This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/0fbe17-b58c-4ea2-8b32-91f719b5b046/1/skNw0-S5lXSBLgJDnUIwuxob_VE.roa
File:                     skNw0-S5lXSBLgJDnUIwuxob_VE.roa (raw, json)
Hash identifier:          L7NdVGLJO+2+mxUNZPcg0M6qJdkyLkrgbxDY8ChE+3A=
Subject key identifier:   B2:43:70:D3:E4:B9:95:74:81:2E:02:43:9D:42:30:BB:1A:1B:FD:51
Certificate issuer:       /CN=a1760a50148319d6172a3820d888a924c09d7a5f
Certificate serial:       019AC4C48F09DD73C2F2ED53AA18580FF4D1
Authority key identifier: A1:76:0A:50:14:83:19:D6:17:2A:38:20:D8:88:A9:24:C0:9D:7A:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oXYKUBSDGdYXKjgg2IipJMCdel8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/0fbe17-b58c-4ea2-8b32-91f719b5b046/1/skNw0-S5lXSBLgJDnUIwuxob_VE.roa
Signing time:             Thu 27 Nov 2025 10:03:27 +0000
ROA not before:           Thu 27 Nov 2025 10:03:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25167
IP address blocks:        193.109.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/0fbe17-b58c-4ea2-8b32-91f719b5b046/1/oXYKUBSDGdYXKjgg2IipJMCdel8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/0fbe17-b58c-4ea2-8b32-91f719b5b046/1/oXYKUBSDGdYXKjgg2IipJMCdel8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oXYKUBSDGdYXKjgg2IipJMCdel8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 10:02:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:c4:c4:8f:09:dd:73:c2:f2:ed:53:aa:18:58:0f:f4:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1760a50148319d6172a3820d888a924c09d7a5f
        Validity
            Not Before: Nov 27 10:03:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b24370d3e4b99574812e02439d4230bb1a1bfd51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:19:cb:e6:52:93:1a:11:86:a2:b4:a3:b5:01:
                    02:77:67:08:38:96:d2:a4:b3:90:51:5b:c0:03:80:
                    20:87:4e:81:14:19:21:85:db:03:e1:9c:9f:62:1e:
                    ef:be:88:8d:1b:08:e0:03:1c:76:fd:05:b1:95:d4:
                    ff:36:ee:5d:91:d2:cc:96:95:a7:e2:cd:c7:c2:44:
                    a7:a4:76:a7:7a:a2:e8:0c:74:61:fa:2c:10:6e:d0:
                    64:ce:8c:6e:a6:e9:4f:36:4f:36:8e:9d:9f:a3:0d:
                    9a:e1:12:c0:9e:b7:60:7c:6d:2c:5e:88:26:27:a6:
                    89:c0:3f:2a:7e:11:6a:66:c7:ff:c1:01:f1:e2:9c:
                    41:2e:af:9a:7d:c4:90:96:d8:ed:0f:3e:61:93:ea:
                    db:c8:fe:f8:a3:2d:b7:07:f5:71:ad:4c:70:48:a8:
                    32:5d:a6:16:d8:dc:69:24:0f:3f:25:e1:60:46:ee:
                    a4:40:ad:c0:e7:88:ac:76:e5:8c:7a:4c:27:31:0d:
                    d3:11:e5:14:80:b8:3a:97:94:f2:d7:b6:fd:2f:66:
                    c6:35:3c:51:7e:6c:66:7e:81:f7:b4:3e:5a:51:9e:
                    75:02:ad:d3:ce:17:07:6b:b2:11:78:7c:30:07:76:
                    44:3c:d3:ce:96:06:e1:8a:02:4c:37:90:f9:5e:e9:
                    18:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:43:70:D3:E4:B9:95:74:81:2E:02:43:9D:42:30:BB:1A:1B:FD:51
            X509v3 Authority Key Identifier:
                keyid:A1:76:0A:50:14:83:19:D6:17:2A:38:20:D8:88:A9:24:C0:9D:7A:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oXYKUBSDGdYXKjgg2IipJMCdel8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/0fbe17-b58c-4ea2-8b32-91f719b5b046/1/skNw0-S5lXSBLgJDnUIwuxob_VE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/0fbe17-b58c-4ea2-8b32-91f719b5b046/1/oXYKUBSDGdYXKjgg2IipJMCdel8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.109.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:bd:52:a2:8d:45:95:43:2c:cd:3f:e0:a4:73:81:c5:ad:93:
         4b:6a:0f:03:7d:c3:19:b8:45:fa:d4:6d:35:3b:33:98:66:1e:
         26:c3:7b:6a:04:47:8d:37:dc:28:c3:23:d6:53:d1:4e:00:3a:
         92:07:a6:7c:8e:18:db:93:e3:b0:7c:04:2d:de:23:07:9d:e9:
         19:09:f4:af:9c:f6:6b:7d:34:aa:ea:82:d1:c6:03:12:94:63:
         3f:ac:42:6b:57:f8:9b:f0:f6:a0:cb:70:3a:e8:e6:da:18:e6:
         11:09:69:76:12:fc:f0:29:90:47:57:1d:34:1a:48:76:cb:6b:
         25:0a:cb:c1:3c:35:0a:86:00:e9:2f:8d:5a:6a:3e:cc:b1:25:
         a0:b3:ff:bb:9b:d8:44:15:0e:a4:02:eb:8d:50:c0:67:db:6e:
         9a:55:ec:53:c5:ba:af:4a:ac:cd:22:ea:70:2b:82:87:98:05:
         1a:dc:00:36:52:f5:32:e9:1c:b7:4a:f8:04:2f:0e:93:d7:5a:
         8e:0d:fa:fb:d2:2e:55:50:9c:55:21:65:bb:db:39:6e:e4:7a:
         19:1c:67:07:c5:95:ba:28:f0:a4:ea:7f:e5:ab:da:46:77:5f:
         1d:e3:0a:cd:61:c6:ba:e0:84:0e:60:51:3f:33:46:2b:33:64:
         7f:70:a4:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZrExI8J3XPC8u1TqhhYD/TRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExNzYwYTUwMTQ4MzE5ZDYxNzJhMzgyMGQ4ODhhOTI0YzA5
ZDdhNWYwHhcNMjUxMTI3MTAwMzI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjQzNzBkM2U0Yjk5NTc0ODEyZTAyNDM5ZDQyMzBiYjFhMWJmZDUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4xnL5lKTGhGGorSjtQECd2cIOJbS
pLOQUVvAA4Agh06BFBkhhdsD4ZyfYh7vvoiNGwjgAxx2/QWxldT/Nu5dkdLMlpWn
4s3HwkSnpHaneqLoDHRh+iwQbtBkzoxupulPNk82jp2fow2a4RLAnrdgfG0sXogm
J6aJwD8qfhFqZsf/wQHx4pxBLq+afcSQltjtDz5hk+rbyP74oy23B/VxrUxwSKgy
XaYW2NxpJA8/JeFgRu6kQK3A54isduWMekwnMQ3TEeUUgLg6l5Ty17b9L2bGNTxR
fmxmfoH3tD5aUZ51Aq3TzhcHa7IReHwwB3ZEPNPOlgbhigJMN5D5XukYjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLJDcNPkuZV0gS4CQ51CMLsaG/1RMB8GA1UdIwQY
MBaAFKF2ClAUgxnWFyo4INiIqSTAnXpfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1hZS1VCU0RHZFlYS2pnZzJJaXBKTUNkZWw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy8wZmJlMTctYjU4Yy00ZWEyLThiMzIt
OTFmNzE5YjViMDQ2LzEvc2tOdzAtUzVsWFNCTGdKRG5VSXd1eG9iX1ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy8wZmJlMTctYjU4Yy00ZWEyLThiMzItOTFmNzE5YjViMDQ2
LzEvb1hZS1VCU0RHZFlYS2pnZzJJaXBKTUNkZWw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwW1xMA0G
CSqGSIb3DQEBCwUAA4IBAQAVvVKijUWVQyzNP+Ckc4HFrZNLag8DfcMZuEX61G01
OzOYZh4mw3tqBEeNN9wowyPWU9FOADqSB6Z8jhjbk+OwfAQt3iMHnekZCfSvnPZr
fTSq6oLRxgMSlGM/rEJrV/ib8Pagy3A66ObaGOYRCWl2EvzwKZBHVx00Gkh2y2sl
CsvBPDUKhgDpL41aaj7MsSWgs/+7m9hEFQ6kAuuNUMBn226aVexTxbqvSqzNIupw
K4KHmAUa3AA2UvUy6Ry3SvgELw6T11qODfr70i5VUJxVIWW72zlu5HoZHGcHxZW6
KPCk6n/lq9pGd18d4wrNYca64IQOYFE/M0YrM2R/cKQ8
-----END CERTIFICATE-----