This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/72a405-1598-4033-8e2b-878507ed46f7/1/jSMK0-DQ4LkW8HGxfeOZqpRoUDg.roa
File:                     jSMK0-DQ4LkW8HGxfeOZqpRoUDg.roa (raw, json)
Hash identifier:          LbCW9qnhO4rcrIcNPyJRkz9sjQKYiVfJkLlpl6db0Mw=
Subject key identifier:   8D:23:0A:D3:E0:D0:E0:B9:16:F0:71:B1:7D:E3:99:AA:94:68:50:38
Certificate issuer:       /CN=34dd4026d290f3201d28ef684d3c5ac13c96ec6d
Certificate serial:       019B76EB2298EB70D1FB4CA671ADC567B928
Authority key identifier: 34:DD:40:26:D2:90:F3:20:1D:28:EF:68:4D:3C:5A:C1:3C:96:EC:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NN1AJtKQ8yAdKO9oTTxawTyW7G0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/72a405-1598-4033-8e2b-878507ed46f7/1/jSMK0-DQ4LkW8HGxfeOZqpRoUDg.roa
Signing time:             Thu 01 Jan 2026 00:17:59 +0000
ROA not before:           Thu 01 Jan 2026 00:17:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     1836
IP address blocks:        5.102.32.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/72a405-1598-4033-8e2b-878507ed46f7/1/NN1AJtKQ8yAdKO9oTTxawTyW7G0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/72a405-1598-4033-8e2b-878507ed46f7/1/NN1AJtKQ8yAdKO9oTTxawTyW7G0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NN1AJtKQ8yAdKO9oTTxawTyW7G0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 09:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:22:98:eb:70:d1:fb:4c:a6:71:ad:c5:67:b9:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34dd4026d290f3201d28ef684d3c5ac13c96ec6d
        Validity
            Not Before: Jan  1 00:17:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8d230ad3e0d0e0b916f071b17de399aa94685038
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:fe:cf:52:a4:49:be:07:38:dd:16:74:4d:0b:
                    fd:18:0f:54:de:29:54:dc:5d:b0:fa:e1:0d:b3:0c:
                    0e:d7:a1:36:89:dd:da:40:6f:fc:b8:d0:cd:d5:cd:
                    8f:8f:33:a5:19:7a:0a:0d:d2:58:1b:87:8e:2f:8d:
                    05:3e:83:43:25:1a:23:05:4b:d9:9f:e7:0e:02:db:
                    ae:1b:88:c5:54:6c:01:2d:38:23:e6:c9:46:00:cb:
                    45:9e:6f:d8:07:66:8f:46:ef:90:1c:0f:1f:c0:00:
                    90:ae:5c:9c:5d:45:b9:db:b3:27:fc:2b:f3:d3:7f:
                    ff:09:2e:76:04:8b:e5:1b:af:8d:37:6f:d9:d4:0e:
                    e7:74:ab:5d:c2:74:29:b9:54:3a:d2:04:13:91:4d:
                    b3:68:76:33:17:68:2f:33:1a:db:c8:36:6a:03:d8:
                    02:18:0a:01:5e:a4:84:85:dd:c7:78:81:97:bb:4e:
                    b4:82:18:98:b2:09:89:e0:0f:3d:77:9a:22:64:92:
                    a5:11:e2:27:ec:13:31:11:b5:67:e2:63:77:46:45:
                    c8:34:ca:d9:c5:21:91:14:96:e1:18:0d:07:37:81:
                    00:9b:da:c7:e4:d1:d7:2a:44:f3:e1:c8:9d:04:0a:
                    cf:ca:db:d4:43:fc:62:40:ad:b4:d1:3e:95:0c:48:
                    f5:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:23:0A:D3:E0:D0:E0:B9:16:F0:71:B1:7D:E3:99:AA:94:68:50:38
            X509v3 Authority Key Identifier:
                keyid:34:DD:40:26:D2:90:F3:20:1D:28:EF:68:4D:3C:5A:C1:3C:96:EC:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NN1AJtKQ8yAdKO9oTTxawTyW7G0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/72a405-1598-4033-8e2b-878507ed46f7/1/jSMK0-DQ4LkW8HGxfeOZqpRoUDg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/72a405-1598-4033-8e2b-878507ed46f7/1/NN1AJtKQ8yAdKO9oTTxawTyW7G0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3f:49:2e:f2:15:ac:72:90:90:c1:88:17:65:b4:e8:a6:4a:05:
         48:82:19:e0:3e:03:62:4c:bd:ba:ce:3d:5e:7b:49:f7:ab:c6:
         12:32:71:72:91:4e:d0:ad:f5:01:b3:a7:d7:01:65:dd:b4:e6:
         3d:ea:0b:43:ba:73:f2:7e:66:e9:94:b2:bc:d9:c7:34:f1:7a:
         bf:bd:40:58:03:30:c7:de:03:fe:c7:c3:67:55:cd:02:38:df:
         e5:a6:66:f8:27:8c:33:3b:92:37:d4:4d:83:ef:f5:f6:50:76:
         aa:ae:53:56:9c:ff:2a:02:71:21:ea:09:c1:bd:3b:6f:cd:cd:
         36:33:19:b8:f4:08:7e:56:39:ea:d9:0e:c9:03:79:05:2a:63:
         4d:cd:74:9b:5f:4b:6e:e0:59:39:3c:d3:af:d2:cc:c8:7a:cd:
         f7:42:b8:4f:59:5d:d1:bf:4f:c5:6c:48:62:62:2c:47:70:80:
         3f:55:b5:1e:03:0d:4f:14:8d:2d:eb:0b:2c:33:49:6e:b4:b9:
         f0:21:65:85:0e:c0:37:2c:0e:ae:ff:14:42:4d:68:63:d3:7e:
         44:16:dd:23:30:c4:f9:a0:59:78:33:6f:a5:2f:3f:df:79:15:
         73:fe:e9:4b:83:ec:63:f1:2a:bb:80:49:f3:03:59:a4:9e:79:
         ad:77:a2:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26yKY63DR+0ymca3FZ7koMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0ZGQ0MDI2ZDI5MGYzMjAxZDI4ZWY2ODRkM2M1YWMxM2M5
NmVjNmQwHhcNMjYwMTAxMDAxNzU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDIzMGFkM2UwZDBlMGI5MTZmMDcxYjE3ZGUzOTlhYTk0Njg1MDM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/7PUqRJvgc43RZ0TQv9GA9U3ilU
3F2w+uENswwO16E2id3aQG/8uNDN1c2PjzOlGXoKDdJYG4eOL40FPoNDJRojBUvZ
n+cOAtuuG4jFVGwBLTgj5slGAMtFnm/YB2aPRu+QHA8fwACQrlycXUW527Mn/Cvz
03//CS52BIvlG6+NN2/Z1A7ndKtdwnQpuVQ60gQTkU2zaHYzF2gvMxrbyDZqA9gC
GAoBXqSEhd3HeIGXu060ghiYsgmJ4A89d5oiZJKlEeIn7BMxEbVn4mN3RkXINMrZ
xSGRFJbhGA0HN4EAm9rH5NHXKkTz4cidBArPytvUQ/xiQK200T6VDEj1BwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI0jCtPg0OC5FvBxsX3jmaqUaFA4MB8GA1UdIwQY
MBaAFDTdQCbSkPMgHSjvaE08WsE8luxtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTk4xQUp0S1E4eUFkS085b1RUeGF3VHlXN0cwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy83MmE0MDUtMTU5OC00MDMzLThlMmIt
ODc4NTA3ZWQ0NmY3LzEvalNNSzAtRFE0TGtXOEhHeGZlT1pxcFJvVURnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy83MmE0MDUtMTU5OC00MDMzLThlMmItODc4NTA3ZWQ0NmY3
LzEvTk4xQUp0S1E4eUFkS085b1RUeGF3VHlXN0cwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBWYgMA0G
CSqGSIb3DQEBCwUAA4IBAQA/SS7yFaxykJDBiBdltOimSgVIghngPgNiTL26zj1e
e0n3q8YSMnFykU7QrfUBs6fXAWXdtOY96gtDunPyfmbplLK82cc08Xq/vUBYAzDH
3gP+x8NnVc0CON/lpmb4J4wzO5I31E2D7/X2UHaqrlNWnP8qAnEh6gnBvTtvzc02
Mxm49Ah+Vjnq2Q7JA3kFKmNNzXSbX0tu4Fk5PNOv0szIes33QrhPWV3Rv0/FbEhi
YixHcIA/VbUeAw1PFI0t6wssM0lutLnwIWWFDsA3LA6u/xRCTWhj035EFt0jMMT5
oFl4M2+lLz/feRVz/ulLg+xj8Sq7gEnzA1mknnmtd6IE
-----END CERTIFICATE-----