This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/Df8h7qloFeTHYGavNQ4pJHpP5CU.roa
File:                     Df8h7qloFeTHYGavNQ4pJHpP5CU.roa (raw, json)
Hash identifier:          3kk9LrOCm1NH+leIgX8QEU4SIoLjtl1E1AbkJm7CLGc=
Subject key identifier:   0D:FF:21:EE:A9:68:15:E4:C7:60:66:AF:35:0E:29:24:7A:4F:E4:25
Certificate issuer:       /CN=ba9d30e6035be8b8386061f271481c707e04ce2b
Certificate serial:       019B76EB8B2A0BDC2C896B0E0340107B56BD
Authority key identifier: BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/Df8h7qloFeTHYGavNQ4pJHpP5CU.roa
Signing time:             Thu 01 Jan 2026 00:18:26 +0000
ROA not before:           Thu 01 Jan 2026 00:18:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202924
IP address blocks:        82.222.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 18:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:8b:2a:0b:dc:2c:89:6b:0e:03:40:10:7b:56:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba9d30e6035be8b8386061f271481c707e04ce2b
        Validity
            Not Before: Jan  1 00:18:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0dff21eea96815e4c76066af350e29247a4fe425
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:08:d4:c9:7c:1a:e4:89:01:e1:2f:73:00:7d:
                    0d:0b:e2:07:7f:7f:e2:68:96:fa:57:a3:90:29:6e:
                    b1:0e:bb:91:51:d5:a5:d9:ca:93:5b:c6:64:7a:cc:
                    69:cb:8c:8a:13:33:95:f8:6d:0c:ed:6f:19:91:28:
                    66:b0:c5:24:d3:30:81:27:31:eb:7c:b4:8f:c4:20:
                    ca:37:fc:29:b5:fd:e3:49:14:79:30:0b:13:6e:19:
                    25:2e:00:39:9b:ff:18:b9:37:57:ee:ee:ea:58:39:
                    dd:75:78:72:5f:64:c7:31:34:f4:ee:4e:8a:f2:d5:
                    76:30:ef:e8:2e:f0:bd:ad:8f:67:8a:51:3d:54:65:
                    27:30:1a:29:c7:f0:52:57:4d:35:6d:5a:0a:8e:dc:
                    98:62:4a:76:9c:6c:fe:da:5d:3c:8d:70:92:cc:9f:
                    c8:53:d6:1e:65:e3:45:fa:a7:e9:84:91:bc:35:08:
                    0f:b0:46:b1:b2:c8:db:cf:26:da:fd:a0:e4:ff:3e:
                    e8:ce:1a:c4:7b:35:74:b3:fb:2c:ed:17:f5:d7:fe:
                    5c:fb:fb:2d:ce:9b:3e:8a:f8:44:55:7d:78:21:33:
                    c9:dd:89:4e:a3:ef:e2:93:26:9c:8e:94:61:ad:5f:
                    5c:b9:e2:d5:29:4c:02:3c:66:57:90:66:94:a7:b7:
                    c3:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:FF:21:EE:A9:68:15:E4:C7:60:66:AF:35:0E:29:24:7A:4F:E4:25
            X509v3 Authority Key Identifier:
                keyid:BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/Df8h7qloFeTHYGavNQ4pJHpP5CU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.222.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:e9:1f:1f:84:76:5b:50:9b:77:16:40:cc:56:12:ed:91:3a:
         5b:51:6d:e2:5f:d6:c6:eb:d4:8d:55:a2:dd:f1:a6:c2:cf:76:
         06:ed:9c:47:bf:ac:ec:63:35:d6:07:0c:aa:ef:67:22:7a:41:
         f8:f1:c7:d4:5a:ba:9f:88:e2:55:4b:57:bc:f9:1b:f1:25:6b:
         21:8d:58:ce:dc:5e:65:50:a1:63:0a:a6:1f:95:6d:86:7e:32:
         7e:76:63:ec:4a:a6:bc:fe:5d:93:d1:f0:41:a7:2a:86:c4:24:
         0c:b5:d2:59:6f:a2:0a:f6:85:91:06:2f:e5:95:49:ee:5c:08:
         33:49:9a:4e:fd:20:8e:99:aa:59:c3:6b:7f:4d:3f:78:7f:7b:
         ab:fa:72:ff:9f:ef:d9:14:66:ef:e6:9c:b3:89:42:7e:24:76:
         af:1c:e6:5c:54:7d:1a:dd:fd:ab:16:11:0c:9e:45:01:2f:d9:
         ba:d6:90:83:56:aa:77:31:00:e8:26:b9:b5:09:f0:01:c7:7f:
         93:a7:96:3f:53:ce:11:fd:f2:31:f5:dd:fe:a4:c8:fc:54:ab:
         13:a5:4f:40:92:1d:e0:54:0d:da:44:b8:bd:bc:ea:d3:e0:15:
         cb:9c:1c:38:e8:31:74:1d:cf:2c:71:25:ef:69:4d:87:4f:13:
         3b:21:72:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt264sqC9wsiWsOA0AQe1a9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhOWQzMGU2MDM1YmU4YjgzODYwNjFmMjcxNDgxYzcwN2Uw
NGNlMmIwHhcNMjYwMTAxMDAxODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGZmMjFlZWE5NjgxNWU0Yzc2MDY2YWYzNTBlMjkyNDdhNGZlNDI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQjUyXwa5IkB4S9zAH0NC+IHf3/i
aJb6V6OQKW6xDruRUdWl2cqTW8Zkesxpy4yKEzOV+G0M7W8ZkShmsMUk0zCBJzHr
fLSPxCDKN/wptf3jSRR5MAsTbhklLgA5m/8YuTdX7u7qWDnddXhyX2THMTT07k6K
8tV2MO/oLvC9rY9nilE9VGUnMBopx/BSV001bVoKjtyYYkp2nGz+2l08jXCSzJ/I
U9YeZeNF+qfphJG8NQgPsEaxssjbzyba/aDk/z7ozhrEezV0s/ss7Rf11/5c+/st
zps+ivhEVX14ITPJ3YlOo+/ikyacjpRhrV9cueLVKUwCPGZXkGaUp7fDawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA3/Ie6paBXkx2BmrzUOKSR6T+QlMB8GA1UdIwQY
MBaAFLqdMOYDW+i4OGBh8nFIHHB+BM4rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgt
NWQ1ODRmYmM1ZDI3LzEvRGY4aDdxbG9GZVRIWUdhdk5RNHBKSHBQNUNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgtNWQ1ODRmYmM1ZDI3
LzEvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUt5TMA0G
CSqGSIb3DQEBCwUAA4IBAQAp6R8fhHZbUJt3FkDMVhLtkTpbUW3iX9bG69SNVaLd
8abCz3YG7ZxHv6zsYzXWBwyq72ciekH48cfUWrqfiOJVS1e8+RvxJWshjVjO3F5l
UKFjCqYflW2GfjJ+dmPsSqa8/l2T0fBBpyqGxCQMtdJZb6IK9oWRBi/llUnuXAgz
SZpO/SCOmapZw2t/TT94f3ur+nL/n+/ZFGbv5pyziUJ+JHavHOZcVH0a3f2rFhEM
nkUBL9m61pCDVqp3MQDoJrm1CfABx3+Tp5Y/U84R/fIx9d3+pMj8VKsTpU9Akh3g
VA3aRLi9vOrT4BXLnBw46DF0Hc8scSXvaU2HTxM7IXL4
-----END CERTIFICATE-----