This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/AI0cK5yngOVyHq30FAFbV0yIE7s.roa
File:                     AI0cK5yngOVyHq30FAFbV0yIE7s.roa (raw, json)
Hash identifier:          CXA1fQD/VxPc6xlpty0uCHZPj7LTUCY9zkdYShOwGnI=
Subject key identifier:   00:8D:1C:2B:9C:A7:80:E5:72:1E:AD:F4:14:01:5B:57:4C:88:13:BB
Certificate issuer:       /CN=d5637692ff5c45486d1053b149dc1420026cd733
Certificate serial:       019B79102CDBEB316E40DAD54C6A928D157E
Authority key identifier: D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/AI0cK5yngOVyHq30FAFbV0yIE7s.roa
Signing time:             Thu 01 Jan 2026 10:17:41 +0000
ROA not before:           Thu 01 Jan 2026 10:17:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     53356
IP address blocks:        80.246.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:2c:db:eb:31:6e:40:da:d5:4c:6a:92:8d:15:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5637692ff5c45486d1053b149dc1420026cd733
        Validity
            Not Before: Jan  1 10:17:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=008d1c2b9ca780e5721eadf414015b574c8813bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:5b:06:7c:24:be:83:77:b3:f5:b0:a9:ac:1b:
                    93:a2:cb:c7:f1:9d:b7:9a:71:5c:14:e0:ed:f3:36:
                    6b:b4:5f:ba:38:10:e3:f5:0a:c8:ce:00:c9:ef:6a:
                    12:b5:e5:d5:c8:d5:e4:ba:90:56:9d:c9:a8:34:2a:
                    d4:20:39:25:72:1c:47:a0:39:81:92:99:ca:d0:88:
                    8f:49:fb:de:78:99:22:12:77:5d:6b:26:55:e7:b7:
                    13:75:52:17:75:cf:cc:fb:71:e4:39:43:c1:0c:80:
                    7b:e4:f5:30:69:1e:23:7a:1a:e2:f8:af:82:c1:ef:
                    6c:25:a1:ce:16:31:04:e3:61:c0:8b:36:c6:8a:36:
                    cb:43:e2:e5:e2:6e:6f:1a:80:ec:81:3d:5c:ed:2d:
                    53:c9:93:4d:ae:1b:2f:f5:8f:85:f2:ad:53:b8:7a:
                    a4:bd:25:7e:22:c3:b1:f8:98:57:d2:fc:e3:ec:93:
                    56:d8:d5:b7:2f:2a:2d:b5:ff:12:f3:3c:d2:4b:c0:
                    e0:21:7f:07:94:c2:5b:0a:51:72:44:99:a2:e8:e1:
                    ec:f8:0f:9f:48:c5:13:e0:9f:ca:0c:5f:11:2d:3b:
                    68:ad:6c:fb:0f:74:87:5c:bd:0f:97:b3:73:ac:b2:
                    0d:bc:db:b6:9d:7d:8d:e4:b6:b0:dd:34:3c:5e:17:
                    6a:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:8D:1C:2B:9C:A7:80:E5:72:1E:AD:F4:14:01:5B:57:4C:88:13:BB
            X509v3 Authority Key Identifier:
                keyid:D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/AI0cK5yngOVyHq30FAFbV0yIE7s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.246.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:68:a7:13:c0:db:32:02:2e:28:11:75:3b:62:e6:2d:64:d8:
         a3:59:e6:12:aa:b8:86:b1:88:42:51:f0:54:96:5c:b0:17:b4:
         3a:bb:ae:5a:37:7e:d6:30:b3:8f:c1:08:d2:e1:dc:a1:5b:02:
         59:73:5c:d2:1e:4f:09:71:4e:b5:94:4d:ad:0e:e2:0e:2d:96:
         fd:18:19:1d:1b:9f:91:5e:ea:8e:54:c0:fb:6b:71:4a:e5:f8:
         3a:3f:d7:e0:67:82:9e:21:08:72:c6:ff:b4:fc:8f:d9:6a:8f:
         d4:f6:6e:a1:06:7c:aa:7a:03:ae:38:48:96:88:28:19:d6:31:
         b8:d5:6a:f6:ac:41:c8:5d:57:d7:00:a9:e9:ba:b0:97:0c:07:
         0a:05:cb:6e:26:41:36:7e:84:9f:57:f3:04:b2:e7:54:63:5d:
         3f:23:7a:49:08:61:e4:b8:96:bf:6a:9e:aa:17:c4:8c:1a:0f:
         d2:2a:1f:44:95:14:b0:3f:5a:f5:1d:8d:8e:d0:33:13:22:99:
         b3:80:83:a7:9f:87:ba:c3:3d:b2:c7:9a:1e:a0:b0:f7:57:90:
         33:44:9d:3b:ad:70:86:70:e3:cd:18:cc:fb:8d:9e:cd:fe:65:
         a3:5a:47:2c:1f:0f:3d:2e:8a:3e:32:2f:cb:fc:e7:7c:20:dc:
         f7:d7:07:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5ECzb6zFuQNrVTGqSjRV+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NjM3NjkyZmY1YzQ1NDg2ZDEwNTNiMTQ5ZGMxNDIwMDI2
Y2Q3MzMwHhcNMjYwMTAxMTAxNzQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDhkMWMyYjljYTc4MGU1NzIxZWFkZjQxNDAxNWI1NzRjODgxM2JiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxFsGfCS+g3ez9bCprBuTosvH8Z23
mnFcFODt8zZrtF+6OBDj9QrIzgDJ72oSteXVyNXkupBWncmoNCrUIDklchxHoDmB
kpnK0IiPSfveeJkiEnddayZV57cTdVIXdc/M+3HkOUPBDIB75PUwaR4jehri+K+C
we9sJaHOFjEE42HAizbGijbLQ+Ll4m5vGoDsgT1c7S1TyZNNrhsv9Y+F8q1TuHqk
vSV+IsOx+JhX0vzj7JNW2NW3Lyottf8S8zzSS8DgIX8HlMJbClFyRJmi6OHs+A+f
SMUT4J/KDF8RLTtorWz7D3SHXL0Pl7NzrLINvNu2nX2N5Law3TQ8XhdqnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFACNHCucp4Dlch6t9BQBW1dMiBO7MB8GA1UdIwQY
MBaAFNVjdpL/XEVIbRBTsUncFCACbNczMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDkt
YWRlYWRlMjg2NWMxLzEvQUkwY0s1eW5nT1Z5SHEzMEZBRmJWMHlJRTdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDktYWRlYWRlMjg2NWMx
LzEvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUPblMA0G
CSqGSIb3DQEBCwUAA4IBAQA+aKcTwNsyAi4oEXU7YuYtZNijWeYSqriGsYhCUfBU
llywF7Q6u65aN37WMLOPwQjS4dyhWwJZc1zSHk8JcU61lE2tDuIOLZb9GBkdG5+R
XuqOVMD7a3FK5fg6P9fgZ4KeIQhyxv+0/I/Zao/U9m6hBnyqegOuOEiWiCgZ1jG4
1Wr2rEHIXVfXAKnpurCXDAcKBctuJkE2foSfV/MEsudUY10/I3pJCGHkuJa/ap6q
F8SMGg/SKh9ElRSwP1r1HY2O0DMTIpmzgIOnn4e6wz2yx5oeoLD3V5AzRJ07rXCG
cOPNGMz7jZ7N/mWjWkcsHw89Loo+Mi/L/Od8INz31wd6
-----END CERTIFICATE-----