This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/0b61cf-80ba-4e8e-a2e5-20a0d130c456/1/8eg_ozUgN0LwPpJGepVjL-X5qgI.roa
File:                     8eg_ozUgN0LwPpJGepVjL-X5qgI.roa (raw, json)
Hash identifier:          Z8orduaXF7DXrYWOscVyHgXJkUsoFlq7AQocFZQpdOs=
Subject key identifier:   F1:E8:3F:A3:35:20:37:42:F0:3E:92:46:7A:95:63:2F:E5:F9:AA:02
Certificate issuer:       /CN=2add438a7ce3cb379f28cfa051cf63d5ad8fe3ca
Certificate serial:       019A8C94DE265B7C81D17D8DFA57AE85B7F5
Authority key identifier: 2A:DD:43:8A:7C:E3:CB:37:9F:28:CF:A0:51:CF:63:D5:AD:8F:E3:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kt1DinzjyzefKM-gUc9j1a2P48o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/0b61cf-80ba-4e8e-a2e5-20a0d130c456/1/8eg_ozUgN0LwPpJGepVjL-X5qgI.roa
Signing time:             Sun 16 Nov 2025 12:12:37 +0000
ROA not before:           Sun 16 Nov 2025 12:12:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212623
IP address blocks:        185.216.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/0b61cf-80ba-4e8e-a2e5-20a0d130c456/1/Kt1DinzjyzefKM-gUc9j1a2P48o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/0b61cf-80ba-4e8e-a2e5-20a0d130c456/1/Kt1DinzjyzefKM-gUc9j1a2P48o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Kt1DinzjyzefKM-gUc9j1a2P48o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 14:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:8c:94:de:26:5b:7c:81:d1:7d:8d:fa:57:ae:85:b7:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2add438a7ce3cb379f28cfa051cf63d5ad8fe3ca
        Validity
            Not Before: Nov 16 12:12:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f1e83fa335203742f03e92467a95632fe5f9aa02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:14:99:db:17:19:e6:cb:6c:95:ac:96:38:cc:
                    b6:75:d7:93:76:af:ba:c1:51:2e:8f:02:67:3a:80:
                    ee:cc:7f:8e:b3:47:78:24:a8:30:e6:ed:71:ce:f1:
                    a0:2e:bb:eb:cd:bf:fb:30:42:fd:0b:64:0a:71:74:
                    c6:7a:d0:d1:7c:0e:b7:df:1e:15:75:fe:70:ec:38:
                    3e:08:fb:3e:08:4f:b9:33:86:a0:7d:93:df:65:47:
                    db:6c:fb:4a:c5:a1:76:da:fc:84:1d:fb:6a:6d:83:
                    84:ac:ff:1e:ac:7e:1e:b0:6c:0f:09:c7:e3:80:9b:
                    e4:ff:a2:52:04:2f:8a:3f:59:15:c9:12:1c:21:b1:
                    c6:79:66:aa:d9:67:c5:21:c9:f0:e3:49:0f:56:ae:
                    aa:d2:c2:d0:a1:9b:3c:ef:98:13:fb:93:bc:4f:58:
                    7b:3b:cb:b3:d2:5c:85:1b:d4:7b:ff:a4:8c:a4:b5:
                    6e:94:ef:b3:54:e7:c3:fc:f9:da:77:29:ad:82:26:
                    e9:de:b6:e5:e8:5c:93:56:91:ed:c1:bc:29:86:86:
                    88:92:ac:2e:6d:95:74:4d:64:a7:18:6f:1f:a6:68:
                    47:de:cb:df:43:11:5c:65:e3:47:ef:7e:cf:55:91:
                    62:80:44:8b:4b:b7:9d:60:c9:1b:f2:76:10:26:dd:
                    a4:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:E8:3F:A3:35:20:37:42:F0:3E:92:46:7A:95:63:2F:E5:F9:AA:02
            X509v3 Authority Key Identifier:
                keyid:2A:DD:43:8A:7C:E3:CB:37:9F:28:CF:A0:51:CF:63:D5:AD:8F:E3:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kt1DinzjyzefKM-gUc9j1a2P48o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/0b61cf-80ba-4e8e-a2e5-20a0d130c456/1/8eg_ozUgN0LwPpJGepVjL-X5qgI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/0b61cf-80ba-4e8e-a2e5-20a0d130c456/1/Kt1DinzjyzefKM-gUc9j1a2P48o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.216.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:17:3d:e1:c7:bb:00:06:92:c9:5c:d9:27:9f:e7:76:43:18:
         25:ae:46:99:38:5b:4c:4b:39:0d:5c:df:47:c8:e6:e3:b6:f4:
         1b:f6:0e:ba:f2:aa:e0:96:60:2a:5c:42:3f:bc:8c:5d:66:24:
         a9:b7:21:76:97:dd:34:ab:46:e7:d3:3d:00:c4:19:c6:68:61:
         ad:6c:a7:7f:7b:25:be:45:54:5b:71:9d:94:98:61:3d:f8:f7:
         a6:39:d7:6f:87:5e:ac:cc:c6:47:1b:60:ab:51:51:f4:ba:3b:
         44:c2:b0:b3:e8:2f:d1:46:95:22:7b:7f:7d:a4:15:fb:82:aa:
         e2:76:ac:4f:5e:d1:50:24:bd:76:f5:51:2e:f5:0a:05:66:11:
         b2:20:cf:c7:ec:45:c5:42:fd:fb:ea:5d:25:ad:4a:6f:9c:18:
         fb:a1:0c:c1:0a:e5:b2:d8:c6:53:d9:61:02:d9:97:19:9e:79:
         60:54:c8:95:2e:ed:1d:e4:45:f0:f5:39:85:97:b3:f6:db:1a:
         ba:59:7a:c9:b4:87:b3:24:8e:3f:40:10:ea:d1:52:22:85:a5:
         0f:63:9d:f5:b0:fe:1c:73:68:8d:2e:9a:cc:47:aa:f3:68:51:
         97:df:78:21:3b:0b:17:0f:34:73:87:8f:f6:50:fb:0d:02:77:
         9c:73:d3:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZqMlN4mW3yB0X2N+leuhbf1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhZGQ0MzhhN2NlM2NiMzc5ZjI4Y2ZhMDUxY2Y2M2Q1YWQ4
ZmUzY2EwHhcNMjUxMTE2MTIxMjM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWU4M2ZhMzM1MjAzNzQyZjAzZTkyNDY3YTk1NjMyZmU1ZjlhYTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqBSZ2xcZ5stslayWOMy2ddeTdq+6
wVEujwJnOoDuzH+Os0d4JKgw5u1xzvGgLrvrzb/7MEL9C2QKcXTGetDRfA633x4V
df5w7Dg+CPs+CE+5M4agfZPfZUfbbPtKxaF22vyEHftqbYOErP8erH4esGwPCcfj
gJvk/6JSBC+KP1kVyRIcIbHGeWaq2WfFIcnw40kPVq6q0sLQoZs875gT+5O8T1h7
O8uz0lyFG9R7/6SMpLVulO+zVOfD/Pnadymtgibp3rbl6FyTVpHtwbwphoaIkqwu
bZV0TWSnGG8fpmhH3svfQxFcZeNH737PVZFigESLS7edYMkb8nYQJt2kHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPHoP6M1IDdC8D6SRnqVYy/l+aoCMB8GA1UdIwQY
MBaAFCrdQ4p848s3nyjPoFHPY9Wtj+PKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3QxRGluemp5emVmS00tZ1VjOWoxYTJQNDhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC8wYjYxY2YtODBiYS00ZThlLWEyZTUt
MjBhMGQxMzBjNDU2LzEvOGVnX296VWdOMEx3UHBKR2VwVmpMLVg1cWdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC8wYjYxY2YtODBiYS00ZThlLWEyZTUtMjBhMGQxMzBjNDU2
LzEvS3QxRGluemp5emVmS00tZ1VjOWoxYTJQNDhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudgzMA0G
CSqGSIb3DQEBCwUAA4IBAQAAFz3hx7sABpLJXNknn+d2QxglrkaZOFtMSzkNXN9H
yObjtvQb9g668qrglmAqXEI/vIxdZiSptyF2l900q0bn0z0AxBnGaGGtbKd/eyW+
RVRbcZ2UmGE9+PemOddvh16szMZHG2CrUVH0ujtEwrCz6C/RRpUie399pBX7gqri
dqxPXtFQJL129VEu9QoFZhGyIM/H7EXFQv376l0lrUpvnBj7oQzBCuWy2MZT2WEC
2ZcZnnlgVMiVLu0d5EXw9TmFl7P22xq6WXrJtIezJI4/QBDq0VIihaUPY531sP4c
c2iNLprMR6rzaFGX33ghOwsXDzRzh4/2UPsNAnecc9OY
-----END CERTIFICATE-----