This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/41dec1-1eb1-49c7-9d50-ca595e34d5ac/1/JZQkADNXuVdgoYFqB8dJihxFMqw.roa
File:                     JZQkADNXuVdgoYFqB8dJihxFMqw.roa (raw, json)
Hash identifier:          v2lJ8edD4J6npHAAgT5bKgjMcgZZ0T4RA8FIeChON/I=
Subject key identifier:   25:94:24:00:33:57:B9:57:60:A1:81:6A:07:C7:49:8A:1C:45:32:AC
Certificate issuer:       /CN=4e984a5a4b7808bb4ea32d310bdd07ecc9575113
Certificate serial:       019B7834DD78C8F4B59A2093B83D056793BC
Authority key identifier: 4E:98:4A:5A:4B:78:08:BB:4E:A3:2D:31:0B:DD:07:EC:C9:57:51:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TphKWkt4CLtOoy0xC90H7MlXURM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/41dec1-1eb1-49c7-9d50-ca595e34d5ac/1/JZQkADNXuVdgoYFqB8dJihxFMqw.roa
Signing time:             Thu 01 Jan 2026 06:18:09 +0000
ROA not before:           Thu 01 Jan 2026 06:18:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     28685
IP address blocks:        46.231.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/41dec1-1eb1-49c7-9d50-ca595e34d5ac/1/TphKWkt4CLtOoy0xC90H7MlXURM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/41dec1-1eb1-49c7-9d50-ca595e34d5ac/1/TphKWkt4CLtOoy0xC90H7MlXURM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TphKWkt4CLtOoy0xC90H7MlXURM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 15:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:dd:78:c8:f4:b5:9a:20:93:b8:3d:05:67:93:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e984a5a4b7808bb4ea32d310bdd07ecc9575113
        Validity
            Not Before: Jan  1 06:18:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=259424003357b95760a1816a07c7498a1c4532ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:b8:8e:a3:1b:b2:30:c9:76:7a:00:10:83:11:
                    ef:97:16:26:24:d8:40:b6:37:da:1c:5a:5b:fb:80:
                    54:7a:d8:5c:27:88:33:6d:ab:d7:94:df:9b:42:ff:
                    68:91:82:3a:d8:eb:4a:c4:68:de:e4:60:53:d4:e7:
                    1a:6d:69:da:00:27:a7:fb:62:ec:f6:3d:34:3e:11:
                    b1:88:68:84:78:2f:9c:a6:b8:3c:32:98:37:81:d4:
                    41:e9:24:74:b9:fb:b4:f4:dd:c0:97:03:a1:20:ab:
                    ff:3f:44:cf:c9:31:51:d9:21:e0:39:0b:16:29:79:
                    f6:16:c0:fe:f5:38:8b:50:55:5a:e6:ba:de:41:86:
                    b1:f0:a8:ec:91:44:f4:52:d5:21:3c:e7:16:f1:70:
                    39:08:9a:3c:7e:1b:8c:c3:34:9a:53:82:5a:62:dd:
                    d0:0b:e1:29:6c:2d:fe:c5:28:a0:26:3c:5e:66:41:
                    da:cd:e3:bc:60:95:9b:a0:89:09:f4:e5:52:a6:d6:
                    35:03:c3:b9:aa:73:d7:ac:f2:60:bc:d9:40:b4:c9:
                    c8:3a:ec:43:97:36:8e:23:5c:f6:88:2c:82:ea:12:
                    16:22:ba:a3:4a:47:31:a9:10:23:d8:e8:09:5e:d9:
                    be:ac:bd:08:a6:de:27:5d:6c:d9:0c:1c:a4:7a:28:
                    44:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:94:24:00:33:57:B9:57:60:A1:81:6A:07:C7:49:8A:1C:45:32:AC
            X509v3 Authority Key Identifier:
                keyid:4E:98:4A:5A:4B:78:08:BB:4E:A3:2D:31:0B:DD:07:EC:C9:57:51:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TphKWkt4CLtOoy0xC90H7MlXURM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/41dec1-1eb1-49c7-9d50-ca595e34d5ac/1/JZQkADNXuVdgoYFqB8dJihxFMqw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/41dec1-1eb1-49c7-9d50-ca595e34d5ac/1/TphKWkt4CLtOoy0xC90H7MlXURM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.231.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:59:29:a9:7c:f3:6e:fb:96:77:ba:a4:b3:78:55:b3:54:18:
         9c:10:23:aa:c3:8e:27:1f:48:c2:a4:78:4e:35:d8:c5:75:0b:
         ad:6e:74:38:f0:3c:14:2c:44:b7:b9:aa:fb:79:70:aa:e7:ac:
         33:f8:89:02:9f:9b:ce:60:77:59:ce:06:51:ef:c4:99:28:15:
         e3:2e:3a:48:d0:22:11:8b:8b:5e:d3:a4:14:ad:3b:7c:8d:b7:
         9a:10:2b:4d:91:46:88:71:6e:24:c5:28:61:1b:39:ef:89:5c:
         d5:d1:40:b6:c1:48:63:e2:af:e1:13:ac:b8:a3:9b:b8:a1:af:
         2c:d5:f5:3e:ea:de:b1:c2:fe:bc:83:c2:0f:1b:8b:18:01:55:
         99:66:82:c4:ae:ca:cc:c1:be:41:44:70:67:3e:d8:52:8b:0b:
         4b:1c:a0:8e:35:94:e3:6a:6b:c6:1f:8c:fa:88:e3:b4:3c:d6:
         b6:58:8f:f3:c9:fd:15:84:66:97:5d:e9:62:0a:c7:5e:16:3f:
         19:a9:1d:e6:c7:21:85:c3:8b:09:1c:08:ab:3c:a3:43:9f:01:
         4c:2b:98:08:09:87:40:9d:5e:61:d3:0d:62:cb:84:e9:c8:a7:
         31:a9:91:cb:a6:88:65:33:45:cf:e0:05:4e:b3:3a:1d:e9:91:
         69:0e:41:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NN14yPS1miCTuD0FZ5O8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlOTg0YTVhNGI3ODA4YmI0ZWEzMmQzMTBiZGQwN2VjYzk1
NzUxMTMwHhcNMjYwMTAxMDYxODA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTk0MjQwMDMzNTdiOTU3NjBhMTgxNmEwN2M3NDk4YTFjNDUzMmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0biOoxuyMMl2egAQgxHvlxYmJNhA
tjfaHFpb+4BUethcJ4gzbavXlN+bQv9okYI62OtKxGje5GBT1OcabWnaACen+2Ls
9j00PhGxiGiEeC+cprg8Mpg3gdRB6SR0ufu09N3AlwOhIKv/P0TPyTFR2SHgOQsW
KXn2FsD+9TiLUFVa5rreQYax8KjskUT0UtUhPOcW8XA5CJo8fhuMwzSaU4JaYt3Q
C+EpbC3+xSigJjxeZkHazeO8YJWboIkJ9OVSptY1A8O5qnPXrPJgvNlAtMnIOuxD
lzaOI1z2iCyC6hIWIrqjSkcxqRAj2OgJXtm+rL0Ipt4nXWzZDBykeihECQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCWUJAAzV7lXYKGBagfHSYocRTKsMB8GA1UdIwQY
MBaAFE6YSlpLeAi7TqMtMQvdB+zJV1ETMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHBoS1drdDRDTHRPb3kweEM5MEg3TWxYVVJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC80MWRlYzEtMWViMS00OWM3LTlkNTAt
Y2E1OTVlMzRkNWFjLzEvSlpRa0FETlh1VmRnb1lGcUI4ZEppaHhGTXF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC80MWRlYzEtMWViMS00OWM3LTlkNTAtY2E1OTVlMzRkNWFj
LzEvVHBoS1drdDRDTHRPb3kweEM5MEg3TWxYVVJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALuf/MA0G
CSqGSIb3DQEBCwUAA4IBAQBIWSmpfPNu+5Z3uqSzeFWzVBicECOqw44nH0jCpHhO
NdjFdQutbnQ48DwULES3uar7eXCq56wz+IkCn5vOYHdZzgZR78SZKBXjLjpI0CIR
i4te06QUrTt8jbeaECtNkUaIcW4kxShhGznviVzV0UC2wUhj4q/hE6y4o5u4oa8s
1fU+6t6xwv68g8IPG4sYAVWZZoLErsrMwb5BRHBnPthSiwtLHKCONZTjamvGH4z6
iOO0PNa2WI/zyf0VhGaXXeliCsdeFj8ZqR3mxyGFw4sJHAirPKNDnwFMK5gICYdA
nV5h0w1iy4TpyKcxqZHLpohlM0XP4AVOszod6ZFpDkGy
-----END CERTIFICATE-----