This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/tTlSzI7mxjicVp_v871GEnga7_k.roa
File:                     tTlSzI7mxjicVp_v871GEnga7_k.roa (raw, json)
Hash identifier:          +5JSTz8MlTIQ1evd1wNUK6LkibFZp7HHUtRfu0dsIXg=
Subject key identifier:   B5:39:52:CC:8E:E6:C6:38:9C:56:9F:EF:F3:BD:46:12:78:1A:EF:F9
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       019B77C78E4C40BF8CB223674EF6AD91C3C2
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/tTlSzI7mxjicVp_v871GEnga7_k.roa
Signing time:             Thu 01 Jan 2026 04:18:45 +0000
ROA not before:           Thu 01 Jan 2026 04:18:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205355
IP address blocks:        88.220.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:8e:4c:40:bf:8c:b2:23:67:4e:f6:ad:91:c3:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 04:18:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b53952cc8ee6c6389c569feff3bd4612781aeff9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:0d:09:c1:32:9a:26:71:7a:75:65:62:a6:d0:
                    98:15:86:48:d5:a0:31:9c:2d:cf:34:2b:bf:de:e7:
                    2b:eb:96:09:2d:20:bd:42:82:15:5b:1e:2e:05:e8:
                    ff:2e:af:14:54:85:c7:a9:22:9f:64:d6:47:10:46:
                    fc:8c:63:48:78:8c:f2:47:36:07:dc:2d:fc:1b:13:
                    fb:85:52:ea:38:ee:89:a8:b2:0c:8b:66:6a:49:98:
                    08:3c:17:96:38:09:16:00:f6:90:e6:a9:2b:42:b1:
                    3b:3c:c3:3a:a8:6a:49:e9:6e:35:7e:d8:1b:b1:67:
                    2b:dc:93:22:df:31:12:13:3d:d2:21:78:37:94:c3:
                    17:39:f0:8c:99:cb:b1:90:ac:22:f0:f2:c7:72:ef:
                    96:f2:ea:ad:14:02:33:94:18:e3:06:28:f6:a8:ba:
                    05:19:7f:3c:93:75:36:f2:8e:ea:c1:9b:58:88:c2:
                    5a:a4:ac:94:de:e1:f6:8e:ae:b5:cd:c6:2d:93:1b:
                    63:0f:95:67:be:20:b8:1b:80:a4:e5:c4:ab:c7:a2:
                    36:01:38:48:fc:da:f4:89:a0:b1:59:cb:bd:27:94:
                    80:64:00:6a:30:c2:f0:51:d0:e9:d2:d4:81:57:b6:
                    9b:3c:b4:80:26:ae:b8:1e:39:ad:95:22:81:dd:5f:
                    47:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:39:52:CC:8E:E6:C6:38:9C:56:9F:EF:F3:BD:46:12:78:1A:EF:F9
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/tTlSzI7mxjicVp_v871GEnga7_k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.220.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:65:ac:e9:3f:b2:f7:42:33:f0:66:a7:6a:d9:1f:b3:f5:2d:
         87:92:d3:43:bc:0e:cb:21:ef:4e:b8:ae:03:2e:96:3d:a9:0c:
         60:43:7b:4f:30:34:e9:59:42:6e:b2:d5:ad:d9:f1:d5:7f:c0:
         5d:9d:f8:80:12:4a:3b:f5:f8:ba:31:95:7f:c2:99:60:c7:cd:
         6c:07:4e:a7:66:13:dd:88:8a:e7:29:75:da:28:af:06:75:a2:
         e2:33:3b:96:cb:2a:ab:7f:9e:70:c2:89:ec:29:43:33:f5:f8:
         d9:82:89:46:10:64:a4:57:a3:a2:75:c5:77:a7:0f:41:4f:13:
         29:2d:f5:ef:8a:0a:3f:ae:96:fd:69:78:90:51:4d:53:7a:6a:
         10:a4:83:61:94:42:f6:bf:9e:b9:f4:02:5e:8b:e0:4f:e1:5c:
         ae:f6:b2:59:13:f2:7b:f7:42:f3:88:28:e1:98:b8:cc:ce:c6:
         75:bd:68:e6:38:f5:17:a9:39:ee:17:2c:d3:d9:b8:8f:6d:b7:
         56:84:86:19:b8:eb:46:b0:95:85:2e:aa:6e:06:5d:fd:5d:fe:
         18:ce:fe:19:3f:0f:a2:12:db:86:56:ca:57:78:e7:64:4d:dc:
         ca:46:1d:db:2d:66:ca:35:aa:3b:aa:d7:a2:da:36:b0:fd:c8:
         9d:cb:3f:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3x45MQL+MsiNnTvatkcPCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjYwMTAxMDQxODQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTM5NTJjYzhlZTZjNjM4OWM1NjlmZWZmM2JkNDYxMjc4MWFlZmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtw0JwTKaJnF6dWViptCYFYZI1aAx
nC3PNCu/3ucr65YJLSC9QoIVWx4uBej/Lq8UVIXHqSKfZNZHEEb8jGNIeIzyRzYH
3C38GxP7hVLqOO6JqLIMi2ZqSZgIPBeWOAkWAPaQ5qkrQrE7PMM6qGpJ6W41ftgb
sWcr3JMi3zESEz3SIXg3lMMXOfCMmcuxkKwi8PLHcu+W8uqtFAIzlBjjBij2qLoF
GX88k3U28o7qwZtYiMJapKyU3uH2jq61zcYtkxtjD5VnviC4G4Ck5cSrx6I2AThI
/Nr0iaCxWcu9J5SAZABqMMLwUdDp0tSBV7abPLSAJq64HjmtlSKB3V9HnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLU5UsyO5sY4nFaf7/O9RhJ4Gu/5MB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvdFRsU3pJN214amljVnBfdjg3MUdFbmdhN19rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNxeMA0G
CSqGSIb3DQEBCwUAA4IBAQATZazpP7L3QjPwZqdq2R+z9S2HktNDvA7LIe9OuK4D
LpY9qQxgQ3tPMDTpWUJustWt2fHVf8BdnfiAEko79fi6MZV/wplgx81sB06nZhPd
iIrnKXXaKK8GdaLiMzuWyyqrf55wwonsKUMz9fjZgolGEGSkV6OidcV3pw9BTxMp
LfXvigo/rpb9aXiQUU1TemoQpINhlEL2v5659AJei+BP4Vyu9rJZE/J790LziCjh
mLjMzsZ1vWjmOPUXqTnuFyzT2biPbbdWhIYZuOtGsJWFLqpuBl39Xf4Yzv4ZPw+i
EtuGVspXeOdkTdzKRh3bLWbKNao7qtei2jaw/cidyz9f
-----END CERTIFICATE-----