This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/dfy6fcaiisCZ_9ObKamA3aUwMcQ.roa
File:                     dfy6fcaiisCZ_9ObKamA3aUwMcQ.roa (raw, json)
Hash identifier:          1nvcUrXQecIxswh9+20uP+lUO6ARW8chPkCWB+Sq4no=
Subject key identifier:   75:FC:BA:7D:C6:A2:8A:C0:99:FF:D3:9B:29:A9:80:DD:A5:30:31:C4
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019B7F85447FEB0478782D3188169D822C16
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/dfy6fcaiisCZ_9ObKamA3aUwMcQ.roa
Signing time:             Fri 02 Jan 2026 16:23:18 +0000
ROA not before:           Fri 02 Jan 2026 16:23:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21082
IP address blocks:        212.192.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 13:02:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:85:44:7f:eb:04:78:78:2d:31:88:16:9d:82:2c:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 16:23:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=75fcba7dc6a28ac099ffd39b29a980dda53031c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:3c:17:0d:5d:1f:af:c1:ec:51:9b:c1:65:51:
                    d3:8d:16:7f:6f:0c:0b:c5:c3:cb:cb:e0:17:e6:3f:
                    dc:2e:db:54:25:fa:e7:b9:83:b0:55:9c:c0:a5:25:
                    87:e2:64:dd:9c:06:81:1b:24:c3:eb:de:4d:c0:52:
                    42:0b:7a:a6:88:26:f3:5a:57:fb:e2:c1:bb:43:3f:
                    7c:23:02:be:7e:41:cc:17:d4:8b:5d:49:43:2c:2e:
                    a8:cc:ac:96:79:cb:1d:0f:c1:30:7c:57:2a:1a:04:
                    bc:63:02:d7:e2:bd:d5:e9:cd:67:8e:7e:79:91:61:
                    23:a0:8d:b7:2a:08:7b:25:c7:9c:d2:87:73:0b:a8:
                    2c:13:a4:2f:16:da:8a:69:9b:c5:72:f8:b8:40:c0:
                    1c:8e:15:76:d7:ee:f1:3f:a3:3d:39:96:5c:81:c0:
                    89:ff:99:5c:8c:e8:ab:d6:dc:1e:a3:69:b2:e0:f0:
                    f7:fa:79:44:d3:fb:a9:ad:91:e3:44:8b:db:95:50:
                    bc:53:15:b6:35:c4:a6:c3:85:97:d7:0b:7e:ef:83:
                    16:f3:81:18:90:83:2b:de:cf:d9:ac:22:99:3f:b0:
                    dd:1b:ea:81:21:53:0a:8b:a6:68:28:3f:09:fa:66:
                    3d:c1:cf:06:17:5b:9a:35:53:a4:71:0d:14:d9:51:
                    d4:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:FC:BA:7D:C6:A2:8A:C0:99:FF:D3:9B:29:A9:80:DD:A5:30:31:C4
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/dfy6fcaiisCZ_9ObKamA3aUwMcQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.192.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:65:84:4e:c9:2f:67:f2:87:70:83:7a:d2:6a:cb:7f:22:ef:
         4d:66:c9:16:90:c6:07:66:64:15:49:87:ad:b6:b3:ce:4c:c2:
         b0:86:5d:a1:81:e0:9d:ff:95:ec:9c:0b:83:a7:1a:e5:01:8c:
         43:6a:40:d5:d2:66:5e:b9:e1:d6:b3:20:35:c2:f8:32:5b:fb:
         50:20:9e:08:84:86:4f:8a:c7:1b:ed:90:0d:86:52:61:5c:d2:
         a1:95:75:66:98:ce:aa:76:9e:e7:12:7d:05:08:73:e3:86:07:
         af:78:3e:73:a9:3b:78:c8:71:23:26:ec:62:9d:9c:99:73:04:
         9a:04:be:03:83:2d:7d:fa:a8:5a:30:e4:ce:ca:13:30:77:27:
         08:2f:ec:af:c8:4d:51:c4:fa:50:7e:87:5a:6e:6a:9c:e9:cd:
         ec:eb:da:36:47:f9:56:61:d6:83:06:eb:12:e7:68:36:19:3c:
         16:70:31:3c:9b:b6:06:e5:72:b9:ba:28:3b:03:31:da:43:1c:
         89:42:eb:34:63:23:c8:74:5a:b9:78:64:8d:85:d3:a9:37:b8:
         dd:c5:5b:57:2e:e3:a4:23:0c:97:a1:a4:60:c1:0f:86:cb:57:
         6d:5e:02:e9:97:e9:48:e5:30:e0:ec:66:ee:83:ea:5d:02:3d:
         0a:8a:86:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hUR/6wR4eC0xiBadgiwWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjYwMTAyMTYyMzE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWZjYmE3ZGM2YTI4YWMwOTlmZmQzOWIyOWE5ODBkZGE1MzAzMWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApTwXDV0fr8HsUZvBZVHTjRZ/bwwL
xcPLy+AX5j/cLttUJfrnuYOwVZzApSWH4mTdnAaBGyTD695NwFJCC3qmiCbzWlf7
4sG7Qz98IwK+fkHMF9SLXUlDLC6ozKyWecsdD8EwfFcqGgS8YwLX4r3V6c1njn55
kWEjoI23Kgh7Jcec0odzC6gsE6QvFtqKaZvFcvi4QMAcjhV21+7xP6M9OZZcgcCJ
/5lcjOir1tweo2my4PD3+nlE0/uprZHjRIvblVC8UxW2NcSmw4WX1wt+74MW84EY
kIMr3s/ZrCKZP7DdG+qBIVMKi6ZoKD8J+mY9wc8GF1uaNVOkcQ0U2VHUmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHX8un3GoorAmf/TmympgN2lMDHEMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvZGZ5NmZjYWlpc0NaXzlPYkthbUEzYVV3TWNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1MDeMA0G
CSqGSIb3DQEBCwUAA4IBAQBLZYROyS9n8odwg3rSast/Iu9NZskWkMYHZmQVSYet
trPOTMKwhl2hgeCd/5XsnAuDpxrlAYxDakDV0mZeueHWsyA1wvgyW/tQIJ4IhIZP
iscb7ZANhlJhXNKhlXVmmM6qdp7nEn0FCHPjhgeveD5zqTt4yHEjJuxinZyZcwSa
BL4Dgy19+qhaMOTOyhMwdycIL+yvyE1RxPpQfodabmqc6c3s69o2R/lWYdaDBusS
52g2GTwWcDE8m7YG5XK5uig7AzHaQxyJQus0YyPIdFq5eGSNhdOpN7jdxVtXLuOk
IwyXoaRgwQ+Gy1dtXgLpl+lI5TDg7Gbug+pdAj0KioZa
-----END CERTIFICATE-----