This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/MiJ2S2ygwAaCRUSDfgVpY8xyCtA.roa
File:                     MiJ2S2ygwAaCRUSDfgVpY8xyCtA.roa (raw, json)
Hash identifier:          Qhp40lhHtVs/Br0Brcyn6Taa/0C7LoIYTsNJjF0e9ow=
Subject key identifier:   32:22:76:4B:6C:A0:C0:06:82:45:44:83:7E:05:69:63:CC:72:0A:D0
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019B8D8769660D8349D0021FBCF94AFFEF82
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/MiJ2S2ygwAaCRUSDfgVpY8xyCtA.roa
Signing time:             Mon 05 Jan 2026 09:40:20 +0000
ROA not before:           Mon 05 Jan 2026 09:40:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215304
IP address blocks:        82.152.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 14:02:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:8d:87:69:66:0d:83:49:d0:02:1f:bc:f9:4a:ff:ef:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  5 09:40:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3222764b6ca0c006824544837e056963cc720ad0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:0d:2f:9f:41:9f:a2:ae:41:cd:d1:84:8b:97:
                    3b:0b:da:b6:31:d0:e3:51:8a:e5:58:10:a2:f7:cf:
                    4e:eb:2b:44:23:df:b7:ae:c4:65:6a:05:91:54:b0:
                    e5:4f:0d:a6:27:e5:09:19:7d:ab:a1:af:f4:18:c2:
                    6e:18:51:ec:d4:ab:f3:4d:57:18:5d:7b:86:e1:63:
                    ea:88:4c:6b:cb:bd:e2:54:9b:bc:d0:6a:d8:8f:70:
                    06:5c:6b:68:c2:f3:a3:0d:d5:a4:2c:b1:97:4b:e9:
                    3d:68:39:0d:d0:cc:8f:b1:83:fb:37:a2:71:da:5e:
                    aa:bc:95:75:a8:b2:d1:6a:06:be:17:42:a3:4d:db:
                    c4:64:e1:98:f4:58:1c:c5:cd:9d:26:be:5c:f9:b6:
                    1e:6e:e3:e7:b0:0b:43:f9:2b:0b:a6:3b:fd:97:2c:
                    b3:94:4f:78:9f:58:a0:dc:23:0f:99:e6:b8:e3:52:
                    83:b7:dd:0e:12:57:73:91:e3:9c:4f:6c:26:97:06:
                    ff:e0:c9:d8:75:eb:6a:76:41:43:32:c4:4a:f4:98:
                    ce:6e:02:e2:4c:bc:66:00:5e:28:c3:5c:85:ea:5b:
                    b8:9b:27:af:1c:d6:7f:5f:60:11:e8:03:ee:b1:4d:
                    27:b5:bd:e8:c6:b2:a6:08:8e:6b:d4:99:74:cd:a4:
                    0b:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:22:76:4B:6C:A0:C0:06:82:45:44:83:7E:05:69:63:CC:72:0A:D0
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/MiJ2S2ygwAaCRUSDfgVpY8xyCtA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:2c:aa:dd:ed:6a:d9:fd:cd:60:04:74:02:af:fd:30:85:b0:
         d9:ee:2c:b3:c4:02:4c:19:76:98:67:68:e8:9d:81:af:0f:94:
         a4:23:86:09:2d:75:74:82:0e:40:2f:db:99:a4:53:fd:58:67:
         ab:8e:88:37:34:8c:cc:a7:7b:4a:a6:74:38:9b:20:61:f9:b9:
         8f:f6:b3:59:04:1e:5f:ad:f5:13:48:a7:a4:cf:d1:04:b4:a6:
         4e:2c:0a:01:d3:12:6f:87:55:86:a7:40:80:07:c6:68:6d:6b:
         12:17:9d:19:8e:d7:6b:ec:76:cc:ab:1a:ed:7f:7c:6e:46:6e:
         f0:eb:11:4a:00:59:6b:49:3f:54:72:26:35:8c:96:b2:8a:5e:
         4b:9e:f7:02:85:f1:94:ac:74:de:d0:c3:96:88:2a:80:c0:16:
         bb:48:8a:62:e2:bf:d3:18:f8:03:cc:76:ab:7a:51:7a:78:ba:
         6a:5f:ca:7f:db:96:00:4d:5a:8d:3c:67:cc:8a:69:2c:eb:f1:
         b9:08:7f:8d:8f:81:05:d1:06:18:f0:db:69:bd:b6:01:0a:d5:
         97:14:46:87:2d:2c:39:1e:d9:05:07:7e:d5:13:b7:89:b0:8b:
         cd:e3:f2:df:15:05:a3:05:d7:63:6a:be:fc:ee:6f:2e:5c:bb:
         38:f9:d9:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZuNh2lmDYNJ0AIfvPlK/++CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwMTA1MDk0MDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjIyNzY0YjZjYTBjMDA2ODI0NTQ0ODM3ZTA1Njk2M2NjNzIwYWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApw0vn0Gfoq5BzdGEi5c7C9q2MdDj
UYrlWBCi989O6ytEI9+3rsRlagWRVLDlTw2mJ+UJGX2roa/0GMJuGFHs1KvzTVcY
XXuG4WPqiExry73iVJu80GrYj3AGXGtowvOjDdWkLLGXS+k9aDkN0MyPsYP7N6Jx
2l6qvJV1qLLRaga+F0KjTdvEZOGY9Fgcxc2dJr5c+bYebuPnsAtD+SsLpjv9lyyz
lE94n1ig3CMPmea441KDt90OEldzkeOcT2wmlwb/4MnYdetqdkFDMsRK9JjObgLi
TLxmAF4ow1yF6lu4myevHNZ/X2AR6APusU0ntb3oxrKmCI5r1Jl0zaQL1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDIidktsoMAGgkVEg34FaWPMcgrQMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTWlKMlMyeWd3QWFDUlVTRGZnVnBZOHh5Q3RBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpiOMA0G
CSqGSIb3DQEBCwUAA4IBAQCDLKrd7WrZ/c1gBHQCr/0whbDZ7iyzxAJMGXaYZ2jo
nYGvD5SkI4YJLXV0gg5AL9uZpFP9WGerjog3NIzMp3tKpnQ4myBh+bmP9rNZBB5f
rfUTSKekz9EEtKZOLAoB0xJvh1WGp0CAB8ZobWsSF50Zjtdr7HbMqxrtf3xuRm7w
6xFKAFlrST9UciY1jJayil5LnvcChfGUrHTe0MOWiCqAwBa7SIpi4r/TGPgDzHar
elF6eLpqX8p/25YATVqNPGfMimks6/G5CH+Nj4EF0QYY8NtpvbYBCtWXFEaHLSw5
HtkFB37VE7eJsIvN4/LfFQWjBddjar787m8uXLs4+dn1
-----END CERTIFICATE-----