This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/4a7d7f-886d-4bdf-83d6-f66138066358/1/juGRjVgVnqyn2IfNNBQ4TSNQu6E.roa
File:                     juGRjVgVnqyn2IfNNBQ4TSNQu6E.roa (raw, json)
Hash identifier:          VIgqhWO0oKBC7QCsJgCWGXtpzD429zt0KWfdntl4lZ8=
Subject key identifier:   8E:E1:91:8D:58:15:9E:AC:A7:D8:87:CD:34:14:38:4D:23:50:BB:A1
Certificate issuer:       /CN=03cbdb0595fc48902938a78f42c1eaf0a159bf46
Certificate serial:       019B7D5BCC85534CCE2F0ABEEDBB9B48881A
Authority key identifier: 03:CB:DB:05:95:FC:48:90:29:38:A7:8F:42:C1:EA:F0:A1:59:BF:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A8vbBZX8SJApOKePQsHq8KFZv0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/4a7d7f-886d-4bdf-83d6-f66138066358/1/juGRjVgVnqyn2IfNNBQ4TSNQu6E.roa
Signing time:             Fri 02 Jan 2026 06:18:46 +0000
ROA not before:           Fri 02 Jan 2026 06:18:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202844
IP address blocks:        109.205.136.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/4a7d7f-886d-4bdf-83d6-f66138066358/1/A8vbBZX8SJApOKePQsHq8KFZv0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/4a7d7f-886d-4bdf-83d6-f66138066358/1/A8vbBZX8SJApOKePQsHq8KFZv0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A8vbBZX8SJApOKePQsHq8KFZv0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 06:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5b:cc:85:53:4c:ce:2f:0a:be:ed:bb:9b:48:88:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03cbdb0595fc48902938a78f42c1eaf0a159bf46
        Validity
            Not Before: Jan  2 06:18:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8ee1918d58159eaca7d887cd3414384d2350bba1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:6c:6b:f1:21:39:99:7a:02:60:4e:27:e3:87:
                    7c:ad:62:c0:b1:bf:f0:95:fc:ba:44:f9:ac:3e:41:
                    ca:42:85:55:2d:2d:1b:07:bc:56:31:82:1e:d8:b4:
                    bc:f3:3c:59:ac:a4:a1:67:19:e9:3a:1e:41:6f:4d:
                    42:d7:18:27:5b:1c:7e:d7:7c:38:49:b3:4d:e7:0b:
                    f0:ca:26:f1:91:36:da:6d:66:f8:77:46:3f:37:62:
                    a8:5a:92:fb:ee:ff:f1:21:aa:be:9b:7d:46:ff:92:
                    75:1d:2c:f3:e5:7e:f4:7b:88:c9:87:20:a8:e2:9f:
                    5a:51:fb:3c:7d:54:10:37:c6:18:55:c6:2f:2b:fa:
                    e6:38:79:06:25:7f:f0:cf:1b:25:b9:8f:27:14:02:
                    b0:af:b1:4c:25:90:d5:c6:8b:e9:d5:dd:a7:5a:85:
                    79:db:5e:5a:9d:e6:19:b1:96:b7:4a:69:29:ba:8d:
                    eb:f6:12:59:73:8a:62:97:63:7d:ee:43:a2:b1:b2:
                    ea:98:3a:fc:66:ec:ad:6a:a7:6f:c3:62:99:f3:f8:
                    90:50:39:32:6c:84:53:d4:2b:1f:bc:c8:3e:aa:a7:
                    e4:f1:16:d6:fa:b9:25:e6:6f:1f:f7:42:dd:8b:fe:
                    3e:f6:4a:9c:fb:c9:0d:06:4a:a9:2d:56:3d:e1:13:
                    71:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:E1:91:8D:58:15:9E:AC:A7:D8:87:CD:34:14:38:4D:23:50:BB:A1
            X509v3 Authority Key Identifier:
                keyid:03:CB:DB:05:95:FC:48:90:29:38:A7:8F:42:C1:EA:F0:A1:59:BF:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A8vbBZX8SJApOKePQsHq8KFZv0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/4a7d7f-886d-4bdf-83d6-f66138066358/1/juGRjVgVnqyn2IfNNBQ4TSNQu6E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/4a7d7f-886d-4bdf-83d6-f66138066358/1/A8vbBZX8SJApOKePQsHq8KFZv0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.205.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a6:a0:05:a3:3b:f5:65:f5:c0:d4:f4:a0:c2:1b:fa:c9:e6:8c:
         7b:7f:2d:28:14:69:f7:be:e5:8f:57:e5:64:69:8f:83:07:13:
         40:78:85:b4:36:c5:5a:b4:01:4f:d1:69:f9:4c:39:f6:5c:b9:
         94:96:6f:ca:44:39:8b:36:c0:df:20:ce:12:9d:07:90:27:51:
         2b:56:8f:cc:f3:7d:8b:08:65:ad:0b:8d:47:9d:28:c6:2d:cd:
         11:e8:25:e7:12:e7:13:1d:d6:f0:b0:14:87:71:30:26:14:dc:
         a3:5f:22:bf:f8:62:fb:22:9d:64:29:b7:c2:48:67:f0:d8:90:
         52:80:d7:a0:37:ba:be:a9:b3:8e:4d:5a:b1:57:6c:b9:64:12:
         f9:38:05:2e:09:e2:38:4e:d0:ba:35:c4:6c:76:e2:64:a1:f3:
         e0:6a:ef:18:37:24:33:f2:c2:a8:05:60:7e:0f:d4:dc:19:02:
         fd:46:6d:44:44:cb:f3:86:08:1e:a7:03:d5:90:eb:11:80:a3:
         d0:2b:cb:70:9a:69:f8:c7:2d:12:40:94:c1:20:cf:c9:6e:d4:
         9d:b0:e5:26:4d:bf:4e:14:c7:bd:3d:be:74:9e:49:b8:32:87:
         e1:02:22:84:b7:79:96:bb:b9:2e:32:a5:04:d7:6d:eb:43:ab:
         fa:c6:1b:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9W8yFU0zOLwq+7bubSIgaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzY2JkYjA1OTVmYzQ4OTAyOTM4YTc4ZjQyYzFlYWYwYTE1
OWJmNDYwHhcNMjYwMTAyMDYxODQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWUxOTE4ZDU4MTU5ZWFjYTdkODg3Y2QzNDE0Mzg0ZDIzNTBiYmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzGxr8SE5mXoCYE4n44d8rWLAsb/w
lfy6RPmsPkHKQoVVLS0bB7xWMYIe2LS88zxZrKShZxnpOh5Bb01C1xgnWxx+13w4
SbNN5wvwyibxkTbabWb4d0Y/N2KoWpL77v/xIaq+m31G/5J1HSzz5X70e4jJhyCo
4p9aUfs8fVQQN8YYVcYvK/rmOHkGJX/wzxsluY8nFAKwr7FMJZDVxovp1d2nWoV5
215aneYZsZa3Smkpuo3r9hJZc4pil2N97kOisbLqmDr8Zuytaqdvw2KZ8/iQUDky
bIRT1CsfvMg+qqfk8RbW+rkl5m8f90Ldi/4+9kqc+8kNBkqpLVY94RNxvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI7hkY1YFZ6sp9iHzTQUOE0jULuhMB8GA1UdIwQY
MBaAFAPL2wWV/EiQKTinj0LB6vChWb9GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQTh2YkJaWDhTSkFwT0tlUFFzSHE4S0ZadjBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My80YTdkN2YtODg2ZC00YmRmLTgzZDYt
ZjY2MTM4MDY2MzU4LzEvanVHUmpWZ1ZucXluMklmTk5CUTRUU05RdTZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My80YTdkN2YtODg2ZC00YmRmLTgzZDYtZjY2MTM4MDY2MzU4
LzEvQTh2YkJaWDhTSkFwT0tlUFFzSHE4S0ZadjBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCbc2IMA0G
CSqGSIb3DQEBCwUAA4IBAQCmoAWjO/Vl9cDU9KDCG/rJ5ox7fy0oFGn3vuWPV+Vk
aY+DBxNAeIW0NsVatAFP0Wn5TDn2XLmUlm/KRDmLNsDfIM4SnQeQJ1ErVo/M832L
CGWtC41HnSjGLc0R6CXnEucTHdbwsBSHcTAmFNyjXyK/+GL7Ip1kKbfCSGfw2JBS
gNegN7q+qbOOTVqxV2y5ZBL5OAUuCeI4TtC6NcRsduJkofPgau8YNyQz8sKoBWB+
D9TcGQL9Rm1ERMvzhggepwPVkOsRgKPQK8twmmn4xy0SQJTBIM/JbtSdsOUmTb9O
FMe9Pb50nkm4MofhAiKEt3mWu7kuMqUE123rQ6v6xhs+
-----END CERTIFICATE-----