This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/ipnkTLrjT7F0bHORy6hA5-G6FmI.roa
File:                     ipnkTLrjT7F0bHORy6hA5-G6FmI.roa (raw, json)
Hash identifier:          +JqJ16cW+lLk15GoB7Y07bQL/MjdRgD0Bulxeynk0Qo=
Subject key identifier:   8A:99:E4:4C:BA:E3:4F:B1:74:6C:73:91:CB:A8:40:E7:E1:BA:16:62
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       019B77C6A5E04F89847B491313541FE541FF
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/ipnkTLrjT7F0bHORy6hA5-G6FmI.roa
Signing time:             Thu 01 Jan 2026 04:17:45 +0000
ROA not before:           Thu 01 Jan 2026 04:17:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61019
IP address blocks:        46.8.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:a5:e0:4f:89:84:7b:49:13:13:54:1f:e5:41:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  1 04:17:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8a99e44cbae34fb1746c7391cba840e7e1ba1662
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:38:36:74:9e:dd:92:8c:7d:3e:49:95:10:7c:
                    ec:a0:a2:b3:6c:df:8f:19:56:cd:c8:27:c1:53:80:
                    03:a9:a2:36:47:25:51:cd:b0:05:c3:83:74:e6:a4:
                    76:c0:7d:72:a5:53:d1:49:a8:99:54:50:b0:40:49:
                    6f:b5:53:f7:5e:73:76:9c:b5:a8:da:7b:d4:44:0b:
                    37:e1:50:33:24:5b:82:1a:e2:06:90:3c:41:fd:53:
                    b8:23:c3:78:51:7d:4f:9c:5c:f2:5a:8d:02:2a:9a:
                    95:6c:62:3b:8f:4c:e8:ba:d7:8a:25:2c:fc:07:f7:
                    bd:73:9b:34:e4:2d:66:89:1b:ba:4c:81:8e:f7:4c:
                    58:c1:a8:e4:9e:69:5e:0c:28:33:2d:9a:6a:f9:2e:
                    a9:3a:9f:ae:05:a3:45:59:6a:ef:1a:8f:01:31:11:
                    cc:6f:2d:aa:4f:c7:2e:fb:dd:05:b0:49:6c:4e:5f:
                    eb:59:a0:0f:4d:be:9d:a0:64:b3:a6:81:80:31:b7:
                    78:bc:e1:42:3e:ce:f5:06:c3:d1:a1:2f:cb:4a:d1:
                    63:ec:11:0e:51:61:1f:e4:85:b8:36:50:3e:1f:fe:
                    30:fa:21:9a:3d:ac:05:6b:2d:ea:5f:48:60:21:bb:
                    29:d1:03:03:fc:f3:f6:99:f1:de:54:d6:01:c7:5f:
                    07:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:99:E4:4C:BA:E3:4F:B1:74:6C:73:91:CB:A8:40:E7:E1:BA:16:62
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/ipnkTLrjT7F0bHORy6hA5-G6FmI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.8.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:18:72:a2:ab:ab:95:0c:1c:39:19:59:35:0a:ab:37:8e:bb:
         f4:ea:0e:8b:40:6b:7c:cf:d5:9d:4b:c1:9d:ab:23:d8:bd:57:
         27:d0:7a:f0:08:e7:7b:e1:74:e7:b2:43:9e:32:e3:85:ab:5f:
         5b:e9:31:95:95:b6:3e:b6:cf:4e:cc:05:bf:22:9c:b7:3f:e3:
         3a:44:d0:e7:18:22:1f:ba:5a:30:9d:58:bb:66:61:e2:7e:93:
         93:e0:ae:e7:c6:b9:69:2e:56:a2:59:67:83:0e:ff:95:69:e5:
         ed:81:fc:e3:90:6a:8c:f2:53:ae:8c:e1:22:5e:f0:22:75:cf:
         0a:18:8b:01:22:29:49:ed:d4:71:c7:f8:e1:fe:5c:c0:cc:10:
         de:fe:42:61:c1:3f:e3:2f:94:18:86:39:a4:c1:6d:ec:2a:ac:
         1a:12:d2:31:df:40:62:b4:45:56:e2:8e:7e:a2:58:ae:e3:78:
         51:38:8e:17:03:80:5a:bf:75:35:59:18:c5:60:7e:f9:0d:2c:
         0c:b6:c1:7c:5e:65:c9:7d:62:ce:ad:20:90:8b:4c:10:38:4c:
         cb:c0:17:57:db:c6:ab:46:22:0e:10:a6:54:23:69:88:b8:ec:
         8d:99:75:49:b5:d4:ef:eb:c7:20:4e:a0:c6:9e:0d:c7:d0:52:
         e1:67:ec:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xqXgT4mEe0kTE1Qf5UH/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjYwMTAxMDQxNzQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTk5ZTQ0Y2JhZTM0ZmIxNzQ2YzczOTFjYmE4NDBlN2UxYmExNjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAojg2dJ7dkox9PkmVEHzsoKKzbN+P
GVbNyCfBU4ADqaI2RyVRzbAFw4N05qR2wH1ypVPRSaiZVFCwQElvtVP3XnN2nLWo
2nvURAs34VAzJFuCGuIGkDxB/VO4I8N4UX1PnFzyWo0CKpqVbGI7j0zouteKJSz8
B/e9c5s05C1miRu6TIGO90xYwajknmleDCgzLZpq+S6pOp+uBaNFWWrvGo8BMRHM
by2qT8cu+90FsElsTl/rWaAPTb6doGSzpoGAMbd4vOFCPs71BsPRoS/LStFj7BEO
UWEf5IW4NlA+H/4w+iGaPawFay3qX0hgIbsp0QMD/PP2mfHeVNYBx18H7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIqZ5Ey640+xdGxzkcuoQOfhuhZiMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvaXBua1RMcmpUN0YwYkhPUnk2aEE1LUc2Rm1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALgjrMA0G
CSqGSIb3DQEBCwUAA4IBAQAbGHKiq6uVDBw5GVk1Cqs3jrv06g6LQGt8z9WdS8Gd
qyPYvVcn0HrwCOd74XTnskOeMuOFq19b6TGVlbY+ts9OzAW/Ipy3P+M6RNDnGCIf
ulownVi7ZmHifpOT4K7nxrlpLlaiWWeDDv+VaeXtgfzjkGqM8lOujOEiXvAidc8K
GIsBIilJ7dRxx/jh/lzAzBDe/kJhwT/jL5QYhjmkwW3sKqwaEtIx30BitEVW4o5+
oliu43hROI4XA4Bav3U1WRjFYH75DSwMtsF8XmXJfWLOrSCQi0wQOEzLwBdX28ar
RiIOEKZUI2mIuOyNmXVJtdTv68cgTqDGng3H0FLhZ+zd
-----END CERTIFICATE-----