This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/nZ1DkcZdTC3mKcQbBnrBFdYhngI.roa
File:                     nZ1DkcZdTC3mKcQbBnrBFdYhngI.roa (raw, json)
Hash identifier:          0lUBHZEaAqmtE/2C0vKcSqo4gOsqo3rWCELqUkwCXtk=
Subject key identifier:   9D:9D:43:91:C6:5D:4C:2D:E6:29:C4:1B:06:7A:C1:15:D6:21:9E:02
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       019B77C789A669821DC47A354333292532C2
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/nZ1DkcZdTC3mKcQbBnrBFdYhngI.roa
Signing time:             Thu 01 Jan 2026 04:18:44 +0000
ROA not before:           Thu 01 Jan 2026 04:18:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201904
IP address blocks:        88.220.82.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:89:a6:69:82:1d:c4:7a:35:43:33:29:25:32:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 04:18:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9d9d4391c65d4c2de629c41b067ac115d6219e02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:5f:88:da:b2:b9:d9:73:45:e0:63:22:d4:73:
                    7e:7e:2a:27:08:12:a0:a2:07:7f:17:54:90:30:51:
                    e9:16:7b:ec:ca:23:84:5b:da:f7:89:88:a4:be:56:
                    f0:4d:34:53:68:b6:98:91:cd:10:28:bf:99:ab:c6:
                    81:94:3a:01:42:2e:23:9f:90:90:6c:eb:79:38:33:
                    4c:ed:93:e4:b2:af:c7:6b:eb:ba:8f:07:2e:a8:e1:
                    22:80:d8:9b:e4:8f:38:7c:10:5f:5b:c8:58:59:6a:
                    e7:8d:ca:46:60:bc:bc:a2:86:c6:9e:b6:3c:2a:0e:
                    77:9a:dd:69:10:eb:bf:b1:a9:8b:ca:14:d2:97:e7:
                    07:4d:a3:9d:16:43:44:5d:ef:ed:98:56:b2:d7:61:
                    05:7d:55:3b:24:22:06:c5:37:46:9b:64:a8:84:24:
                    5f:cf:b8:7e:f5:66:c5:e7:fd:9f:2d:54:35:3e:6e:
                    9b:00:ff:17:63:10:ff:23:ea:a9:cd:69:16:18:c4:
                    30:ec:35:1b:7b:f1:b7:6e:2e:a1:16:59:e1:26:0b:
                    7c:38:4b:87:59:f8:e0:5c:69:6e:6a:45:4e:c1:f6:
                    71:46:6e:79:ac:59:bd:99:eb:dc:47:36:f8:04:23:
                    25:a8:8f:81:98:de:d7:0b:a3:29:12:75:26:57:01:
                    62:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:9D:43:91:C6:5D:4C:2D:E6:29:C4:1B:06:7A:C1:15:D6:21:9E:02
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/nZ1DkcZdTC3mKcQbBnrBFdYhngI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.220.82.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0c:a3:0c:4b:19:8a:53:f6:26:cf:fb:37:cd:b0:26:7e:f1:38:
         ab:b4:50:67:fe:3e:b8:72:a9:c7:98:fc:ff:ae:e3:a9:4b:20:
         34:a6:2c:61:17:7c:2b:65:be:20:92:85:44:3f:2d:ae:8a:96:
         15:59:73:f8:72:0d:51:55:c6:1d:d9:4b:49:8a:f2:2f:c0:b1:
         3e:ef:2a:fc:0d:0c:12:1d:69:cb:6d:aa:ff:d9:84:d4:8d:5e:
         f4:8b:53:13:07:2a:ce:76:ba:43:ef:99:48:7b:29:d4:86:98:
         54:10:2c:39:db:f0:40:55:8a:8a:e4:29:d8:28:60:8c:b3:12:
         fe:ac:70:ba:0a:54:35:e5:80:11:89:b6:0c:70:77:a5:7f:80:
         9c:64:5e:c8:e4:17:8d:83:11:9e:4e:91:b0:ad:71:9e:46:bc:
         b6:b1:7e:d2:2f:4a:8b:b5:63:37:70:dc:11:88:a7:ab:2d:d3:
         ac:70:0e:0d:2a:b2:43:77:69:5e:1c:75:5b:6e:d0:2a:9d:77:
         33:f7:1d:41:c2:83:66:46:fb:54:b1:c6:5d:c0:f9:1b:9e:75:
         0c:a3:df:5b:d1:83:fc:cc:ad:80:98:d0:56:37:8d:73:6f:43:
         72:df:ff:8f:2a:18:28:1b:bf:31:ac:5b:87:32:1f:2b:6f:6f:
         10:03:c8:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3x4mmaYIdxHo1QzMpJTLCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjYwMTAxMDQxODQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDlkNDM5MWM2NWQ0YzJkZTYyOWM0MWIwNjdhYzExNWQ2MjE5ZTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwF+I2rK52XNF4GMi1HN+fionCBKg
ogd/F1SQMFHpFnvsyiOEW9r3iYikvlbwTTRTaLaYkc0QKL+Zq8aBlDoBQi4jn5CQ
bOt5ODNM7ZPksq/Ha+u6jwcuqOEigNib5I84fBBfW8hYWWrnjcpGYLy8oobGnrY8
Kg53mt1pEOu/samLyhTSl+cHTaOdFkNEXe/tmFay12EFfVU7JCIGxTdGm2SohCRf
z7h+9WbF5/2fLVQ1Pm6bAP8XYxD/I+qpzWkWGMQw7DUbe/G3bi6hFlnhJgt8OEuH
WfjgXGluakVOwfZxRm55rFm9mevcRzb4BCMlqI+BmN7XC6MpEnUmVwFiDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ2dQ5HGXUwt5inEGwZ6wRXWIZ4CMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvbloxRGtjWmRUQzNtS2NRYkJuckJGZFlobmdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWNxSMA0G
CSqGSIb3DQEBCwUAA4IBAQAMowxLGYpT9ibP+zfNsCZ+8TirtFBn/j64cqnHmPz/
ruOpSyA0pixhF3wrZb4gkoVEPy2uipYVWXP4cg1RVcYd2UtJivIvwLE+7yr8DQwS
HWnLbar/2YTUjV70i1MTByrOdrpD75lIeynUhphUECw52/BAVYqK5CnYKGCMsxL+
rHC6ClQ15YARibYMcHelf4CcZF7I5BeNgxGeTpGwrXGeRry2sX7SL0qLtWM3cNwR
iKerLdOscA4NKrJDd2leHHVbbtAqnXcz9x1BwoNmRvtUscZdwPkbnnUMo99b0YP8
zK2AmNBWN41zb0Ny3/+PKhgoG78xrFuHMh8rb28QA8iU
-----END CERTIFICATE-----