60vGUUyJPud7AsSb8abafUJ5Zl2k8pjc7fYrW9/jI2Y
T8fNRapyhCHeA1Ho+QpwRuq060e5nIZBCeHJKBwF8om7
-----END CERTIFICATE-----