This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/iTdj5MKk2AJCV2BXf6if5fJMhvc.roa
File:                     iTdj5MKk2AJCV2BXf6if5fJMhvc.roa (raw, json)
Hash identifier:          J0n63vMLfQCYIqE/RljIOgJv8H84trTp8qBSV+tZI7I=
Subject key identifier:   89:37:63:E4:C2:A4:D8:02:42:57:60:57:7F:A8:9F:E5:F2:4C:86:F7
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       019B77C74DD05CEB89918F5D28A3253AA6D5
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/iTdj5MKk2AJCV2BXf6if5fJMhvc.roa
Signing time:             Thu 01 Jan 2026 04:18:28 +0000
ROA not before:           Thu 01 Jan 2026 04:18:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208677
IP address blocks:        194.190.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:4d:d0:5c:eb:89:91:8f:5d:28:a3:25:3a:a6:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  1 04:18:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=893763e4c2a4d802425760577fa89fe5f24c86f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:44:a4:7e:cc:52:cd:11:a4:9d:d2:96:79:f5:
                    11:42:76:97:90:ea:d0:96:a6:b1:02:6c:21:82:2f:
                    2c:fc:e6:45:bb:62:2f:c7:c5:1e:ee:9c:84:d3:fa:
                    8e:64:f4:33:b3:cc:1c:c8:89:db:a0:32:5f:09:b0:
                    14:ee:63:96:58:e8:66:60:9e:6e:26:16:a8:72:bd:
                    0d:34:f5:69:f8:99:69:8a:ee:42:7e:b7:f4:ac:27:
                    cd:a1:a6:b7:bb:38:c7:f6:47:30:29:dc:9a:da:52:
                    d3:68:bf:e4:b4:40:0c:f3:e8:da:f9:35:a8:24:5b:
                    b8:c9:66:1f:7f:b5:8b:12:2f:4a:55:98:7f:3a:00:
                    a2:07:08:90:18:9d:cd:e1:b9:89:72:a0:6a:46:37:
                    26:70:d1:73:02:fc:b8:76:95:77:72:96:57:26:49:
                    da:d7:b9:83:76:b5:e3:14:77:67:35:f6:b7:a3:58:
                    f4:7b:01:c7:d6:fa:fc:41:6c:bb:e4:3b:bf:94:f0:
                    32:e8:63:ca:b6:71:7c:91:1b:35:55:8c:ea:bc:85:
                    8e:c2:ca:75:b6:fd:27:da:4a:8f:29:a0:12:fc:f2:
                    8b:ee:3d:23:50:72:6b:f1:56:3b:16:95:ae:55:0e:
                    f3:f5:75:21:21:e2:ce:0c:60:9d:0d:e9:92:a9:ab:
                    d0:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:37:63:E4:C2:A4:D8:02:42:57:60:57:7F:A8:9F:E5:F2:4C:86:F7
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/iTdj5MKk2AJCV2BXf6if5fJMhvc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.190.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:30:9a:a0:12:5a:cb:dd:ec:06:3e:4b:cd:f1:7d:6b:f3:d7:
         5a:70:f5:41:28:97:9c:c4:a5:71:d6:40:ae:ad:b1:28:07:c9:
         b0:95:47:52:53:1d:43:e2:3c:26:0d:eb:d8:67:3b:cc:f1:95:
         ee:06:74:28:b6:15:aa:91:ae:7f:c5:60:40:02:43:d6:ea:b5:
         02:da:17:c6:eb:f0:b5:be:4e:81:91:01:4a:f3:f9:f7:31:36:
         a2:11:cb:ec:31:a6:0c:38:d3:57:32:9d:32:1a:4f:90:f0:5f:
         08:24:0f:f6:a1:47:02:00:d0:d1:11:17:ce:8f:46:b3:62:a2:
         57:c6:88:87:96:ab:31:a4:c7:84:7a:53:40:d7:ba:f8:c0:9a:
         07:5e:96:1d:bf:1d:f4:16:42:06:2b:79:20:86:12:d1:f4:f1:
         e6:95:16:08:a0:80:4c:97:07:9c:f6:98:0d:71:1e:ec:02:9b:
         e8:fc:22:0f:21:c0:c2:dc:33:2c:d8:b2:3c:de:1f:da:89:bd:
         17:bd:50:4b:aa:9a:aa:de:66:17:fd:08:d2:26:36:78:54:90:
         f8:f1:4f:56:1a:9f:84:08:9e:e0:dc:dd:93:5f:f9:05:b2:a9:
         16:13:d8:fb:12:6f:2d:e0:85:40:37:a4:c1:c3:a1:c4:3d:c5:
         0d:2b:55:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3x03QXOuJkY9dKKMlOqbVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjYwMTAxMDQxODI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTM3NjNlNGMyYTRkODAyNDI1NzYwNTc3ZmE4OWZlNWYyNGM4NmY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyESkfsxSzRGkndKWefURQnaXkOrQ
lqaxAmwhgi8s/OZFu2Ivx8Ue7pyE0/qOZPQzs8wcyInboDJfCbAU7mOWWOhmYJ5u
Jhaocr0NNPVp+Jlpiu5Cfrf0rCfNoaa3uzjH9kcwKdya2lLTaL/ktEAM8+ja+TWo
JFu4yWYff7WLEi9KVZh/OgCiBwiQGJ3N4bmJcqBqRjcmcNFzAvy4dpV3cpZXJkna
17mDdrXjFHdnNfa3o1j0ewHH1vr8QWy75Du/lPAy6GPKtnF8kRs1VYzqvIWOwsp1
tv0n2kqPKaAS/PKL7j0jUHJr8VY7FpWuVQ7z9XUhIeLODGCdDemSqavQdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIk3Y+TCpNgCQldgV3+on+XyTIb3MB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvaVRkajVNS2syQUpDVjJCWGY2aWY1ZkpNaHZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwr5sMA0G
CSqGSIb3DQEBCwUAA4IBAQCoMJqgElrL3ewGPkvN8X1r89dacPVBKJecxKVx1kCu
rbEoB8mwlUdSUx1D4jwmDevYZzvM8ZXuBnQothWqka5/xWBAAkPW6rUC2hfG6/C1
vk6BkQFK8/n3MTaiEcvsMaYMONNXMp0yGk+Q8F8IJA/2oUcCANDRERfOj0azYqJX
xoiHlqsxpMeEelNA17r4wJoHXpYdvx30FkIGK3kghhLR9PHmlRYIoIBMlwec9pgN
cR7sApvo/CIPIcDC3DMs2LI83h/aib0XvVBLqpqq3mYX/QjSJjZ4VJD48U9WGp+E
CJ7g3N2TX/kFsqkWE9j7Em8t4IVAN6TBw6HEPcUNK1XZ
-----END CERTIFICATE-----