This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/DnGoEH07OrfFyZtZDhuhmq7l63Q.roa
File:                     DnGoEH07OrfFyZtZDhuhmq7l63Q.roa (raw, json)
Hash identifier:          RvASjrjAR4+KVESjkpdkva+B1hUneT3sTXn2WCEBJl4=
Subject key identifier:   0E:71:A8:10:7D:3B:3A:B7:C5:C9:9B:59:0E:1B:A1:9A:AE:E5:EB:74
Certificate issuer:       /CN=583d76051017d0afa915fcfb790a00f4667b0a88
Certificate serial:       019B7DCABDA105224EB629E7B38BD4F644E1
Authority key identifier: 58:3D:76:05:10:17:D0:AF:A9:15:FC:FB:79:0A:00:F4:66:7B:0A:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/DnGoEH07OrfFyZtZDhuhmq7l63Q.roa
Signing time:             Fri 02 Jan 2026 08:19:57 +0000
ROA not before:           Fri 02 Jan 2026 08:19:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48434
IP address blocks:        94.184.92.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 15:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:bd:a1:05:22:4e:b6:29:e7:b3:8b:d4:f6:44:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=583d76051017d0afa915fcfb790a00f4667b0a88
        Validity
            Not Before: Jan  2 08:19:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0e71a8107d3b3ab7c5c99b590e1ba19aaee5eb74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:ae:90:5a:2c:35:96:08:ac:20:17:ca:96:c2:
                    26:4f:a7:a3:1b:41:8c:a8:b2:90:63:f1:80:b7:d8:
                    64:6f:fb:3c:b6:00:76:c3:91:b2:95:c4:9f:6c:00:
                    31:d1:c9:27:98:87:f7:34:eb:05:6c:1f:ea:62:c3:
                    65:a2:4a:86:22:f1:19:fb:7b:13:a4:3d:19:43:12:
                    99:7d:fa:11:51:f1:f9:26:29:9b:87:09:44:69:64:
                    1d:a4:15:8c:0c:23:f7:6e:63:86:04:1a:dd:f9:30:
                    30:3b:46:54:be:63:14:30:34:ab:53:76:ff:27:ba:
                    9e:e7:f5:5a:db:51:cd:c3:6f:dc:c5:2b:51:18:d5:
                    d9:a0:7d:15:56:e1:1d:77:bc:c6:b9:0e:ec:2e:0e:
                    31:f7:17:a1:62:97:74:7a:6c:88:c7:f5:3b:71:dc:
                    cc:ca:bf:76:07:cc:ea:02:37:d3:94:fc:55:63:5f:
                    ac:85:21:9f:1b:8f:08:0c:c3:80:9b:f6:03:fe:1b:
                    91:76:35:41:fa:55:d9:f8:a0:4a:18:c2:d0:9a:09:
                    1d:fd:14:23:e9:5f:d0:f8:ae:9f:a9:68:a1:0c:c4:
                    9b:61:2f:f0:61:51:15:03:80:53:a8:04:c1:35:c5:
                    62:42:43:34:b9:33:29:b4:00:66:35:46:06:73:af:
                    8a:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:71:A8:10:7D:3B:3A:B7:C5:C9:9B:59:0E:1B:A1:9A:AE:E5:EB:74
            X509v3 Authority Key Identifier:
                keyid:58:3D:76:05:10:17:D0:AF:A9:15:FC:FB:79:0A:00:F4:66:7B:0A:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/DnGoEH07OrfFyZtZDhuhmq7l63Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.184.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         58:e0:41:a8:f9:82:32:ed:29:2e:25:29:f1:19:27:c0:f2:10:
         e1:c3:80:e0:76:db:9c:26:06:b5:cb:1d:8f:0a:52:c2:4c:0d:
         5a:61:50:7d:6b:b2:9b:03:8e:61:19:9f:f2:33:12:8e:56:a8:
         ec:ac:9d:cb:f1:ec:3b:09:c0:e7:21:28:b9:bd:b6:e4:ef:af:
         f0:31:d1:4d:ea:a6:a6:48:e2:b2:18:45:c9:c7:b4:6c:c2:70:
         bd:fb:c2:d1:66:75:e3:25:b6:de:e2:6e:41:77:38:a3:55:a8:
         ea:45:19:e9:25:ec:2a:81:b6:6d:74:da:2c:41:ca:cd:d1:64:
         d3:41:e6:10:c7:09:98:a6:6e:f6:0e:1b:d3:0e:ba:15:0a:de:
         10:8c:7d:13:81:2f:64:6f:4c:a3:38:b3:0c:a4:4a:87:c9:90:
         3e:81:2d:4a:4a:c8:3c:e8:16:3f:0c:a4:57:d3:0a:fd:fc:e4:
         31:7a:d4:31:95:d6:67:92:42:25:fb:c0:51:7a:5d:37:f3:22:
         da:d7:3d:6e:d5:b5:1b:96:43:96:df:97:d7:20:aa:39:66:ec:
         6c:bc:b4:be:8a:08:bf:9d:88:b9:a4:64:c6:65:a4:1b:24:f4:
         2b:68:d3:34:c0:c6:f6:a1:5a:6a:55:9d:2b:92:49:d6:c9:52:
         ce:ed:bd:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yr2hBSJOtinns4vU9kThMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4M2Q3NjA1MTAxN2QwYWZhOTE1ZmNmYjc5MGEwMGY0NjY3
YjBhODgwHhcNMjYwMTAyMDgxOTU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTcxYTgxMDdkM2IzYWI3YzVjOTliNTkwZTFiYTE5YWFlZTVlYjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1a6QWiw1lgisIBfKlsImT6ejG0GM
qLKQY/GAt9hkb/s8tgB2w5GylcSfbAAx0cknmIf3NOsFbB/qYsNlokqGIvEZ+3sT
pD0ZQxKZffoRUfH5JimbhwlEaWQdpBWMDCP3bmOGBBrd+TAwO0ZUvmMUMDSrU3b/
J7qe5/Va21HNw2/cxStRGNXZoH0VVuEdd7zGuQ7sLg4x9xehYpd0emyIx/U7cdzM
yr92B8zqAjfTlPxVY1+shSGfG48IDMOAm/YD/huRdjVB+lXZ+KBKGMLQmgkd/RQj
6V/Q+K6fqWihDMSbYS/wYVEVA4BTqATBNcViQkM0uTMptABmNUYGc6+KTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA5xqBB9Ozq3xcmbWQ4boZqu5et0MB8GA1UdIwQY
MBaAFFg9dgUQF9CvqRX8+3kKAPRmewqIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0QxMkJSQVgwSy1wRmZ6N2VRb0E5R1o3Q29nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC80ZjFiMjctMzI2YS00Njc5LWE2NGIt
ZGE2MTUzODg1ZjNiLzEvRG5Hb0VIMDdPcmZGeVp0WkRodWhtcTdsNjNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC80ZjFiMjctMzI2YS00Njc5LWE2NGItZGE2MTUzODg1ZjNi
LzEvV0QxMkJSQVgwSy1wRmZ6N2VRb0E5R1o3Q29nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXrhcMA0G
CSqGSIb3DQEBCwUAA4IBAQBY4EGo+YIy7SkuJSnxGSfA8hDhw4DgdtucJga1yx2P
ClLCTA1aYVB9a7KbA45hGZ/yMxKOVqjsrJ3L8ew7CcDnISi5vbbk76/wMdFN6qam
SOKyGEXJx7RswnC9+8LRZnXjJbbe4m5BdzijVajqRRnpJewqgbZtdNosQcrN0WTT
QeYQxwmYpm72DhvTDroVCt4QjH0TgS9kb0yjOLMMpEqHyZA+gS1KSsg86BY/DKRX
0wr9/OQxetQxldZnkkIl+8BRel038yLa1z1u1bUblkOW35fXIKo5ZuxsvLS+igi/
nYi5pGTGZaQbJPQraNM0wMb2oVpqVZ0rkknWyVLO7b1q
-----END CERTIFICATE-----