This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/iI_SDTDKoORMx-kq45a1qjOTuZk.roa
File:                     iI_SDTDKoORMx-kq45a1qjOTuZk.roa (raw, json)
Hash identifier:          J2K/cush+bx+VMhqbDSKLYwVdG3Sbi2stgQnJe6Lx8g=
Subject key identifier:   88:8F:D2:0D:30:CA:A0:E4:4C:C7:E9:2A:E3:96:B5:AA:33:93:B9:99
Certificate issuer:       /CN=4cf8ffc088591e4f243baafa21b4298bfb366026
Certificate serial:       019B7C11FE30D6413E48DF5A385B0FAF991A
Authority key identifier: 4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/iI_SDTDKoORMx-kq45a1qjOTuZk.roa
Signing time:             Fri 02 Jan 2026 00:18:32 +0000
ROA not before:           Fri 02 Jan 2026 00:18:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     394265
IP address blocks:        80.169.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 10:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:11:fe:30:d6:41:3e:48:df:5a:38:5b:0f:af:99:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cf8ffc088591e4f243baafa21b4298bfb366026
        Validity
            Not Before: Jan  2 00:18:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=888fd20d30caa0e44cc7e92ae396b5aa3393b999
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:31:b4:9c:df:e8:94:a3:92:85:d2:e3:1e:0f:
                    47:e8:ba:be:86:f1:8d:41:ef:28:05:71:e4:f9:31:
                    98:a9:c0:39:22:a6:87:13:2d:f6:6c:d2:44:87:6c:
                    4d:8d:19:e1:8b:fe:ac:2e:c2:d3:c6:5c:a0:b3:ac:
                    f0:bb:d7:ae:05:18:41:44:32:c8:6e:2a:d7:fc:8c:
                    8a:78:55:5a:3b:d0:74:a8:ed:d2:61:3d:08:6c:4c:
                    e9:ab:32:85:00:6c:3b:dd:0d:75:b8:2d:09:bb:49:
                    17:44:ef:37:47:ab:09:e0:3a:e1:13:bf:67:a1:31:
                    b7:68:a9:e4:56:b1:21:cb:a3:b6:22:8f:2b:1e:55:
                    94:7f:9d:bf:5b:df:bc:15:af:c4:5f:85:2b:64:fb:
                    12:5d:a7:0c:da:27:67:1f:df:f4:93:05:e7:7c:b2:
                    e7:42:5e:4a:6c:33:43:01:6f:fa:64:1f:59:20:77:
                    d3:92:7e:b2:33:37:47:8f:7d:e2:13:9e:a2:61:61:
                    ce:49:a7:6b:3f:68:24:5b:a4:87:26:c1:d2:57:17:
                    4e:dd:c1:e1:c8:5d:61:e5:ac:d7:18:5f:2e:42:20:
                    93:f3:d1:6d:86:39:63:e0:d8:bf:6e:dd:d0:cd:c1:
                    e6:2f:35:a8:9f:da:c1:1e:8d:96:67:e3:e6:29:da:
                    bf:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:8F:D2:0D:30:CA:A0:E4:4C:C7:E9:2A:E3:96:B5:AA:33:93:B9:99
            X509v3 Authority Key Identifier:
                keyid:4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/iI_SDTDKoORMx-kq45a1qjOTuZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.169.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:7b:ca:0a:e3:11:91:c7:8f:c4:0f:30:15:fa:af:e3:e4:79:
         cb:d8:b0:44:32:b4:fb:c1:16:36:06:88:aa:ae:84:d4:98:11:
         0d:79:fa:d2:93:1f:e9:8e:57:6a:c4:c5:f9:e6:55:a0:de:1b:
         13:fd:1b:7a:ef:b0:f7:1a:45:fe:70:25:80:14:7a:9a:f6:15:
         ef:67:09:91:c2:60:3d:1f:87:9a:be:5e:09:89:69:d7:04:f9:
         c6:f1:fa:b8:dd:24:8e:fb:67:02:d4:a3:95:fe:ee:43:e1:4e:
         08:85:ef:a0:f2:bd:ae:26:36:33:fd:bd:3f:75:3c:dd:ec:d3:
         5d:d9:35:f4:a4:0f:b7:66:e3:e3:52:bc:b2:b9:1a:8f:11:25:
         b6:b2:20:3f:c8:1e:15:b1:53:0e:81:64:ec:82:dc:1f:c7:d9:
         98:ee:ff:85:00:b9:01:86:aa:0f:42:7c:b8:cb:7a:38:c1:76:
         f8:61:1f:56:d2:85:86:2b:c0:96:c2:22:35:06:17:75:ce:a8:
         f3:a5:69:0a:2a:9c:1c:b1:d9:15:b0:6d:63:2e:cf:c6:a8:2c:
         4b:f3:2c:81:4e:b2:e9:5b:95:b1:77:9e:7a:6d:f4:23:97:be:
         b1:63:b3:f4:c4:b3:05:af:8b:10:f1:c5:7d:2a:24:4f:58:c3:
         78:56:06:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8Ef4w1kE+SN9aOFsPr5kaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZjhmZmMwODg1OTFlNGYyNDNiYWFmYTIxYjQyOThiZmIz
NjYwMjYwHhcNMjYwMTAyMDAxODMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODhmZDIwZDMwY2FhMGU0NGNjN2U5MmFlMzk2YjVhYTMzOTNiOTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxTG0nN/olKOShdLjHg9H6Lq+hvGN
Qe8oBXHk+TGYqcA5IqaHEy32bNJEh2xNjRnhi/6sLsLTxlygs6zwu9euBRhBRDLI
birX/IyKeFVaO9B0qO3SYT0IbEzpqzKFAGw73Q11uC0Ju0kXRO83R6sJ4DrhE79n
oTG3aKnkVrEhy6O2Io8rHlWUf52/W9+8Fa/EX4UrZPsSXacM2idnH9/0kwXnfLLn
Ql5KbDNDAW/6ZB9ZIHfTkn6yMzdHj33iE56iYWHOSadrP2gkW6SHJsHSVxdO3cHh
yF1h5azXGF8uQiCT89Fthjlj4Ni/bt3QzcHmLzWon9rBHo2WZ+PmKdq/MwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIiP0g0wyqDkTMfpKuOWtaozk7mZMB8GA1UdIwQY
MBaAFEz4/8CIWR5PJDuq+iG0KYv7NmAmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMt
YjNiNzhiMGI2NmVhLzEvaUlfU0RUREtvT1JNeC1rcTQ1YTFxak9UdVprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMtYjNiNzhiMGI2NmVh
LzEvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUKkTMA0G
CSqGSIb3DQEBCwUAA4IBAQAke8oK4xGRx4/EDzAV+q/j5HnL2LBEMrT7wRY2Boiq
roTUmBENefrSkx/pjldqxMX55lWg3hsT/Rt677D3GkX+cCWAFHqa9hXvZwmRwmA9
H4eavl4JiWnXBPnG8fq43SSO+2cC1KOV/u5D4U4Ihe+g8r2uJjYz/b0/dTzd7NNd
2TX0pA+3ZuPjUryyuRqPESW2siA/yB4VsVMOgWTsgtwfx9mY7v+FALkBhqoPQny4
y3o4wXb4YR9W0oWGK8CWwiI1Bhd1zqjzpWkKKpwcsdkVsG1jLs/GqCxL8yyBTrLp
W5Wxd556bfQjl76xY7P0xLMFr4sQ8cV9KiRPWMN4VgY/
-----END CERTIFICATE-----