This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/35385b-6684-459e-8327-c1fae00889db/1/MjJql6N1k7NzCgb9-0-RouDw4k8.roa
File:                     MjJql6N1k7NzCgb9-0-RouDw4k8.roa (raw, json)
Hash identifier:          fpENb/LPkDXvYm6to8o4nXJyGfsle0bOqeriZZmpCDk=
Subject key identifier:   32:32:6A:97:A3:75:93:B3:73:0A:06:FD:FB:4F:91:A2:E0:F0:E2:4F
Certificate issuer:       /CN=27fca5b7a77d887649f68a45c90d667c76500164
Certificate serial:       019B7C1283DBF8103F50299421FC84F088CF
Authority key identifier: 27:FC:A5:B7:A7:7D:88:76:49:F6:8A:45:C9:0D:66:7C:76:50:01:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J_ylt6d9iHZJ9opFyQ1mfHZQAWQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/35385b-6684-459e-8327-c1fae00889db/1/MjJql6N1k7NzCgb9-0-RouDw4k8.roa
Signing time:             Fri 02 Jan 2026 00:19:06 +0000
ROA not before:           Fri 02 Jan 2026 00:19:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402020
IP address blocks:        194.34.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/35385b-6684-459e-8327-c1fae00889db/1/J_ylt6d9iHZJ9opFyQ1mfHZQAWQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/35385b-6684-459e-8327-c1fae00889db/1/J_ylt6d9iHZJ9opFyQ1mfHZQAWQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J_ylt6d9iHZJ9opFyQ1mfHZQAWQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:83:db:f8:10:3f:50:29:94:21:fc:84:f0:88:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27fca5b7a77d887649f68a45c90d667c76500164
        Validity
            Not Before: Jan  2 00:19:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=32326a97a37593b3730a06fdfb4f91a2e0f0e24f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:90:80:ad:cc:d4:f2:13:c5:fb:af:44:9a:82:
                    af:35:07:a9:f3:68:2f:c2:c8:b9:ec:55:41:30:1e:
                    52:a2:78:0c:96:ef:a1:61:76:aa:14:c3:16:3b:e6:
                    05:4d:f9:6a:49:5f:fd:00:d2:29:75:08:6e:df:4c:
                    5b:93:e5:21:88:2f:19:4a:58:95:37:2d:63:78:2d:
                    c9:53:97:6f:50:9a:00:9c:48:d5:bf:22:0c:38:cf:
                    f4:55:e1:63:d9:23:35:f0:92:ab:e3:06:39:61:fe:
                    f1:a7:1d:4f:a0:17:8c:6b:b5:f4:a0:25:90:28:41:
                    68:ba:94:a4:32:f5:04:8e:c6:19:34:5d:dd:84:79:
                    35:de:80:44:c1:27:66:b5:d4:b4:4a:7d:61:65:98:
                    0e:0f:9f:7b:2c:33:a1:e3:1d:f5:fa:5c:d1:ed:f0:
                    bf:cd:fa:89:cc:c0:df:37:55:ce:3d:49:6e:86:48:
                    42:6f:4f:69:3e:2d:00:0f:68:1f:ea:52:5f:57:b6:
                    a3:dc:2b:53:35:9f:75:eb:af:b8:f5:09:51:8d:53:
                    0f:04:7b:a9:ef:f3:e4:40:d6:f1:4b:21:c0:79:f4:
                    ca:62:62:4a:47:f1:04:fe:01:ab:85:f5:96:22:8c:
                    52:4e:5a:c3:9f:2d:12:f9:62:19:bf:31:76:de:d1:
                    f1:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:32:6A:97:A3:75:93:B3:73:0A:06:FD:FB:4F:91:A2:E0:F0:E2:4F
            X509v3 Authority Key Identifier:
                keyid:27:FC:A5:B7:A7:7D:88:76:49:F6:8A:45:C9:0D:66:7C:76:50:01:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J_ylt6d9iHZJ9opFyQ1mfHZQAWQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/35385b-6684-459e-8327-c1fae00889db/1/MjJql6N1k7NzCgb9-0-RouDw4k8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/35385b-6684-459e-8327-c1fae00889db/1/J_ylt6d9iHZJ9opFyQ1mfHZQAWQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.34.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:2d:84:7d:6a:4d:b8:fc:a1:f9:cc:80:cf:2a:79:3c:d7:8a:
         54:2e:49:4b:e8:57:32:09:b6:15:4f:e9:8b:08:00:6a:53:a5:
         a0:a2:5a:a0:02:35:13:01:67:0e:39:db:f5:81:07:3c:b0:0a:
         12:85:11:5c:37:82:7a:61:03:58:d7:5b:22:8e:d6:df:13:08:
         ea:43:bf:21:52:01:da:f2:cd:9b:40:f8:12:60:73:b8:a6:02:
         57:26:90:35:2f:71:43:83:90:3c:b9:16:9f:3a:b2:e4:6a:ce:
         32:d4:68:cc:ea:86:0a:70:e0:6a:93:87:9a:ae:f4:db:5d:e8:
         99:58:3f:b9:ff:70:b4:ae:46:e9:44:8f:78:46:9e:6f:be:1e:
         83:25:d7:f6:94:99:42:81:2b:c6:02:4a:f3:04:d5:99:59:80:
         5c:07:7e:d1:33:2e:cd:ae:8a:3f:02:29:97:ce:8b:ee:66:2e:
         be:a6:f1:4b:7f:42:89:d2:8c:d5:e5:bb:49:0c:8d:2f:2d:7e:
         5e:c4:2b:67:07:49:f6:29:ca:6b:77:8b:67:11:8a:9b:63:64:
         c8:24:55:9a:fc:4e:3c:af:4c:73:da:1d:aa:09:c0:ec:ac:0c:
         c5:9a:b6:9f:ea:db:0b:8d:99:7f:3e:67:31:a3:6e:25:e6:ed:
         8d:53:50:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EoPb+BA/UCmUIfyE8IjPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3ZmNhNWI3YTc3ZDg4NzY0OWY2OGE0NWM5MGQ2NjdjNzY1
MDAxNjQwHhcNMjYwMTAyMDAxOTA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjMyNmE5N2EzNzU5M2IzNzMwYTA2ZmRmYjRmOTFhMmUwZjBlMjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt5CArczU8hPF+69EmoKvNQep82gv
wsi57FVBMB5SongMlu+hYXaqFMMWO+YFTflqSV/9ANIpdQhu30xbk+UhiC8ZSliV
Ny1jeC3JU5dvUJoAnEjVvyIMOM/0VeFj2SM18JKr4wY5Yf7xpx1PoBeMa7X0oCWQ
KEFoupSkMvUEjsYZNF3dhHk13oBEwSdmtdS0Sn1hZZgOD597LDOh4x31+lzR7fC/
zfqJzMDfN1XOPUluhkhCb09pPi0AD2gf6lJfV7aj3CtTNZ9166+49QlRjVMPBHup
7/PkQNbxSyHAefTKYmJKR/EE/gGrhfWWIoxSTlrDny0S+WIZvzF23tHxMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDIyapejdZOzcwoG/ftPkaLg8OJPMB8GA1UdIwQY
MBaAFCf8pbenfYh2SfaKRckNZnx2UAFkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSl95bHQ2ZDlpSFpKOW9wRnlRMW1mSFpRQVdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC8zNTM4NWItNjY4NC00NTllLTgzMjct
YzFmYWUwMDg4OWRiLzEvTWpKcWw2TjFrN056Q2diOS0wLVJvdUR3NGs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC8zNTM4NWItNjY4NC00NTllLTgzMjctYzFmYWUwMDg4OWRi
LzEvSl95bHQ2ZDlpSFpKOW9wRnlRMW1mSFpRQVdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiKnMA0G
CSqGSIb3DQEBCwUAA4IBAQCXLYR9ak24/KH5zIDPKnk814pULklL6FcyCbYVT+mL
CABqU6WgolqgAjUTAWcOOdv1gQc8sAoShRFcN4J6YQNY11sijtbfEwjqQ78hUgHa
8s2bQPgSYHO4pgJXJpA1L3FDg5A8uRafOrLkas4y1GjM6oYKcOBqk4earvTbXeiZ
WD+5/3C0rkbpRI94Rp5vvh6DJdf2lJlCgSvGAkrzBNWZWYBcB37RMy7Nroo/AimX
zovuZi6+pvFLf0KJ0ozV5btJDI0vLX5exCtnB0n2Kcprd4tnEYqbY2TIJFWa/E48
r0xz2h2qCcDsrAzFmraf6tsLjZl/Pmcxo24l5u2NU1CJ
-----END CERTIFICATE-----