This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/hDg-U3kdEEx_C8M8WBl2oNVSKeo.roa
File:                     hDg-U3kdEEx_C8M8WBl2oNVSKeo.roa (raw, json)
Hash identifier:          IcoVtk8CB1mHueCNcjnq0EwqM9VlwKBsN7PCF4KpnNg=
Subject key identifier:   84:38:3E:53:79:1D:10:4C:7F:0B:C3:3C:58:19:76:A0:D5:52:29:EA
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019B79EC69D3850B054A911816E7290FA64A
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/hDg-U3kdEEx_C8M8WBl2oNVSKeo.roa
Signing time:             Thu 01 Jan 2026 14:18:15 +0000
ROA not before:           Thu 01 Jan 2026 14:18:15 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205901
IP address blocks:        193.23.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:69:d3:85:0b:05:4a:91:18:16:e7:29:0f:a6:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jan  1 14:18:15 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=84383e53791d104c7f0bc33c581976a0d55229ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:9f:c0:16:05:c9:4b:ab:da:b8:ea:6c:c9:66:
                    57:15:53:fd:3e:21:f0:fe:a0:d7:6c:9f:97:06:97:
                    c1:4b:95:78:5c:6e:76:b7:62:e9:28:e1:25:8d:16:
                    02:fe:3b:f8:f1:d0:5a:d8:eb:21:19:17:01:32:7f:
                    6f:87:3d:e2:f0:84:e6:49:79:71:74:4f:ce:5b:c6:
                    75:78:b9:d2:02:0c:4d:32:fa:90:bf:7f:93:a3:bc:
                    13:2c:41:c0:72:b8:5d:06:99:58:da:de:3f:6e:d3:
                    d0:fd:e0:22:81:66:19:6d:bb:ac:ec:11:bf:93:64:
                    c0:d7:3a:15:09:19:1d:d9:25:b4:dd:d2:70:34:99:
                    95:35:60:28:5f:3f:87:18:ff:16:7b:d8:0f:29:f3:
                    88:91:93:2a:d5:3e:4a:d7:32:8a:1d:77:b4:ba:25:
                    2b:f2:08:55:ef:97:bc:c5:b5:84:03:3f:ca:9c:0c:
                    18:5e:06:5e:c7:86:e7:a2:57:48:2d:5d:48:4c:cd:
                    d0:62:fd:43:4c:c4:ba:d1:3d:d5:65:1e:63:36:42:
                    69:dc:ec:45:01:36:a8:2b:9a:71:c5:fd:02:ef:d9:
                    18:67:26:59:e4:41:e5:06:ae:9b:08:90:47:18:a9:
                    26:ec:3a:b8:4b:34:3a:83:34:85:53:a8:2b:83:e5:
                    77:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:38:3E:53:79:1D:10:4C:7F:0B:C3:3C:58:19:76:A0:D5:52:29:EA
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/hDg-U3kdEEx_C8M8WBl2oNVSKeo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.23.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:e8:c6:f8:0a:29:e0:82:b1:b1:fa:79:f5:38:44:c0:90:37:
         fb:be:72:d7:4e:bc:b5:4f:72:20:db:46:72:8b:68:ca:ed:8b:
         eb:13:c2:18:36:aa:ac:02:69:82:84:80:69:34:67:70:49:48:
         31:18:45:a4:8f:b1:2d:46:5e:e9:d3:6d:d8:f7:48:d4:e4:b2:
         b6:62:e6:7d:76:80:37:e4:5e:75:45:4e:82:84:2c:8b:38:79:
         59:34:3e:34:7f:c1:74:05:a3:73:4d:1f:24:57:5e:c7:98:c0:
         c1:af:8d:49:61:f1:33:d4:0b:32:93:08:c3:84:e2:e6:a9:03:
         72:78:33:97:3d:d9:3e:be:56:79:73:8c:54:ec:e7:a6:34:2b:
         88:0c:9d:92:9b:31:67:59:67:6c:17:d5:b7:16:4f:60:06:a8:
         6b:91:d2:08:21:cb:f7:ec:6f:52:d1:ab:35:be:f7:e5:06:cc:
         95:be:4d:a3:d6:ad:12:5a:4c:e1:f2:5c:7d:bb:36:6b:93:db:
         72:ee:8c:a6:36:6a:48:b7:90:f3:fd:3c:cb:fd:e3:11:fa:04:
         7f:1c:4a:65:ac:d2:6f:8e:3a:6d:7a:fa:49:c3:96:7c:c0:95:
         b2:f9:24:d0:43:ed:11:63:fd:00:44:9d:40:60:63:9e:5d:f2:
         e5:bc:91:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57GnThQsFSpEYFucpD6ZKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMTAxMTQxODE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDM4M2U1Mzc5MWQxMDRjN2YwYmMzM2M1ODE5NzZhMGQ1NTIyOWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsp/AFgXJS6vauOpsyWZXFVP9PiHw
/qDXbJ+XBpfBS5V4XG52t2LpKOEljRYC/jv48dBa2OshGRcBMn9vhz3i8ITmSXlx
dE/OW8Z1eLnSAgxNMvqQv3+To7wTLEHAcrhdBplY2t4/btPQ/eAigWYZbbus7BG/
k2TA1zoVCRkd2SW03dJwNJmVNWAoXz+HGP8We9gPKfOIkZMq1T5K1zKKHXe0uiUr
8ghV75e8xbWEAz/KnAwYXgZex4bnoldILV1ITM3QYv1DTMS60T3VZR5jNkJp3OxF
ATaoK5pxxf0C79kYZyZZ5EHlBq6bCJBHGKkm7Dq4SzQ6gzSFU6grg+V3zQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIQ4PlN5HRBMfwvDPFgZdqDVUinqMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvaERnLVUza2RFRXhfQzhNOFdCbDJvTlZTS2VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRfLMA0G
CSqGSIb3DQEBCwUAA4IBAQB/6Mb4CinggrGx+nn1OETAkDf7vnLXTry1T3Ig20Zy
i2jK7YvrE8IYNqqsAmmChIBpNGdwSUgxGEWkj7EtRl7p023Y90jU5LK2YuZ9doA3
5F51RU6ChCyLOHlZND40f8F0BaNzTR8kV17HmMDBr41JYfEz1AsykwjDhOLmqQNy
eDOXPdk+vlZ5c4xU7OemNCuIDJ2SmzFnWWdsF9W3Fk9gBqhrkdIIIcv37G9S0as1
vvflBsyVvk2j1q0SWkzh8lx9uzZrk9ty7oymNmpIt5Dz/TzL/eMR+gR/HEplrNJv
jjptevpJw5Z8wJWy+STQQ+0RY/0ARJ1AYGOeXfLlvJEs
-----END CERTIFICATE-----