This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/8lzOqg36QfNkeg8Q6Az_2mhb-pY.roa
File:                     8lzOqg36QfNkeg8Q6Az_2mhb-pY.roa (raw, json)
Hash identifier:          W0oPaRSAv7Mlqt/bxzWLXb0GBYOFj3ar/XeEXfhCbx8=
Subject key identifier:   F2:5C:CE:AA:0D:FA:41:F3:64:7A:0F:10:E8:0C:FF:DA:68:5B:FA:96
Certificate issuer:       /CN=b4e82ba1715d6aeae5b0102725ffe0c834735d7d
Certificate serial:       019B7F84143EDFE757D24E358CF2C34B2868
Authority key identifier: B4:E8:2B:A1:71:5D:6A:EA:E5:B0:10:27:25:FF:E0:C8:34:73:5D:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/8lzOqg36QfNkeg8Q6Az_2mhb-pY.roa
Signing time:             Fri 02 Jan 2026 16:22:00 +0000
ROA not before:           Fri 02 Jan 2026 16:22:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13099
IP address blocks:        37.32.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:14:3e:df:e7:57:d2:4e:35:8c:f2:c3:4b:28:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4e82ba1715d6aeae5b0102725ffe0c834735d7d
        Validity
            Not Before: Jan  2 16:22:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f25cceaa0dfa41f3647a0f10e80cffda685bfa96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:ae:e4:10:2a:e4:cc:2c:52:ff:a2:e3:d5:91:
                    26:60:3b:45:c1:72:39:3d:0e:51:d8:41:d7:b9:1e:
                    f5:30:8a:6c:b1:cd:c7:f6:70:51:30:49:54:f7:5e:
                    ba:74:e6:38:95:64:80:1b:91:a7:ff:39:9b:8c:54:
                    40:ee:10:d3:94:c0:67:cb:ed:81:cc:0d:b6:a7:62:
                    f9:f7:c2:fa:3c:5e:56:c8:cc:87:70:24:7e:90:40:
                    4b:04:63:e3:2c:be:e0:de:00:67:77:48:86:4f:f9:
                    02:ea:20:bd:aa:00:fb:b0:70:aa:45:61:ec:51:c4:
                    77:aa:e4:9f:12:cd:61:24:01:97:46:7b:10:4e:86:
                    2d:30:93:b5:b8:37:e7:3f:21:6b:b2:99:a5:4f:1d:
                    1a:bb:10:c5:ca:50:70:7d:00:01:fe:cb:b0:e2:2a:
                    b9:72:bb:87:99:1b:28:ba:de:b5:59:f3:7d:27:db:
                    2c:75:7a:06:52:ea:7d:38:e5:50:80:ed:27:8c:cc:
                    91:74:c7:a1:75:54:ae:9d:21:f5:69:db:c8:2f:3d:
                    3f:83:90:b6:dd:5a:24:7f:ee:e3:f9:b6:16:79:15:
                    2b:46:d8:b1:7b:70:cf:7e:09:15:5e:39:7c:64:3b:
                    9b:d8:41:46:a7:8c:05:14:cb:96:5d:a0:ef:f4:69:
                    77:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:5C:CE:AA:0D:FA:41:F3:64:7A:0F:10:E8:0C:FF:DA:68:5B:FA:96
            X509v3 Authority Key Identifier:
                keyid:B4:E8:2B:A1:71:5D:6A:EA:E5:B0:10:27:25:FF:E0:C8:34:73:5D:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/8lzOqg36QfNkeg8Q6Az_2mhb-pY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.32.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:4f:07:3d:cd:b7:92:9f:d3:fa:83:41:bc:67:66:3e:dd:45:
         f8:10:0e:3e:be:55:84:8d:ac:7b:cd:ff:5e:4f:1c:17:68:a7:
         b9:6c:47:00:73:f6:9b:ab:b4:b9:c8:02:34:fc:59:b9:38:d8:
         84:95:fe:06:32:52:96:ad:ab:19:87:0a:4c:a6:68:b7:61:d5:
         9c:85:ea:11:3d:4e:a0:56:06:69:17:07:fc:b2:f1:72:33:48:
         7f:37:de:21:fd:80:9e:dd:8a:a7:c0:ab:1e:c5:2a:3d:d3:12:
         0e:31:9a:8b:93:88:ef:3a:e5:9a:f0:bf:90:fb:ca:bd:80:e6:
         a4:e0:a1:02:27:60:8b:dc:21:14:78:c8:2f:bd:bc:29:1b:fb:
         60:3b:f4:5f:41:d0:2e:d2:89:e4:46:07:ee:7c:7d:77:ac:c9:
         74:3d:3b:9a:b3:71:c8:0c:ec:7f:60:2d:22:8b:02:3f:13:9a:
         cd:5b:68:94:1f:51:98:27:2b:5a:65:b1:37:18:4e:1d:7b:16:
         04:e9:ef:d5:d6:f0:b7:db:e4:c0:06:bc:18:b8:1d:72:ab:2b:
         37:fc:58:d7:2d:d4:ea:f7:81:8d:b5:38:79:3a:59:aa:18:27:
         b0:2e:33:71:5a:0a:29:e9:36:69:b7:f9:51:c4:3b:31:b5:f8:
         d1:9a:5a:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hBQ+3+dX0k41jPLDSyhoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0ZTgyYmExNzE1ZDZhZWFlNWIwMTAyNzI1ZmZlMGM4MzQ3
MzVkN2QwHhcNMjYwMTAyMTYyMjAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjVjY2VhYTBkZmE0MWYzNjQ3YTBmMTBlODBjZmZkYTY4NWJmYTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1a7kECrkzCxS/6Lj1ZEmYDtFwXI5
PQ5R2EHXuR71MIpssc3H9nBRMElU9166dOY4lWSAG5Gn/zmbjFRA7hDTlMBny+2B
zA22p2L598L6PF5WyMyHcCR+kEBLBGPjLL7g3gBnd0iGT/kC6iC9qgD7sHCqRWHs
UcR3quSfEs1hJAGXRnsQToYtMJO1uDfnPyFrspmlTx0auxDFylBwfQAB/suw4iq5
cruHmRsout61WfN9J9ssdXoGUup9OOVQgO0njMyRdMehdVSunSH1advILz0/g5C2
3Vokf+7j+bYWeRUrRtixe3DPfgkVXjl8ZDub2EFGp4wFFMuWXaDv9Gl3QQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPJczqoN+kHzZHoPEOgM/9poW/qWMB8GA1UdIwQY
MBaAFLToK6FxXWrq5bAQJyX/4Mg0c119MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdE9ncm9YRmRhdXJsc0JBbkpmX2d5RFJ6WFgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy85MTUxYzAtMzMyNi00ODAxLTkzNjMt
YzdkMTk5MzBkNjZkLzEvOGx6T3FnMzZRZk5rZWc4UTZBel8ybWhiLXBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy85MTUxYzAtMzMyNi00ODAxLTkzNjMtYzdkMTk5MzBkNjZk
LzEvdE9ncm9YRmRhdXJsc0JBbkpmX2d5RFJ6WFgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJSBLMA0G
CSqGSIb3DQEBCwUAA4IBAQCWTwc9zbeSn9P6g0G8Z2Y+3UX4EA4+vlWEjax7zf9e
TxwXaKe5bEcAc/abq7S5yAI0/Fm5ONiElf4GMlKWrasZhwpMpmi3YdWcheoRPU6g
VgZpFwf8svFyM0h/N94h/YCe3YqnwKsexSo90xIOMZqLk4jvOuWa8L+Q+8q9gOak
4KECJ2CL3CEUeMgvvbwpG/tgO/RfQdAu0onkRgfufH13rMl0PTuas3HIDOx/YC0i
iwI/E5rNW2iUH1GYJytaZbE3GE4dexYE6e/V1vC32+TABrwYuB1yqys3/FjXLdTq
94GNtTh5OlmqGCewLjNxWgop6TZpt/lRxDsxtfjRmlpa
-----END CERTIFICATE-----