This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/52b634-6148-4e2e-b8f3-0c98c570a6e0/1/nADULd3amnYGR0Tr5B09poIsE28.roa
File:                     nADULd3amnYGR0Tr5B09poIsE28.roa (raw, json)
Hash identifier:          gJvUmAM3aJOUpRMN3qv/5KjDyZgYcOC2qsvGzHbLhP8=
Subject key identifier:   9C:00:D4:2D:DD:DA:9A:76:06:47:44:EB:E4:1D:3D:A6:82:2C:13:6F
Certificate issuer:       /CN=607548c37abebc58b928ed285433d69e95df9c3b
Certificate serial:       019B7E38CC9BDAC488AA37B8F2F0E1E8C0B5
Authority key identifier: 60:75:48:C3:7A:BE:BC:58:B9:28:ED:28:54:33:D6:9E:95:DF:9C:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YHVIw3q-vFi5KO0oVDPWnpXfnDs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/52b634-6148-4e2e-b8f3-0c98c570a6e0/1/nADULd3amnYGR0Tr5B09poIsE28.roa
Signing time:             Fri 02 Jan 2026 10:20:10 +0000
ROA not before:           Fri 02 Jan 2026 10:20:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50608
IP address blocks:        83.220.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/52b634-6148-4e2e-b8f3-0c98c570a6e0/1/YHVIw3q-vFi5KO0oVDPWnpXfnDs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/52b634-6148-4e2e-b8f3-0c98c570a6e0/1/YHVIw3q-vFi5KO0oVDPWnpXfnDs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YHVIw3q-vFi5KO0oVDPWnpXfnDs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:cc:9b:da:c4:88:aa:37:b8:f2:f0:e1:e8:c0:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=607548c37abebc58b928ed285433d69e95df9c3b
        Validity
            Not Before: Jan  2 10:20:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9c00d42dddda9a76064744ebe41d3da6822c136f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:0c:e8:d3:3f:22:61:6f:20:8d:b2:f9:14:23:
                    55:32:1c:08:d4:b5:6b:1d:d6:bf:ca:ed:f5:0c:cc:
                    1c:ce:82:6d:00:4a:4a:6e:25:31:ca:41:0b:07:18:
                    05:b7:c2:c6:40:41:be:05:76:d2:ce:35:ec:9b:90:
                    c6:35:55:93:fc:a8:23:9f:e1:e8:d4:d4:c0:4f:3c:
                    03:d8:33:32:6d:5b:21:82:2b:30:44:00:ef:9d:eb:
                    13:fe:8b:a1:14:1f:c1:eb:a6:61:3e:5d:1d:5f:e3:
                    c1:98:38:6f:7f:ac:59:5e:7c:00:27:ef:32:2b:ed:
                    05:e4:6b:ac:88:bc:13:bd:20:db:92:c3:12:4a:9a:
                    3a:f2:16:bd:7c:30:d1:bd:a2:65:bd:05:0a:b4:5d:
                    f5:d7:93:f4:85:de:fb:b3:78:8d:08:39:69:25:4f:
                    7d:88:64:0c:16:85:e7:0f:79:f5:09:77:a3:73:37:
                    1c:6d:20:a1:c1:88:49:c7:c7:ee:d0:3d:cb:a2:51:
                    5c:d3:13:13:43:5d:7c:41:4f:69:15:67:dd:27:56:
                    eb:c6:3e:6c:c0:a0:28:d1:86:96:bc:34:8a:19:31:
                    0a:e4:ef:97:ce:ff:05:43:17:55:e7:cc:c9:ba:85:
                    8c:d4:da:d8:7b:a0:a0:c1:38:68:1b:a3:20:cb:1e:
                    b8:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:00:D4:2D:DD:DA:9A:76:06:47:44:EB:E4:1D:3D:A6:82:2C:13:6F
            X509v3 Authority Key Identifier:
                keyid:60:75:48:C3:7A:BE:BC:58:B9:28:ED:28:54:33:D6:9E:95:DF:9C:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YHVIw3q-vFi5KO0oVDPWnpXfnDs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/52b634-6148-4e2e-b8f3-0c98c570a6e0/1/nADULd3amnYGR0Tr5B09poIsE28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/52b634-6148-4e2e-b8f3-0c98c570a6e0/1/YHVIw3q-vFi5KO0oVDPWnpXfnDs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.220.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:bb:de:3d:96:de:f8:93:94:01:80:67:ca:d0:d1:ca:c9:02:
         7a:3d:41:17:05:21:6e:ad:ef:08:96:9a:d9:79:a5:d3:19:05:
         1f:16:66:3c:35:16:c5:de:0a:91:3f:b2:f9:1e:5f:e4:48:56:
         c6:8d:27:f1:a6:2e:28:68:8b:fb:49:c3:05:3b:2f:0e:c2:91:
         e2:d9:16:db:d3:7b:68:2b:4e:27:09:2a:94:ca:fb:80:0d:fa:
         66:5a:1e:5b:55:32:ca:71:90:c9:2b:86:2b:fc:0a:b4:6e:2c:
         1b:c9:3b:be:3b:1a:90:7f:f6:d9:8d:1a:6a:2b:96:a5:2f:48:
         0f:cd:ec:8e:28:e5:8b:bc:dc:14:e5:95:9a:7a:89:b0:4d:e8:
         78:ee:9f:0f:57:97:50:7b:ba:99:d2:3f:11:e1:0f:0a:fa:43:
         46:b0:7d:a5:3b:78:a3:a1:86:97:5f:dd:40:30:57:50:9c:36:
         47:d4:be:65:67:38:66:d5:ac:5e:85:a3:77:d3:d8:19:04:e4:
         51:8d:ee:91:a9:20:2d:ba:8f:70:d9:80:c6:70:f0:48:e3:18:
         64:aa:35:b2:4a:f6:d4:d7:e2:de:0b:f3:c9:c0:6d:ad:4e:15:
         b1:5d:dd:17:9e:8f:dc:cd:ab:e2:47:ad:df:b9:1b:30:fb:93:
         6a:f4:1b:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OMyb2sSIqje48vDh6MC1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNzU0OGMzN2FiZWJjNThiOTI4ZWQyODU0MzNkNjllOTVk
ZjljM2IwHhcNMjYwMTAyMTAyMDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzAwZDQyZGRkZGE5YTc2MDY0NzQ0ZWJlNDFkM2RhNjgyMmMxMzZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwgzo0z8iYW8gjbL5FCNVMhwI1LVr
Hda/yu31DMwczoJtAEpKbiUxykELBxgFt8LGQEG+BXbSzjXsm5DGNVWT/Kgjn+Ho
1NTATzwD2DMybVshgiswRADvnesT/ouhFB/B66ZhPl0dX+PBmDhvf6xZXnwAJ+8y
K+0F5GusiLwTvSDbksMSSpo68ha9fDDRvaJlvQUKtF3115P0hd77s3iNCDlpJU99
iGQMFoXnD3n1CXejczccbSChwYhJx8fu0D3LolFc0xMTQ118QU9pFWfdJ1brxj5s
wKAo0YaWvDSKGTEK5O+Xzv8FQxdV58zJuoWM1NrYe6CgwThoG6Mgyx64vQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJwA1C3d2pp2BkdE6+QdPaaCLBNvMB8GA1UdIwQY
MBaAFGB1SMN6vrxYuSjtKFQz1p6V35w7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUhWSXczcS12Rmk1S08wb1ZEUFducFhmbkRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi81MmI2MzQtNjE0OC00ZTJlLWI4ZjMt
MGM5OGM1NzBhNmUwLzEvbkFEVUxkM2FtbllHUjBUcjVCMDlwb0lzRTI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi81MmI2MzQtNjE0OC00ZTJlLWI4ZjMtMGM5OGM1NzBhNmUw
LzEvWUhWSXczcS12Rmk1S08wb1ZEUFducFhmbkRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU9ynMA0G
CSqGSIb3DQEBCwUAA4IBAQAJu949lt74k5QBgGfK0NHKyQJ6PUEXBSFure8IlprZ
eaXTGQUfFmY8NRbF3gqRP7L5Hl/kSFbGjSfxpi4oaIv7ScMFOy8OwpHi2Rbb03to
K04nCSqUyvuADfpmWh5bVTLKcZDJK4Yr/Aq0biwbyTu+OxqQf/bZjRpqK5alL0gP
zeyOKOWLvNwU5ZWaeomwTeh47p8PV5dQe7qZ0j8R4Q8K+kNGsH2lO3ijoYaXX91A
MFdQnDZH1L5lZzhm1axehaN309gZBORRje6RqSAtuo9w2YDGcPBI4xhkqjWySvbU
1+LeC/PJwG2tThWxXd0Xno/czaviR63fuRsw+5Nq9Bv/
-----END CERTIFICATE-----