This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jm8-QyC64SKLapzPwKdGSEmZh-U.roa
File:                     jm8-QyC64SKLapzPwKdGSEmZh-U.roa (raw, json)
Hash identifier:          K7cfnaOIUk4PYAiHfabhksTWW34e4ilJQVdDrMouZJA=
Subject key identifier:   8E:6F:3E:43:20:BA:E1:22:8B:6A:9C:CF:C0:A7:46:48:49:99:87:E5
Certificate issuer:       /CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
Certificate serial:       019B7C1182723DFCFF8827EE745F4D2CF334
Authority key identifier: 8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jm8-QyC64SKLapzPwKdGSEmZh-U.roa
Signing time:             Fri 02 Jan 2026 00:18:00 +0000
ROA not before:           Fri 02 Jan 2026 00:18:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204619
IP address blocks:        185.143.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:11:82:72:3d:fc:ff:88:27:ee:74:5f:4d:2c:f3:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
        Validity
            Not Before: Jan  2 00:18:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8e6f3e4320bae1228b6a9ccfc0a74648499987e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:5b:4c:ae:6d:76:eb:b8:69:79:24:51:b6:2a:
                    f5:1e:7e:37:c4:fe:be:56:fd:78:92:85:7b:f4:b1:
                    ae:32:96:74:84:62:1a:74:81:f8:b1:0d:4d:40:33:
                    a6:a5:4f:4b:8c:73:a8:56:93:4f:5e:fe:70:3b:d7:
                    72:63:3d:fa:3e:0d:a0:b2:68:47:7f:9c:84:1d:56:
                    c1:05:77:27:9f:5f:7a:12:ca:07:b9:0e:36:71:03:
                    7a:7a:49:e4:25:6b:40:3d:00:f7:3b:e7:f0:2a:53:
                    6f:8b:2f:a4:24:9b:8a:75:ba:b6:1b:ad:82:54:ea:
                    66:f8:d5:a1:3d:3e:25:d8:9d:a2:67:dc:7d:59:bc:
                    98:3a:ae:c9:a1:1d:09:43:54:0a:0f:d9:63:b4:38:
                    01:24:29:22:6a:a2:6a:ad:77:cb:c1:ad:d5:bc:4a:
                    a7:49:46:e2:3f:62:77:e4:2f:bb:6e:ca:1c:fd:59:
                    88:61:f1:b1:d8:e3:13:e2:67:14:9f:42:6b:71:fb:
                    d9:f1:79:89:a4:ec:99:4b:1c:7e:af:55:b1:bc:86:
                    fb:48:50:cb:81:2d:fe:a3:ed:fb:e9:50:01:a2:cc:
                    cf:33:85:55:70:36:0e:a3:cc:b4:e3:45:56:2f:1d:
                    cb:06:67:11:41:8b:36:72:d5:bb:39:31:00:05:7b:
                    d2:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:6F:3E:43:20:BA:E1:22:8B:6A:9C:CF:C0:A7:46:48:49:99:87:E5
            X509v3 Authority Key Identifier:
                keyid:8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jm8-QyC64SKLapzPwKdGSEmZh-U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.143.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:9a:15:03:8f:dd:41:02:c8:7c:a6:25:13:ad:46:1f:02:69:
         be:2a:3d:ba:b8:85:fa:05:5b:7a:c6:25:27:bb:ac:c8:45:7f:
         de:74:40:89:8c:f3:94:97:62:b6:6f:2e:1e:56:32:54:1c:6b:
         45:da:98:81:85:b0:0a:14:14:ee:fc:f2:71:d7:f9:f1:e8:07:
         b3:f2:ec:dd:d4:05:c1:d3:e5:26:64:5c:c3:8b:b7:4e:5e:72:
         3a:fe:33:4d:b1:76:c4:62:a0:a1:19:58:e5:cb:11:0a:7e:bb:
         c5:e1:c1:60:81:ed:d4:95:68:10:6b:42:91:bf:43:04:bd:71:
         66:48:be:7a:79:49:f7:5a:aa:ec:ed:41:64:02:21:ce:19:6e:
         43:47:a2:db:6a:a7:96:86:07:89:8d:28:ec:39:55:53:ec:c9:
         56:f4:1f:f0:0b:a3:5b:15:af:02:23:f7:f2:5b:f7:cb:c7:bb:
         b8:d0:f5:20:5b:b3:53:bf:71:80:c0:ca:63:44:3f:68:ef:c0:
         22:6a:81:04:58:a5:25:c6:14:fc:24:ca:33:df:2d:81:31:5d:
         ff:a4:96:85:37:99:ab:da:7d:15:17:8d:f3:df:53:a9:43:05:
         b7:fe:6a:c7:54:6b:59:45:9e:5a:35:6c:37:b5:91:42:fa:fb:
         dd:8c:c3:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EYJyPfz/iCfudF9NLPM0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlYjQ0MWRhZGJiZWNiNjk2NWQ0ZWExZjA0NmNjNWM4ZTI4
ODE3ZmMwHhcNMjYwMTAyMDAxODAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTZmM2U0MzIwYmFlMTIyOGI2YTljY2ZjMGE3NDY0ODQ5OTk4N2U1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzltMrm1267hpeSRRtir1Hn43xP6+
Vv14koV79LGuMpZ0hGIadIH4sQ1NQDOmpU9LjHOoVpNPXv5wO9dyYz36Pg2gsmhH
f5yEHVbBBXcnn196EsoHuQ42cQN6eknkJWtAPQD3O+fwKlNviy+kJJuKdbq2G62C
VOpm+NWhPT4l2J2iZ9x9WbyYOq7JoR0JQ1QKD9ljtDgBJCkiaqJqrXfLwa3VvEqn
SUbiP2J35C+7bsoc/VmIYfGx2OMT4mcUn0JrcfvZ8XmJpOyZSxx+r1WxvIb7SFDL
gS3+o+376VABoszPM4VVcDYOo8y040VWLx3LBmcRQYs2ctW7OTEABXvSeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI5vPkMguuEii2qcz8CnRkhJmYflMB8GA1UdIwQY
MBaAFI60QdrbvstpZdTqHwRsxcjiiBf8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmIt
NDZiOTQ5MDkyY2JlLzEvam04LVF5QzY0U0tMYXB6UHdLZEdTRW1aaC1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmItNDZiOTQ5MDkyY2Jl
LzEvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuY+QMA0G
CSqGSIb3DQEBCwUAA4IBAQA+mhUDj91BAsh8piUTrUYfAmm+Kj26uIX6BVt6xiUn
u6zIRX/edECJjPOUl2K2by4eVjJUHGtF2piBhbAKFBTu/PJx1/nx6Aez8uzd1AXB
0+UmZFzDi7dOXnI6/jNNsXbEYqChGVjlyxEKfrvF4cFgge3UlWgQa0KRv0MEvXFm
SL56eUn3Wqrs7UFkAiHOGW5DR6LbaqeWhgeJjSjsOVVT7MlW9B/wC6NbFa8CI/fy
W/fLx7u40PUgW7NTv3GAwMpjRD9o78AiaoEEWKUlxhT8JMoz3y2BMV3/pJaFN5mr
2n0VF43z31OpQwW3/mrHVGtZRZ5aNWw3tZFC+vvdjMMU
-----END CERTIFICATE-----