This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/1d9b05-ec61-4c33-a097-36ae76ee983e/1/8JTBQJyqUxIFa2P7t0W6NdfJ7CI.roa
File:                     8JTBQJyqUxIFa2P7t0W6NdfJ7CI.roa (raw, json)
Hash identifier:          bvR7uwT6CerdByDmx1xzty2bHjJMPuqJsJHdeopKM9Y=
Subject key identifier:   F0:94:C1:40:9C:AA:53:12:05:6B:63:FB:B7:45:BA:35:D7:C9:EC:22
Certificate issuer:       /CN=4b529a4d22faef23135d6eff8912266623c49255
Certificate serial:       019B7EA6BFE194BCE1DFE052FAE23F0F1C69
Authority key identifier: 4B:52:9A:4D:22:FA:EF:23:13:5D:6E:FF:89:12:26:66:23:C4:92:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S1KaTSL67yMTXW7_iRImZiPEklU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/1d9b05-ec61-4c33-a097-36ae76ee983e/1/8JTBQJyqUxIFa2P7t0W6NdfJ7CI.roa
Signing time:             Fri 02 Jan 2026 12:20:15 +0000
ROA not before:           Fri 02 Jan 2026 12:20:15 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207734
IP address blocks:        5.11.26.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/1d9b05-ec61-4c33-a097-36ae76ee983e/1/S1KaTSL67yMTXW7_iRImZiPEklU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/1d9b05-ec61-4c33-a097-36ae76ee983e/1/S1KaTSL67yMTXW7_iRImZiPEklU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S1KaTSL67yMTXW7_iRImZiPEklU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:bf:e1:94:bc:e1:df:e0:52:fa:e2:3f:0f:1c:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b529a4d22faef23135d6eff8912266623c49255
        Validity
            Not Before: Jan  2 12:20:15 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f094c1409caa5312056b63fbb745ba35d7c9ec22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:07:66:a8:a7:4e:1c:c7:39:1a:e6:68:18:37:
                    f8:f0:af:08:9f:87:25:a3:55:23:ca:a3:9b:4e:c4:
                    76:1f:b0:15:f8:44:89:28:59:40:1f:78:b3:94:1e:
                    38:2a:bf:db:a2:8e:c3:df:fe:83:0c:dc:c8:13:aa:
                    6f:6e:26:6a:16:ca:49:f9:c5:4e:6e:5b:09:bb:09:
                    eb:92:da:ce:7b:f5:59:32:47:69:c7:dd:01:a7:c6:
                    d8:26:de:a9:7a:53:61:2a:dc:d2:76:da:5c:d8:b3:
                    65:98:2b:69:38:7e:84:a5:28:97:f0:62:12:8a:67:
                    8d:c9:30:ad:ab:8c:d7:40:8f:28:5d:66:c1:17:16:
                    e6:4b:96:55:13:65:df:2e:69:54:84:8d:29:76:a2:
                    90:d2:5f:96:41:48:d5:cd:e0:53:3c:cc:0e:9f:ee:
                    e6:e7:35:de:f9:e2:c0:3e:73:2d:76:5c:8d:88:19:
                    ab:a3:6a:06:b5:a9:cf:56:70:b7:76:cd:45:38:03:
                    e7:c8:1b:8c:e8:af:7f:87:63:08:45:6d:0c:08:d6:
                    73:a9:82:84:a7:21:68:3c:06:9f:0b:8b:ac:e2:57:
                    4f:b3:67:a9:b2:30:02:f4:54:ff:f8:3c:0c:5e:cc:
                    b9:5a:25:88:37:9c:9b:d1:4a:2f:6e:5a:3c:42:19:
                    36:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:94:C1:40:9C:AA:53:12:05:6B:63:FB:B7:45:BA:35:D7:C9:EC:22
            X509v3 Authority Key Identifier:
                keyid:4B:52:9A:4D:22:FA:EF:23:13:5D:6E:FF:89:12:26:66:23:C4:92:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S1KaTSL67yMTXW7_iRImZiPEklU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/1d9b05-ec61-4c33-a097-36ae76ee983e/1/8JTBQJyqUxIFa2P7t0W6NdfJ7CI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/1d9b05-ec61-4c33-a097-36ae76ee983e/1/S1KaTSL67yMTXW7_iRImZiPEklU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.11.26.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9e:61:cc:e7:7c:9b:87:4f:74:81:16:0b:87:9f:e6:ab:9c:13:
         0e:05:e9:f0:f9:ef:98:2b:6b:26:05:13:9a:97:32:ac:6d:22:
         68:75:91:d7:eb:de:6d:d1:e5:b3:c4:c6:cb:e2:65:95:3f:ae:
         06:2f:81:56:f2:56:8b:3c:ab:ca:b0:08:c7:f5:4f:0e:ac:7d:
         0a:e6:bf:2b:cb:aa:23:f9:33:bc:5c:79:58:81:9e:6a:32:27:
         85:90:55:23:33:6f:53:b5:8d:02:8b:22:4c:f4:ce:ee:2e:3f:
         03:ed:ef:1d:01:41:fa:c2:cb:df:93:14:b6:d9:de:51:7b:dc:
         22:35:5c:59:d7:96:b6:ff:a8:0b:b3:f7:fe:52:d6:14:e6:48:
         a9:92:fa:07:f4:ff:48:87:82:2d:da:f9:eb:19:11:42:7b:8b:
         d9:08:bc:b3:5c:59:96:4c:72:44:8a:0f:31:d7:3c:8d:4b:88:
         98:31:b6:c1:20:a3:a6:fc:41:16:2d:2a:43:6f:59:4a:79:b7:
         ea:11:6c:9a:56:c3:f5:12:9b:f6:46:42:91:96:a0:6c:c2:b2:
         b9:42:13:73:06:c0:b7:a1:9a:fe:23:12:73:ac:4c:87:de:8e:
         09:7f:da:aa:83:98:91:e2:ff:5f:d1:dc:be:f7:68:97:56:5e:
         89:1f:8d:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pr/hlLzh3+BS+uI/DxxpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiNTI5YTRkMjJmYWVmMjMxMzVkNmVmZjg5MTIyNjY2MjNj
NDkyNTUwHhcNMjYwMTAyMTIyMDE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDk0YzE0MDljYWE1MzEyMDU2YjYzZmJiNzQ1YmEzNWQ3YzllYzIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwdmqKdOHMc5GuZoGDf48K8In4cl
o1UjyqObTsR2H7AV+ESJKFlAH3izlB44Kr/boo7D3/6DDNzIE6pvbiZqFspJ+cVO
blsJuwnrktrOe/VZMkdpx90Bp8bYJt6pelNhKtzSdtpc2LNlmCtpOH6EpSiX8GIS
imeNyTCtq4zXQI8oXWbBFxbmS5ZVE2XfLmlUhI0pdqKQ0l+WQUjVzeBTPMwOn+7m
5zXe+eLAPnMtdlyNiBmro2oGtanPVnC3ds1FOAPnyBuM6K9/h2MIRW0MCNZzqYKE
pyFoPAafC4us4ldPs2epsjAC9FT/+DwMXsy5WiWIN5yb0Uovblo8Qhk2KwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPCUwUCcqlMSBWtj+7dFujXXyewiMB8GA1UdIwQY
MBaAFEtSmk0i+u8jE11u/4kSJmYjxJJVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzFLYVRTTDY3eU1UWFc3X2lSSW1aaVBFa2xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy8xZDliMDUtZWM2MS00YzMzLWEwOTct
MzZhZTc2ZWU5ODNlLzEvOEpUQlFKeXFVeElGYTJQN3QwVzZOZGZKN0NJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy8xZDliMDUtZWM2MS00YzMzLWEwOTctMzZhZTc2ZWU5ODNl
LzEvUzFLYVRTTDY3eU1UWFc3X2lSSW1aaVBFa2xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBQsaMA0G
CSqGSIb3DQEBCwUAA4IBAQCeYcznfJuHT3SBFguHn+arnBMOBenw+e+YK2smBROa
lzKsbSJodZHX695t0eWzxMbL4mWVP64GL4FW8laLPKvKsAjH9U8OrH0K5r8ry6oj
+TO8XHlYgZ5qMieFkFUjM29TtY0CiyJM9M7uLj8D7e8dAUH6wsvfkxS22d5Re9wi
NVxZ15a2/6gLs/f+UtYU5kipkvoH9P9Ih4It2vnrGRFCe4vZCLyzXFmWTHJEig8x
1zyNS4iYMbbBIKOm/EEWLSpDb1lKebfqEWyaVsP1Epv2RkKRlqBswrK5QhNzBsC3
oZr+IxJzrEyH3o4Jf9qqg5iR4v9f0dy+92iXVl6JH41a
-----END CERTIFICATE-----