This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/c9ebb2-851d-4578-a879-c29bf25d266e/1/_96Euvo05bQiTFxZBzxImx3S1Qo.roa
File:                     _96Euvo05bQiTFxZBzxImx3S1Qo.roa (raw, json)
Hash identifier:          8USkhhFs2laMuIgluBHy8qGwUIcnnc8iCXVDlvT0OTc=
Subject key identifier:   FF:DE:84:BA:FA:34:E5:B4:22:4C:5C:59:07:3C:48:9B:1D:D2:D5:0A
Certificate issuer:       /CN=8888818c4ecf1d5deb4ea93667470a7a114d9a07
Certificate serial:       019B76EB15D6076F095D3DDD10F8B0089EC6
Authority key identifier: 88:88:81:8C:4E:CF:1D:5D:EB:4E:A9:36:67:47:0A:7A:11:4D:9A:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iIiBjE7PHV3rTqk2Z0cKehFNmgc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/c9ebb2-851d-4578-a879-c29bf25d266e/1/_96Euvo05bQiTFxZBzxImx3S1Qo.roa
Signing time:             Thu 01 Jan 2026 00:17:56 +0000
ROA not before:           Thu 01 Jan 2026 00:17:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     559
IP address blocks:        192.33.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/c9ebb2-851d-4578-a879-c29bf25d266e/1/iIiBjE7PHV3rTqk2Z0cKehFNmgc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/c9ebb2-851d-4578-a879-c29bf25d266e/1/iIiBjE7PHV3rTqk2Z0cKehFNmgc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iIiBjE7PHV3rTqk2Z0cKehFNmgc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:15:d6:07:6f:09:5d:3d:dd:10:f8:b0:08:9e:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8888818c4ecf1d5deb4ea93667470a7a114d9a07
        Validity
            Not Before: Jan  1 00:17:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ffde84bafa34e5b4224c5c59073c489b1dd2d50a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:7f:f0:c0:8f:31:e6:ba:40:e8:f9:a8:84:72:
                    72:2d:77:5c:b8:c1:db:87:9c:5c:71:3a:91:a1:c4:
                    de:e0:4d:88:35:62:54:c9:8c:06:0b:6d:02:6c:33:
                    c1:15:d4:c6:8f:04:06:cd:d5:5a:b3:ab:d8:2e:94:
                    40:41:97:b3:c5:da:b9:47:60:f7:ce:6c:2c:95:aa:
                    35:78:c6:64:02:a0:37:7e:4d:df:4e:7a:8f:ec:6c:
                    2b:59:e8:f9:c8:08:33:b1:12:e1:64:52:78:fd:7f:
                    7a:bf:89:e6:a4:1d:bc:77:cd:e7:b8:6d:56:66:19:
                    bc:10:79:62:31:57:2c:7f:73:af:0e:d9:60:3f:80:
                    21:e1:0f:4c:c9:88:76:58:54:f3:f3:71:76:4c:19:
                    14:f1:cc:7c:5b:6c:08:2c:86:be:61:42:b1:e8:17:
                    8b:25:16:cb:4e:4a:76:55:dd:bf:28:a1:81:05:af:
                    a8:f4:d3:5c:fc:69:b4:f5:d5:9f:d2:24:77:15:15:
                    b8:1f:35:bb:a2:de:59:76:bb:2a:09:80:b7:3b:bf:
                    9a:e4:8e:ff:62:11:cc:bc:12:00:06:c1:63:fb:d2:
                    c6:12:a1:7a:26:47:30:d0:ab:b7:98:b4:c9:b0:2a:
                    2c:94:b1:30:75:70:8b:a4:d5:d7:f1:ef:37:96:c6:
                    69:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:DE:84:BA:FA:34:E5:B4:22:4C:5C:59:07:3C:48:9B:1D:D2:D5:0A
            X509v3 Authority Key Identifier:
                keyid:88:88:81:8C:4E:CF:1D:5D:EB:4E:A9:36:67:47:0A:7A:11:4D:9A:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iIiBjE7PHV3rTqk2Z0cKehFNmgc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c9ebb2-851d-4578-a879-c29bf25d266e/1/_96Euvo05bQiTFxZBzxImx3S1Qo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c9ebb2-851d-4578-a879-c29bf25d266e/1/iIiBjE7PHV3rTqk2Z0cKehFNmgc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.33.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:ac:42:f9:30:df:3e:bc:a9:22:bb:75:a5:64:82:c9:06:74:
         65:3e:ba:72:e5:4c:4e:c2:4c:b0:1a:bd:27:69:f7:8c:e9:7c:
         b9:28:38:9d:6a:6b:98:c7:48:f2:16:57:71:f4:15:7e:c0:f5:
         54:12:4a:8a:b3:ff:93:74:e7:c5:fc:18:8a:d2:3f:84:44:21:
         2f:cf:03:eb:f0:72:72:72:d6:56:a2:11:b2:f6:2b:e5:39:8e:
         16:23:7a:91:2f:65:50:0e:50:4b:64:3e:eb:e1:82:1d:2e:e7:
         21:3b:31:17:f0:e3:2f:9f:dd:87:37:29:55:47:eb:d0:1f:f1:
         60:f4:b3:a2:66:ee:fd:2e:5f:5c:5f:b3:71:db:b5:ff:e6:27:
         50:94:75:64:06:29:ac:56:91:58:7f:36:31:5f:5d:61:52:53:
         9a:a0:14:38:d5:bf:57:86:df:88:0f:a5:86:79:d6:31:3b:7e:
         17:52:34:22:8f:41:8e:9b:54:79:49:b7:4f:b1:0a:89:a3:3e:
         97:8d:60:32:be:c2:ba:11:52:bd:07:9d:91:5f:98:00:ba:e1:
         7f:e1:8f:98:97:10:68:fd:4c:6f:2d:73:fa:e4:3f:2b:83:d5:
         e9:22:ab:b9:37:a6:57:ce:2d:cc:7f:86:a3:18:31:5e:8c:f0:
         86:cd:e1:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26xXWB28JXT3dEPiwCJ7GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4ODg4MThjNGVjZjFkNWRlYjRlYTkzNjY3NDcwYTdhMTE0
ZDlhMDcwHhcNMjYwMTAxMDAxNzU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmRlODRiYWZhMzRlNWI0MjI0YzVjNTkwNzNjNDg5YjFkZDJkNTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6X/wwI8x5rpA6PmohHJyLXdcuMHb
h5xccTqRocTe4E2INWJUyYwGC20CbDPBFdTGjwQGzdVas6vYLpRAQZezxdq5R2D3
zmwslao1eMZkAqA3fk3fTnqP7GwrWej5yAgzsRLhZFJ4/X96v4nmpB28d83nuG1W
Zhm8EHliMVcsf3OvDtlgP4Ah4Q9MyYh2WFTz83F2TBkU8cx8W2wILIa+YUKx6BeL
JRbLTkp2Vd2/KKGBBa+o9NNc/Gm09dWf0iR3FRW4HzW7ot5ZdrsqCYC3O7+a5I7/
YhHMvBIABsFj+9LGEqF6Jkcw0Ku3mLTJsCoslLEwdXCLpNXX8e83lsZpmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP/ehLr6NOW0IkxcWQc8SJsd0tUKMB8GA1UdIwQY
MBaAFIiIgYxOzx1d606pNmdHCnoRTZoHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUlpQmpFN1BIVjNyVHFrMlowY0tlaEZObWdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9jOWViYjItODUxZC00NTc4LWE4Nzkt
YzI5YmYyNWQyNjZlLzEvXzk2RXV2bzA1YlFpVEZ4WkJ6eElteDNTMVFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9jOWViYjItODUxZC00NTc4LWE4NzktYzI5YmYyNWQyNjZl
LzEvaUlpQmpFN1BIVjNyVHFrMlowY0tlaEZObWdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwCHdMA0G
CSqGSIb3DQEBCwUAA4IBAQCFrEL5MN8+vKkiu3WlZILJBnRlPrpy5UxOwkywGr0n
afeM6Xy5KDidamuYx0jyFldx9BV+wPVUEkqKs/+TdOfF/BiK0j+ERCEvzwPr8HJy
ctZWohGy9ivlOY4WI3qRL2VQDlBLZD7r4YIdLuchOzEX8OMvn92HNylVR+vQH/Fg
9LOiZu79Ll9cX7Nx27X/5idQlHVkBimsVpFYfzYxX11hUlOaoBQ41b9Xht+ID6WG
edYxO34XUjQij0GOm1R5SbdPsQqJoz6XjWAyvsK6EVK9B52RX5gAuuF/4Y+YlxBo
/UxvLXP65D8rg9XpIqu5N6ZXzi3Mf4ajGDFejPCGzeEV
-----END CERTIFICATE-----