This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.


Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/c3988e-8654-4311-8292-426039788919/1/4ad3Sx3tHCKPvoySsJwPEN1dqk0.roa
File:                     4ad3Sx3tHCKPvoySsJwPEN1dqk0.roa (raw, json)
Hash identifier:          9KW5traDiZ8b8YIka+3LA3dxjZd+hGHcIvyVnNUiXKg=
Subject key identifier:   E1:A7:77:4B:1D:ED:1C:22:8F:BE:8C:92:B0:9C:0F:10:DD:5D:AA:4D
Certificate issuer:       /CN=20a7fcbe59314c372b68f232223828b1e33a03ec
Certificate serial:       019B78A3060EFF38E7780CB7D69470717395
Authority key identifier: 20:A7:FC:BE:59:31:4C:37:2B:68:F2:32:22:38:28:B1:E3:3A:03:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IKf8vlkxTDcraPIyIjgoseM6A-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/c3988e-8654-4311-8292-426039788919/1/4ad3Sx3tHCKPvoySsJwPEN1dqk0.roa
Signing time:             Thu 01 Jan 2026 08:18:28 +0000
ROA not before:           Thu 01 Jan 2026 08:18:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203214
IP address blocks:        81.22.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/c3988e-8654-4311-8292-426039788919/1/IKf8vlkxTDcraPIyIjgoseM6A-w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/c3988e-8654-4311-8292-426039788919/1/IKf8vlkxTDcraPIyIjgoseM6A-w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IKf8vlkxTDcraPIyIjgoseM6A-w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:06:0e:ff:38:e7:78:0c:b7:d6:94:70:71:73:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20a7fcbe59314c372b68f232223828b1e33a03ec
        Validity
            Not Before: Jan  1 08:18:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e1a7774b1ded1c228fbe8c92b09c0f10dd5daa4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:87:bb:19:0a:66:e0:0b:9c:30:b3:6c:e6:bb:
                    de:f1:f5:13:5f:82:45:f4:68:b9:27:e9:6a:5e:72:
                    d2:ab:9b:6c:b2:91:e4:1c:bf:d3:53:40:54:b6:b2:
                    bf:4c:57:e4:23:a0:62:1f:6e:61:2f:b9:45:95:f0:
                    24:44:26:5f:c0:36:b9:c9:53:69:75:07:24:08:89:
                    bc:ca:ad:72:4b:6d:0c:9b:47:71:84:f7:a5:d0:68:
                    17:07:62:e5:08:97:8b:82:3b:6e:06:8d:a3:79:a4:
                    3a:fa:6f:77:a8:1e:fe:da:c9:a8:01:ea:58:7c:f5:
                    f8:6f:72:d1:a7:97:24:2d:b9:73:ac:c8:1b:d4:46:
                    b8:c2:6b:0f:72:11:5c:7a:53:eb:46:c3:24:f8:71:
                    01:54:70:2c:40:72:49:99:d8:3b:7d:8e:95:fb:08:
                    3f:09:50:57:99:30:12:77:f2:e7:28:00:3a:ad:08:
                    f8:4f:25:e8:a7:a9:a2:27:74:17:04:f3:c8:b7:b8:
                    3b:c1:fa:b3:7d:58:72:70:96:13:07:0b:b4:db:73:
                    dd:bb:10:fd:af:92:57:6a:6e:f8:8f:49:84:c1:9e:
                    7d:20:42:f0:3b:03:48:ed:60:80:fd:3e:68:b3:d9:
                    58:54:69:2f:eb:34:31:48:19:93:69:c5:56:26:9d:
                    9c:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:A7:77:4B:1D:ED:1C:22:8F:BE:8C:92:B0:9C:0F:10:DD:5D:AA:4D
            X509v3 Authority Key Identifier:
                keyid:20:A7:FC:BE:59:31:4C:37:2B:68:F2:32:22:38:28:B1:E3:3A:03:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IKf8vlkxTDcraPIyIjgoseM6A-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/c3988e-8654-4311-8292-426039788919/1/4ad3Sx3tHCKPvoySsJwPEN1dqk0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/c3988e-8654-4311-8292-426039788919/1/IKf8vlkxTDcraPIyIjgoseM6A-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.22.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:95:dd:1a:b4:14:a9:eb:64:76:b1:35:3f:dc:36:53:d2:5f:
         13:5d:e3:3e:36:01:c8:fe:97:0a:fd:45:a3:0d:42:f1:f1:6b:
         e0:8f:88:a9:a5:23:10:09:3e:7b:be:c2:99:28:43:06:5f:b2:
         7e:9d:10:26:dd:3d:4f:78:a9:be:70:13:d5:10:94:ed:dc:bb:
         b0:c4:79:9b:9b:9f:65:fb:27:16:1c:dd:02:30:1d:ba:bb:7a:
         f9:69:0b:6a:d0:3d:36:70:69:a2:e4:5b:b6:66:be:b6:07:1e:
         41:cc:67:29:0f:35:f8:d3:01:6b:d9:e5:ed:07:83:3f:63:eb:
         d9:02:b7:06:d9:72:08:32:82:12:7d:c1:71:1a:8c:69:50:c3:
         ed:7d:35:8d:55:93:fb:4a:49:18:d6:d3:99:3b:cb:f4:25:f4:
         f6:6d:9b:29:fc:25:52:96:e2:2b:39:20:0b:96:6b:17:9a:64:
         21:26:cf:67:c6:af:ea:57:8a:62:e6:a8:1d:03:b7:51:95:d4:
         ab:f6:a9:f7:26:47:d4:94:0b:fe:1c:df:64:eb:68:59:7c:5d:
         e9:fe:ac:de:51:09:d4:a0:6e:30:54:25:91:01:a4:c1:ac:23:
         79:8c:a6:2a:43:d0:8a:d0:2d:1a:80:0b:20:a3:58:65:e2:d7:
         f6:94:c1:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4owYO/zjneAy31pRwcXOVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwYTdmY2JlNTkzMTRjMzcyYjY4ZjIzMjIyMzgyOGIxZTMz
YTAzZWMwHhcNMjYwMTAxMDgxODI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWE3Nzc0YjFkZWQxYzIyOGZiZThjOTJiMDljMGYxMGRkNWRhYTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoe7GQpm4AucMLNs5rve8fUTX4JF
9Gi5J+lqXnLSq5tsspHkHL/TU0BUtrK/TFfkI6BiH25hL7lFlfAkRCZfwDa5yVNp
dQckCIm8yq1yS20Mm0dxhPel0GgXB2LlCJeLgjtuBo2jeaQ6+m93qB7+2smoAepY
fPX4b3LRp5ckLblzrMgb1Ea4wmsPchFcelPrRsMk+HEBVHAsQHJJmdg7fY6V+wg/
CVBXmTASd/LnKAA6rQj4TyXop6miJ3QXBPPIt7g7wfqzfVhycJYTBwu023PduxD9
r5JXam74j0mEwZ59IELwOwNI7WCA/T5os9lYVGkv6zQxSBmTacVWJp2cgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOGnd0sd7Rwij76MkrCcDxDdXapNMB8GA1UdIwQY
MBaAFCCn/L5ZMUw3K2jyMiI4KLHjOgPsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUtmOHZsa3hURGNyYVBJeUlqZ29zZU02QS13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9jMzk4OGUtODY1NC00MzExLTgyOTIt
NDI2MDM5Nzg4OTE5LzEvNGFkM1N4M3RIQ0tQdm95U3NKd1BFTjFkcWswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9jMzk4OGUtODY1NC00MzExLTgyOTItNDI2MDM5Nzg4OTE5
LzEvSUtmOHZsa3hURGNyYVBJeUlqZ29zZU02QS13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAURYhMA0G
CSqGSIb3DQEBCwUAA4IBAQAild0atBSp62R2sTU/3DZT0l8TXeM+NgHI/pcK/UWj
DULx8Wvgj4ippSMQCT57vsKZKEMGX7J+nRAm3T1PeKm+cBPVEJTt3LuwxHmbm59l
+ycWHN0CMB26u3r5aQtq0D02cGmi5Fu2Zr62Bx5BzGcpDzX40wFr2eXtB4M/Y+vZ
ArcG2XIIMoISfcFxGoxpUMPtfTWNVZP7SkkY1tOZO8v0JfT2bZsp/CVSluIrOSAL
lmsXmmQhJs9nxq/qV4pi5qgdA7dRldSr9qn3JkfUlAv+HN9k62hZfF3p/qzeUQnU
oG4wVCWRAaTBrCN5jKYqQ9CK0C0agAsgo1hl4tf2lMF+
-----END CERTIFICATE-----
Generated at Sun Jan 25 23:05:18 2026 by rpki-client