This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ORxxC24sCY0h1f4plwfDjC5lq9U.roa
File:                     ORxxC24sCY0h1f4plwfDjC5lq9U.roa (raw, json)
Hash identifier:          AtBhDZIspJ1oorUjQ02FHrS7QfctW+sPkIqjHFIkNhU=
Subject key identifier:   39:1C:71:0B:6E:2C:09:8D:21:D5:FE:29:97:07:C3:8C:2E:65:AB:D5
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019B7A5A998D2BFD733A2F27A63B5D467E3B
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ORxxC24sCY0h1f4plwfDjC5lq9U.roa
Signing time:             Thu 01 Jan 2026 16:18:36 +0000
ROA not before:           Thu 01 Jan 2026 16:18:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14445
IP address blocks:        82.152.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 04:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:99:8d:2b:fd:73:3a:2f:27:a6:3b:5d:46:7e:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 16:18:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=391c710b6e2c098d21d5fe299707c38c2e65abd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:ae:22:a3:93:fa:0c:69:9b:5f:3e:9a:b9:f1:
                    7a:f8:2b:61:d6:26:fd:41:e9:3d:b3:04:5b:fa:86:
                    03:75:1f:33:26:6b:b0:fb:46:ee:1b:42:73:96:67:
                    25:12:fc:73:6c:f7:de:89:55:8d:b2:4e:99:84:97:
                    a6:c7:fd:fe:60:dc:7e:3a:96:9b:a3:71:24:f5:ef:
                    2e:32:ea:b2:ff:a3:b5:79:26:1e:2e:ef:49:ba:d5:
                    c9:3a:0d:28:ea:db:22:a6:4c:08:b1:66:45:b5:84:
                    b8:b0:aa:f8:09:70:02:e2:4e:de:ca:4f:ff:1b:94:
                    76:e6:5b:55:a6:40:97:35:b4:dc:1e:07:84:ee:9e:
                    97:e1:ef:ae:4c:9a:2e:bc:85:4c:b9:3e:5b:ec:eb:
                    f6:b8:37:6f:38:c6:27:a9:bd:60:48:0c:f1:8d:98:
                    66:c1:10:08:59:08:27:a2:35:18:8d:d1:94:d6:de:
                    25:49:b9:cd:80:82:e8:90:b0:ba:24:e7:1f:57:39:
                    49:bf:4e:84:ad:ba:15:ab:61:d2:c8:fe:3f:e9:c2:
                    b3:6b:1e:20:d4:d9:3f:3c:32:a3:b3:e6:98:30:d2:
                    df:39:ba:5c:3a:0b:5c:e6:0f:b3:00:e7:d8:54:32:
                    8f:d7:85:08:6f:bb:f8:fb:0a:4d:f4:89:48:07:30:
                    0f:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:1C:71:0B:6E:2C:09:8D:21:D5:FE:29:97:07:C3:8C:2E:65:AB:D5
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ORxxC24sCY0h1f4plwfDjC5lq9U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:72:2d:70:49:69:11:4a:10:a5:ea:2a:fe:62:35:3e:8a:18:
         3e:a0:d9:8f:4d:7d:c7:75:98:e3:c7:86:d4:c2:c5:5e:96:67:
         46:a6:0d:e3:33:e9:b9:9a:27:91:a4:8f:83:be:cb:f1:93:26:
         89:57:40:2e:0d:d2:f0:3a:3b:78:07:2d:b4:56:34:b1:05:b5:
         ac:1a:34:ac:e0:21:83:03:77:1e:27:dd:ec:66:90:26:cf:b3:
         c4:8d:16:70:0b:ac:4e:bf:14:b7:3a:5a:de:88:87:f0:89:f4:
         52:ab:36:25:4c:ed:8b:10:27:a6:ef:42:5b:76:78:96:2c:5a:
         45:9c:e3:fb:0e:87:f4:27:ec:01:23:a8:3f:95:8b:81:65:9c:
         82:7e:db:ac:8f:c3:72:f9:bf:cc:83:f5:31:ea:6b:1b:65:6b:
         dd:fe:21:b6:c2:9c:8b:fe:51:b2:ae:ed:39:97:fd:78:17:74:
         83:19:e2:af:3e:cb:4d:ad:f2:6d:fa:5f:42:9f:e9:d6:c5:29:
         b5:35:31:aa:4b:5a:91:dc:83:eb:d2:39:4e:05:32:86:32:1c:
         dc:7f:01:3c:75:af:d4:07:d5:6c:ef:da:cb:db:b7:7f:d5:df:
         0f:d0:fd:05:10:26:50:7a:a1:8a:00:4d:96:37:43:d9:df:3f:
         c2:0a:b8:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WpmNK/1zOi8npjtdRn47MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwMTAxMTYxODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTFjNzEwYjZlMmMwOThkMjFkNWZlMjk5NzA3YzM4YzJlNjVhYmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuq4io5P6DGmbXz6aufF6+Cth1ib9
Qek9swRb+oYDdR8zJmuw+0buG0JzlmclEvxzbPfeiVWNsk6ZhJemx/3+YNx+Opab
o3Ek9e8uMuqy/6O1eSYeLu9JutXJOg0o6tsipkwIsWZFtYS4sKr4CXAC4k7eyk//
G5R25ltVpkCXNbTcHgeE7p6X4e+uTJouvIVMuT5b7Ov2uDdvOMYnqb1gSAzxjZhm
wRAIWQgnojUYjdGU1t4lSbnNgILokLC6JOcfVzlJv06ErboVq2HSyP4/6cKzax4g
1Nk/PDKjs+aYMNLfObpcOgtc5g+zAOfYVDKP14UIb7v4+wpN9IlIBzAPWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDkccQtuLAmNIdX+KZcHw4wuZavVMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvT1J4eEMyNHNDWTBoMWY0cGx3ZkRqQzVscTlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpiMMA0G
CSqGSIb3DQEBCwUAA4IBAQCQci1wSWkRShCl6ir+YjU+ihg+oNmPTX3HdZjjx4bU
wsVelmdGpg3jM+m5mieRpI+DvsvxkyaJV0AuDdLwOjt4By20VjSxBbWsGjSs4CGD
A3ceJ93sZpAmz7PEjRZwC6xOvxS3OlreiIfwifRSqzYlTO2LECem70JbdniWLFpF
nOP7Dof0J+wBI6g/lYuBZZyCftusj8Ny+b/Mg/Ux6msbZWvd/iG2wpyL/lGyru05
l/14F3SDGeKvPstNrfJt+l9Cn+nWxSm1NTGqS1qR3IPr0jlOBTKGMhzcfwE8da/U
B9Vs79rL27d/1d8P0P0FECZQeqGKAE2WN0PZ3z/CCrgI
-----END CERTIFICATE-----