This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/d92919-962b-448d-98db-5990ea58e030/1/nH1OKpXJbAvAHxN6XWdXMd6gZuY.roa
File:                     nH1OKpXJbAvAHxN6XWdXMd6gZuY.roa (raw, json)
Hash identifier:          j3S1I730IB3QQneXnDNotR19hJRoRUA2SbUVmp/YndQ=
Subject key identifier:   9C:7D:4E:2A:95:C9:6C:0B:C0:1F:13:7A:5D:67:57:31:DE:A0:66:E6
Certificate issuer:       /CN=43c16595966afb0bacf1d7937f245d6a052221a3
Certificate serial:       019B7E38AA7A0A6EB7B911EB65E3BB995AAE
Authority key identifier: 43:C1:65:95:96:6A:FB:0B:AC:F1:D7:93:7F:24:5D:6A:05:22:21:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q8FllZZq-wus8deTfyRdagUiIaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/d92919-962b-448d-98db-5990ea58e030/1/nH1OKpXJbAvAHxN6XWdXMd6gZuY.roa
Signing time:             Fri 02 Jan 2026 10:20:01 +0000
ROA not before:           Fri 02 Jan 2026 10:20:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     53667
IP address blocks:        194.50.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/d92919-962b-448d-98db-5990ea58e030/1/Q8FllZZq-wus8deTfyRdagUiIaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/d92919-962b-448d-98db-5990ea58e030/1/Q8FllZZq-wus8deTfyRdagUiIaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q8FllZZq-wus8deTfyRdagUiIaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:aa:7a:0a:6e:b7:b9:11:eb:65:e3:bb:99:5a:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43c16595966afb0bacf1d7937f245d6a052221a3
        Validity
            Not Before: Jan  2 10:20:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9c7d4e2a95c96c0bc01f137a5d675731dea066e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:d8:74:62:9a:69:09:41:63:c5:4c:ca:95:08:
                    0b:f9:27:73:c8:5b:98:b9:24:07:3b:91:a5:7c:06:
                    69:cb:18:5f:f9:42:65:a2:2e:5b:90:56:6d:b8:5d:
                    5d:4c:58:c8:cd:7a:64:f6:f0:35:82:08:21:4d:46:
                    f4:3b:12:aa:49:66:d1:96:87:62:fe:da:c4:2a:65:
                    60:bf:16:fc:90:c5:ed:30:49:aa:fd:f9:f0:91:89:
                    8b:53:c6:6d:91:f2:8e:66:ac:47:1e:b4:f0:87:cb:
                    a6:e7:88:9a:cc:bb:c2:d3:9f:1f:c5:7e:a1:b9:ec:
                    f0:4f:bb:e6:ef:ef:3a:e8:a1:5c:b4:4c:5d:60:2b:
                    49:c0:34:f9:44:32:9c:70:95:66:a1:e1:3d:b6:55:
                    d1:cb:8c:87:2f:6b:d7:2f:43:11:80:a0:db:3f:7d:
                    85:df:a8:85:0e:47:45:79:31:d4:d6:53:2f:9b:3e:
                    40:a8:84:af:9e:62:ed:9f:0a:bc:39:dd:9d:7e:71:
                    5b:37:ea:bd:d9:77:15:17:e5:ee:73:de:71:22:0b:
                    3f:ca:56:75:bc:cb:cb:18:fa:3d:a8:38:f7:3b:d1:
                    12:a4:a3:94:ea:95:a6:c9:d4:44:ba:ad:31:1a:e1:
                    63:42:c0:87:33:25:3c:ce:11:06:b0:cc:7e:7a:90:
                    88:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:7D:4E:2A:95:C9:6C:0B:C0:1F:13:7A:5D:67:57:31:DE:A0:66:E6
            X509v3 Authority Key Identifier:
                keyid:43:C1:65:95:96:6A:FB:0B:AC:F1:D7:93:7F:24:5D:6A:05:22:21:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q8FllZZq-wus8deTfyRdagUiIaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/d92919-962b-448d-98db-5990ea58e030/1/nH1OKpXJbAvAHxN6XWdXMd6gZuY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/d92919-962b-448d-98db-5990ea58e030/1/Q8FllZZq-wus8deTfyRdagUiIaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:42:05:ed:b6:2e:83:97:1a:9d:85:37:f8:ac:1c:58:e3:50:
         91:43:93:65:e4:39:4e:33:e8:89:3e:ab:68:ec:6e:b4:71:e8:
         2e:91:99:9f:24:25:e2:a8:5c:c2:f5:62:08:cb:75:2f:0a:37:
         1a:c4:13:9e:74:52:27:bb:f7:24:b4:19:49:f3:27:5e:b2:45:
         8e:72:39:1d:c3:cb:83:a8:54:96:93:9f:63:fc:18:65:01:12:
         d9:54:8a:90:87:ce:e5:a9:ec:9c:dc:87:2d:45:d7:68:02:ad:
         1d:69:a2:a1:c0:32:cd:83:54:24:b8:8f:55:b8:45:80:4d:0e:
         4e:b5:ca:51:a6:a7:77:06:c1:c2:11:81:48:46:e7:cf:d9:ce:
         1d:ed:f2:b7:89:35:fd:58:b1:82:c2:4f:13:49:63:b3:bc:b6:
         da:f9:d0:03:0b:8e:71:cc:d0:a1:fb:24:a9:d4:47:b0:16:9f:
         54:7f:9e:5a:57:c9:3d:5c:12:97:a8:3d:31:1e:de:9a:61:ca:
         28:aa:a6:d5:45:d2:93:f7:79:47:3e:86:f6:95:87:a9:a3:99:
         04:76:a0:aa:7d:c0:bf:4a:bd:86:a4:8e:5e:46:5a:a5:cc:ff:
         74:a9:33:e5:f5:e6:79:aa:c0:41:95:b9:a5:b3:2d:f7:13:8b:
         0a:39:4d:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OKp6Cm63uRHrZeO7mVquMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzYzE2NTk1OTY2YWZiMGJhY2YxZDc5MzdmMjQ1ZDZhMDUy
MjIxYTMwHhcNMjYwMTAyMTAyMDAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzdkNGUyYTk1Yzk2YzBiYzAxZjEzN2E1ZDY3NTczMWRlYTA2NmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Nh0YpppCUFjxUzKlQgL+SdzyFuY
uSQHO5GlfAZpyxhf+UJloi5bkFZtuF1dTFjIzXpk9vA1ggghTUb0OxKqSWbRlodi
/trEKmVgvxb8kMXtMEmq/fnwkYmLU8ZtkfKOZqxHHrTwh8um54iazLvC058fxX6h
uezwT7vm7+866KFctExdYCtJwDT5RDKccJVmoeE9tlXRy4yHL2vXL0MRgKDbP32F
36iFDkdFeTHU1lMvmz5AqISvnmLtnwq8Od2dfnFbN+q92XcVF+Xuc95xIgs/ylZ1
vMvLGPo9qDj3O9ESpKOU6pWmydREuq0xGuFjQsCHMyU8zhEGsMx+epCINwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJx9TiqVyWwLwB8Tel1nVzHeoGbmMB8GA1UdIwQY
MBaAFEPBZZWWavsLrPHXk38kXWoFIiGjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUThGbGxaWnEtd3VzOGRlVGZ5UmRhZ1VpSWFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS9kOTI5MTktOTYyYi00NDhkLTk4ZGIt
NTk5MGVhNThlMDMwLzEvbkgxT0twWEpiQXZBSHhONlhXZFhNZDZnWnVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS9kOTI5MTktOTYyYi00NDhkLTk4ZGItNTk5MGVhNThlMDMw
LzEvUThGbGxaWnEtd3VzOGRlVGZ5UmRhZ1VpSWFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjLFMA0G
CSqGSIb3DQEBCwUAA4IBAQCGQgXtti6DlxqdhTf4rBxY41CRQ5Nl5DlOM+iJPqto
7G60cegukZmfJCXiqFzC9WIIy3UvCjcaxBOedFInu/cktBlJ8ydeskWOcjkdw8uD
qFSWk59j/BhlARLZVIqQh87lqeyc3IctRddoAq0daaKhwDLNg1QkuI9VuEWATQ5O
tcpRpqd3BsHCEYFIRufP2c4d7fK3iTX9WLGCwk8TSWOzvLba+dADC45xzNCh+ySp
1EewFp9Uf55aV8k9XBKXqD0xHt6aYcooqqbVRdKT93lHPob2lYepo5kEdqCqfcC/
Sr2GpI5eRlqlzP90qTPl9eZ5qsBBlbmlsy33E4sKOU3l
-----END CERTIFICATE-----