This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/3f6310-f56b-4165-b8fe-9b87f2afbd7f/1/JNmXvrsL4QUvDHkICJz6m5Up78E.roa
File:                     JNmXvrsL4QUvDHkICJz6m5Up78E.roa (raw, json)
Hash identifier:          BLhtsTAWR9XcWaxVCBS42M+LRcERJIfM10IC2M3COIA=
Subject key identifier:   24:D9:97:BE:BB:0B:E1:05:2F:0C:79:08:08:9C:FA:9B:95:29:EF:C1
Certificate issuer:       /CN=2fa4e870bc37ac9731fe6fcf9682eb657e50bca3
Certificate serial:       019B7EA645A589004552A8A27DE1B56E5B0F
Authority key identifier: 2F:A4:E8:70:BC:37:AC:97:31:FE:6F:CF:96:82:EB:65:7E:50:BC:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L6TocLw3rJcx_m_PloLrZX5QvKM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/3f6310-f56b-4165-b8fe-9b87f2afbd7f/1/JNmXvrsL4QUvDHkICJz6m5Up78E.roa
Signing time:             Fri 02 Jan 2026 12:19:44 +0000
ROA not before:           Fri 02 Jan 2026 12:19:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     399587
IP address blocks:        193.3.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/3f6310-f56b-4165-b8fe-9b87f2afbd7f/1/L6TocLw3rJcx_m_PloLrZX5QvKM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/3f6310-f56b-4165-b8fe-9b87f2afbd7f/1/L6TocLw3rJcx_m_PloLrZX5QvKM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L6TocLw3rJcx_m_PloLrZX5QvKM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:45:a5:89:00:45:52:a8:a2:7d:e1:b5:6e:5b:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fa4e870bc37ac9731fe6fcf9682eb657e50bca3
        Validity
            Not Before: Jan  2 12:19:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=24d997bebb0be1052f0c7908089cfa9b9529efc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:63:33:9a:7c:d5:e2:bc:03:57:a1:11:36:8c:
                    d5:1e:16:6b:dc:7b:f9:1b:fa:df:56:ef:00:13:05:
                    0e:f4:b3:a0:1c:b5:2c:5d:f8:22:09:79:b0:19:6b:
                    7f:fb:ef:4c:16:3a:ab:22:d2:dd:89:a9:2a:62:ca:
                    2d:e6:59:2f:e6:74:b9:ad:4d:f9:d8:77:58:65:53:
                    7e:2d:ac:44:ee:6a:fd:1d:24:1a:d7:bf:7c:a8:2d:
                    51:80:97:02:95:44:ed:cb:59:d7:dc:6d:bd:79:c0:
                    de:d7:7c:cd:75:f8:5c:32:e4:04:b5:b8:62:c5:2c:
                    d8:65:00:47:35:b5:66:54:b0:86:54:39:60:a4:91:
                    2d:88:0b:37:8e:76:1d:dd:90:53:62:ee:fb:31:0a:
                    fd:20:56:e8:70:9d:3d:26:d3:b7:d7:d0:04:dd:99:
                    c1:ef:a4:e7:7e:2c:b7:d4:bb:71:75:fb:e2:7c:f3:
                    84:fd:8a:b0:0f:d3:cd:e7:a3:7e:ae:ea:ee:3e:ed:
                    2e:44:ef:88:a3:6c:af:f8:7a:a3:80:07:8d:a8:5e:
                    44:08:03:50:0d:48:ef:6f:49:0c:6c:fa:38:7b:ab:
                    9c:9f:01:8b:be:71:a8:a5:2a:e6:fa:7f:39:c0:f6:
                    93:57:6a:64:10:7b:58:07:a2:80:13:bd:03:e4:c6:
                    fb:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:D9:97:BE:BB:0B:E1:05:2F:0C:79:08:08:9C:FA:9B:95:29:EF:C1
            X509v3 Authority Key Identifier:
                keyid:2F:A4:E8:70:BC:37:AC:97:31:FE:6F:CF:96:82:EB:65:7E:50:BC:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L6TocLw3rJcx_m_PloLrZX5QvKM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/3f6310-f56b-4165-b8fe-9b87f2afbd7f/1/JNmXvrsL4QUvDHkICJz6m5Up78E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/3f6310-f56b-4165-b8fe-9b87f2afbd7f/1/L6TocLw3rJcx_m_PloLrZX5QvKM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.3.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:21:4d:52:73:ce:a0:f2:81:e2:27:74:65:48:2f:7b:3a:18:
         c9:c2:7b:15:7b:f8:94:66:9e:fe:ba:32:de:a2:15:e8:33:00:
         ca:ba:88:c1:12:e5:da:a7:16:8f:1e:49:ee:57:63:8e:1b:fd:
         0b:01:a6:dd:62:63:83:48:65:fc:aa:fe:86:6e:76:cb:a1:ea:
         b5:5d:42:96:90:5a:93:1b:bb:d3:20:2d:e9:c5:b9:86:c6:cd:
         d6:b7:30:66:3b:29:16:62:e5:85:61:46:ec:83:38:6c:8d:90:
         c8:9f:77:52:d1:d8:ad:6b:57:0b:2f:e0:08:ce:bd:91:56:1f:
         27:37:5c:4c:f5:44:6f:0d:61:e5:ee:93:ed:89:52:30:ff:41:
         3c:db:da:75:e8:35:82:31:ad:8a:ff:a8:ee:3b:68:34:0e:61:
         cf:e2:24:ea:86:76:0d:ee:cc:f1:75:ee:a7:79:48:5c:6c:e9:
         c8:79:c9:d9:df:97:0a:61:f9:b1:16:d6:44:c5:b6:d0:1a:72:
         2b:93:b6:ae:7a:10:f8:56:ff:21:c3:4a:36:88:40:c1:62:4d:
         b7:6a:61:5f:2e:28:10:23:78:e3:c8:83:36:51:20:61:77:1f:
         55:f3:be:7f:fc:9a:52:73:18:73:4e:16:d3:4a:2e:81:bd:c6:
         b0:ba:43:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pkWliQBFUqiifeG1blsPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYTRlODcwYmMzN2FjOTczMWZlNmZjZjk2ODJlYjY1N2U1
MGJjYTMwHhcNMjYwMTAyMTIxOTQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGQ5OTdiZWJiMGJlMTA1MmYwYzc5MDgwODljZmE5Yjk1MjllZmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmWMzmnzV4rwDV6ERNozVHhZr3Hv5
G/rfVu8AEwUO9LOgHLUsXfgiCXmwGWt/++9MFjqrItLdiakqYsot5lkv5nS5rU35
2HdYZVN+LaxE7mr9HSQa1798qC1RgJcClUTty1nX3G29ecDe13zNdfhcMuQEtbhi
xSzYZQBHNbVmVLCGVDlgpJEtiAs3jnYd3ZBTYu77MQr9IFbocJ09JtO319AE3ZnB
76Tnfiy31LtxdfvifPOE/YqwD9PN56N+ruruPu0uRO+Io2yv+HqjgAeNqF5ECANQ
DUjvb0kMbPo4e6ucnwGLvnGopSrm+n85wPaTV2pkEHtYB6KAE70D5Mb7FwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCTZl767C+EFLwx5CAic+puVKe/BMB8GA1UdIwQY
MBaAFC+k6HC8N6yXMf5vz5aC62V+ULyjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDZUb2NMdzNySmN4X21fUGxvTHJaWDVRdktNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi8zZjYzMTAtZjU2Yi00MTY1LWI4ZmUt
OWI4N2YyYWZiZDdmLzEvSk5tWHZyc0w0UVV2REhrSUNKejZtNVVwNzhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi8zZjYzMTAtZjU2Yi00MTY1LWI4ZmUtOWI4N2YyYWZiZDdm
LzEvTDZUb2NMdzNySmN4X21fUGxvTHJaWDVRdktNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQM2MA0G
CSqGSIb3DQEBCwUAA4IBAQAlIU1Sc86g8oHiJ3RlSC97OhjJwnsVe/iUZp7+ujLe
ohXoMwDKuojBEuXapxaPHknuV2OOG/0LAabdYmODSGX8qv6GbnbLoeq1XUKWkFqT
G7vTIC3pxbmGxs3WtzBmOykWYuWFYUbsgzhsjZDIn3dS0dita1cLL+AIzr2RVh8n
N1xM9URvDWHl7pPtiVIw/0E829p16DWCMa2K/6juO2g0DmHP4iTqhnYN7szxde6n
eUhcbOnIecnZ35cKYfmxFtZExbbQGnIrk7auehD4Vv8hw0o2iEDBYk23amFfLigQ
I3jjyIM2USBhdx9V875//JpScxhzThbTSi6BvcawukNj
-----END CERTIFICATE-----