This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/CZrfuBp82O2AYalXzTb9UwgvR1o.roa
File:                     CZrfuBp82O2AYalXzTb9UwgvR1o.roa (raw, json)
Hash identifier:          xFIpqvjKJeu4o9vWH/t1+US2gMjjAF2RTJwTE8hx+9o=
Subject key identifier:   09:9A:DF:B8:1A:7C:D8:ED:80:61:A9:57:CD:36:FD:53:08:2F:47:5A
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       019B797EBB90857CB39C57356D55B580D5C7
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/CZrfuBp82O2AYalXzTb9UwgvR1o.roa
Signing time:             Thu 01 Jan 2026 12:18:27 +0000
ROA not before:           Thu 01 Jan 2026 12:18:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43651
IP address blocks:        82.147.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:bb:90:85:7c:b3:9c:57:35:6d:55:b5:80:d5:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  1 12:18:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=099adfb81a7cd8ed8061a957cd36fd53082f475a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:1d:aa:48:5a:1e:9b:3f:54:ad:f3:0f:d1:8a:
                    64:5c:70:87:e8:8d:a6:99:ab:e0:1b:05:61:d7:60:
                    04:c6:83:68:f9:66:d8:36:c0:c3:b4:7c:a5:11:34:
                    b3:86:fe:53:3d:f1:ad:b2:89:2f:cc:6f:39:fb:0c:
                    53:c9:34:c1:38:a2:5e:31:22:38:d0:43:4c:3b:18:
                    ef:28:9c:20:a6:12:b1:88:07:e6:92:76:af:c8:e8:
                    8d:41:17:52:9e:30:10:8d:b6:4b:6c:32:84:28:31:
                    f6:67:0e:0e:1a:07:46:34:46:04:a4:fa:f8:0a:e4:
                    f9:ec:a5:66:39:f2:5c:a3:e5:3a:c7:2e:12:46:4c:
                    2f:d7:8b:fe:83:ea:f3:e8:c8:90:17:02:53:a6:54:
                    d8:fa:45:83:97:5c:a8:ba:cc:ce:f3:4b:dc:f0:98:
                    3b:26:85:80:9f:0c:12:cf:5b:e2:e9:4f:7a:5e:5b:
                    99:a9:c1:af:45:cc:d8:7c:6c:0f:15:18:cc:63:67:
                    8c:80:31:c3:0c:44:de:64:e9:43:4b:47:55:16:9b:
                    9e:db:a3:66:c3:ac:91:e0:ff:9e:65:ad:e4:ad:d4:
                    a4:50:e9:4b:47:5b:3a:d9:3e:af:5b:a8:67:a9:21:
                    3a:ce:20:9e:7a:20:91:b5:7a:ac:b4:76:a3:02:b9:
                    a4:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:9A:DF:B8:1A:7C:D8:ED:80:61:A9:57:CD:36:FD:53:08:2F:47:5A
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/CZrfuBp82O2AYalXzTb9UwgvR1o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.147.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:9f:72:f3:14:44:3b:5a:76:7a:c6:1b:90:da:2b:79:10:f3:
         7d:ae:2e:7d:24:59:5f:45:56:67:75:b6:8d:ee:0e:ed:4e:95:
         a3:1f:58:cd:10:cf:78:78:71:71:15:00:e0:68:a5:60:a3:72:
         78:e3:dd:27:39:5b:2e:3f:41:29:d3:3d:9b:8f:26:6f:72:9c:
         a9:e9:a2:4e:53:b1:a1:88:22:d7:67:a6:2d:bd:64:01:12:fb:
         17:0c:61:cf:48:18:ec:e3:46:2e:a7:bd:27:7e:46:3c:6e:8a:
         94:d5:e2:c5:e0:45:87:2d:ec:64:cc:85:8c:6f:36:b2:1c:9c:
         8a:1b:de:de:50:78:a7:78:17:d7:a4:c0:f6:c4:46:11:27:df:
         64:8d:53:64:a9:bb:75:b6:26:7a:3d:4c:e1:55:08:71:7f:52:
         a2:fc:a3:92:9e:cb:16:34:6d:34:c4:d9:c9:48:4b:86:79:ae:
         d7:ce:71:0c:ad:66:5c:c8:19:81:e4:7c:f5:8a:c6:62:e7:f8:
         66:c7:ec:d2:bc:ae:49:c3:7e:2a:75:79:16:40:b6:76:1c:17:
         e0:6d:17:4b:86:7b:56:c4:79:db:a0:8f:c2:8c:9c:d3:d5:fa:
         89:7a:92:20:c1:9a:2e:1c:66:7f:b7:1b:f2:c7:ae:3b:42:8c:
         b5:7f:77:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fruQhXyznFc1bVW1gNXHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjYwMTAxMTIxODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTlhZGZiODFhN2NkOGVkODA2MWE5NTdjZDM2ZmQ1MzA4MmY0NzVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvx2qSFoemz9UrfMP0YpkXHCH6I2m
mavgGwVh12AExoNo+WbYNsDDtHylETSzhv5TPfGtsokvzG85+wxTyTTBOKJeMSI4
0ENMOxjvKJwgphKxiAfmknavyOiNQRdSnjAQjbZLbDKEKDH2Zw4OGgdGNEYEpPr4
CuT57KVmOfJco+U6xy4SRkwv14v+g+rz6MiQFwJTplTY+kWDl1youszO80vc8Jg7
JoWAnwwSz1vi6U96XluZqcGvRczYfGwPFRjMY2eMgDHDDETeZOlDS0dVFpue26Nm
w6yR4P+eZa3krdSkUOlLR1s62T6vW6hnqSE6ziCeeiCRtXqstHajArmkawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAma37gafNjtgGGpV802/VMIL0daMB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvQ1pyZnVCcDgyTzJBWWFsWHpUYjlVd2d2UjFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpOGMA0G
CSqGSIb3DQEBCwUAA4IBAQAhn3LzFEQ7WnZ6xhuQ2it5EPN9ri59JFlfRVZndbaN
7g7tTpWjH1jNEM94eHFxFQDgaKVgo3J4490nOVsuP0Ep0z2bjyZvcpyp6aJOU7Gh
iCLXZ6YtvWQBEvsXDGHPSBjs40Yup70nfkY8boqU1eLF4EWHLexkzIWMbzayHJyK
G97eUHineBfXpMD2xEYRJ99kjVNkqbt1tiZ6PUzhVQhxf1Ki/KOSnssWNG00xNnJ
SEuGea7XznEMrWZcyBmB5Hz1isZi5/hmx+zSvK5Jw34qdXkWQLZ2HBfgbRdLhntW
xHnboI/CjJzT1fqJepIgwZouHGZ/txvyx647Qoy1f3f3
-----END CERTIFICATE-----