This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/rN2UtVdj6caj6yMxQCrHsSKZMvI.roa
File:                     rN2UtVdj6caj6yMxQCrHsSKZMvI.roa (raw, json)
Hash identifier:          Z3x5j+qIaBAKVKD7voN6LPA49rIP+QJqgn0Mulf73dQ=
Subject key identifier:   AC:DD:94:B5:57:63:E9:C6:A3:EB:23:31:40:2A:C7:B1:22:99:32:F2
Certificate issuer:       /CN=bf809a7e6ca14d0a1a976673e0319e34e956ed3d
Certificate serial:       019BD5C73860EC16EF942D2B3A59E6F7C623
Authority key identifier: BF:80:9A:7E:6C:A1:4D:0A:1A:97:66:73:E0:31:9E:34:E9:56:ED:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v4CafmyhTQoal2Zz4DGeNOlW7T0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/rN2UtVdj6caj6yMxQCrHsSKZMvI.roa
Signing time:             Mon 19 Jan 2026 10:22:41 +0000
ROA not before:           Mon 19 Jan 2026 10:22:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214143
IP address blocks:        208.75.220.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/v4CafmyhTQoal2Zz4DGeNOlW7T0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/v4CafmyhTQoal2Zz4DGeNOlW7T0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v4CafmyhTQoal2Zz4DGeNOlW7T0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:d5:c7:38:60:ec:16:ef:94:2d:2b:3a:59:e6:f7:c6:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf809a7e6ca14d0a1a976673e0319e34e956ed3d
        Validity
            Not Before: Jan 19 10:22:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=acdd94b55763e9c6a3eb2331402ac7b1229932f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:95:ef:f9:11:0d:34:37:ea:d8:f8:5c:78:19:
                    eb:18:54:93:fe:8c:8c:e7:cd:a6:b6:6f:f6:ef:df:
                    19:b9:6a:18:09:6d:17:4c:64:54:ae:bf:e6:f7:b3:
                    6e:71:d6:44:f2:8b:05:c7:bf:23:75:17:f0:11:73:
                    94:b0:8b:37:b5:0c:0c:65:14:e9:4f:17:b5:20:88:
                    19:ea:b8:a7:13:1f:37:e5:10:c5:84:ee:5a:aa:ec:
                    d8:90:e6:48:92:60:7e:dc:33:31:36:fb:9e:a1:ed:
                    37:78:23:f1:be:dd:98:78:2b:8c:e0:36:62:98:e5:
                    8a:c6:2e:44:ac:54:c3:7b:3e:78:85:3a:03:7d:fa:
                    8d:6a:13:f2:27:f2:a8:a8:e9:87:cb:a6:1f:e6:dd:
                    62:6d:68:f6:1b:6c:0d:0b:e5:3b:d7:dc:82:ae:09:
                    8f:e2:74:d9:5c:0d:b0:be:ad:79:a7:50:f1:1d:92:
                    b8:ee:28:79:1b:67:fc:5a:f8:e7:0e:12:e6:90:df:
                    f7:f6:dd:f3:d1:5c:33:3c:fb:4f:dc:63:8a:f9:d5:
                    1b:9f:16:77:4b:68:7f:5f:56:23:d2:39:db:ab:72:
                    83:36:86:23:56:a5:e9:db:71:88:a3:93:a7:27:0d:
                    74:81:ef:37:46:9f:e2:34:16:11:12:1c:76:0f:db:
                    1e:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:DD:94:B5:57:63:E9:C6:A3:EB:23:31:40:2A:C7:B1:22:99:32:F2
            X509v3 Authority Key Identifier:
                keyid:BF:80:9A:7E:6C:A1:4D:0A:1A:97:66:73:E0:31:9E:34:E9:56:ED:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4CafmyhTQoal2Zz4DGeNOlW7T0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/rN2UtVdj6caj6yMxQCrHsSKZMvI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/v4CafmyhTQoal2Zz4DGeNOlW7T0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  208.75.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         71:29:9e:08:32:0a:57:4c:36:e6:b2:e1:e3:ff:73:0e:d1:c7:
         d7:82:66:31:c5:89:b8:29:3a:56:0c:15:de:a3:10:77:3f:04:
         14:2f:1c:58:e6:a8:c4:30:1e:d1:3e:67:ae:96:88:31:c5:b8:
         ba:d7:97:4c:5f:83:aa:6c:8b:f9:16:49:0a:af:99:e0:af:6f:
         1a:27:c6:14:92:f5:32:f8:64:71:80:96:d8:44:18:30:f6:77:
         94:0f:06:d9:3d:bf:25:45:04:68:64:0a:22:5a:87:18:eb:17:
         10:15:76:7e:07:a6:6d:35:d8:ff:a4:1f:e6:35:b9:1a:23:78:
         c4:21:14:4d:77:29:eb:04:8a:e9:d3:ea:4e:fe:e4:77:29:d1:
         03:f5:16:c2:ee:82:49:dc:ff:c2:6d:df:12:88:ba:2a:2d:b8:
         b6:66:41:ea:97:ec:62:8a:81:eb:4e:2f:0b:97:16:62:8e:3a:
         7a:04:68:f6:a8:fd:40:40:67:d4:69:df:44:c2:a4:52:1c:e4:
         73:36:9a:28:69:e2:0e:c6:9e:54:dc:1c:b7:d8:f5:fe:68:60:
         7b:18:2e:ff:3c:d4:e4:81:8a:ca:e8:c7:12:b4:c4:45:ff:40:
         17:9c:8c:bd:98:52:bc:5f:83:9c:a4:a0:7e:08:3c:8c:27:d5:
         af:1a:68:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZvVxzhg7BbvlC0rOlnm98YjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODA5YTdlNmNhMTRkMGExYTk3NjY3M2UwMzE5ZTM0ZTk1
NmVkM2QwHhcNMjYwMTE5MTAyMjQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2RkOTRiNTU3NjNlOWM2YTNlYjIzMzE0MDJhYzdiMTIyOTkzMmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8ZXv+RENNDfq2PhceBnrGFST/oyM
582mtm/2798ZuWoYCW0XTGRUrr/m97NucdZE8osFx78jdRfwEXOUsIs3tQwMZRTp
Txe1IIgZ6rinEx835RDFhO5aquzYkOZIkmB+3DMxNvueoe03eCPxvt2YeCuM4DZi
mOWKxi5ErFTDez54hToDffqNahPyJ/KoqOmHy6Yf5t1ibWj2G2wNC+U719yCrgmP
4nTZXA2wvq15p1DxHZK47ih5G2f8WvjnDhLmkN/39t3z0VwzPPtP3GOK+dUbnxZ3
S2h/X1Yj0jnbq3KDNoYjVqXp23GIo5OnJw10ge83Rp/iNBYREhx2D9se3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKzdlLVXY+nGo+sjMUAqx7EimTLyMB8GA1UdIwQY
MBaAFL+Amn5soU0KGpdmc+AxnjTpVu09MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRDYWZteWhUUW9hbDJaejRER2VOT2xXN1QwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS8zYTM4MmEtM2RkYS00Nzk2LWIzMjAt
M2ZkZmI0MTQwZjI0LzEvck4yVXRWZGo2Y2FqNnlNeFFDckhzU0taTXZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS8zYTM4MmEtM2RkYS00Nzk2LWIzMjAtM2ZkZmI0MTQwZjI0
LzEvdjRDYWZteWhUUW9hbDJaejRER2VOT2xXN1QwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC0EvcMA0G
CSqGSIb3DQEBCwUAA4IBAQBxKZ4IMgpXTDbmsuHj/3MO0cfXgmYxxYm4KTpWDBXe
oxB3PwQULxxY5qjEMB7RPmeulogxxbi615dMX4OqbIv5FkkKr5ngr28aJ8YUkvUy
+GRxgJbYRBgw9neUDwbZPb8lRQRoZAoiWocY6xcQFXZ+B6ZtNdj/pB/mNbkaI3jE
IRRNdynrBIrp0+pO/uR3KdED9RbC7oJJ3P/Cbd8SiLoqLbi2ZkHql+xiioHrTi8L
lxZijjp6BGj2qP1AQGfUad9EwqRSHORzNpooaeIOxp5U3By32PX+aGB7GC7/PNTk
gYrK6McStMRF/0AXnIy9mFK8X4OcpKB+CDyMJ9WvGmgX
-----END CERTIFICATE-----