This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/1JWNv8sFY3SXOHupqC0C9HklTRw.roa
File:                     1JWNv8sFY3SXOHupqC0C9HklTRw.roa (raw, json)
Hash identifier:          SM1iX0oWnm9qPohx2WfmX3ogBGn9K4VdwqVZfDE6Oi0=
Subject key identifier:   D4:95:8D:BF:CB:05:63:74:97:38:7B:A9:A8:2D:02:F4:79:25:4D:1C
Certificate issuer:       /CN=9bed36af13da482fdf79fb5403e5074860eecd0d
Certificate serial:       019B7A5ACC9BE811537E908C98BBA04D425A
Authority key identifier: 9B:ED:36:AF:13:DA:48:2F:DF:79:FB:54:03:E5:07:48:60:EE:CD:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m-02rxPaSC_feftUA-UHSGDuzQ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/1JWNv8sFY3SXOHupqC0C9HklTRw.roa
Signing time:             Thu 01 Jan 2026 16:18:49 +0000
ROA not before:           Thu 01 Jan 2026 16:18:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199311
IP address blocks:        134.19.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/m-02rxPaSC_feftUA-UHSGDuzQ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/m-02rxPaSC_feftUA-UHSGDuzQ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m-02rxPaSC_feftUA-UHSGDuzQ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 10:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:cc:9b:e8:11:53:7e:90:8c:98:bb:a0:4d:42:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bed36af13da482fdf79fb5403e5074860eecd0d
        Validity
            Not Before: Jan  1 16:18:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d4958dbfcb05637497387ba9a82d02f479254d1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:c4:b6:c0:54:1a:e0:e1:dd:63:05:24:d6:1f:
                    ed:9d:e7:77:d7:d8:b6:28:09:29:59:c8:0e:b2:25:
                    15:bb:86:1d:f8:a9:2d:03:e7:30:df:f7:f8:56:56:
                    7f:94:a5:73:59:f8:ad:51:a4:45:95:9b:6b:9d:ca:
                    b5:74:f4:b2:25:43:bb:ad:c8:84:ff:ef:ed:99:e2:
                    a2:3e:ff:df:86:a7:af:68:33:7b:99:7e:f9:31:66:
                    09:a1:a2:26:d9:93:5f:11:08:9a:6d:97:a5:50:f1:
                    88:20:41:6f:4a:c9:95:5d:88:54:4e:57:6f:e4:ef:
                    2f:88:73:73:6d:cd:32:c1:06:53:0b:e6:b5:59:60:
                    9f:29:1d:63:99:dd:b4:79:9b:cf:12:21:4b:fd:07:
                    c4:a4:64:0e:98:0f:19:80:79:7e:53:4e:43:17:9a:
                    7e:77:7f:33:cd:69:c8:ed:07:5e:e9:18:66:40:57:
                    34:57:d3:ae:a9:b5:36:f1:de:3f:22:d8:75:cd:27:
                    19:37:45:b5:e6:4b:30:98:6e:c6:5a:f4:a6:ba:83:
                    8a:fc:9f:4c:86:66:b4:47:42:2e:f7:98:60:67:ac:
                    56:7a:b2:b9:da:d8:f9:bf:79:77:77:f3:ad:6e:f3:
                    67:2a:66:ff:6a:d3:18:c1:95:52:5c:0f:3a:d9:50:
                    c2:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:95:8D:BF:CB:05:63:74:97:38:7B:A9:A8:2D:02:F4:79:25:4D:1C
            X509v3 Authority Key Identifier:
                keyid:9B:ED:36:AF:13:DA:48:2F:DF:79:FB:54:03:E5:07:48:60:EE:CD:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m-02rxPaSC_feftUA-UHSGDuzQ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/1JWNv8sFY3SXOHupqC0C9HklTRw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/m-02rxPaSC_feftUA-UHSGDuzQ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.19.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:18:2d:3f:e4:e0:8a:8a:fe:29:d1:a4:96:6f:2a:0a:67:a0:
         85:39:3a:ed:20:fb:ef:bb:61:16:ad:26:ad:ae:f3:7c:ff:4e:
         9a:32:96:06:4e:4d:a4:13:b5:53:f2:65:6a:8c:61:f3:84:85:
         40:87:c4:73:28:40:81:35:55:56:1a:ac:34:4a:35:29:c0:83:
         29:5a:0d:05:34:7a:25:e7:80:06:58:d4:53:86:59:e2:4f:9c:
         4f:d8:26:23:78:ef:a8:ca:36:0a:21:02:4c:05:87:59:d6:28:
         42:38:49:4e:d3:6c:45:ee:69:c2:6f:9c:60:ec:7b:76:39:bd:
         86:58:bd:eb:3a:04:9f:7d:37:b4:2f:13:df:17:89:e0:0a:39:
         0c:d9:f8:64:12:8a:af:42:93:c0:b3:6b:5a:4a:c8:58:3b:9d:
         b8:29:81:64:5c:03:ee:e6:20:45:ac:8f:a5:e7:30:c4:92:d6:
         f1:78:da:bc:b4:1e:2c:c5:e3:22:72:de:50:d1:9b:04:32:46:
         de:5d:a4:7e:3c:60:0e:9c:98:a4:ed:e1:ca:af:68:0c:50:99:
         ea:cf:7f:68:f5:6b:7b:b1:2d:fb:aa:40:33:30:18:16:fe:94:
         82:c9:f3:07:1e:0d:9e:79:ff:28:44:b1:fb:47:e1:22:c7:58:
         d5:e9:63:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6Wsyb6BFTfpCMmLugTUJaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliZWQzNmFmMTNkYTQ4MmZkZjc5ZmI1NDAzZTUwNzQ4NjBl
ZWNkMGQwHhcNMjYwMTAxMTYxODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDk1OGRiZmNiMDU2Mzc0OTczODdiYTlhODJkMDJmNDc5MjU0ZDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAssS2wFQa4OHdYwUk1h/tned319i2
KAkpWcgOsiUVu4Yd+KktA+cw3/f4VlZ/lKVzWfitUaRFlZtrncq1dPSyJUO7rciE
/+/tmeKiPv/fhqevaDN7mX75MWYJoaIm2ZNfEQiabZelUPGIIEFvSsmVXYhUTldv
5O8viHNzbc0ywQZTC+a1WWCfKR1jmd20eZvPEiFL/QfEpGQOmA8ZgHl+U05DF5p+
d38zzWnI7Qde6RhmQFc0V9OuqbU28d4/Ith1zScZN0W15kswmG7GWvSmuoOK/J9M
hma0R0Iu95hgZ6xWerK52tj5v3l3d/OtbvNnKmb/atMYwZVSXA862VDCiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNSVjb/LBWN0lzh7qagtAvR5JU0cMB8GA1UdIwQY
MBaAFJvtNq8T2kgv33n7VAPlB0hg7s0NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbS0wMnJ4UGFTQ19mZWZ0VUEtVUhTR0R1elEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni80YjAyODMtYTkwYy00ZDY0LTgzMDEt
ZDIyMWViZDA4MThkLzEvMUpXTnY4c0ZZM1NYT0h1cHFDMEM5SGtsVFJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni80YjAyODMtYTkwYy00ZDY0LTgzMDEtZDIyMWViZDA4MThk
LzEvbS0wMnJ4UGFTQ19mZWZ0VUEtVUhTR0R1elEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAhhPcMA0G
CSqGSIb3DQEBCwUAA4IBAQA0GC0/5OCKiv4p0aSWbyoKZ6CFOTrtIPvvu2EWrSat
rvN8/06aMpYGTk2kE7VT8mVqjGHzhIVAh8RzKECBNVVWGqw0SjUpwIMpWg0FNHol
54AGWNRThlniT5xP2CYjeO+oyjYKIQJMBYdZ1ihCOElO02xF7mnCb5xg7Ht2Ob2G
WL3rOgSffTe0LxPfF4ngCjkM2fhkEoqvQpPAs2taSshYO524KYFkXAPu5iBFrI+l
5zDEktbxeNq8tB4sxeMict5Q0ZsEMkbeXaR+PGAOnJik7eHKr2gMUJnqz39o9Wt7
sS37qkAzMBgW/pSCyfMHHg2eef8oRLH7R+Eix1jV6WPV
-----END CERTIFICATE-----