This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/63440c-3d43-458f-879e-021f50932156/1/_dBwgGh994WuwFW0ls-FCw4dhLc.roa
File:                     _dBwgGh994WuwFW0ls-FCw4dhLc.roa (raw, json)
Hash identifier:          bTqHhg0tmKJDUGstBlc3i5Our5IYOdKSwj234j6pRCU=
Subject key identifier:   FD:D0:70:80:68:7D:F7:85:AE:C0:55:B4:96:CF:85:0B:0E:1D:84:B7
Certificate issuer:       /CN=15286f0225c141d95857fe74646949e75dd96f28
Certificate serial:       019B7F83EA3E02929A2673B0E071231D6CE1
Authority key identifier: 15:28:6F:02:25:C1:41:D9:58:57:FE:74:64:69:49:E7:5D:D9:6F:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FShvAiXBQdlYV_50ZGlJ513Zbyg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/63440c-3d43-458f-879e-021f50932156/1/_dBwgGh994WuwFW0ls-FCw4dhLc.roa
Signing time:             Fri 02 Jan 2026 16:21:50 +0000
ROA not before:           Fri 02 Jan 2026 16:21:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35753
IP address blocks:        193.8.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/63440c-3d43-458f-879e-021f50932156/1/FShvAiXBQdlYV_50ZGlJ513Zbyg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/63440c-3d43-458f-879e-021f50932156/1/FShvAiXBQdlYV_50ZGlJ513Zbyg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FShvAiXBQdlYV_50ZGlJ513Zbyg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:83:ea:3e:02:92:9a:26:73:b0:e0:71:23:1d:6c:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15286f0225c141d95857fe74646949e75dd96f28
        Validity
            Not Before: Jan  2 16:21:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fdd07080687df785aec055b496cf850b0e1d84b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:4d:bd:70:eb:ea:f0:e1:a1:fd:fd:16:76:cc:
                    2d:7f:76:f1:40:b0:f4:06:ef:c4:1a:01:43:70:77:
                    5f:c8:a2:7c:d5:9d:79:97:f2:8e:83:25:b7:fe:4d:
                    e5:85:62:16:4e:8d:52:13:9e:d1:48:e9:25:f1:d1:
                    47:3b:21:82:62:9d:76:1c:a5:2c:9f:11:9f:ed:4c:
                    cb:c2:49:42:fc:70:c6:68:d1:64:0e:8b:ec:ac:f0:
                    ab:14:3b:77:19:eb:c1:b6:d4:3a:ab:06:76:df:c2:
                    e3:12:33:47:a0:7f:95:b4:29:ca:c9:61:7f:ff:21:
                    0d:3d:2a:88:c9:90:43:59:1d:c3:88:a3:3b:02:71:
                    11:1d:de:58:c3:a8:dd:a8:ab:9c:b6:fe:98:94:d0:
                    6c:40:14:27:8f:51:56:1e:e7:1e:79:9b:12:43:af:
                    17:39:8f:82:38:8e:d1:37:b3:ba:b0:69:0f:ef:85:
                    e0:13:10:42:68:c8:46:26:98:80:8a:d3:5c:b2:23:
                    c1:a6:06:ed:0f:4e:2c:27:2c:c2:66:b5:69:19:cc:
                    6d:75:25:22:06:62:73:40:ab:95:cd:e2:26:55:b6:
                    25:1f:f2:25:b7:72:a8:9e:f0:a6:7c:be:44:f2:c7:
                    e2:5a:4b:33:22:d5:05:ec:9a:5a:20:bc:4e:f7:9f:
                    e6:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:D0:70:80:68:7D:F7:85:AE:C0:55:B4:96:CF:85:0B:0E:1D:84:B7
            X509v3 Authority Key Identifier:
                keyid:15:28:6F:02:25:C1:41:D9:58:57:FE:74:64:69:49:E7:5D:D9:6F:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FShvAiXBQdlYV_50ZGlJ513Zbyg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/63440c-3d43-458f-879e-021f50932156/1/_dBwgGh994WuwFW0ls-FCw4dhLc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/63440c-3d43-458f-879e-021f50932156/1/FShvAiXBQdlYV_50ZGlJ513Zbyg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:78:62:fc:8e:4b:5e:50:00:6f:d1:19:4f:17:3e:de:b3:0c:
         80:f5:39:c4:fe:92:dd:43:76:25:5a:10:50:bb:3d:c9:00:6c:
         70:9e:0b:8f:2f:6a:95:e0:a9:69:13:ed:cd:69:29:be:fc:7e:
         6e:64:35:84:ca:ce:6c:80:9a:8a:1d:6e:a4:b7:89:72:ab:77:
         18:6c:0d:e4:72:e0:7f:5e:f9:41:c0:ba:9c:7c:b5:c3:cd:e4:
         db:62:fc:d2:2e:ea:18:80:ac:04:af:cb:23:7e:67:a7:b4:38:
         24:07:6c:0d:d5:64:45:28:8c:de:a7:7c:35:45:da:44:a5:0d:
         f4:08:42:9f:be:53:eb:a9:14:6c:81:9b:a9:d6:9f:57:2f:2a:
         ea:b9:26:aa:5a:58:58:ff:8b:e5:9e:93:d5:3f:12:66:a5:74:
         78:c8:88:4b:e5:13:53:d9:3e:30:fd:cb:f3:5d:c4:72:e6:e2:
         7d:41:51:a6:bb:0a:79:ab:0a:f4:56:22:78:78:d3:8e:e8:c6:
         e4:8f:cd:7d:9d:c3:c9:d7:7e:d8:76:80:1f:16:97:74:8e:e7:
         1c:cf:c3:09:09:30:19:25:ad:1a:63:cb:96:61:84:c6:c4:ca:
         cd:2d:e9:32:bb:ed:22:23:cc:65:df:17:f3:23:db:f3:0c:1a:
         d3:57:a0:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/g+o+ApKaJnOw4HEjHWzhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1Mjg2ZjAyMjVjMTQxZDk1ODU3ZmU3NDY0Njk0OWU3NWRk
OTZmMjgwHhcNMjYwMTAyMTYyMTUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGQwNzA4MDY4N2RmNzg1YWVjMDU1YjQ5NmNmODUwYjBlMWQ4NGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2U29cOvq8OGh/f0Wdswtf3bxQLD0
Bu/EGgFDcHdfyKJ81Z15l/KOgyW3/k3lhWIWTo1SE57RSOkl8dFHOyGCYp12HKUs
nxGf7UzLwklC/HDGaNFkDovsrPCrFDt3GevBttQ6qwZ238LjEjNHoH+VtCnKyWF/
/yENPSqIyZBDWR3DiKM7AnERHd5Yw6jdqKuctv6YlNBsQBQnj1FWHuceeZsSQ68X
OY+COI7RN7O6sGkP74XgExBCaMhGJpiAitNcsiPBpgbtD04sJyzCZrVpGcxtdSUi
BmJzQKuVzeImVbYlH/Ilt3KonvCmfL5E8sfiWkszItUF7JpaILxO95/mpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP3QcIBoffeFrsBVtJbPhQsOHYS3MB8GA1UdIwQY
MBaAFBUobwIlwUHZWFf+dGRpSedd2W8oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlNodkFpWEJRZGxZVl81MFpHbEo1MTNaYnlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni82MzQ0MGMtM2Q0My00NThmLTg3OWUt
MDIxZjUwOTMyMTU2LzEvX2RCd2dHaDk5NFd1d0ZXMGxzLUZDdzRkaExjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni82MzQ0MGMtM2Q0My00NThmLTg3OWUtMDIxZjUwOTMyMTU2
LzEvRlNodkFpWEJRZGxZVl81MFpHbEo1MTNaYnlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQj6MA0G
CSqGSIb3DQEBCwUAA4IBAQBreGL8jkteUABv0RlPFz7eswyA9TnE/pLdQ3YlWhBQ
uz3JAGxwnguPL2qV4KlpE+3NaSm+/H5uZDWEys5sgJqKHW6kt4lyq3cYbA3kcuB/
XvlBwLqcfLXDzeTbYvzSLuoYgKwEr8sjfmentDgkB2wN1WRFKIzep3w1RdpEpQ30
CEKfvlPrqRRsgZup1p9XLyrquSaqWlhY/4vlnpPVPxJmpXR4yIhL5RNT2T4w/cvz
XcRy5uJ9QVGmuwp5qwr0ViJ4eNOO6Mbkj819ncPJ137YdoAfFpd0juccz8MJCTAZ
Ja0aY8uWYYTGxMrNLekyu+0iI8xl3xfzI9vzDBrTV6DI
-----END CERTIFICATE-----