This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/205c19-b73a-48fe-a086-356c09380887/1/CqVEZRxRSbC72IoEpBuSl-IR0oo.roa
File:                     CqVEZRxRSbC72IoEpBuSl-IR0oo.roa (raw, json)
Hash identifier:          VVcs23ufU1kuCIdVVX3XyTOJgzSyJ6o05uh4XWE/uco=
Subject key identifier:   0A:A5:44:65:1C:51:49:B0:BB:D8:8A:04:A4:1B:92:97:E2:11:D2:8A
Certificate issuer:       /CN=9f8e77e738313e6570684dd152c2e284332b2c5b
Certificate serial:       019B7C7FC5B97EA96DDC446A32878487F1FB
Authority key identifier: 9F:8E:77:E7:38:31:3E:65:70:68:4D:D1:52:C2:E2:84:33:2B:2C:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n4535zgxPmVwaE3RUsLihDMrLFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/205c19-b73a-48fe-a086-356c09380887/1/CqVEZRxRSbC72IoEpBuSl-IR0oo.roa
Signing time:             Fri 02 Jan 2026 02:18:27 +0000
ROA not before:           Fri 02 Jan 2026 02:18:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8412
IP address blocks:        193.227.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/205c19-b73a-48fe-a086-356c09380887/1/n4535zgxPmVwaE3RUsLihDMrLFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/205c19-b73a-48fe-a086-356c09380887/1/n4535zgxPmVwaE3RUsLihDMrLFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/n4535zgxPmVwaE3RUsLihDMrLFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:7f:c5:b9:7e:a9:6d:dc:44:6a:32:87:84:87:f1:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f8e77e738313e6570684dd152c2e284332b2c5b
        Validity
            Not Before: Jan  2 02:18:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0aa544651c5149b0bbd88a04a41b9297e211d28a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:7e:51:68:99:b4:c9:52:dd:a9:a0:af:12:a6:
                    77:8c:2e:03:49:2b:0f:a1:d1:b4:f7:d6:72:e4:53:
                    96:df:3a:22:d1:6a:a5:82:48:61:2d:31:8c:91:f5:
                    b9:3f:cf:4e:8e:fe:94:d1:e0:f0:05:96:00:fa:64:
                    35:01:18:f3:b6:c7:b9:30:1d:b7:c2:93:2f:04:4b:
                    ae:79:33:a5:31:5d:e6:fb:6b:0d:d2:22:86:59:6c:
                    2d:09:93:85:d8:45:57:14:25:35:72:2b:17:a9:a7:
                    b6:d9:70:95:3d:bd:28:bf:79:a5:56:bf:33:6c:95:
                    4c:86:55:b8:97:89:a6:08:d7:37:5a:d5:fb:c8:4f:
                    ac:28:a0:cc:b8:97:e1:f4:8f:d4:10:d3:b8:9a:d4:
                    d6:ea:9d:a4:0d:6b:47:93:54:ca:94:8a:f7:66:4f:
                    87:0b:c4:29:f4:5a:28:98:ef:3a:2f:fb:89:c1:21:
                    9a:3b:eb:ed:ce:55:4f:75:28:d1:9c:d8:33:83:cd:
                    3a:1f:f8:6f:4c:3c:cf:b7:38:58:ed:68:e7:c3:a4:
                    ad:7d:7b:1e:69:17:c1:10:a6:91:ee:14:14:b4:c0:
                    1d:78:50:92:87:c9:c0:be:f7:d3:fb:59:90:8d:a9:
                    92:cd:2b:d2:f6:ed:ef:37:27:63:7d:4c:9c:48:28:
                    d0:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:A5:44:65:1C:51:49:B0:BB:D8:8A:04:A4:1B:92:97:E2:11:D2:8A
            X509v3 Authority Key Identifier:
                keyid:9F:8E:77:E7:38:31:3E:65:70:68:4D:D1:52:C2:E2:84:33:2B:2C:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n4535zgxPmVwaE3RUsLihDMrLFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/205c19-b73a-48fe-a086-356c09380887/1/CqVEZRxRSbC72IoEpBuSl-IR0oo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/205c19-b73a-48fe-a086-356c09380887/1/n4535zgxPmVwaE3RUsLihDMrLFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.227.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:fe:27:aa:b7:5f:61:f3:29:f0:8e:74:69:8a:d4:89:66:24:
         65:20:2d:79:08:a7:67:b8:13:47:7a:60:a9:03:ea:0e:64:40:
         13:8c:4d:46:59:48:1a:82:84:1e:e2:0e:00:eb:1f:e8:5e:1a:
         07:fe:9e:20:62:f2:9f:7e:94:3c:3a:90:a1:04:45:d7:ef:69:
         2a:84:dd:c2:5b:d5:4e:be:06:98:31:16:95:4f:a7:26:14:3c:
         18:75:8a:90:07:10:50:43:a1:66:76:71:be:02:c6:bf:86:20:
         e7:b8:ae:fe:bd:47:ca:47:1b:5b:58:3d:62:ab:3c:06:e4:17:
         3e:e6:ae:97:89:8e:21:9b:d2:b5:69:ee:9e:53:9c:4a:17:9a:
         3b:f6:d2:c3:0d:8b:84:77:50:fc:3f:91:b1:a8:75:f5:1d:04:
         6c:cf:a9:c2:6b:d0:5a:15:72:22:5a:11:1a:da:00:70:dc:bc:
         0a:6f:76:6a:dd:ad:f1:79:5e:6b:d1:e4:47:4d:54:ab:81:1e:
         c4:40:8c:61:16:52:44:bd:9a:c0:ce:2e:ff:fe:7b:23:80:e0:
         df:f7:33:7e:5d:c2:88:16:54:bc:35:6c:f8:19:96:de:0e:bc:
         69:f2:d6:3f:18:de:87:2e:7d:9c:f0:03:01:04:58:b9:09:db:
         0a:1c:b7:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8f8W5fqlt3ERqMoeEh/H7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmOGU3N2U3MzgzMTNlNjU3MDY4NGRkMTUyYzJlMjg0MzMy
YjJjNWIwHhcNMjYwMTAyMDIxODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWE1NDQ2NTFjNTE0OWIwYmJkODhhMDRhNDFiOTI5N2UyMTFkMjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz35RaJm0yVLdqaCvEqZ3jC4DSSsP
odG099Zy5FOW3zoi0WqlgkhhLTGMkfW5P89Ojv6U0eDwBZYA+mQ1ARjztse5MB23
wpMvBEuueTOlMV3m+2sN0iKGWWwtCZOF2EVXFCU1cisXqae22XCVPb0ov3mlVr8z
bJVMhlW4l4mmCNc3WtX7yE+sKKDMuJfh9I/UENO4mtTW6p2kDWtHk1TKlIr3Zk+H
C8Qp9FoomO86L/uJwSGaO+vtzlVPdSjRnNgzg806H/hvTDzPtzhY7Wjnw6StfXse
aRfBEKaR7hQUtMAdeFCSh8nAvvfT+1mQjamSzSvS9u3vNydjfUycSCjQDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAqlRGUcUUmwu9iKBKQbkpfiEdKKMB8GA1UdIwQY
MBaAFJ+Od+c4MT5lcGhN0VLC4oQzKyxbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjQ1MzV6Z3hQbVZ3YUUzUlVzTGloRE1yTEZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8yMDVjMTktYjczYS00OGZlLWEwODYt
MzU2YzA5MzgwODg3LzEvQ3FWRVpSeFJTYkM3MklvRXBCdVNsLUlSMG9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8yMDVjMTktYjczYS00OGZlLWEwODYtMzU2YzA5MzgwODg3
LzEvbjQ1MzV6Z3hQbVZ3YUUzUlVzTGloRE1yTEZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAweNsMA0G
CSqGSIb3DQEBCwUAA4IBAQCX/ieqt19h8ynwjnRpitSJZiRlIC15CKdnuBNHemCp
A+oOZEATjE1GWUgagoQe4g4A6x/oXhoH/p4gYvKffpQ8OpChBEXX72kqhN3CW9VO
vgaYMRaVT6cmFDwYdYqQBxBQQ6FmdnG+Asa/hiDnuK7+vUfKRxtbWD1iqzwG5Bc+
5q6XiY4hm9K1ae6eU5xKF5o79tLDDYuEd1D8P5GxqHX1HQRsz6nCa9BaFXIiWhEa
2gBw3LwKb3Zq3a3xeV5r0eRHTVSrgR7EQIxhFlJEvZrAzi7//nsjgODf9zN+XcKI
FlS8NWz4GZbeDrxp8tY/GN6HLn2c8AMBBFi5CdsKHLf0
-----END CERTIFICATE-----