This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/8qOXZbVOiOdOcMZWiod81M6_BBo.roa
File:                     8qOXZbVOiOdOcMZWiod81M6_BBo.roa (raw, json)
Hash identifier:          g/uPSXw2igUfWfGmpVHxvG0ZirPwx+OFQjKN6IR00nQ=
Subject key identifier:   F2:A3:97:65:B5:4E:88:E7:4E:70:C6:56:8A:87:7C:D4:CE:BF:04:1A
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019B7F14A7DF1AAF58BA40E9B7B78DAEDF70
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/8qOXZbVOiOdOcMZWiod81M6_BBo.roa
Signing time:             Fri 02 Jan 2026 14:20:18 +0000
ROA not before:           Fri 02 Jan 2026 14:20:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     19211
IP address blocks:        213.169.220.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 Jan 2026 16:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:14:a7:df:1a:af:58:ba:40:e9:b7:b7:8d:ae:df:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jan  2 14:20:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f2a39765b54e88e74e70c6568a877cd4cebf041a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:9e:30:77:90:08:0b:09:f4:a9:08:14:5d:14:
                    7a:e2:b4:e7:3e:41:43:01:00:b6:bd:f5:78:bf:b1:
                    a6:f5:72:67:f0:64:34:9d:3d:6a:a8:f2:38:db:e8:
                    73:d7:dd:06:f0:76:e2:5e:87:93:fb:9e:53:8b:b5:
                    20:a6:20:c6:01:31:94:5d:4c:b1:61:3f:97:34:2a:
                    04:89:24:ea:f3:67:d4:07:39:0d:b8:ff:6a:a2:04:
                    59:c0:56:77:ea:b9:89:af:8a:51:c0:75:20:ba:e8:
                    df:ae:ed:a1:57:15:d1:a2:f9:d5:79:1b:72:fa:2a:
                    f0:de:bf:32:9e:d7:b4:59:3f:42:a6:65:c6:60:22:
                    29:c9:53:4c:92:99:a9:f3:b9:51:08:bc:60:48:14:
                    35:00:4d:b5:e3:82:fc:11:b8:df:0a:9f:b6:2e:ae:
                    12:00:7f:32:cb:9a:ce:53:ee:62:9a:fe:1d:f3:7d:
                    f1:c7:5c:7f:1a:83:35:7f:f4:89:50:ee:40:38:3d:
                    5a:79:7b:39:76:96:14:10:a2:ee:37:f8:c4:a9:1b:
                    5e:e1:bf:f0:3a:94:76:d8:be:a2:f6:65:52:91:f9:
                    d3:9d:9b:83:3a:f0:7a:21:b7:bc:23:87:2e:33:33:
                    47:91:0a:eb:94:95:12:c7:b1:84:49:64:72:7d:21:
                    9e:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:A3:97:65:B5:4E:88:E7:4E:70:C6:56:8A:87:7C:D4:CE:BF:04:1A
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/8qOXZbVOiOdOcMZWiod81M6_BBo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.169.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5f:a2:0c:13:70:c8:fc:bd:a1:27:6f:9c:f0:69:5d:cf:4e:aa:
         de:c3:b1:13:73:14:77:43:54:e6:40:87:30:95:8b:91:a1:ec:
         8a:fb:22:ae:fa:e4:0a:e9:60:d4:33:7d:34:22:e1:f5:12:ac:
         77:7a:13:7a:86:a7:6c:a4:09:19:a3:4a:73:d6:e6:14:9a:25:
         ea:26:e8:ec:61:0d:31:a9:cf:99:72:07:32:ba:81:67:10:c6:
         72:36:38:c1:1f:49:9b:da:0d:d2:1d:e4:c6:46:67:32:c5:d6:
         5e:5a:d4:e7:24:89:a1:0b:27:c1:4b:7b:a0:b5:0a:97:1b:93:
         f5:c4:18:61:32:4f:5f:27:41:8b:c1:c8:b6:8a:0e:fc:1b:6b:
         37:09:ea:f0:b5:10:77:50:d5:c1:33:9f:64:b5:39:a9:02:a2:
         33:c1:25:00:d2:5c:41:9b:9f:66:d7:dd:09:fc:fb:89:2d:dc:
         a2:b7:1e:8c:9c:31:1d:36:52:d8:80:d3:a9:60:49:38:0a:19:
         f8:18:86:f6:27:5f:9d:54:9a:8c:0c:20:b2:d7:94:cf:9a:6b:
         2c:65:6d:bb:e5:f0:ed:ea:ef:29:f8:98:52:8b:24:46:69:b6:
         fd:c5:11:23:52:22:e8:a4:bb:c1:45:67:38:52:45:42:4c:7f:
         67:3b:d9:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FKffGq9YukDpt7eNrt9wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwMTAyMTQyMDE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmEzOTc2NWI1NGU4OGU3NGU3MGM2NTY4YTg3N2NkNGNlYmYwNDFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAop4wd5AICwn0qQgUXRR64rTnPkFD
AQC2vfV4v7Gm9XJn8GQ0nT1qqPI42+hz190G8HbiXoeT+55Ti7UgpiDGATGUXUyx
YT+XNCoEiSTq82fUBzkNuP9qogRZwFZ36rmJr4pRwHUguujfru2hVxXRovnVeRty
+irw3r8ynte0WT9CpmXGYCIpyVNMkpmp87lRCLxgSBQ1AE2144L8EbjfCp+2Lq4S
AH8yy5rOU+5imv4d833xx1x/GoM1f/SJUO5AOD1aeXs5dpYUEKLuN/jEqRte4b/w
OpR22L6i9mVSkfnTnZuDOvB6Ibe8I4cuMzNHkQrrlJUSx7GESWRyfSGeFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPKjl2W1TojnTnDGVoqHfNTOvwQaMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvOHFPWFpiVk9pT2RPY01aV2lvZDgxTTZfQkJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1ancMA0G
CSqGSIb3DQEBCwUAA4IBAQBfogwTcMj8vaEnb5zwaV3PTqrew7ETcxR3Q1TmQIcw
lYuRoeyK+yKu+uQK6WDUM300IuH1Eqx3ehN6hqdspAkZo0pz1uYUmiXqJujsYQ0x
qc+ZcgcyuoFnEMZyNjjBH0mb2g3SHeTGRmcyxdZeWtTnJImhCyfBS3ugtQqXG5P1
xBhhMk9fJ0GLwci2ig78G2s3CerwtRB3UNXBM59ktTmpAqIzwSUA0lxBm59m190J
/PuJLdyitx6MnDEdNlLYgNOpYEk4Chn4GIb2J1+dVJqMDCCy15TPmmssZW275fDt
6u8p+JhSiyRGabb9xREjUiLopLvBRWc4UkVCTH9nO9lM
-----END CERTIFICATE-----