This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jbP1WveZg382c_k5VkDuNCNhkLw.roa
File:                     jbP1WveZg382c_k5VkDuNCNhkLw.roa (raw, json)
Hash identifier:          fSn6GBxGQmZ3Z2n29FZdhHmW1G8G4hnBzMsx2BWFDfI=
Subject key identifier:   8D:B3:F5:5A:F7:99:83:7F:36:73:F9:39:56:40:EE:34:23:61:90:BC
Certificate issuer:       /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial:       019B7F845D82B04AAB23E065FA7A0DBF8976
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jbP1WveZg382c_k5VkDuNCNhkLw.roa
Signing time:             Fri 02 Jan 2026 16:22:19 +0000
ROA not before:           Fri 02 Jan 2026 16:22:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31307
IP address blocks:        212.252.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:5d:82:b0:4a:ab:23:e0:65:fa:7a:0d:bf:89:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
        Validity
            Not Before: Jan  2 16:22:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8db3f55af799837f3673f9395640ee34236190bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:f1:c4:71:50:b9:f2:41:5c:c8:f8:7b:7d:7b:
                    02:07:98:73:f7:e4:64:80:33:47:9a:2a:96:fe:fc:
                    f4:d2:05:c2:e7:1a:0a:5c:4b:4c:96:50:ac:24:56:
                    41:6b:6a:23:59:67:71:7f:99:05:d0:5a:bd:6b:41:
                    1b:58:c3:fd:0f:98:29:c1:e5:49:15:6d:8f:b9:f7:
                    9a:ba:fd:60:90:e1:ca:67:e8:a4:af:1d:f7:f3:c2:
                    ea:01:4d:39:92:fb:00:ae:0a:c5:8f:70:82:73:3f:
                    c6:d6:87:ee:bb:66:2e:57:93:e1:dd:61:70:4b:6b:
                    c9:6e:a6:01:a2:8a:df:06:05:4a:6e:64:33:ed:ec:
                    c8:ae:0f:cc:51:94:e3:18:6f:95:7f:40:26:fb:7f:
                    0b:93:cc:31:c3:4e:a8:74:4d:60:45:b7:d9:d2:05:
                    2e:2a:63:14:b8:01:97:2e:01:62:14:c9:08:60:fe:
                    17:13:3c:bf:c7:f4:6f:9f:f1:06:d1:51:f0:12:61:
                    9f:22:d8:b4:a2:fa:75:02:9e:8a:60:d2:f4:6e:ba:
                    e1:56:aa:20:fe:3e:1d:f7:38:1d:94:c1:d0:82:b0:
                    ed:4a:b9:46:6c:fe:c5:df:e4:55:1c:36:4a:54:67:
                    52:e2:5c:b3:c2:bb:26:26:a5:14:25:16:c4:54:51:
                    dd:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:B3:F5:5A:F7:99:83:7F:36:73:F9:39:56:40:EE:34:23:61:90:BC
            X509v3 Authority Key Identifier:
                keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jbP1WveZg382c_k5VkDuNCNhkLw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.252.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:24:d2:c1:6e:0c:a1:fb:0d:19:93:5e:43:8b:d4:f6:8b:a9:
         cc:27:d7:f0:c2:aa:96:22:a7:65:f1:97:ed:f5:36:a7:f8:d2:
         8b:2e:1f:3b:32:a9:93:32:09:c7:ef:47:05:2f:83:04:74:71:
         5b:9c:cf:b1:25:b3:8d:de:e0:12:09:13:f9:dd:ee:1f:fd:19:
         73:73:64:a5:c3:22:33:55:58:14:e7:f7:bc:04:09:6d:e3:bd:
         88:64:75:65:88:6a:26:62:0a:dc:b2:94:36:a6:d4:73:51:ba:
         c6:70:fe:41:6c:14:16:18:93:41:8f:47:b7:21:90:42:b7:a4:
         2f:f4:9b:58:98:f1:e3:62:7f:47:e6:e0:64:59:5e:df:a8:cd:
         0f:77:ea:e6:b2:e9:ad:ca:2d:01:40:59:f6:92:6b:41:f9:6e:
         38:6f:7e:0e:74:35:28:c1:71:49:20:92:d5:f3:95:4a:a1:d5:
         e3:89:94:cc:9f:0f:04:8e:36:61:e3:a1:2f:80:28:66:d8:71:
         64:28:8d:50:bf:35:ce:f1:f3:70:10:ac:44:f4:04:42:b3:5f:
         09:c9:65:b1:c0:c3:5b:97:bf:fb:c5:3d:9d:ff:0a:a0:c1:5c:
         64:df:70:8f:b2:08:31:b8:3f:e1:a6:fd:5a:05:34:10:d6:33:
         fb:2c:53:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hF2CsEqrI+Bl+noNv4l2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjYwMTAyMTYyMjE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGIzZjU1YWY3OTk4MzdmMzY3M2Y5Mzk1NjQwZWUzNDIzNjE5MGJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvHEcVC58kFcyPh7fXsCB5hz9+Rk
gDNHmiqW/vz00gXC5xoKXEtMllCsJFZBa2ojWWdxf5kF0Fq9a0EbWMP9D5gpweVJ
FW2Pufeauv1gkOHKZ+ikrx3388LqAU05kvsArgrFj3CCcz/G1ofuu2YuV5Ph3WFw
S2vJbqYBoorfBgVKbmQz7ezIrg/MUZTjGG+Vf0Am+38Lk8wxw06odE1gRbfZ0gUu
KmMUuAGXLgFiFMkIYP4XEzy/x/Rvn/EG0VHwEmGfIti0ovp1Ap6KYNL0brrhVqog
/j4d9zgdlMHQgrDtSrlGbP7F3+RVHDZKVGdS4lyzwrsmJqUUJRbEVFHddQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI2z9Vr3mYN/NnP5OVZA7jQjYZC8MB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvamJQMVd2ZVpnMzgyY19rNVZrRHVOQ05oa0x3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1PzEMA0G
CSqGSIb3DQEBCwUAA4IBAQBMJNLBbgyh+w0Zk15Di9T2i6nMJ9fwwqqWIqdl8Zft
9Tan+NKLLh87MqmTMgnH70cFL4MEdHFbnM+xJbON3uASCRP53e4f/Rlzc2SlwyIz
VVgU5/e8BAlt472IZHVliGomYgrcspQ2ptRzUbrGcP5BbBQWGJNBj0e3IZBCt6Qv
9JtYmPHjYn9H5uBkWV7fqM0Pd+rmsumtyi0BQFn2kmtB+W44b34OdDUowXFJIJLV
85VKodXjiZTMnw8EjjZh46EvgChm2HFkKI1QvzXO8fNwEKxE9ARCs18JyWWxwMNb
l7/7xT2d/wqgwVxk33CPsggxuD/hpv1aBTQQ1jP7LFNE
-----END CERTIFICATE-----