This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/0423db-f233-4922-8024-b21110d8ffa1/1/jmnDOsm4XHUSPILw7nGYM1oOQEs.roa
File:                     jmnDOsm4XHUSPILw7nGYM1oOQEs.roa (raw, json)
Hash identifier:          0inc/wmsdWPIKoI7fVSGb11ctPl1XySYsdqtu8Ok5kc=
Subject key identifier:   8E:69:C3:3A:C9:B8:5C:75:12:3C:82:F0:EE:71:98:33:5A:0E:40:4B
Certificate issuer:       /CN=e63007614f67700b2ca76d60b4942b7a8e4b5ce4
Certificate serial:       019B7F152C819AEFFF8466B62DD0C0CA0852
Authority key identifier: E6:30:07:61:4F:67:70:0B:2C:A7:6D:60:B4:94:2B:7A:8E:4B:5C:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5jAHYU9ncAssp21gtJQreo5LXOQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/0423db-f233-4922-8024-b21110d8ffa1/1/jmnDOsm4XHUSPILw7nGYM1oOQEs.roa
Signing time:             Fri 02 Jan 2026 14:20:52 +0000
ROA not before:           Fri 02 Jan 2026 14:20:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12874
IP address blocks:        194.59.208.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/0423db-f233-4922-8024-b21110d8ffa1/1/5jAHYU9ncAssp21gtJQreo5LXOQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/0423db-f233-4922-8024-b21110d8ffa1/1/5jAHYU9ncAssp21gtJQreo5LXOQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5jAHYU9ncAssp21gtJQreo5LXOQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 11:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:2c:81:9a:ef:ff:84:66:b6:2d:d0:c0:ca:08:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e63007614f67700b2ca76d60b4942b7a8e4b5ce4
        Validity
            Not Before: Jan  2 14:20:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8e69c33ac9b85c75123c82f0ee7198335a0e404b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:e8:f5:ac:fd:c4:2f:cd:94:63:5c:12:21:92:
                    a8:65:a2:bc:5f:45:a1:89:fc:6e:e4:8a:c7:ae:66:
                    ac:2a:ff:c3:a8:70:ed:cc:8c:5e:0f:20:10:95:1f:
                    ad:09:65:6b:dd:a0:29:27:75:ca:33:d6:95:ee:08:
                    3a:97:1d:f7:12:57:bd:f2:8a:72:32:3d:29:8e:1a:
                    d5:ac:e6:47:62:bf:2e:66:32:6b:be:bc:a6:ed:ef:
                    df:ec:51:b0:76:47:20:e7:2e:83:ad:38:6d:53:45:
                    66:50:a2:59:0a:90:22:c3:eb:80:ca:d6:a7:7c:dc:
                    56:21:8a:ce:70:96:ab:48:49:6b:7c:a6:87:e5:5c:
                    00:02:46:2d:bc:de:3b:06:62:b8:18:22:ef:de:2f:
                    88:af:5f:4b:20:48:13:b7:fc:32:57:90:fb:0e:c8:
                    d6:5f:77:47:9d:1c:d2:dc:65:4d:df:7d:af:82:b0:
                    8b:88:43:b3:7c:7b:06:60:c1:fe:70:35:79:93:b3:
                    c3:d4:2b:c7:2f:5d:ef:41:86:01:6b:4f:91:39:e1:
                    ad:d4:fc:51:de:98:d7:44:b9:ee:5d:1e:e3:46:b6:
                    a8:79:fc:68:62:81:47:f8:3e:24:bb:ef:86:73:83:
                    48:72:e8:d0:5f:e4:83:42:42:63:89:f2:44:9c:41:
                    07:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:69:C3:3A:C9:B8:5C:75:12:3C:82:F0:EE:71:98:33:5A:0E:40:4B
            X509v3 Authority Key Identifier:
                keyid:E6:30:07:61:4F:67:70:0B:2C:A7:6D:60:B4:94:2B:7A:8E:4B:5C:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5jAHYU9ncAssp21gtJQreo5LXOQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/0423db-f233-4922-8024-b21110d8ffa1/1/jmnDOsm4XHUSPILw7nGYM1oOQEs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/0423db-f233-4922-8024-b21110d8ffa1/1/5jAHYU9ncAssp21gtJQreo5LXOQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.59.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8a:a2:26:c9:af:bf:82:7b:7e:22:31:c3:79:4c:67:14:c0:67:
         21:c4:49:b9:ab:c4:97:ea:3e:c6:46:0e:4e:7f:f9:56:1d:4c:
         11:eb:5d:57:39:2d:b7:59:9c:63:f1:dc:c8:b3:2e:b0:02:9c:
         0f:d9:bf:35:a4:a7:60:bf:89:ae:d9:60:04:29:32:b5:6a:d0:
         1d:cd:e2:3e:71:ee:50:43:e4:09:23:b5:04:eb:ef:72:40:2a:
         ab:9a:4c:08:73:f4:4c:c2:0d:82:da:6c:c5:ee:a0:46:60:1a:
         bc:48:f3:52:47:e3:f1:0b:bb:16:f8:fe:53:c2:60:25:ad:1e:
         6e:86:c2:56:96:28:9f:b1:db:f2:2a:04:2c:03:ec:90:e5:16:
         80:2f:1b:15:f4:4e:47:a9:dd:d0:74:be:6d:41:38:c6:7d:da:
         ea:57:2b:cc:fc:bd:00:48:ab:4e:18:fd:94:43:60:7b:e5:95:
         e8:a1:ff:44:db:70:70:64:cf:f4:52:20:68:c4:00:de:5d:4e:
         8f:60:8b:cd:fe:59:79:b0:78:95:49:14:12:82:19:0f:05:aa:
         37:8f:9d:96:ac:01:aa:6c:61:0d:fd:b6:ee:73:43:cd:8f:5a:
         cd:8e:c8:65:88:08:08:1b:36:d3:3e:42:03:dd:33:43:5a:90:
         1b:e8:94:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FSyBmu//hGa2LdDAyghSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2MzAwNzYxNGY2NzcwMGIyY2E3NmQ2MGI0OTQyYjdhOGU0
YjVjZTQwHhcNMjYwMTAyMTQyMDUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTY5YzMzYWM5Yjg1Yzc1MTIzYzgyZjBlZTcxOTgzMzVhMGU0MDRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2uj1rP3EL82UY1wSIZKoZaK8X0Wh
ifxu5IrHrmasKv/DqHDtzIxeDyAQlR+tCWVr3aApJ3XKM9aV7gg6lx33Ele98opy
Mj0pjhrVrOZHYr8uZjJrvrym7e/f7FGwdkcg5y6DrThtU0VmUKJZCpAiw+uAytan
fNxWIYrOcJarSElrfKaH5VwAAkYtvN47BmK4GCLv3i+Ir19LIEgTt/wyV5D7DsjW
X3dHnRzS3GVN332vgrCLiEOzfHsGYMH+cDV5k7PD1CvHL13vQYYBa0+ROeGt1PxR
3pjXRLnuXR7jRraoefxoYoFH+D4ku++Gc4NIcujQX+SDQkJjifJEnEEHMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI5pwzrJuFx1EjyC8O5xmDNaDkBLMB8GA1UdIwQY
MBaAFOYwB2FPZ3ALLKdtYLSUK3qOS1zkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWpBSFlVOW5jQXNzcDIxZ3RKUXJlbzVMWE9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC8wNDIzZGItZjIzMy00OTIyLTgwMjQt
YjIxMTEwZDhmZmExLzEvam1uRE9zbTRYSFVTUElMdzduR1lNMW9PUUVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC8wNDIzZGItZjIzMy00OTIyLTgwMjQtYjIxMTEwZDhmZmEx
LzEvNWpBSFlVOW5jQXNzcDIxZ3RKUXJlbzVMWE9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwjvQMA0G
CSqGSIb3DQEBCwUAA4IBAQCKoibJr7+Ce34iMcN5TGcUwGchxEm5q8SX6j7GRg5O
f/lWHUwR611XOS23WZxj8dzIsy6wApwP2b81pKdgv4mu2WAEKTK1atAdzeI+ce5Q
Q+QJI7UE6+9yQCqrmkwIc/RMwg2C2mzF7qBGYBq8SPNSR+PxC7sW+P5TwmAlrR5u
hsJWliifsdvyKgQsA+yQ5RaALxsV9E5Hqd3QdL5tQTjGfdrqVyvM/L0ASKtOGP2U
Q2B75ZXoof9E23BwZM/0UiBoxADeXU6PYIvN/ll5sHiVSRQSghkPBao3j52WrAGq
bGEN/bbuc0PNj1rNjshliAgIGzbTPkID3TNDWpAb6JRs
-----END CERTIFICATE-----