This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/FkRBlYxvsunzz5Y_hjDihPp2UZg.roa
File:                     FkRBlYxvsunzz5Y_hjDihPp2UZg.roa (raw, json)
Hash identifier:          BfNouYeMbV464ZUIf/N5/r3iFKXhvzmE+eMZuzfvyOM=
Subject key identifier:   16:44:41:95:8C:6F:B2:E9:F3:CF:96:3F:86:30:E2:84:FA:76:51:98
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       019B77C7496167A04B2A6536F741B7D7E386
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/FkRBlYxvsunzz5Y_hjDihPp2UZg.roa
Signing time:             Thu 01 Jan 2026 04:18:27 +0000
ROA not before:           Thu 01 Jan 2026 04:18:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203493
IP address blocks:        194.226.42.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:49:61:67:a0:4b:2a:65:36:f7:41:b7:d7:e3:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  1 04:18:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=164441958c6fb2e9f3cf963f8630e284fa765198
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:4b:76:2f:15:2c:fd:e1:3e:03:43:95:0d:5b:
                    61:9f:74:a2:6f:f2:6b:16:6e:4c:84:dd:8e:5b:6f:
                    54:fe:f0:27:59:01:1b:15:f6:6a:ef:c4:ac:21:7e:
                    72:80:d2:ad:bb:e9:40:c9:c8:63:d3:c5:a2:c8:f2:
                    98:76:49:94:93:76:d0:25:2f:ce:1e:95:83:a5:1e:
                    82:da:bf:dc:e6:6b:0e:55:db:dc:8a:75:85:11:cc:
                    97:3d:c9:01:3e:12:be:eb:7c:e7:e0:85:30:30:69:
                    e9:d0:d1:22:0c:7c:6a:9b:8f:f4:33:c5:2b:6b:36:
                    40:26:bb:51:d5:d9:e2:a9:85:90:fc:75:ca:30:45:
                    c9:51:91:04:0c:c6:91:09:38:e4:1a:66:ea:a6:6f:
                    8a:13:5d:42:fb:60:db:65:b1:17:e2:4e:cc:13:10:
                    9c:cd:a9:fc:7d:d0:e8:c9:b9:67:71:7d:ef:b0:4a:
                    c2:02:b3:7a:d7:fe:e1:59:f6:7b:be:10:e7:8f:5d:
                    51:8e:c0:46:e9:4e:9f:db:9d:ff:69:09:b0:8d:fa:
                    15:3a:5c:12:73:e3:42:d6:a5:1f:c0:cd:c5:54:33:
                    23:87:44:b0:ac:b2:91:a0:9e:e0:24:33:26:08:84:
                    a3:c3:1c:56:5d:97:ed:b1:37:29:db:a9:b6:b8:30:
                    86:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:44:41:95:8C:6F:B2:E9:F3:CF:96:3F:86:30:E2:84:FA:76:51:98
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/FkRBlYxvsunzz5Y_hjDihPp2UZg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.226.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:b1:51:65:24:37:0d:5b:8d:b1:1c:ba:76:97:e8:90:b0:c3:
         0b:99:70:55:cb:c9:cd:8d:7d:c2:93:88:cd:03:33:1a:e3:f1:
         65:00:28:b0:be:13:a0:80:74:ca:8e:91:34:41:a1:1c:93:9e:
         c4:cb:b9:91:3a:88:14:85:91:fa:ad:17:da:f6:a2:c3:5b:35:
         82:78:00:51:98:01:fb:42:70:57:3f:21:9a:f9:1e:de:b3:f2:
         93:6c:5d:51:da:2a:15:0b:89:35:81:f8:20:1c:3f:83:13:26:
         44:87:45:88:a9:84:bb:7d:ab:4b:57:02:5b:a8:79:f0:9f:f6:
         c5:11:e7:42:2a:62:14:80:4b:b8:b3:7e:a7:79:8a:8d:96:38:
         29:68:8c:e1:6c:b7:52:ae:94:11:b7:ae:f8:6c:04:bf:1e:08:
         fc:f9:c2:79:53:c6:f5:b6:f4:63:a2:b4:5d:6b:ce:40:f4:df:
         12:f8:60:3b:b0:a2:88:d4:9f:4f:e1:c6:72:fa:41:d5:2e:47:
         c6:79:d8:2f:af:a0:66:4e:c4:fe:6f:7b:71:cf:f1:02:67:25:
         c2:52:89:f7:b3:b9:b2:5d:f3:51:34:71:40:03:34:5a:b4:42:
         09:9e:c3:e2:70:31:f8:0f:7d:9b:8b:62:f6:cb:b6:61:26:dc:
         01:11:b1:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3x0lhZ6BLKmU290G31+OGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjYwMTAxMDQxODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjQ0NDE5NThjNmZiMmU5ZjNjZjk2M2Y4NjMwZTI4NGZhNzY1MTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp0t2LxUs/eE+A0OVDVthn3Sib/Jr
Fm5MhN2OW29U/vAnWQEbFfZq78SsIX5ygNKtu+lAychj08WiyPKYdkmUk3bQJS/O
HpWDpR6C2r/c5msOVdvcinWFEcyXPckBPhK+63zn4IUwMGnp0NEiDHxqm4/0M8Ur
azZAJrtR1dniqYWQ/HXKMEXJUZEEDMaRCTjkGmbqpm+KE11C+2DbZbEX4k7MExCc
zan8fdDoyblncX3vsErCArN61/7hWfZ7vhDnj11RjsBG6U6f253/aQmwjfoVOlwS
c+NC1qUfwM3FVDMjh0SwrLKRoJ7gJDMmCISjwxxWXZftsTcp26m2uDCGkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBZEQZWMb7Lp88+WP4Yw4oT6dlGYMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvRmtSQmxZeHZzdW56ejVZX2hqRGloUHAyVVpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwuIqMA0G
CSqGSIb3DQEBCwUAA4IBAQATsVFlJDcNW42xHLp2l+iQsMMLmXBVy8nNjX3Ck4jN
AzMa4/FlACiwvhOggHTKjpE0QaEck57Ey7mROogUhZH6rRfa9qLDWzWCeABRmAH7
QnBXPyGa+R7es/KTbF1R2ioVC4k1gfggHD+DEyZEh0WIqYS7fatLVwJbqHnwn/bF
EedCKmIUgEu4s36neYqNljgpaIzhbLdSrpQRt674bAS/Hgj8+cJ5U8b1tvRjorRd
a85A9N8S+GA7sKKI1J9P4cZy+kHVLkfGedgvr6BmTsT+b3txz/ECZyXCUon3s7my
XfNRNHFAAzRatEIJnsPicDH4D32bi2L2y7ZhJtwBEbFz
-----END CERTIFICATE-----