This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/DNsR09KDG0O8acrY8npmUZG65eQ.roa
File:                     DNsR09KDG0O8acrY8npmUZG65eQ.roa (raw, json)
Hash identifier:          8BWUBiOO9n7w1VdLQvlzlzBTVDSRNXb3RMa+IUWBMfc=
Subject key identifier:   0C:DB:11:D3:D2:83:1B:43:BC:69:CA:D8:F2:7A:66:51:91:BA:E5:E4
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       019B77C6AB3EFC0ECB0A248ABC9F5217A7D0
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/DNsR09KDG0O8acrY8npmUZG65eQ.roa
Signing time:             Thu 01 Jan 2026 04:17:47 +0000
ROA not before:           Thu 01 Jan 2026 04:17:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204846
IP address blocks:        188.130.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:ab:3e:fc:0e:cb:0a:24:8a:bc:9f:52:17:a7:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  1 04:17:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0cdb11d3d2831b43bc69cad8f27a665191bae5e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:bb:2a:58:19:bd:48:1e:21:49:3f:63:92:78:
                    df:88:2b:fa:63:2d:8e:4a:27:8c:8f:5d:ee:88:99:
                    4a:5d:13:33:1f:78:00:dc:2b:00:4c:f6:20:a6:0f:
                    58:99:c0:9c:ed:2e:96:a7:f3:9f:6f:09:b3:19:e3:
                    09:2f:c0:93:81:ce:6d:c8:06:d5:24:d9:9a:e6:aa:
                    e9:7c:c4:43:5b:92:03:8b:fa:0a:cb:56:da:3a:08:
                    fb:7f:77:02:f0:1f:66:ff:46:80:e9:39:29:3a:f8:
                    cc:a3:58:54:fc:95:40:06:56:5e:d8:b0:55:9c:d1:
                    17:16:b7:8b:5f:33:44:3f:30:f9:3a:ec:8a:8e:99:
                    4f:24:1f:f7:05:46:fc:9b:21:3a:0f:44:18:bb:f8:
                    0e:1b:a2:f4:4a:76:51:da:ec:8a:79:6e:da:49:fb:
                    fb:a7:db:7f:f4:d1:0b:6a:79:58:9f:d9:64:92:26:
                    d4:23:e0:1d:75:a4:17:bb:eb:ff:4a:d5:60:f1:ce:
                    14:9f:92:99:9b:11:21:98:6a:1c:27:a4:f2:9c:1f:
                    1c:94:89:d5:0c:36:e1:cb:c6:44:76:bc:a1:1e:f4:
                    27:b8:10:a2:05:c1:47:c4:4e:f3:4f:c3:92:dc:09:
                    f6:61:0a:85:d5:7d:01:4f:bd:a2:8f:01:a0:b1:ab:
                    4e:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:DB:11:D3:D2:83:1B:43:BC:69:CA:D8:F2:7A:66:51:91:BA:E5:E4
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/DNsR09KDG0O8acrY8npmUZG65eQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.130.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:58:c8:a4:28:df:ad:69:c6:a9:22:c3:83:a3:3e:20:a6:00:
         39:ab:de:cf:33:98:d7:3e:db:d7:ae:e8:a8:27:1f:93:95:e6:
         00:80:3a:5e:50:7f:88:e4:01:d7:8b:03:e4:47:70:74:aa:67:
         a1:11:54:8d:64:48:94:0b:e1:78:a2:e0:54:3e:f9:ee:2e:42:
         b5:a0:44:f8:4e:b1:b3:00:d5:f2:17:38:e8:d6:73:a3:54:ee:
         0a:2b:f1:12:43:53:f7:b7:6b:72:51:f9:33:9d:b9:7b:13:7b:
         e1:0f:e7:4a:b6:e1:a4:f0:99:bc:82:6b:87:58:4a:bc:07:ba:
         d6:bf:21:17:19:39:61:bc:11:aa:88:7c:02:8a:30:55:29:65:
         44:c8:b9:d8:61:2c:34:6a:d9:14:90:79:f5:0d:cb:f9:b5:32:
         ca:31:8e:ec:6d:72:ab:fe:17:3c:14:ad:e4:6d:34:a1:3b:c4:
         77:29:97:de:f6:10:97:06:12:2f:6d:cf:2d:9f:38:63:b4:ac:
         a7:1c:af:d9:62:1a:d6:60:ed:c4:14:e5:d6:a9:62:4d:81:b6:
         80:84:21:b5:1a:72:70:05:2f:e2:eb:86:4b:a8:65:38:bf:3a:
         c1:bd:ae:ab:d5:65:2d:1c:b7:a4:98:f8:2b:e0:05:81:95:f2:
         3b:ce:5d:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xqs+/A7LCiSKvJ9SF6fQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjYwMTAxMDQxNzQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2RiMTFkM2QyODMxYjQzYmM2OWNhZDhmMjdhNjY1MTkxYmFlNWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLsqWBm9SB4hST9jknjfiCv6Yy2O
SieMj13uiJlKXRMzH3gA3CsATPYgpg9YmcCc7S6Wp/OfbwmzGeMJL8CTgc5tyAbV
JNma5qrpfMRDW5IDi/oKy1baOgj7f3cC8B9m/0aA6TkpOvjMo1hU/JVABlZe2LBV
nNEXFreLXzNEPzD5OuyKjplPJB/3BUb8myE6D0QYu/gOG6L0SnZR2uyKeW7aSfv7
p9t/9NELanlYn9lkkibUI+AddaQXu+v/StVg8c4Un5KZmxEhmGocJ6TynB8clInV
DDbhy8ZEdryhHvQnuBCiBcFHxE7zT8OS3An2YQqF1X0BT72ijwGgsatO8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAzbEdPSgxtDvGnK2PJ6ZlGRuuXkMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvRE5zUjA5S0RHME84YWNyWThucG1VWkc2NWVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvIKZMA0G
CSqGSIb3DQEBCwUAA4IBAQCxWMikKN+tacapIsODoz4gpgA5q97PM5jXPtvXruio
Jx+TleYAgDpeUH+I5AHXiwPkR3B0qmehEVSNZEiUC+F4ouBUPvnuLkK1oET4TrGz
ANXyFzjo1nOjVO4KK/ESQ1P3t2tyUfkznbl7E3vhD+dKtuGk8Jm8gmuHWEq8B7rW
vyEXGTlhvBGqiHwCijBVKWVEyLnYYSw0atkUkHn1Dcv5tTLKMY7sbXKr/hc8FK3k
bTShO8R3KZfe9hCXBhIvbc8tnzhjtKynHK/ZYhrWYO3EFOXWqWJNgbaAhCG1GnJw
BS/i64ZLqGU4vzrBva6r1WUtHLekmPgr4AWBlfI7zl2l
-----END CERTIFICATE-----