This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/rDDIhE0qYfgop087nvS_8O3QtQQ.roa
File:                     rDDIhE0qYfgop087nvS_8O3QtQQ.roa (raw, json)
Hash identifier:          GNcKt07HGLjSb7pRK/gwNbmbWxAvVfknp/F4+LGsKVg=
Subject key identifier:   AC:30:C8:84:4D:2A:61:F8:28:A7:4F:3B:9E:F4:BF:F0:ED:D0:B5:04
Certificate issuer:       /CN=7f6bd1a6b04625c571d830f878b1c0238247408c
Certificate serial:       019B7DC9532AE27BC58DE3A36E9FC9AD4177
Authority key identifier: 7F:6B:D1:A6:B0:46:25:C5:71:D8:30:F8:78:B1:C0:23:82:47:40:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f2vRprBGJcVx2DD4eLHAI4JHQIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/rDDIhE0qYfgop087nvS_8O3QtQQ.roa
Signing time:             Fri 02 Jan 2026 08:18:24 +0000
ROA not before:           Fri 02 Jan 2026 08:18:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     22773
IP address blocks:        195.248.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/f2vRprBGJcVx2DD4eLHAI4JHQIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/f2vRprBGJcVx2DD4eLHAI4JHQIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f2vRprBGJcVx2DD4eLHAI4JHQIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:c9:53:2a:e2:7b:c5:8d:e3:a3:6e:9f:c9:ad:41:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7f6bd1a6b04625c571d830f878b1c0238247408c
        Validity
            Not Before: Jan  2 08:18:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ac30c8844d2a61f828a74f3b9ef4bff0edd0b504
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:45:35:1d:36:6f:18:ba:bb:f0:c6:85:5b:0e:
                    d5:0b:3b:06:1b:11:35:e8:77:ac:ee:01:52:91:62:
                    11:95:d1:63:1e:90:02:f9:c9:4e:d4:19:87:53:71:
                    e1:45:e3:cb:01:c4:e6:4c:57:50:7b:6c:9b:00:7d:
                    7e:cb:ea:68:34:1e:f5:47:86:96:68:c1:9c:ce:73:
                    74:ed:47:3c:85:70:27:93:cf:88:dc:cf:e3:94:94:
                    e2:e2:a1:15:8c:af:42:6b:2d:8d:0a:fd:11:8e:47:
                    08:8f:81:2a:76:98:e6:d0:26:5c:48:d6:37:9b:49:
                    d6:f0:a5:85:df:ad:66:2e:af:c6:a6:da:50:22:de:
                    f9:e1:8d:8f:c8:9a:c8:d8:60:37:ec:5b:e7:51:6c:
                    43:7c:af:8e:6e:fd:f5:e4:02:2d:23:29:29:2a:1c:
                    35:01:21:da:47:36:2f:88:77:ac:35:74:65:44:8e:
                    5f:b9:ee:30:f0:b1:c8:e0:ed:c3:24:14:5c:79:f4:
                    c6:3f:90:0c:01:be:cc:de:a4:b5:e4:ad:36:ff:99:
                    8a:9e:1d:c1:a2:1d:22:58:c8:20:81:18:45:2f:fe:
                    0c:9b:8d:14:0a:32:62:e6:14:07:fc:8a:88:08:40:
                    b0:6e:e8:f8:af:e6:57:97:26:fd:08:68:01:d5:4a:
                    34:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:30:C8:84:4D:2A:61:F8:28:A7:4F:3B:9E:F4:BF:F0:ED:D0:B5:04
            X509v3 Authority Key Identifier:
                keyid:7F:6B:D1:A6:B0:46:25:C5:71:D8:30:F8:78:B1:C0:23:82:47:40:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2vRprBGJcVx2DD4eLHAI4JHQIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/rDDIhE0qYfgop087nvS_8O3QtQQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/f2vRprBGJcVx2DD4eLHAI4JHQIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.248.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:31:48:b2:d8:55:81:ba:de:f5:82:d9:dd:8d:19:72:02:cd:
         af:f1:71:33:0c:45:9c:48:7b:69:e3:a2:6c:01:82:a2:7b:ea:
         b2:ab:3e:e9:32:b7:e1:1e:f2:9e:09:92:6c:b4:c3:1b:85:3e:
         9f:39:18:bf:38:09:70:34:71:aa:ce:ef:5d:ee:7a:6d:0f:26:
         cd:77:f0:d6:0f:af:ba:0a:00:43:08:33:0a:0f:34:1d:11:5d:
         4a:e9:45:36:77:e2:e2:d2:2f:73:c8:e3:5a:f7:e9:b9:80:6e:
         36:17:50:5f:a3:0d:2e:a1:eb:55:1b:73:ae:c6:48:e1:85:9a:
         48:e7:ce:04:d9:cf:fd:fe:33:22:b7:38:b9:8d:3f:17:70:84:
         f7:5c:1e:31:4c:4d:e4:86:d2:0e:bb:dc:4b:0c:46:48:b7:ff:
         3c:f3:1d:2d:c9:3a:97:61:72:8a:79:9b:47:fd:61:51:83:bc:
         05:65:90:26:82:df:a4:96:b4:20:f9:37:e7:a3:0b:ec:a9:ce:
         6f:be:55:2a:77:cf:b4:ce:dd:67:bc:ba:0e:3c:57:a6:13:10:
         59:c0:06:5a:91:69:63:1a:3e:36:f5:9a:c4:55:9e:ea:65:84:
         37:cc:36:3a:c1:ef:b7:58:01:90:73:c8:b7:d9:bb:85:ce:30:
         b0:93:32:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yVMq4nvFjeOjbp/JrUF3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmNmJkMWE2YjA0NjI1YzU3MWQ4MzBmODc4YjFjMDIzODI0
NzQwOGMwHhcNMjYwMTAyMDgxODI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzMwYzg4NDRkMmE2MWY4MjhhNzRmM2I5ZWY0YmZmMGVkZDBiNTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0U1HTZvGLq78MaFWw7VCzsGGxE1
6Hes7gFSkWIRldFjHpAC+clO1BmHU3HhRePLAcTmTFdQe2ybAH1+y+poNB71R4aW
aMGcznN07Uc8hXAnk8+I3M/jlJTi4qEVjK9Cay2NCv0RjkcIj4Eqdpjm0CZcSNY3
m0nW8KWF361mLq/GptpQIt754Y2PyJrI2GA37FvnUWxDfK+Obv315AItIykpKhw1
ASHaRzYviHesNXRlRI5fue4w8LHI4O3DJBRcefTGP5AMAb7M3qS15K02/5mKnh3B
oh0iWMgggRhFL/4Mm40UCjJi5hQH/IqICECwbuj4r+ZXlyb9CGgB1Uo0EQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKwwyIRNKmH4KKdPO570v/Dt0LUEMB8GA1UdIwQY
MBaAFH9r0aawRiXFcdgw+HixwCOCR0CMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjJ2UnByQkdKY1Z4MkRENGVMSEFJNEpIUUl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC9iYzY2ZDctNTdhYi00NzVkLTk2YmEt
ODliNmMzMjMxNWMyLzEvckRESWhFMHFZZmdvcDA4N252U184TzNRdFFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC9iYzY2ZDctNTdhYi00NzVkLTk2YmEtODliNmMzMjMxNWMy
LzEvZjJ2UnByQkdKY1Z4MkRENGVMSEFJNEpIUUl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/haMA0G
CSqGSIb3DQEBCwUAA4IBAQAdMUiy2FWBut71gtndjRlyAs2v8XEzDEWcSHtp46Js
AYKie+qyqz7pMrfhHvKeCZJstMMbhT6fORi/OAlwNHGqzu9d7nptDybNd/DWD6+6
CgBDCDMKDzQdEV1K6UU2d+Li0i9zyONa9+m5gG42F1Bfow0uoetVG3OuxkjhhZpI
584E2c/9/jMitzi5jT8XcIT3XB4xTE3khtIOu9xLDEZIt/888x0tyTqXYXKKeZtH
/WFRg7wFZZAmgt+klrQg+Tfnowvsqc5vvlUqd8+0zt1nvLoOPFemExBZwAZakWlj
Gj429ZrEVZ7qZYQ3zDY6we+3WAGQc8i32buFzjCwkzJU
-----END CERTIFICATE-----