This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/JKDe6ScGUf5knBKSEZ3INxcpX_k.roa
File:                     JKDe6ScGUf5knBKSEZ3INxcpX_k.roa (raw, json)
Hash identifier:          cP1FQRZP0bYy6TqBtYSmhv38p8stWSoSv7D1CesDGKo=
Subject key identifier:   24:A0:DE:E9:27:06:51:FE:64:9C:12:92:11:9D:C8:37:17:29:5F:F9
Certificate issuer:       /CN=4104a40821c4176cc42e255ef6c1727473c3f00a
Certificate serial:       019B7FF271B2348727E471EA539847F60D49
Authority key identifier: 41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/JKDe6ScGUf5knBKSEZ3INxcpX_k.roa
Signing time:             Fri 02 Jan 2026 18:22:33 +0000
ROA not before:           Fri 02 Jan 2026 18:22:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41803
IP address blocks:        194.12.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 21:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f2:71:b2:34:87:27:e4:71:ea:53:98:47:f6:0d:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4104a40821c4176cc42e255ef6c1727473c3f00a
        Validity
            Not Before: Jan  2 18:22:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=24a0dee9270651fe649c1292119dc83717295ff9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:88:97:1a:81:0f:64:b8:5c:8a:57:a9:48:3e:
                    78:16:42:b2:8f:95:54:a8:28:9f:3f:76:44:9d:79:
                    a6:8a:b7:91:3b:38:3a:ec:ed:f0:d0:8c:f8:95:20:
                    53:40:bb:8c:34:5c:66:57:6c:3c:ac:fb:df:ce:91:
                    d0:38:ab:80:88:6a:7a:55:50:7f:8c:f8:e6:d4:2c:
                    34:84:27:90:a5:b2:c4:05:22:cf:15:39:4f:d7:6a:
                    0a:02:60:e9:33:5f:9d:e3:72:b9:cb:d6:50:90:11:
                    13:23:1f:c1:75:0f:db:f1:ba:54:54:56:03:9c:5a:
                    73:c5:fa:55:c1:ff:34:bb:5f:42:e5:12:7c:35:5a:
                    e3:d0:08:65:7a:ff:2b:03:a2:66:ad:56:be:00:a8:
                    b0:bf:a9:54:9b:98:2d:19:76:a5:79:13:9f:43:a6:
                    c9:24:d0:9d:87:54:c5:98:a6:f1:53:1a:20:37:ee:
                    b5:5a:fb:b8:78:7d:c8:4b:f9:cf:16:3d:07:db:7f:
                    52:61:01:6f:91:67:25:f8:f4:9e:4f:ee:7b:90:11:
                    0d:e9:cb:af:93:94:21:51:dd:cc:14:e3:ae:45:0d:
                    96:ba:7f:2b:68:bb:aa:36:0f:01:8c:51:ea:56:99:
                    73:8a:32:6f:4e:2e:5d:75:4d:84:a9:20:00:20:4f:
                    48:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:A0:DE:E9:27:06:51:FE:64:9C:12:92:11:9D:C8:37:17:29:5F:F9
            X509v3 Authority Key Identifier:
                keyid:41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/JKDe6ScGUf5knBKSEZ3INxcpX_k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.12.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:09:7b:57:c6:fd:72:d6:d8:2e:31:e9:23:be:23:6a:ee:1a:
         de:ee:f4:1e:70:90:4f:75:45:e3:46:fe:96:a8:8b:61:ae:09:
         8c:24:e6:d9:84:71:e2:86:18:db:fc:30:f3:a2:c4:91:c4:e6:
         81:78:4e:77:bd:aa:4a:ea:ad:09:0e:6e:1d:39:e3:e3:65:58:
         7b:5a:bb:8a:bf:f1:bd:fd:27:78:b4:ca:1e:2e:eb:d0:73:71:
         d3:36:4f:55:0a:f8:ca:6a:6f:f7:53:c0:d3:7d:93:62:63:5e:
         37:3d:91:1b:23:5d:a9:a9:16:57:9f:08:ca:31:41:7d:64:9b:
         28:19:64:ef:eb:16:d6:20:d0:00:b9:29:c4:fb:69:aa:c7:e3:
         54:c0:35:d5:2e:72:fe:72:ce:a1:d5:8e:35:c9:dc:4d:0d:ea:
         9c:b3:54:31:b8:e6:1f:8c:cd:fb:2f:ff:0f:00:1e:e5:8d:72:
         cc:27:f9:aa:01:be:b1:ca:c7:2b:cb:70:ca:d3:82:b0:e6:cb:
         3c:11:28:f0:fe:ad:31:49:cb:97:c3:0b:ef:b8:75:a5:8a:bd:
         ba:bc:65:b9:9d:72:05:6d:b8:b9:da:34:b9:22:23:b7:5d:7f:
         16:85:4f:1b:6c:c3:5e:18:2e:ba:67:d0:83:44:5a:4b:0b:cf:
         90:1b:7f:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/8nGyNIcn5HHqU5hH9g1JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMDRhNDA4MjFjNDE3NmNjNDJlMjU1ZWY2YzE3Mjc0NzNj
M2YwMGEwHhcNMjYwMTAyMTgyMjMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGEwZGVlOTI3MDY1MWZlNjQ5YzEyOTIxMTlkYzgzNzE3Mjk1ZmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyIiXGoEPZLhcilepSD54FkKyj5VU
qCifP3ZEnXmmireROzg67O3w0Iz4lSBTQLuMNFxmV2w8rPvfzpHQOKuAiGp6VVB/
jPjm1Cw0hCeQpbLEBSLPFTlP12oKAmDpM1+d43K5y9ZQkBETIx/BdQ/b8bpUVFYD
nFpzxfpVwf80u19C5RJ8NVrj0Ahlev8rA6JmrVa+AKiwv6lUm5gtGXaleROfQ6bJ
JNCdh1TFmKbxUxogN+61Wvu4eH3IS/nPFj0H239SYQFvkWcl+PSeT+57kBEN6cuv
k5QhUd3MFOOuRQ2Wun8raLuqNg8BjFHqVplzijJvTi5ddU2EqSAAIE9I4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCSg3uknBlH+ZJwSkhGdyDcXKV/5MB8GA1UdIwQY
MBaAFEEEpAghxBdsxC4lXvbBcnRzw/AKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMt
YjI3ZDZlMjc4ZTE4LzEvSktEZTZTY0dVZjVrbkJLU0VaM0lOeGNwWF9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMtYjI3ZDZlMjc4ZTE4
LzEvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgz3MA0G
CSqGSIb3DQEBCwUAA4IBAQAGCXtXxv1y1tguMekjviNq7hre7vQecJBPdUXjRv6W
qIthrgmMJObZhHHihhjb/DDzosSRxOaBeE53vapK6q0JDm4dOePjZVh7WruKv/G9
/Sd4tMoeLuvQc3HTNk9VCvjKam/3U8DTfZNiY143PZEbI12pqRZXnwjKMUF9ZJso
GWTv6xbWINAAuSnE+2mqx+NUwDXVLnL+cs6h1Y41ydxNDeqcs1QxuOYfjM37L/8P
AB7ljXLMJ/mqAb6xyscry3DK04Kw5ss8ESjw/q0xScuXwwvvuHWlir26vGW5nXIF
bbi52jS5IiO3XX8WhU8bbMNeGC66Z9CDRFpLC8+QG38X
-----END CERTIFICATE-----