This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/285f32-03ea-416e-9cb0-7e66648fc264/1/ni2pJYsgjdd_PvsJim4HSq8So90.roa
File:                     ni2pJYsgjdd_PvsJim4HSq8So90.roa (raw, json)
Hash identifier:          oeFgA//XgCFg9vA4VhOc/9YfMueTyaFUxUNd6kbXTTI=
Subject key identifier:   9E:2D:A9:25:8B:20:8D:D7:7F:3E:FB:09:8A:6E:07:4A:AF:12:A3:DD
Certificate issuer:       /CN=f4e9d53310243187083fdc9609735465b1089043
Certificate serial:       019B7F15D4372C8289C09C8DF885AAD78F44
Authority key identifier: F4:E9:D5:33:10:24:31:87:08:3F:DC:96:09:73:54:65:B1:08:90:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9OnVMxAkMYcIP9yWCXNUZbEIkEM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/285f32-03ea-416e-9cb0-7e66648fc264/1/ni2pJYsgjdd_PvsJim4HSq8So90.roa
Signing time:             Fri 02 Jan 2026 14:21:35 +0000
ROA not before:           Fri 02 Jan 2026 14:21:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     30769
IP address blocks:        193.19.88.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/285f32-03ea-416e-9cb0-7e66648fc264/1/9OnVMxAkMYcIP9yWCXNUZbEIkEM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/285f32-03ea-416e-9cb0-7e66648fc264/1/9OnVMxAkMYcIP9yWCXNUZbEIkEM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9OnVMxAkMYcIP9yWCXNUZbEIkEM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:d4:37:2c:82:89:c0:9c:8d:f8:85:aa:d7:8f:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4e9d53310243187083fdc9609735465b1089043
        Validity
            Not Before: Jan  2 14:21:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9e2da9258b208dd77f3efb098a6e074aaf12a3dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:e1:ee:f6:dc:a6:0a:8e:8e:af:33:2d:ea:21:
                    00:6b:a0:83:37:c5:7f:dc:ed:04:09:d9:6d:a8:a3:
                    c4:12:03:a2:c7:a2:16:38:9a:ab:ba:38:6f:87:e7:
                    ba:2c:9b:a9:9f:2a:bb:bd:de:01:a1:b5:51:3b:2e:
                    b7:c2:1b:82:11:6f:ef:bd:36:65:72:da:3b:ad:29:
                    5f:a7:49:8b:1a:f1:d1:f1:7d:86:c5:63:39:35:01:
                    cd:52:2b:a5:06:ce:82:b0:f9:50:ce:2e:a3:e5:50:
                    74:46:83:ca:fc:8a:03:dc:c2:60:28:3a:f4:0a:60:
                    e9:81:7a:3b:c5:33:01:26:3b:da:c6:75:b8:c9:89:
                    e6:87:3a:67:df:a0:dd:94:6a:ea:7e:ca:d8:76:5e:
                    0a:be:d4:1b:9e:7f:9b:4d:ba:75:11:2a:41:0d:52:
                    44:5b:05:92:db:7c:bc:39:ce:71:7e:9d:05:ed:12:
                    0d:1f:2f:4a:94:e1:fb:b0:25:30:ce:22:00:aa:f6:
                    61:42:bb:e1:01:7f:d1:3c:b7:41:be:2f:8a:bf:0b:
                    5d:29:87:02:10:08:a9:05:62:42:62:e2:37:fa:3e:
                    10:5a:a7:26:f2:00:b4:10:a0:c5:4f:78:68:70:f4:
                    41:26:08:9f:21:b7:1c:bb:98:72:24:ed:c2:ee:c0:
                    c6:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:2D:A9:25:8B:20:8D:D7:7F:3E:FB:09:8A:6E:07:4A:AF:12:A3:DD
            X509v3 Authority Key Identifier:
                keyid:F4:E9:D5:33:10:24:31:87:08:3F:DC:96:09:73:54:65:B1:08:90:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9OnVMxAkMYcIP9yWCXNUZbEIkEM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/285f32-03ea-416e-9cb0-7e66648fc264/1/ni2pJYsgjdd_PvsJim4HSq8So90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/285f32-03ea-416e-9cb0-7e66648fc264/1/9OnVMxAkMYcIP9yWCXNUZbEIkEM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.19.88.0/23

    Signature Algorithm: sha256WithRSAEncryption
         19:df:a6:4a:af:24:1f:3a:6c:ff:c7:9d:17:50:74:ab:a8:df:
         83:fb:c8:e8:d0:e8:d2:2d:05:29:f2:9d:ed:c9:25:6e:f4:b1:
         88:37:e2:09:95:1c:f4:4a:34:55:4c:82:6f:24:80:1b:1f:68:
         ab:67:0c:75:ce:e8:01:ca:5e:b5:d5:6d:64:dc:c7:fa:d3:6d:
         77:ba:16:f6:72:8a:5c:3c:0f:37:30:37:92:22:a0:69:d5:76:
         71:26:5a:d3:11:cb:7d:e8:70:2f:04:8e:10:7f:2c:7f:c7:87:
         96:34:2a:3a:eb:a6:8c:43:ff:6f:94:26:ff:61:4a:55:7b:f3:
         2a:3e:08:54:3a:73:04:76:8d:88:6e:b3:17:af:61:1b:f3:dd:
         4a:6b:3a:2b:c2:1f:f2:91:67:82:1d:e0:95:65:b6:20:c0:a0:
         35:2a:9c:5d:83:ad:2c:68:45:ac:74:8f:75:f4:9a:6c:a6:cd:
         f4:e2:12:a9:ed:70:24:6b:72:5c:f0:c9:e1:c8:42:c5:26:79:
         83:8e:43:98:32:1a:37:26:49:d4:37:29:71:64:01:02:5d:bd:
         ba:39:f3:c0:85:2a:9b:0d:10:a7:6e:2a:ea:4c:5f:f5:f0:43:
         66:28:a9:8c:d8:d1:d1:0d:52:cf:9a:a8:5d:dc:47:10:74:b6:
         04:04:8b:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FdQ3LIKJwJyN+IWq149EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0ZTlkNTMzMTAyNDMxODcwODNmZGM5NjA5NzM1NDY1YjEw
ODkwNDMwHhcNMjYwMTAyMTQyMTM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTJkYTkyNThiMjA4ZGQ3N2YzZWZiMDk4YTZlMDc0YWFmMTJhM2RkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnuHu9tymCo6OrzMt6iEAa6CDN8V/
3O0ECdltqKPEEgOix6IWOJqrujhvh+e6LJupnyq7vd4BobVROy63whuCEW/vvTZl
cto7rSlfp0mLGvHR8X2GxWM5NQHNUiulBs6CsPlQzi6j5VB0RoPK/IoD3MJgKDr0
CmDpgXo7xTMBJjvaxnW4yYnmhzpn36DdlGrqfsrYdl4KvtQbnn+bTbp1ESpBDVJE
WwWS23y8Oc5xfp0F7RINHy9KlOH7sCUwziIAqvZhQrvhAX/RPLdBvi+KvwtdKYcC
EAipBWJCYuI3+j4QWqcm8gC0EKDFT3hocPRBJgifIbccu5hyJO3C7sDG8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ4tqSWLII3Xfz77CYpuB0qvEqPdMB8GA1UdIwQY
MBaAFPTp1TMQJDGHCD/clglzVGWxCJBDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOU9uVk14QWtNWWNJUDl5V0NYTlVaYkVJa0VNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy8yODVmMzItMDNlYS00MTZlLTljYjAt
N2U2NjY0OGZjMjY0LzEvbmkycEpZc2dqZGRfUHZzSmltNEhTcThTbzkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy8yODVmMzItMDNlYS00MTZlLTljYjAtN2U2NjY0OGZjMjY0
LzEvOU9uVk14QWtNWWNJUDl5V0NYTlVaYkVJa0VNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwRNYMA0G
CSqGSIb3DQEBCwUAA4IBAQAZ36ZKryQfOmz/x50XUHSrqN+D+8jo0OjSLQUp8p3t
ySVu9LGIN+IJlRz0SjRVTIJvJIAbH2irZwx1zugByl611W1k3Mf60213uhb2copc
PA83MDeSIqBp1XZxJlrTEct96HAvBI4Qfyx/x4eWNCo666aMQ/9vlCb/YUpVe/Mq
PghUOnMEdo2IbrMXr2Eb891Kazorwh/ykWeCHeCVZbYgwKA1Kpxdg60saEWsdI91
9Jpsps304hKp7XAka3Jc8MnhyELFJnmDjkOYMho3JknUNylxZAECXb26OfPAhSqb
DRCnbirqTF/18ENmKKmM2NHRDVLPmqhd3EcQdLYEBIua
-----END CERTIFICATE-----