This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/demNlliFBXRCd4_BO7uGvr9OBWs.roa
File:                     demNlliFBXRCd4_BO7uGvr9OBWs.roa (raw, json)
Hash identifier:          3e0uS6Ngag4AQ8UkZJyAtJ3ajUAIc6mhDPE4a8UAS9c=
Subject key identifier:   75:E9:8D:96:58:85:05:74:42:77:8F:C1:3B:BB:86:BE:BF:4E:05:6B
Certificate issuer:       /CN=a60cee7582e9759be016c931ab34d9285d2fc8b4
Certificate serial:       019B79ED66542F9257CEF04FDBAB67EF3CCC
Authority key identifier: A6:0C:EE:75:82:E9:75:9B:E0:16:C9:31:AB:34:D9:28:5D:2F:C8:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pgzudYLpdZvgFskxqzTZKF0vyLQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/demNlliFBXRCd4_BO7uGvr9OBWs.roa
Signing time:             Thu 01 Jan 2026 14:19:19 +0000
ROA not before:           Thu 01 Jan 2026 14:19:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47216
IP address blocks:        87.248.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/pgzudYLpdZvgFskxqzTZKF0vyLQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/pgzudYLpdZvgFskxqzTZKF0vyLQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pgzudYLpdZvgFskxqzTZKF0vyLQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 17:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:66:54:2f:92:57:ce:f0:4f:db:ab:67:ef:3c:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a60cee7582e9759be016c931ab34d9285d2fc8b4
        Validity
            Not Before: Jan  1 14:19:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=75e98d965885057442778fc13bbb86bebf4e056b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:a2:bf:62:72:5d:b9:e3:ac:31:5e:b1:c4:67:
                    49:36:e9:6e:24:e9:f1:78:ba:5b:31:41:73:fd:65:
                    d5:73:ef:a8:8c:ad:05:9c:9e:d6:b7:cf:60:31:7f:
                    66:98:ca:75:9a:4f:76:59:1d:6e:b3:a9:ac:d5:84:
                    79:a1:92:e2:74:93:84:1e:ce:1a:de:16:14:d0:8c:
                    5e:57:e0:06:7d:ae:fe:95:e7:6c:4a:6d:62:f3:f0:
                    35:e6:ae:5a:02:21:82:26:4a:da:42:2e:1a:15:c0:
                    55:27:8b:94:e5:98:63:e1:bd:5e:3d:a4:cc:64:44:
                    fb:2f:fc:99:8e:66:ab:02:19:b4:91:02:d0:21:06:
                    9b:b6:c5:d8:eb:f4:5c:ba:92:62:3f:41:d4:ad:6b:
                    74:e1:cc:16:89:6a:93:48:3a:28:c8:6b:2b:8a:f9:
                    79:46:1e:e8:ec:bd:c6:ce:a2:7d:96:31:07:75:4d:
                    19:24:6c:da:75:85:df:be:67:5d:fe:be:b7:9e:31:
                    9a:d4:24:a9:6d:82:2d:d5:39:82:64:1f:b5:0f:bf:
                    c7:72:37:3b:f7:f4:d0:c3:76:40:1d:b2:18:5f:c0:
                    74:e4:72:0c:05:5e:20:d7:58:60:27:54:fd:c3:27:
                    9b:c6:94:81:4d:74:f9:e8:eb:f2:01:f0:c1:97:49:
                    ff:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:E9:8D:96:58:85:05:74:42:77:8F:C1:3B:BB:86:BE:BF:4E:05:6B
            X509v3 Authority Key Identifier:
                keyid:A6:0C:EE:75:82:E9:75:9B:E0:16:C9:31:AB:34:D9:28:5D:2F:C8:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pgzudYLpdZvgFskxqzTZKF0vyLQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/demNlliFBXRCd4_BO7uGvr9OBWs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/pgzudYLpdZvgFskxqzTZKF0vyLQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.248.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:f5:fe:17:af:75:1d:bf:19:b3:29:27:3f:86:12:8c:c3:06:
         53:0e:cf:d9:a1:49:0e:16:c2:cb:bf:89:f0:aa:ed:8a:62:bf:
         d7:72:bb:86:a6:58:af:3a:68:18:73:62:b5:7d:1e:d9:d9:c6:
         0c:f6:4d:61:30:1e:3f:96:69:f5:9e:c2:78:39:2e:13:b3:1f:
         9e:c0:f1:47:f4:61:a7:9e:47:7d:50:c0:29:76:0a:eb:5a:d7:
         29:8b:65:5f:90:ef:cc:ce:00:ec:00:08:08:54:56:8e:fa:a2:
         bc:ab:4f:c6:12:55:54:ab:0b:04:15:6b:d3:7a:94:d7:0f:f2:
         9b:bb:17:f1:b2:f4:59:69:99:87:64:5e:25:e4:47:c5:4d:c5:
         dd:92:02:7a:c5:72:58:e9:63:8f:00:7f:b1:d2:df:4c:09:25:
         22:6f:50:25:02:23:1e:e7:4b:16:8e:4f:81:e5:39:bc:36:72:
         67:4c:d4:87:8c:6c:60:12:10:38:dc:06:e1:70:ae:5a:44:12:
         37:6f:cf:e3:96:5a:b7:61:2f:90:4f:19:48:51:4a:1e:b5:6d:
         9a:01:de:9d:1d:fa:c5:f3:4c:0b:ff:e2:7d:18:cf:3f:c6:9e:
         2b:27:c9:4a:c3:ea:f1:25:dc:d5:3a:95:d3:e8:39:00:2f:9b:
         e2:b2:9d:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57WZUL5JXzvBP26tn7zzMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MGNlZTc1ODJlOTc1OWJlMDE2YzkzMWFiMzRkOTI4NWQy
ZmM4YjQwHhcNMjYwMTAxMTQxOTE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWU5OGQ5NjU4ODUwNTc0NDI3NzhmYzEzYmJiODZiZWJmNGUwNTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtaK/YnJdueOsMV6xxGdJNuluJOnx
eLpbMUFz/WXVc++ojK0FnJ7Wt89gMX9mmMp1mk92WR1us6ms1YR5oZLidJOEHs4a
3hYU0IxeV+AGfa7+ledsSm1i8/A15q5aAiGCJkraQi4aFcBVJ4uU5Zhj4b1ePaTM
ZET7L/yZjmarAhm0kQLQIQabtsXY6/RcupJiP0HUrWt04cwWiWqTSDooyGsrivl5
Rh7o7L3GzqJ9ljEHdU0ZJGzadYXfvmdd/r63njGa1CSpbYIt1TmCZB+1D7/Hcjc7
9/TQw3ZAHbIYX8B05HIMBV4g11hgJ1T9wyebxpSBTXT56OvyAfDBl0n/vwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHXpjZZYhQV0QnePwTu7hr6/TgVrMB8GA1UdIwQY
MBaAFKYM7nWC6XWb4BbJMas02ShdL8i0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGd6dWRZTHBkWnZnRnNreHF6VFpLRjB2eUxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9kZWNhZDAtMjZkYS00YjlhLWIxYTct
ZDNiMzhjZTlkYzM0LzEvZGVtTmxsaUZCWFJDZDRfQk83dUd2cjlPQldzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9kZWNhZDAtMjZkYS00YjlhLWIxYTctZDNiMzhjZTlkYzM0
LzEvcGd6dWRZTHBkWnZnRnNreHF6VFpLRjB2eUxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/iaMA0G
CSqGSIb3DQEBCwUAA4IBAQCP9f4Xr3UdvxmzKSc/hhKMwwZTDs/ZoUkOFsLLv4nw
qu2KYr/XcruGplivOmgYc2K1fR7Z2cYM9k1hMB4/lmn1nsJ4OS4Tsx+ewPFH9GGn
nkd9UMApdgrrWtcpi2VfkO/MzgDsAAgIVFaO+qK8q0/GElVUqwsEFWvTepTXD/Kb
uxfxsvRZaZmHZF4l5EfFTcXdkgJ6xXJY6WOPAH+x0t9MCSUib1AlAiMe50sWjk+B
5Tm8NnJnTNSHjGxgEhA43AbhcK5aRBI3b8/jllq3YS+QTxlIUUoetW2aAd6dHfrF
80wL/+J9GM8/xp4rJ8lKw+rxJdzVOpXT6DkAL5visp3g
-----END CERTIFICATE-----