This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/sjSbwRvUxsb3yUwsgUfAMG2V4_U.roa
File:                     sjSbwRvUxsb3yUwsgUfAMG2V4_U.roa (raw, json)
Hash identifier:          aPIFLtmwDtgSR2q0IlrMpjeonu3SIjoONqTj1lEh+4c=
Subject key identifier:   B2:34:9B:C1:1B:D4:C6:C6:F7:C9:4C:2C:81:47:C0:30:6D:95:E3:F5
Certificate issuer:       /CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
Certificate serial:       019B7E3724129E1741AE36A4079010F408B8
Authority key identifier: 83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/sjSbwRvUxsb3yUwsgUfAMG2V4_U.roa
Signing time:             Fri 02 Jan 2026 10:18:21 +0000
ROA not before:           Fri 02 Jan 2026 10:18:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211639
IP address blocks:        185.13.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:24:12:9e:17:41:ae:36:a4:07:90:10:f4:08:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
        Validity
            Not Before: Jan  2 10:18:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b2349bc11bd4c6c6f7c94c2c8147c0306d95e3f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:f9:6a:3f:73:d4:11:7f:0c:7b:0f:ce:58:ed:
                    82:31:e8:53:24:09:5b:6a:d8:b5:e3:44:04:c6:83:
                    85:22:a2:5c:f3:48:50:45:e9:e1:e0:91:a8:57:8a:
                    12:d5:6c:83:49:58:10:2e:5c:13:77:7d:94:da:61:
                    45:85:7c:f1:14:23:de:73:72:21:b0:f9:10:e5:1c:
                    1f:6b:45:65:bb:cd:a5:b3:79:54:83:76:15:1e:c1:
                    a1:7f:57:b7:39:11:44:66:be:96:a7:04:d5:ff:47:
                    18:da:11:a4:6f:a5:91:60:8c:64:4b:c1:30:10:bf:
                    61:17:1d:99:7f:82:f8:e8:eb:2b:67:73:61:50:c7:
                    fd:df:92:02:ae:5d:31:23:6c:d4:ca:0b:ab:fa:48:
                    df:e3:74:a4:5f:98:d9:57:4d:92:eb:10:10:28:dc:
                    9d:5d:a5:38:b0:74:1d:22:77:82:c4:74:74:d6:93:
                    41:cf:cb:72:c1:cc:50:f6:b4:a3:03:00:c9:3c:26:
                    a6:32:dc:51:6a:6f:af:3e:ba:a6:3e:1f:30:53:cd:
                    fa:5d:18:d6:73:a0:d1:5e:54:8d:53:c6:10:ee:59:
                    97:a5:32:5f:9c:dd:44:0f:65:bb:ae:f1:ca:58:d3:
                    3a:43:23:c6:e8:c7:68:06:55:1c:ad:59:2c:01:03:
                    31:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:34:9B:C1:1B:D4:C6:C6:F7:C9:4C:2C:81:47:C0:30:6D:95:E3:F5
            X509v3 Authority Key Identifier:
                keyid:83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/sjSbwRvUxsb3yUwsgUfAMG2V4_U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.13.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:5b:47:c0:24:7c:41:5d:bd:55:97:23:7d:59:40:78:46:52:
         e9:4c:2c:5b:8d:6a:69:1f:f2:4e:fd:c6:6e:98:98:75:b2:a1:
         e1:3e:ec:ec:ce:20:9a:79:44:8e:2e:7c:29:a0:c9:d9:81:50:
         89:5f:52:0b:6f:05:3f:ac:02:b9:45:44:70:b2:37:10:3c:02:
         91:63:54:63:00:a2:02:12:a8:d3:f6:8b:56:a1:de:a2:3d:1e:
         f0:8f:f1:76:04:c9:a7:2c:a2:22:81:fc:8e:b9:7b:d2:83:6e:
         2a:9e:34:92:02:d1:c3:2a:b2:ee:00:54:9d:04:95:42:b1:ab:
         1b:20:cb:46:a3:47:aa:98:9b:08:7d:21:2e:58:8f:5f:83:f1:
         f0:94:cc:9c:99:96:b5:9a:3d:d8:8c:dc:b2:0f:a9:0d:be:e0:
         99:ac:e4:b4:1d:47:91:42:b9:39:23:0b:48:da:ed:fa:f6:89:
         b2:1d:72:ee:cf:5d:da:22:2d:7b:0f:1c:dc:42:2c:51:95:94:
         35:5e:2f:08:59:a6:90:33:c8:df:fd:bb:2a:d5:48:0a:f2:77:
         4c:fd:8d:13:3d:58:70:df:c3:4a:f0:20:12:7b:32:19:5f:09:
         65:c9:b2:f7:3c:dc:2f:b9:19:bd:d4:5b:a5:9a:f2:9a:02:6e:
         67:be:2e:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+NyQSnhdBrjakB5AQ9Ai4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMzhlZjQxYjJjMDEwNWE5MWNjYmI5Yzg5MzM3ZmFlYjEy
OWZmODQwHhcNMjYwMTAyMTAxODIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjM0OWJjMTFiZDRjNmM2ZjdjOTRjMmM4MTQ3YzAzMDZkOTVlM2Y1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwvlqP3PUEX8Mew/OWO2CMehTJAlb
ati140QExoOFIqJc80hQRenh4JGoV4oS1WyDSVgQLlwTd32U2mFFhXzxFCPec3Ih
sPkQ5Rwfa0Vlu82ls3lUg3YVHsGhf1e3ORFEZr6WpwTV/0cY2hGkb6WRYIxkS8Ew
EL9hFx2Zf4L46OsrZ3NhUMf935ICrl0xI2zUygur+kjf43SkX5jZV02S6xAQKNyd
XaU4sHQdIneCxHR01pNBz8tywcxQ9rSjAwDJPCamMtxRam+vPrqmPh8wU836XRjW
c6DRXlSNU8YQ7lmXpTJfnN1ED2W7rvHKWNM6QyPG6MdoBlUcrVksAQMxEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLI0m8Eb1MbG98lMLIFHwDBtleP1MB8GA1UdIwQY
MBaAFIM470GywBBakcy7nIkzf66xKf+EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3Mzgt
MjhmYzc3OTY3NzYzLzEvc2pTYndSdlV4c2IzeVV3c2dVZkFNRzJWNF9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3MzgtMjhmYzc3OTY3NzYz
LzEvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQ0hMA0G
CSqGSIb3DQEBCwUAA4IBAQB9W0fAJHxBXb1VlyN9WUB4RlLpTCxbjWppH/JO/cZu
mJh1sqHhPuzsziCaeUSOLnwpoMnZgVCJX1ILbwU/rAK5RURwsjcQPAKRY1RjAKIC
EqjT9otWod6iPR7wj/F2BMmnLKIigfyOuXvSg24qnjSSAtHDKrLuAFSdBJVCsasb
IMtGo0eqmJsIfSEuWI9fg/HwlMycmZa1mj3YjNyyD6kNvuCZrOS0HUeRQrk5IwtI
2u369omyHXLuz13aIi17DxzcQixRlZQ1Xi8IWaaQM8jf/bsq1UgK8ndM/Y0TPVhw
38NK8CASezIZXwllybL3PNwvuRm91FulmvKaAm5nvi4y
-----END CERTIFICATE-----