This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/SkDpO6OoEpzo1ET-E7iTIfC7KV8.roa
File:                     SkDpO6OoEpzo1ET-E7iTIfC7KV8.roa (raw, json)
Hash identifier:          7KH2Jfl+NVttuQLufAwpzomOV5CT/As0OWEw9AgWlfU=
Subject key identifier:   4A:40:E9:3B:A3:A8:12:9C:E8:D4:44:FE:13:B8:93:21:F0:BB:29:5F
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019B797ED17A5CA2604B26C796C6115C4CB0
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/SkDpO6OoEpzo1ET-E7iTIfC7KV8.roa
Signing time:             Thu 01 Jan 2026 12:18:32 +0000
ROA not before:           Thu 01 Jan 2026 12:18:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     196886
IP address blocks:        188.255.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 08:17:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:d1:7a:5c:a2:60:4b:26:c7:96:c6:11:5c:4c:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Jan  1 12:18:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4a40e93ba3a8129ce8d444fe13b89321f0bb295f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:30:dd:04:27:61:ed:04:84:b0:00:6f:1c:fd:
                    06:41:03:93:cd:22:5b:db:c6:6f:57:66:85:94:c4:
                    1b:3a:af:e0:70:2d:12:f0:9f:c9:c0:87:7d:cc:8a:
                    e0:31:b8:00:9c:82:3d:34:e6:97:f1:43:20:40:04:
                    98:35:dc:75:86:cb:cd:24:c1:3e:53:58:89:64:ec:
                    c6:78:cd:c3:9f:3d:ec:ed:44:e5:42:48:f2:8d:1b:
                    41:a4:4e:9f:bd:c5:fa:2f:1c:dd:52:0b:56:08:79:
                    09:fb:4d:ba:32:b5:3a:a4:a0:c9:60:50:42:11:88:
                    aa:34:c3:37:20:13:da:a0:4e:d0:bd:44:22:d3:59:
                    66:4d:31:89:2f:4b:91:8e:f0:25:c4:cd:c7:ea:66:
                    c7:39:38:23:67:b5:8e:28:3b:e3:4f:c7:77:dd:30:
                    c1:28:2d:52:b6:fb:24:c3:b2:6d:a2:94:16:0f:33:
                    f7:69:72:cb:5e:21:70:ea:f1:63:75:2d:5a:1d:df:
                    9c:1d:89:88:2b:f5:c9:76:52:c9:b6:7e:bc:09:13:
                    27:e6:b6:af:d8:05:51:94:b7:71:f8:3c:5d:05:15:
                    b4:d8:a6:33:fd:2d:20:27:d6:14:09:19:ce:1f:0e:
                    22:6a:63:24:ab:d6:7f:da:95:39:48:6d:8f:af:3c:
                    92:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:40:E9:3B:A3:A8:12:9C:E8:D4:44:FE:13:B8:93:21:F0:BB:29:5F
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/SkDpO6OoEpzo1ET-E7iTIfC7KV8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.255.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:54:82:a6:ab:05:c8:6f:e2:12:89:53:41:9d:65:3f:1c:a5:
         a2:af:28:36:f9:61:7e:50:8e:f2:f8:2a:a4:6b:eb:ac:d9:1b:
         21:1c:e6:b5:05:8e:36:f0:a5:dc:43:e1:51:d2:ba:cd:10:da:
         4d:8b:bc:9d:dd:61:09:cc:17:d5:db:a1:ea:88:92:e9:31:c0:
         2b:1b:7a:47:9f:df:ac:17:e4:89:d6:27:54:3d:c7:39:ca:69:
         e9:6b:d7:cb:ee:7c:88:a9:68:a4:2e:4f:96:7c:ac:d0:84:12:
         e5:93:c3:d3:f4:58:fa:17:a9:87:14:c1:f3:7b:a4:db:78:16:
         e6:7f:ae:57:88:6d:7a:cf:ea:cf:42:15:91:4b:62:d8:11:99:
         35:a7:26:65:00:ea:43:1c:ee:23:66:e4:1a:c0:9e:27:5f:31:
         4e:a0:c9:7f:76:b5:bd:cc:20:f6:a9:71:0f:d5:6e:d7:ef:5e:
         20:2b:d5:92:e7:cb:7d:b1:a4:22:c9:ce:f6:d2:21:1f:26:ba:
         2f:4f:94:01:95:a1:3e:bf:d6:96:b1:c4:f5:85:6b:22:30:11:
         7d:ac:30:0e:6b:bc:ef:24:d0:c5:f5:22:35:3d:55:f4:dd:5f:
         1c:76:8f:28:9f:9a:9d:52:9d:dd:b0:bc:96:48:6a:bc:a6:0c:
         a3:94:b1:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5ftF6XKJgSybHlsYRXEywMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwMTAxMTIxODMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTQwZTkzYmEzYTgxMjljZThkNDQ0ZmUxM2I4OTMyMWYwYmIyOTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvjDdBCdh7QSEsABvHP0GQQOTzSJb
28ZvV2aFlMQbOq/gcC0S8J/JwId9zIrgMbgAnII9NOaX8UMgQASYNdx1hsvNJME+
U1iJZOzGeM3Dnz3s7UTlQkjyjRtBpE6fvcX6LxzdUgtWCHkJ+026MrU6pKDJYFBC
EYiqNMM3IBPaoE7QvUQi01lmTTGJL0uRjvAlxM3H6mbHOTgjZ7WOKDvjT8d33TDB
KC1Stvskw7JtopQWDzP3aXLLXiFw6vFjdS1aHd+cHYmIK/XJdlLJtn68CRMn5rav
2AVRlLdx+DxdBRW02KYz/S0gJ9YUCRnOHw4iamMkq9Z/2pU5SG2PrzySCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEpA6TujqBKc6NRE/hO4kyHwuylfMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvU2tEcE82T29FcHpvMUVULUU3aVRJZkM3S1Y4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvP/8MA0G
CSqGSIb3DQEBCwUAA4IBAQB0VIKmqwXIb+ISiVNBnWU/HKWiryg2+WF+UI7y+Cqk
a+us2RshHOa1BY428KXcQ+FR0rrNENpNi7yd3WEJzBfV26HqiJLpMcArG3pHn9+s
F+SJ1idUPcc5ymnpa9fL7nyIqWikLk+WfKzQhBLlk8PT9Fj6F6mHFMHze6TbeBbm
f65XiG16z+rPQhWRS2LYEZk1pyZlAOpDHO4jZuQawJ4nXzFOoMl/drW9zCD2qXEP
1W7X714gK9WS58t9saQiyc720iEfJrovT5QBlaE+v9aWscT1hWsiMBF9rDAOa7zv
JNDF9SI1PVX03V8cdo8on5qdUp3dsLyWSGq8pgyjlLEQ
-----END CERTIFICATE-----