This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/g29lo6TYg2yHjwlh_dUXjI5SmTw.roa
File:                     g29lo6TYg2yHjwlh_dUXjI5SmTw.roa (raw, json)
Hash identifier:          Jny/PRHwEh+jWSXQMCvWxz20vWWCOxaJMiHksCDEG+o=
Subject key identifier:   83:6F:65:A3:A4:D8:83:6C:87:8F:09:61:FD:D5:17:8C:8E:52:99:3C
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019B79EC831C4717C6988E747FBB3D596A7A
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/g29lo6TYg2yHjwlh_dUXjI5SmTw.roa
Signing time:             Thu 01 Jan 2026 14:18:21 +0000
ROA not before:           Thu 01 Jan 2026 14:18:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216039
IP address blocks:        185.176.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:83:1c:47:17:c6:98:8e:74:7f:bb:3d:59:6a:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jan  1 14:18:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=836f65a3a4d8836c878f0961fdd5178c8e52993c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:e1:78:8b:be:5f:d7:f1:00:93:59:d5:3c:f7:
                    8f:3b:64:a6:a1:7d:f8:a7:45:0e:74:69:8a:a8:ca:
                    38:a8:18:49:3e:31:74:e4:b1:65:80:1d:6f:a2:18:
                    46:5f:87:c3:73:fa:23:a3:77:97:b0:b0:81:5a:ed:
                    65:b5:f2:3c:a5:1c:57:56:2b:97:13:ae:8b:e9:9b:
                    e9:af:1c:b2:2f:19:d2:49:9d:1c:92:3b:72:3b:a2:
                    ce:1f:d4:d1:bc:77:58:be:1f:ea:50:ac:19:8d:2c:
                    ba:2a:e9:cd:ba:e5:88:c6:03:cf:b6:b0:95:4a:f8:
                    3c:89:e7:a2:be:91:d2:95:e6:eb:d2:82:73:22:42:
                    83:4f:37:11:d4:a6:50:0d:85:0d:ed:c2:d7:3c:52:
                    bd:b0:95:b7:fb:aa:68:a8:7d:d0:91:fc:dc:ff:ae:
                    be:ee:f3:63:7e:54:bd:3f:19:a9:1d:42:43:fd:89:
                    c2:7b:12:47:d0:b2:76:2d:a3:dd:cf:cc:3c:1c:55:
                    33:26:35:87:45:68:fa:39:6a:67:64:50:43:58:dd:
                    44:c7:f6:03:1c:36:07:b7:6c:f7:e2:0c:8e:62:f6:
                    90:69:08:b1:de:ea:a2:19:62:ab:aa:81:ab:36:dd:
                    58:f6:46:81:a7:f3:8d:b6:c5:3c:79:e7:66:c5:8a:
                    de:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:6F:65:A3:A4:D8:83:6C:87:8F:09:61:FD:D5:17:8C:8E:52:99:3C
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/g29lo6TYg2yHjwlh_dUXjI5SmTw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.176.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:0b:a8:a2:4d:53:d7:15:c7:54:73:35:9a:02:22:d9:8e:12:
         00:27:d4:9f:b5:2b:4d:c3:42:50:9e:c4:f8:e6:2c:6b:69:68:
         84:63:ac:d9:c7:ac:86:f2:13:4c:98:8f:0b:0d:37:42:de:7e:
         b9:ba:a6:9c:24:ed:c7:eb:a3:50:8f:6d:2b:b9:06:03:f0:99:
         7d:48:6d:c3:83:f9:e2:11:95:51:0d:59:62:1f:92:0b:e3:62:
         58:6a:af:19:3b:63:65:6d:52:05:a4:05:de:9c:52:55:f1:b3:
         b9:80:e5:0e:2a:68:e8:96:e4:e3:4d:83:3e:57:9a:3f:52:5c:
         f9:24:45:b2:0f:a2:d5:b2:c8:ad:66:f7:6e:67:2e:b6:3d:4d:
         19:67:ff:3d:29:b2:e8:0a:f0:5d:f4:e6:8b:69:47:c3:b2:35:
         61:c4:c6:e1:95:83:7e:b2:66:5c:af:20:7f:70:51:d5:52:28:
         32:d4:47:e0:ce:3f:dd:67:7a:85:b8:f8:34:59:b6:97:88:25:
         8b:ee:6c:4a:f7:e1:fc:33:14:0e:e7:67:9d:fe:a5:40:35:ce:
         a0:ad:8f:82:6d:5f:78:64:b8:b0:e9:cf:23:42:37:f5:37:0a:
         d6:be:d8:bb:ba:3f:8c:7c:2a:dd:2a:20:8c:40:41:9d:3d:d1:
         1e:08:ae:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57IMcRxfGmI50f7s9WWp6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMTAxMTQxODIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzZmNjVhM2E0ZDg4MzZjODc4ZjA5NjFmZGQ1MTc4YzhlNTI5OTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuF4i75f1/EAk1nVPPePO2SmoX34
p0UOdGmKqMo4qBhJPjF05LFlgB1vohhGX4fDc/ojo3eXsLCBWu1ltfI8pRxXViuX
E66L6ZvprxyyLxnSSZ0ckjtyO6LOH9TRvHdYvh/qUKwZjSy6KunNuuWIxgPPtrCV
Svg8ieeivpHSlebr0oJzIkKDTzcR1KZQDYUN7cLXPFK9sJW3+6poqH3Qkfzc/66+
7vNjflS9PxmpHUJD/YnCexJH0LJ2LaPdz8w8HFUzJjWHRWj6OWpnZFBDWN1Ex/YD
HDYHt2z34gyOYvaQaQix3uqiGWKrqoGrNt1Y9kaBp/ONtsU8eedmxYrezwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFINvZaOk2INsh48JYf3VF4yOUpk8MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvZzI5bG82VFlnMnlIandsaF9kVVhqSTVTbVR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubBeMA0G
CSqGSIb3DQEBCwUAA4IBAQCcC6iiTVPXFcdUczWaAiLZjhIAJ9SftStNw0JQnsT4
5ixraWiEY6zZx6yG8hNMmI8LDTdC3n65uqacJO3H66NQj20ruQYD8Jl9SG3Dg/ni
EZVRDVliH5IL42JYaq8ZO2NlbVIFpAXenFJV8bO5gOUOKmjoluTjTYM+V5o/Ulz5
JEWyD6LVssitZvduZy62PU0ZZ/89KbLoCvBd9OaLaUfDsjVhxMbhlYN+smZcryB/
cFHVUigy1Efgzj/dZ3qFuPg0WbaXiCWL7mxK9+H8MxQO52ed/qVANc6grY+CbV94
ZLiw6c8jQjf1NwrWvti7uj+MfCrdKiCMQEGdPdEeCK4V
-----END CERTIFICATE-----