This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/sm47lVSxZM3qTFDaWf9_LM3Pubk.roa
File:                     sm47lVSxZM3qTFDaWf9_LM3Pubk.roa (raw, json)
Hash identifier:          tJHiFrKZ20TFxHyptHF5ZOmnSU5IbVOJr/OS5Eqfyx0=
Subject key identifier:   B2:6E:3B:95:54:B1:64:CD:EA:4C:50:DA:59:FF:7F:2C:CD:CF:B9:B9
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019B7A5AE253503645FBB22EDEE6CD7B6401
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/sm47lVSxZM3qTFDaWf9_LM3Pubk.roa
Signing time:             Thu 01 Jan 2026 16:18:54 +0000
ROA not before:           Thu 01 Jan 2026 16:18:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215599
IP address blocks:        82.152.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:e2:53:50:36:45:fb:b2:2e:de:e6:cd:7b:64:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 16:18:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b26e3b9554b164cdea4c50da59ff7f2ccdcfb9b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:45:55:52:39:00:5d:60:3f:1f:e4:59:25:84:
                    47:44:8c:b1:40:05:29:96:82:4f:f0:70:70:58:2d:
                    cf:2e:80:77:54:45:00:14:0e:74:ab:8e:f8:6b:6a:
                    eb:2a:98:4d:9d:84:f4:95:43:37:ad:6c:aa:a2:f3:
                    d3:c9:0e:17:9b:7b:02:31:83:0a:86:d6:00:e1:08:
                    7e:ee:c7:41:a7:aa:e1:a4:ea:bc:f2:c5:54:c9:fa:
                    c1:e3:8a:6a:fc:8d:46:80:5a:48:ef:ce:9e:58:87:
                    ac:ad:ce:6d:4b:d7:24:6f:08:02:67:96:56:c9:5f:
                    39:bf:e4:ff:83:69:63:06:ce:63:0e:5e:cb:26:21:
                    90:59:9e:91:a7:5a:2c:a3:a5:14:5c:e4:3c:28:45:
                    da:1a:8d:83:76:e1:e9:b3:59:d8:82:dc:ea:3b:02:
                    8d:be:30:ad:68:62:2f:c5:1b:b7:67:bc:d9:e3:d6:
                    b8:64:9c:d8:64:cb:e4:3e:b7:ea:7f:33:a0:59:84:
                    f7:a9:f6:3a:07:77:d2:56:c2:bb:3f:c9:d1:75:a5:
                    fa:c4:c5:0f:95:98:4d:79:61:5e:ec:0e:37:45:94:
                    54:ec:d8:90:c3:b3:45:c1:e9:04:c8:f3:82:78:3b:
                    5f:1c:74:fa:7d:02:ad:95:07:40:2f:1f:e6:51:22:
                    8b:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:6E:3B:95:54:B1:64:CD:EA:4C:50:DA:59:FF:7F:2C:CD:CF:B9:B9
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/sm47lVSxZM3qTFDaWf9_LM3Pubk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:7d:68:f9:b1:95:dc:97:99:63:21:eb:f3:5b:05:99:d9:32:
         ee:1c:a7:5b:5a:88:8c:96:4d:1b:91:0c:fc:c8:bb:c1:04:25:
         29:81:58:48:ec:18:d2:09:e9:0a:a9:83:4b:7b:f8:38:24:4f:
         3f:87:4a:2e:4d:87:17:39:6c:db:55:c9:51:60:24:73:97:5c:
         9f:81:f2:88:b7:3e:85:86:8b:37:90:9a:a9:3b:ca:a0:cf:3a:
         a4:28:fb:08:07:89:fe:49:21:ff:82:77:f3:50:d7:4c:07:72:
         e3:7b:10:57:5d:92:98:ad:b3:df:ba:b5:71:63:e2:d3:0b:84:
         37:f7:3a:1e:1f:e7:64:a8:39:b5:a3:82:32:3b:3e:b4:0a:0a:
         18:17:46:00:02:82:33:7c:81:44:a9:69:29:05:c3:8b:47:b4:
         d2:99:57:70:20:76:69:36:e9:f3:d9:b3:58:24:70:59:f8:fa:
         37:82:dd:2e:22:9c:41:8b:ba:e4:66:60:0e:f3:c3:38:d9:e2:
         d5:5a:63:27:a3:64:3e:a8:cb:b2:48:ba:89:34:01:42:71:5f:
         f0:c6:7a:52:65:8d:d1:87:5d:eb:83:07:11:a9:e7:8c:82:bf:
         8e:cb:1f:87:ea:f0:ff:88:d7:88:52:00:9f:ec:36:bb:1c:f8:
         5a:4e:98:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WuJTUDZF+7Iu3ubNe2QBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwMTAxMTYxODU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjZlM2I5NTU0YjE2NGNkZWE0YzUwZGE1OWZmN2YyY2NkY2ZiOWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqUVVUjkAXWA/H+RZJYRHRIyxQAUp
loJP8HBwWC3PLoB3VEUAFA50q474a2rrKphNnYT0lUM3rWyqovPTyQ4Xm3sCMYMK
htYA4Qh+7sdBp6rhpOq88sVUyfrB44pq/I1GgFpI786eWIesrc5tS9ckbwgCZ5ZW
yV85v+T/g2ljBs5jDl7LJiGQWZ6Rp1oso6UUXOQ8KEXaGo2DduHps1nYgtzqOwKN
vjCtaGIvxRu3Z7zZ49a4ZJzYZMvkPrfqfzOgWYT3qfY6B3fSVsK7P8nRdaX6xMUP
lZhNeWFe7A43RZRU7NiQw7NFwekEyPOCeDtfHHT6fQKtlQdALx/mUSKL1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLJuO5VUsWTN6kxQ2ln/fyzNz7m5MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvc200N2xWU3haTTNxVEZEYVdmOV9MTTNQdWJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpg2MA0G
CSqGSIb3DQEBCwUAA4IBAQA5fWj5sZXcl5ljIevzWwWZ2TLuHKdbWoiMlk0bkQz8
yLvBBCUpgVhI7BjSCekKqYNLe/g4JE8/h0ouTYcXOWzbVclRYCRzl1yfgfKItz6F
hos3kJqpO8qgzzqkKPsIB4n+SSH/gnfzUNdMB3LjexBXXZKYrbPfurVxY+LTC4Q3
9zoeH+dkqDm1o4IyOz60CgoYF0YAAoIzfIFEqWkpBcOLR7TSmVdwIHZpNunz2bNY
JHBZ+Po3gt0uIpxBi7rkZmAO88M42eLVWmMno2Q+qMuySLqJNAFCcV/wxnpSZY3R
h13rgwcRqeeMgr+Oyx+H6vD/iNeIUgCf7Da7HPhaTpgf
-----END CERTIFICATE-----