This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/a5c069-8061-4dee-9568-880b2df57f25/1/8hQk0KTYs3g5ZR66-EC5Vv0X6G8.roa
File:                     8hQk0KTYs3g5ZR66-EC5Vv0X6G8.roa (raw, json)
Hash identifier:          xP2My60JlMvvPw+zYTcbdyBWhfmdlTseIN2HIlpIMRY=
Subject key identifier:   F2:14:24:D0:A4:D8:B3:78:39:65:1E:BA:F8:40:B9:56:FD:17:E8:6F
Certificate issuer:       /CN=9d202808d1f914555e1bd59c1677287ff9b3b590
Certificate serial:       019B7F8446EBECBC7F70051ECB753AFAAF86
Authority key identifier: 9D:20:28:08:D1:F9:14:55:5E:1B:D5:9C:16:77:28:7F:F9:B3:B5:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSAoCNH5FFVeG9WcFncof_mztZA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/a5c069-8061-4dee-9568-880b2df57f25/1/8hQk0KTYs3g5ZR66-EC5Vv0X6G8.roa
Signing time:             Fri 02 Jan 2026 16:22:13 +0000
ROA not before:           Fri 02 Jan 2026 16:22:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     46071
IP address blocks:        94.231.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/a5c069-8061-4dee-9568-880b2df57f25/1/nSAoCNH5FFVeG9WcFncof_mztZA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/a5c069-8061-4dee-9568-880b2df57f25/1/nSAoCNH5FFVeG9WcFncof_mztZA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSAoCNH5FFVeG9WcFncof_mztZA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:46:eb:ec:bc:7f:70:05:1e:cb:75:3a:fa:af:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d202808d1f914555e1bd59c1677287ff9b3b590
        Validity
            Not Before: Jan  2 16:22:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f21424d0a4d8b37839651ebaf840b956fd17e86f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:b9:84:55:58:f5:85:d9:46:9f:cb:f2:ab:2a:
                    1e:bb:ed:2e:e1:9a:ed:aa:6d:ef:dd:ea:c5:9d:40:
                    d1:c1:70:4c:1e:89:5a:05:0f:7b:2a:66:7c:b4:4f:
                    81:f1:d6:38:6e:da:5a:f0:76:ed:f7:d5:be:12:b0:
                    b2:65:53:2e:23:10:84:52:e1:cb:63:eb:4e:6f:b1:
                    b1:ba:11:fa:65:69:9f:83:ce:36:77:17:18:f5:e5:
                    be:b3:16:86:90:97:d1:bb:7d:a7:cd:bf:88:e7:63:
                    b9:33:35:ca:2f:27:50:fb:e5:b9:b1:27:75:f1:8f:
                    2b:f8:67:a2:d2:68:86:40:64:15:cf:49:0b:99:a4:
                    33:be:cd:88:bb:dd:eb:46:d5:d0:5f:d7:dc:32:5d:
                    ce:cb:d4:22:20:c8:12:53:7f:b2:60:9a:48:2f:6d:
                    b5:be:9d:4a:67:59:19:19:cb:bc:17:17:6c:66:38:
                    eb:64:c0:dc:6f:8c:ae:be:75:f5:aa:f4:fd:45:2d:
                    34:5c:4b:1e:16:2d:d4:d2:a5:c2:52:8e:77:8c:eb:
                    2b:54:c2:78:b1:aa:b3:b3:a4:04:b2:bf:e5:7e:a0:
                    05:96:bd:6c:20:fe:4b:cd:58:75:81:fb:02:36:bc:
                    93:de:21:cf:86:cf:0e:e5:b6:61:6f:ce:91:77:73:
                    cb:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:14:24:D0:A4:D8:B3:78:39:65:1E:BA:F8:40:B9:56:FD:17:E8:6F
            X509v3 Authority Key Identifier:
                keyid:9D:20:28:08:D1:F9:14:55:5E:1B:D5:9C:16:77:28:7F:F9:B3:B5:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSAoCNH5FFVeG9WcFncof_mztZA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/a5c069-8061-4dee-9568-880b2df57f25/1/8hQk0KTYs3g5ZR66-EC5Vv0X6G8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/a5c069-8061-4dee-9568-880b2df57f25/1/nSAoCNH5FFVeG9WcFncof_mztZA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.231.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d5:b7:c1:0e:17:f6:6f:65:3f:bd:a9:0a:10:11:e5:34:1f:ff:
         30:d3:52:25:39:68:ed:cd:c1:b9:12:84:68:60:64:b5:ca:40:
         41:6c:8b:fb:81:b1:8e:0d:49:fe:6a:58:55:48:31:d0:33:7c:
         6d:87:91:9a:f4:ee:35:d1:e2:d8:f1:29:79:23:a4:3e:06:cf:
         a8:60:4f:a0:8b:3d:c8:70:df:4e:36:22:43:89:c4:20:0d:af:
         13:a2:d1:a7:95:4f:a0:b3:b9:f6:75:d4:eb:66:d1:9a:96:f8:
         6c:cd:12:1c:31:b2:1d:27:e7:ed:99:80:44:cb:13:8a:9f:69:
         99:6a:e3:8f:1f:bf:c0:79:8e:d9:5f:10:0f:95:80:3c:0d:97:
         46:a3:b9:de:98:0d:0e:fe:30:b8:7b:6f:22:ff:84:d7:79:bb:
         37:32:a0:92:36:fc:ac:67:c3:58:f4:5c:3b:fe:1c:83:8d:c5:
         2b:ec:48:04:15:b5:e2:c2:e3:93:6e:6e:2e:4b:73:35:a7:37:
         5e:75:49:9d:cf:69:cf:62:8b:e3:a6:f4:e9:1a:15:dc:f7:7b:
         2f:b7:49:d0:20:a9:ab:45:de:f6:31:13:51:9e:83:c0:60:42:
         0a:90:45:a4:46:c0:76:21:03:77:30:c4:87:c8:bc:6c:ba:a1:
         05:a0:58:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hEbr7Lx/cAUey3U6+q+GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMjAyODA4ZDFmOTE0NTU1ZTFiZDU5YzE2NzcyODdmZjli
M2I1OTAwHhcNMjYwMTAyMTYyMjEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjE0MjRkMGE0ZDhiMzc4Mzk2NTFlYmFmODQwYjk1NmZkMTdlODZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyLmEVVj1hdlGn8vyqyoeu+0u4Zrt
qm3v3erFnUDRwXBMHolaBQ97KmZ8tE+B8dY4btpa8Hbt99W+ErCyZVMuIxCEUuHL
Y+tOb7GxuhH6ZWmfg842dxcY9eW+sxaGkJfRu32nzb+I52O5MzXKLydQ++W5sSd1
8Y8r+Gei0miGQGQVz0kLmaQzvs2Iu93rRtXQX9fcMl3Oy9QiIMgSU3+yYJpIL221
vp1KZ1kZGcu8FxdsZjjrZMDcb4yuvnX1qvT9RS00XEseFi3U0qXCUo53jOsrVMJ4
saqzs6QEsr/lfqAFlr1sIP5LzVh1gfsCNryT3iHPhs8O5bZhb86Rd3PLYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPIUJNCk2LN4OWUeuvhAuVb9F+hvMB8GA1UdIwQY
MBaAFJ0gKAjR+RRVXhvVnBZ3KH/5s7WQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNBb0NOSDVGRlZlRzlXY0ZuY29mX216dFpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9hNWMwNjktODA2MS00ZGVlLTk1Njgt
ODgwYjJkZjU3ZjI1LzEvOGhRazBLVFlzM2c1WlI2Ni1FQzVWdjBYNkc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9hNWMwNjktODA2MS00ZGVlLTk1NjgtODgwYjJkZjU3ZjI1
LzEvblNBb0NOSDVGRlZlRzlXY0ZuY29mX216dFpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXufIMA0G
CSqGSIb3DQEBCwUAA4IBAQDVt8EOF/ZvZT+9qQoQEeU0H/8w01IlOWjtzcG5EoRo
YGS1ykBBbIv7gbGODUn+alhVSDHQM3xth5Ga9O410eLY8Sl5I6Q+Bs+oYE+giz3I
cN9ONiJDicQgDa8TotGnlU+gs7n2ddTrZtGalvhszRIcMbIdJ+ftmYBEyxOKn2mZ
auOPH7/AeY7ZXxAPlYA8DZdGo7nemA0O/jC4e28i/4TXebs3MqCSNvysZ8NY9Fw7
/hyDjcUr7EgEFbXiwuOTbm4uS3M1pzdedUmdz2nPYovjpvTpGhXc93svt0nQIKmr
Rd72MRNRnoPAYEIKkEWkRsB2IQN3MMSHyLxsuqEFoFiw
-----END CERTIFICATE-----