This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/8DJWavFJtbcTk5CvAIyHHpXxszI.roa
File:                     8DJWavFJtbcTk5CvAIyHHpXxszI.roa (raw, json)
Hash identifier:          D7cZ2wqjXS9RsoaTqabFls+804cZ1pT0bl69C7nhJHk=
Subject key identifier:   F0:32:56:6A:F1:49:B5:B7:13:93:90:AF:00:8C:87:1E:95:F1:B3:32
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       019B77C72EE528331A351D654A3DEA686F07
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/8DJWavFJtbcTk5CvAIyHHpXxszI.roa
Signing time:             Thu 01 Jan 2026 04:18:20 +0000
ROA not before:           Thu 01 Jan 2026 04:18:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     28917
IP address blocks:        194.190.2.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:2e:e5:28:33:1a:35:1d:65:4a:3d:ea:68:6f:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  1 04:18:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f032566af149b5b7139390af008c871e95f1b332
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:65:d4:64:ad:0b:36:09:d1:c2:87:5f:57:6f:
                    5c:cd:19:84:22:9e:3a:3f:01:6d:c3:d7:de:35:70:
                    df:9b:45:40:92:63:f6:67:d2:88:a4:6a:44:54:ce:
                    13:94:af:ac:a5:75:85:31:65:86:f1:68:9f:69:fc:
                    93:39:08:cf:4e:bd:e4:7f:b9:bf:09:49:49:45:9a:
                    ee:2a:3b:5e:c8:ff:0b:e1:98:a9:6d:de:10:a8:b1:
                    fe:52:58:01:c0:0c:04:4d:0e:80:53:a5:f7:f9:c5:
                    ab:1d:2d:05:40:0c:0d:6a:88:fa:54:c4:d4:36:11:
                    63:cc:6e:2c:cb:b4:f4:86:26:0c:7d:5f:ae:07:92:
                    0a:35:dc:85:9e:b3:86:d4:23:4f:9c:55:e7:ff:a2:
                    72:20:f2:ac:e4:4c:32:42:cb:bd:8e:bc:75:7b:99:
                    c7:36:f2:2c:9d:41:01:f2:1b:10:a0:32:b5:a6:9d:
                    96:9f:b1:53:5d:47:dd:30:80:f6:2f:f3:bb:c4:d6:
                    ad:04:a6:64:dd:23:66:c9:be:07:8c:c8:46:72:7f:
                    6d:e4:b2:21:84:d1:ec:fd:5d:e0:3d:a4:99:ec:dc:
                    a6:27:e7:77:0c:ce:b9:a7:f2:ef:ab:b7:51:4e:8e:
                    19:32:ba:61:46:0a:cc:c8:8a:a6:86:de:c8:93:06:
                    bd:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:32:56:6A:F1:49:B5:B7:13:93:90:AF:00:8C:87:1E:95:F1:B3:32
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/8DJWavFJtbcTk5CvAIyHHpXxszI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.190.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b0:e8:ca:4b:5f:80:22:65:66:b1:ca:ce:bb:00:4e:6e:ad:d0:
         64:b8:a8:6a:0e:15:13:8e:76:49:3d:d0:a1:fd:ef:fa:38:8a:
         01:60:6a:9e:a2:42:7d:b7:01:1d:92:54:9d:b2:df:18:a4:ac:
         c6:46:fb:ed:30:b8:ab:c8:03:8c:72:0f:10:3c:93:7b:3d:0d:
         5b:34:16:73:40:07:39:99:14:57:4a:53:dc:e3:df:c5:23:e5:
         d2:77:5b:85:58:66:96:f5:27:8f:e1:60:f2:c4:6a:66:d3:31:
         35:83:c8:80:f9:ee:aa:af:b0:3a:47:55:b1:7d:b8:0f:bd:8f:
         0b:4e:d6:d2:ba:39:25:1b:dc:6e:5c:b9:63:a8:09:cf:30:8f:
         e9:77:96:af:27:33:de:a5:8e:25:94:34:c7:61:7b:23:c0:98:
         5b:5c:d5:17:c6:9b:50:51:da:60:4e:d0:d9:4b:60:d5:d7:fc:
         ca:ae:6b:21:93:a4:5f:a0:34:7f:b1:81:9e:90:81:de:2c:ee:
         5d:b6:5b:92:f1:36:54:62:ea:f8:90:46:2b:2d:49:35:fa:62:
         01:2b:75:33:77:94:92:da:e2:18:61:c7:30:ea:9d:fa:34:2f:
         78:ed:93:9b:6e:2f:bc:f3:cc:50:c7:3d:f6:5f:dc:46:f9:b6:
         f8:0e:ad:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xy7lKDMaNR1lSj3qaG8HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjYwMTAxMDQxODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDMyNTY2YWYxNDliNWI3MTM5MzkwYWYwMDhjODcxZTk1ZjFiMzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzWXUZK0LNgnRwodfV29czRmEIp46
PwFtw9feNXDfm0VAkmP2Z9KIpGpEVM4TlK+spXWFMWWG8WifafyTOQjPTr3kf7m/
CUlJRZruKjteyP8L4Zipbd4QqLH+UlgBwAwETQ6AU6X3+cWrHS0FQAwNaoj6VMTU
NhFjzG4sy7T0hiYMfV+uB5IKNdyFnrOG1CNPnFXn/6JyIPKs5EwyQsu9jrx1e5nH
NvIsnUEB8hsQoDK1pp2Wn7FTXUfdMID2L/O7xNatBKZk3SNmyb4HjMhGcn9t5LIh
hNHs/V3gPaSZ7NymJ+d3DM65p/Lvq7dRTo4ZMrphRgrMyIqmht7Ikwa9YwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPAyVmrxSbW3E5OQrwCMhx6V8bMyMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvOERKV2F2Rkp0YmNUazVDdkFJeUhIcFh4c3pJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwr4CMA0G
CSqGSIb3DQEBCwUAA4IBAQCw6MpLX4AiZWaxys67AE5urdBkuKhqDhUTjnZJPdCh
/e/6OIoBYGqeokJ9twEdklSdst8YpKzGRvvtMLiryAOMcg8QPJN7PQ1bNBZzQAc5
mRRXSlPc49/FI+XSd1uFWGaW9SeP4WDyxGpm0zE1g8iA+e6qr7A6R1WxfbgPvY8L
TtbSujklG9xuXLljqAnPMI/pd5avJzPepY4llDTHYXsjwJhbXNUXxptQUdpgTtDZ
S2DV1/zKrmshk6RfoDR/sYGekIHeLO5dtluS8TZUYur4kEYrLUk1+mIBK3Uzd5SS
2uIYYccw6p36NC947ZObbi+888xQxz32X9xG+bb4Dq1y
-----END CERTIFICATE-----