This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5a0f81-31e2-4db2-8339-9241ff6ec3bf/1/8Q40PlY6cpiTHKi29S26G9DdZhI.roa
File:                     8Q40PlY6cpiTHKi29S26G9DdZhI.roa (raw, json)
Hash identifier:          ZDmF+D6x42sRt1+OHh8Qa/2IzhhfYVV5gqAu2bLK1o8=
Subject key identifier:   F1:0E:34:3E:56:3A:72:98:93:1C:A8:B6:F5:2D:BA:1B:D0:DD:66:12
Certificate issuer:       /CN=4ce74cf63723c0269d5283b1065821af384a9a26
Certificate serial:       019B7C134481E7ED071169CEC38F3EFA5DF2
Authority key identifier: 4C:E7:4C:F6:37:23:C0:26:9D:52:83:B1:06:58:21:AF:38:4A:9A:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TOdM9jcjwCadUoOxBlghrzhKmiY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5a0f81-31e2-4db2-8339-9241ff6ec3bf/1/8Q40PlY6cpiTHKi29S26G9DdZhI.roa
Signing time:             Fri 02 Jan 2026 00:19:56 +0000
ROA not before:           Fri 02 Jan 2026 00:19:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        188.227.198.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5a0f81-31e2-4db2-8339-9241ff6ec3bf/1/TOdM9jcjwCadUoOxBlghrzhKmiY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5a0f81-31e2-4db2-8339-9241ff6ec3bf/1/TOdM9jcjwCadUoOxBlghrzhKmiY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TOdM9jcjwCadUoOxBlghrzhKmiY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 00:20:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:13:44:81:e7:ed:07:11:69:ce:c3:8f:3e:fa:5d:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ce74cf63723c0269d5283b1065821af384a9a26
        Validity
            Not Before: Jan  2 00:19:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f10e343e563a7298931ca8b6f52dba1bd0dd6612
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:78:2b:a4:83:a0:82:94:51:ba:76:82:2c:9a:
                    3b:76:c6:19:95:fe:91:56:e3:6c:45:a2:c9:1e:07:
                    e9:c8:61:26:49:ad:27:54:e7:06:fa:67:29:93:f2:
                    a4:90:32:2c:6d:7f:9a:ad:3b:14:cb:9a:c4:bc:62:
                    ba:bc:e5:a5:16:6a:c9:4a:4d:f5:ac:c1:78:f9:f0:
                    57:2a:c5:25:f3:57:1f:2f:aa:7f:33:5e:f5:20:cf:
                    fe:c9:94:fa:7a:a6:a0:60:bb:23:ba:ff:98:56:37:
                    28:8f:3e:c0:cc:7a:96:5b:18:a0:f2:ba:60:e9:77:
                    45:cd:e3:6c:50:3c:cc:1e:c4:c1:05:be:57:4b:6e:
                    8b:af:15:ee:fa:8e:f9:62:5b:44:c3:ab:38:18:2f:
                    49:86:96:c7:48:f1:17:92:ce:d5:d7:7a:77:70:95:
                    97:81:e5:57:41:2e:9c:5e:97:3c:c5:8b:d5:37:43:
                    9f:e5:5f:3a:10:64:26:09:01:f6:3b:2b:17:2d:56:
                    aa:6f:41:aa:0c:4a:52:5a:42:73:60:e5:03:1d:94:
                    5b:31:80:92:51:4c:c9:87:8e:10:bc:e6:c2:9d:f7:
                    67:14:55:fb:37:d0:b7:07:bf:78:91:ae:5f:4a:70:
                    56:07:d5:4f:1a:f5:e9:ac:e7:a0:fc:ed:2c:27:43:
                    eb:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:0E:34:3E:56:3A:72:98:93:1C:A8:B6:F5:2D:BA:1B:D0:DD:66:12
            X509v3 Authority Key Identifier:
                keyid:4C:E7:4C:F6:37:23:C0:26:9D:52:83:B1:06:58:21:AF:38:4A:9A:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TOdM9jcjwCadUoOxBlghrzhKmiY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5a0f81-31e2-4db2-8339-9241ff6ec3bf/1/8Q40PlY6cpiTHKi29S26G9DdZhI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5a0f81-31e2-4db2-8339-9241ff6ec3bf/1/TOdM9jcjwCadUoOxBlghrzhKmiY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.227.198.0/23

    Signature Algorithm: sha256WithRSAEncryption
         68:01:7e:a8:10:dc:47:7b:b5:d0:8a:9c:6f:50:14:01:88:db:
         e5:ac:e0:1b:0f:27:44:81:24:06:6b:9f:4f:49:eb:a3:4c:cc:
         51:f1:96:c4:e8:f5:2c:34:a7:ce:42:b2:bd:87:1c:8d:c4:15:
         64:f2:d8:bb:0b:64:49:94:8d:e9:cc:49:a2:13:b3:a7:92:3f:
         ab:a7:7d:58:de:bc:3b:2b:52:ec:a6:1e:22:3b:da:74:86:c5:
         75:90:88:e2:a8:ec:7e:11:52:dd:6e:0e:79:c5:92:53:77:b1:
         c9:01:11:fa:14:b2:f7:1d:fe:ef:ac:9a:b3:80:19:bc:3f:7a:
         9e:43:c0:39:d6:38:18:d1:27:8a:19:b4:ce:62:1a:ac:8f:2c:
         8e:e8:13:4d:ae:fe:e9:e1:3b:7d:5f:d8:c8:20:27:6a:74:0e:
         0f:b4:ee:fb:71:8f:0e:6f:b4:aa:99:d3:50:36:82:62:4d:f0:
         c9:a5:8f:17:5e:86:36:bc:a6:f9:b3:e3:c9:7d:ec:a8:e5:e5:
         fc:a1:ce:37:42:9b:89:7d:cb:c3:61:5f:ff:34:05:68:b2:30:
         df:93:45:81:b8:ec:d4:a8:bb:62:8c:ad:b3:ef:ac:45:9b:a4:
         3b:45:eb:d2:4f:de:bd:91:de:20:88:aa:24:cc:0c:1a:35:a0:
         75:b8:d4:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8E0SB5+0HEWnOw48++l3yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZTc0Y2Y2MzcyM2MwMjY5ZDUyODNiMTA2NTgyMWFmMzg0
YTlhMjYwHhcNMjYwMTAyMDAxOTU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTBlMzQzZTU2M2E3Mjk4OTMxY2E4YjZmNTJkYmExYmQwZGQ2NjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl3grpIOggpRRunaCLJo7dsYZlf6R
VuNsRaLJHgfpyGEmSa0nVOcG+mcpk/KkkDIsbX+arTsUy5rEvGK6vOWlFmrJSk31
rMF4+fBXKsUl81cfL6p/M171IM/+yZT6eqagYLsjuv+YVjcojz7AzHqWWxig8rpg
6XdFzeNsUDzMHsTBBb5XS26LrxXu+o75YltEw6s4GC9JhpbHSPEXks7V13p3cJWX
geVXQS6cXpc8xYvVN0Of5V86EGQmCQH2OysXLVaqb0GqDEpSWkJzYOUDHZRbMYCS
UUzJh44QvObCnfdnFFX7N9C3B794ka5fSnBWB9VPGvXprOeg/O0sJ0PraQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPEOND5WOnKYkxyotvUtuhvQ3WYSMB8GA1UdIwQY
MBaAFEznTPY3I8AmnVKDsQZYIa84SpomMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVE9kTTlqY2p3Q2FkVW9PeEJsZ2hyemhLbWlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81YTBmODEtMzFlMi00ZGIyLTgzMzkt
OTI0MWZmNmVjM2JmLzEvOFE0MFBsWTZjcGlUSEtpMjlTMjZHOURkWmhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81YTBmODEtMzFlMi00ZGIyLTgzMzktOTI0MWZmNmVjM2Jm
LzEvVE9kTTlqY2p3Q2FkVW9PeEJsZ2hyemhLbWlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBvOPGMA0G
CSqGSIb3DQEBCwUAA4IBAQBoAX6oENxHe7XQipxvUBQBiNvlrOAbDydEgSQGa59P
SeujTMxR8ZbE6PUsNKfOQrK9hxyNxBVk8ti7C2RJlI3pzEmiE7Onkj+rp31Y3rw7
K1Lsph4iO9p0hsV1kIjiqOx+EVLdbg55xZJTd7HJARH6FLL3Hf7vrJqzgBm8P3qe
Q8A51jgY0SeKGbTOYhqsjyyO6BNNrv7p4Tt9X9jIICdqdA4PtO77cY8Ob7SqmdNQ
NoJiTfDJpY8XXoY2vKb5s+PJfeyo5eX8oc43QpuJfcvDYV//NAVosjDfk0WBuOzU
qLtijK2z76xFm6Q7RevST969kd4giKokzAwaNaB1uNRD
-----END CERTIFICATE-----