This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/EKiU41UJj--ulwCKYhfIpGCpf8c.roa
File:                     EKiU41UJj--ulwCKYhfIpGCpf8c.roa (raw, json)
Hash identifier:          NiCQR8/0lQdl4T8bqmOaVuai2aFe5CZ6IEZxaLxf3Tc=
Subject key identifier:   10:A8:94:E3:55:09:8F:EF:AE:97:00:8A:62:17:C8:A4:60:A9:7F:C7
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       019B77C740137C18A755F54AE065A7CD69A1
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/EKiU41UJj--ulwCKYhfIpGCpf8c.roa
Signing time:             Thu 01 Jan 2026 04:18:25 +0000
ROA not before:           Thu 01 Jan 2026 04:18:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60040
IP address blocks:        194.226.174.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:40:13:7c:18:a7:55:f5:4a:e0:65:a7:cd:69:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  1 04:18:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=10a894e355098fefae97008a6217c8a460a97fc7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:b2:29:79:19:54:f9:62:83:73:4e:c5:f0:bb:
                    6d:75:71:42:be:fc:83:db:6f:9a:6d:51:bd:7b:c1:
                    e2:78:7c:89:b3:5c:a3:a7:c5:c7:c5:33:0e:7e:01:
                    9e:5e:00:6e:b2:4a:e6:d8:64:0d:52:6f:49:07:3b:
                    13:f8:76:01:bd:07:cf:8e:43:a7:9e:0a:e9:98:0f:
                    50:29:38:e1:1c:02:b6:99:08:55:c5:93:6c:9c:02:
                    f4:73:37:a5:e9:27:41:a9:e7:84:66:2a:c5:a5:52:
                    4d:ec:65:b9:52:57:d8:cd:04:f4:5f:7d:ba:46:3d:
                    36:24:aa:22:03:06:b9:f1:27:75:73:0c:1b:46:7f:
                    4b:2a:ed:a5:42:64:46:96:e9:e5:66:0c:58:cd:9b:
                    f9:5f:4d:a2:73:30:5c:19:0f:50:77:b3:0a:4f:d1:
                    51:3c:e7:c6:51:c8:db:59:d7:c8:59:93:2a:30:70:
                    84:85:01:fa:4e:31:bb:77:c8:33:58:25:1a:a5:3e:
                    1e:88:96:ec:d4:73:a0:8d:6b:a6:f7:fa:c6:60:90:
                    1f:51:fb:99:d0:83:b6:82:2e:87:b4:e7:c4:77:b1:
                    b2:97:03:7f:56:8b:10:53:70:5e:a2:21:81:05:1b:
                    2d:b6:b8:c0:36:9f:ef:de:d0:15:fb:66:a3:bc:c0:
                    17:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:A8:94:E3:55:09:8F:EF:AE:97:00:8A:62:17:C8:A4:60:A9:7F:C7
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/EKiU41UJj--ulwCKYhfIpGCpf8c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.226.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:35:5c:7e:0e:44:65:0f:d9:d2:ae:05:f2:4a:a5:83:07:3e:
         51:3f:4a:0e:37:4f:e6:ca:80:51:54:36:10:8f:53:c9:89:c7:
         c2:49:1f:be:2e:40:65:ff:cd:00:32:3f:4a:40:34:09:5e:c9:
         68:e9:d4:87:51:ec:7a:67:83:9a:1a:b2:16:de:99:f6:b5:40:
         9e:1d:e1:ca:62:43:f7:b7:92:c4:b4:22:50:75:cd:57:71:5a:
         4b:0c:d4:d1:6c:c2:88:1e:37:0c:72:81:67:c1:cf:db:fb:f2:
         ad:93:ed:38:a4:5a:cd:00:c2:ad:00:d4:b6:4a:ec:2e:5f:a3:
         c9:7c:0d:61:79:f5:f1:e9:0e:e0:00:69:83:6f:6b:ff:d7:b5:
         75:c6:87:fd:9c:0c:fe:42:f3:d9:86:74:ca:1a:71:10:73:4f:
         c2:0c:00:32:43:87:71:82:69:78:a3:1d:27:78:27:9b:d7:3a:
         2a:7c:6b:14:a0:9b:4a:14:d3:1e:c5:27:97:16:aa:a8:af:4b:
         79:f1:13:93:86:38:85:d2:a6:a8:54:8d:3f:56:13:c7:58:fb:
         fe:35:8d:62:9d:a5:11:50:8a:cb:76:4e:fb:ed:3e:7f:0c:45:
         4a:2d:6d:f1:33:76:71:e7:cf:d5:bb:ac:20:cd:e8:fb:2b:bd:
         52:db:19:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3x0ATfBinVfVK4GWnzWmhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjYwMTAxMDQxODI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGE4OTRlMzU1MDk4ZmVmYWU5NzAwOGE2MjE3YzhhNDYwYTk3ZmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx7IpeRlU+WKDc07F8LttdXFCvvyD
22+abVG9e8HieHyJs1yjp8XHxTMOfgGeXgBuskrm2GQNUm9JBzsT+HYBvQfPjkOn
ngrpmA9QKTjhHAK2mQhVxZNsnAL0czel6SdBqeeEZirFpVJN7GW5UlfYzQT0X326
Rj02JKoiAwa58Sd1cwwbRn9LKu2lQmRGlunlZgxYzZv5X02iczBcGQ9Qd7MKT9FR
POfGUcjbWdfIWZMqMHCEhQH6TjG7d8gzWCUapT4eiJbs1HOgjWum9/rGYJAfUfuZ
0IO2gi6HtOfEd7GylwN/VosQU3BeoiGBBRsttrjANp/v3tAV+2ajvMAX/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBColONVCY/vrpcAimIXyKRgqX/HMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvRUtpVTQxVUpqLS11bHdDS1loZklwR0NwZjhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwuKuMA0G
CSqGSIb3DQEBCwUAA4IBAQBfNVx+DkRlD9nSrgXySqWDBz5RP0oON0/myoBRVDYQ
j1PJicfCSR++LkBl/80AMj9KQDQJXslo6dSHUex6Z4OaGrIW3pn2tUCeHeHKYkP3
t5LEtCJQdc1XcVpLDNTRbMKIHjcMcoFnwc/b+/Ktk+04pFrNAMKtANS2SuwuX6PJ
fA1hefXx6Q7gAGmDb2v/17V1xof9nAz+QvPZhnTKGnEQc0/CDAAyQ4dxgml4ox0n
eCeb1zoqfGsUoJtKFNMexSeXFqqor0t58ROThjiF0qaoVI0/VhPHWPv+NY1inaUR
UIrLdk777T5/DEVKLW3xM3Zx58/Vu6wgzej7K71S2xnS
-----END CERTIFICATE-----