This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/nhjn8DGAdvkJVYMk4tNXrgWAvI4.roa
File:                     nhjn8DGAdvkJVYMk4tNXrgWAvI4.roa (raw, json)
Hash identifier:          bVsGZvpbfQMcllTRhVtojN/9NJDKrbObVLn1QaWI52g=
Subject key identifier:   9E:18:E7:F0:31:80:76:F9:09:55:83:24:E2:D3:57:AE:05:80:BC:8E
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019B79EC8457D82E74B4A5245273084F9289
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/nhjn8DGAdvkJVYMk4tNXrgWAvI4.roa
Signing time:             Thu 01 Jan 2026 14:18:22 +0000
ROA not before:           Thu 01 Jan 2026 14:18:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216260
IP address blocks:        193.23.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:84:57:d8:2e:74:b4:a5:24:52:73:08:4f:92:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jan  1 14:18:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9e18e7f0318076f909558324e2d357ae0580bc8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:b6:36:05:65:f6:c0:a1:67:34:ca:dc:f0:06:
                    ed:af:83:63:0e:7f:68:29:ea:11:69:bf:e8:16:0b:
                    6c:bd:98:0a:35:14:56:69:f8:1c:ea:60:4e:e7:fa:
                    37:97:27:b9:5b:93:17:81:b1:bc:10:f5:2a:1d:37:
                    5f:eb:57:33:ad:d3:33:83:cd:c5:bf:9a:a2:ee:ab:
                    6a:5f:fb:d1:62:b3:67:b0:76:ca:47:c0:c9:89:fe:
                    c6:61:28:ec:63:e9:10:9b:26:cb:91:17:06:fe:93:
                    c3:e9:b0:2b:83:fb:fb:8c:ea:c1:d5:3e:b2:1c:e6:
                    bc:c4:fb:05:01:c2:6a:b4:39:a6:6d:77:67:1d:80:
                    0a:9f:02:cc:42:d8:7a:d4:03:82:7a:51:60:19:50:
                    8c:d8:e6:1e:2c:78:a9:6c:52:3d:4b:23:97:07:87:
                    40:bf:45:2b:f2:7f:c6:69:f2:73:0e:92:64:20:28:
                    9b:02:99:4f:0f:e0:24:c0:06:b6:da:3d:2b:db:8c:
                    01:35:57:b4:a3:f8:de:ef:f9:36:73:7e:61:3c:89:
                    a4:8b:0b:03:7b:32:cd:26:ad:26:19:66:75:34:a3:
                    6f:59:a5:c6:19:39:65:ed:03:ce:9e:38:45:14:10:
                    85:eb:15:80:77:0a:a1:bc:3f:98:c4:82:54:4f:9d:
                    9e:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:18:E7:F0:31:80:76:F9:09:55:83:24:E2:D3:57:AE:05:80:BC:8E
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/nhjn8DGAdvkJVYMk4tNXrgWAvI4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.23.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:85:a1:d0:66:22:af:b8:34:b1:00:2c:ab:55:a4:ab:64:e2:
         d1:72:ce:fe:43:e1:e0:8f:58:e4:f8:cd:c1:b6:f3:d3:f4:3b:
         e8:e6:53:a4:67:66:0c:36:dc:33:44:f0:05:ac:f9:90:a0:d7:
         a3:b7:c2:92:19:dc:f1:63:f5:11:1c:f0:af:95:2d:c5:c7:c3:
         e5:a0:b3:b6:d2:fb:e5:c1:ba:64:90:dd:24:97:7b:49:27:d8:
         64:0e:9c:21:29:23:86:e2:84:1b:fa:a1:bf:b4:2b:7a:e8:56:
         8b:66:0b:d2:87:9b:16:21:f2:8d:16:b2:62:42:c6:3c:b4:7f:
         d6:35:d8:3f:ed:88:44:e9:c5:a8:f8:66:4f:65:58:c7:e5:ef:
         34:d9:89:1c:b2:94:79:db:eb:80:3f:fa:72:46:52:73:91:85:
         84:46:8b:fe:16:76:e6:56:58:34:e7:25:81:68:2d:cf:36:e7:
         ba:b7:70:ff:b5:4d:42:8b:8f:a2:e4:37:3f:ff:7e:dc:df:ec:
         46:81:ad:0f:28:11:68:46:e0:97:29:11:9e:57:9d:19:2e:ef:
         40:96:2d:15:4d:88:08:ec:b4:ce:30:42:f1:85:af:44:ea:ca:
         34:ed:75:cc:28:ed:26:0e:f8:ec:2d:0d:94:c5:af:e0:cf:d8:
         e0:c8:d0:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57IRX2C50tKUkUnMIT5KJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMTAxMTQxODIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTE4ZTdmMDMxODA3NmY5MDk1NTgzMjRlMmQzNTdhZTA1ODBiYzhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsbY2BWX2wKFnNMrc8Abtr4NjDn9o
KeoRab/oFgtsvZgKNRRWafgc6mBO5/o3lye5W5MXgbG8EPUqHTdf61czrdMzg83F
v5qi7qtqX/vRYrNnsHbKR8DJif7GYSjsY+kQmybLkRcG/pPD6bArg/v7jOrB1T6y
HOa8xPsFAcJqtDmmbXdnHYAKnwLMQth61AOCelFgGVCM2OYeLHipbFI9SyOXB4dA
v0Ur8n/GafJzDpJkICibAplPD+AkwAa22j0r24wBNVe0o/je7/k2c35hPImkiwsD
ezLNJq0mGWZ1NKNvWaXGGTll7QPOnjhFFBCF6xWAdwqhvD+YxIJUT52ePwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ4Y5/AxgHb5CVWDJOLTV64FgLyOMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvbmhqbjhER0FkdmtKVllNazR0TlhyZ1dBdkk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRfdMA0G
CSqGSIb3DQEBCwUAA4IBAQCghaHQZiKvuDSxACyrVaSrZOLRcs7+Q+Hgj1jk+M3B
tvPT9Dvo5lOkZ2YMNtwzRPAFrPmQoNejt8KSGdzxY/URHPCvlS3Fx8PloLO20vvl
wbpkkN0kl3tJJ9hkDpwhKSOG4oQb+qG/tCt66FaLZgvSh5sWIfKNFrJiQsY8tH/W
Ndg/7YhE6cWo+GZPZVjH5e802YkcspR52+uAP/pyRlJzkYWERov+FnbmVlg05yWB
aC3PNue6t3D/tU1Ci4+i5Dc//37c3+xGga0PKBFoRuCXKRGeV50ZLu9Ali0VTYgI
7LTOMELxha9E6so07XXMKO0mDvjsLQ2Uxa/gz9jgyNCU
-----END CERTIFICATE-----