This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/288416-a46e-49c3-9337-249ce0c312b3/1/SDoF-WCqCPjknLT2mM2_4GQ1V00.roa
File:                     SDoF-WCqCPjknLT2mM2_4GQ1V00.roa (raw, json)
Hash identifier:          9DCTVTfRoXNgWVh36MOAbrslGxs/tC2WsKyt8y4+r+o=
Subject key identifier:   48:3A:05:F9:60:AA:08:F8:E4:9C:B4:F6:98:CD:BF:E0:64:35:57:4D
Certificate issuer:       /CN=bfaea358aeeeb7d0b9e0f93d23f67d29a7ec62c8
Certificate serial:       019B78A2CB82D37004CEB33456453D3A4C68
Authority key identifier: BF:AE:A3:58:AE:EE:B7:D0:B9:E0:F9:3D:23:F6:7D:29:A7:EC:62:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v66jWK7ut9C54Pk9I_Z9KafsYsg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/288416-a46e-49c3-9337-249ce0c312b3/1/SDoF-WCqCPjknLT2mM2_4GQ1V00.roa
Signing time:             Thu 01 Jan 2026 08:18:13 +0000
ROA not before:           Thu 01 Jan 2026 08:18:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34136
IP address blocks:        195.234.76.0/22 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/288416-a46e-49c3-9337-249ce0c312b3/1/v66jWK7ut9C54Pk9I_Z9KafsYsg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/288416-a46e-49c3-9337-249ce0c312b3/1/v66jWK7ut9C54Pk9I_Z9KafsYsg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v66jWK7ut9C54Pk9I_Z9KafsYsg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Feb 2026 03:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:cb:82:d3:70:04:ce:b3:34:56:45:3d:3a:4c:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfaea358aeeeb7d0b9e0f93d23f67d29a7ec62c8
        Validity
            Not Before: Jan  1 08:18:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=483a05f960aa08f8e49cb4f698cdbfe06435574d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:9f:f3:20:3e:64:b6:58:2a:f3:41:50:99:3d:
                    b7:0b:6c:86:9e:1f:f0:d7:95:7c:89:e7:f2:21:0a:
                    a6:4b:eb:f6:11:39:c0:5c:fe:3d:03:2c:94:68:8d:
                    99:4c:cb:95:62:9b:85:be:57:64:32:c6:d5:21:18:
                    8f:87:89:35:ce:93:b4:63:4a:4a:f7:58:83:1b:bc:
                    54:fc:23:cc:33:93:cf:ef:d5:97:4c:8c:5e:95:3f:
                    36:a7:dc:1b:c3:29:7c:c6:e5:7b:75:af:3f:d2:24:
                    25:9c:e0:2d:92:85:1b:08:48:2f:de:a1:62:45:ec:
                    a6:2d:55:68:f9:ae:f3:a4:ee:25:9e:00:b9:aa:7e:
                    ad:80:d1:3b:4f:c3:49:6d:0e:cf:f3:31:10:2b:a0:
                    ef:1e:b7:47:62:d8:3b:0c:08:74:3e:62:f4:f6:a4:
                    97:ff:34:df:45:f4:ce:bf:5d:57:85:4b:d5:f5:74:
                    36:bd:f6:de:aa:4e:39:24:7e:2a:f2:23:23:c1:35:
                    e7:a9:d8:a4:6a:27:92:a9:9c:b5:13:7c:c3:a5:5c:
                    86:01:e0:c0:1a:41:ff:ba:50:12:cf:e1:27:98:4e:
                    09:e3:2b:f3:f6:c5:3b:ae:3d:77:85:0a:a7:fa:8b:
                    e1:2c:92:4b:32:36:a2:bf:d8:08:e3:c8:6c:21:e5:
                    cb:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:3A:05:F9:60:AA:08:F8:E4:9C:B4:F6:98:CD:BF:E0:64:35:57:4D
            X509v3 Authority Key Identifier:
                keyid:BF:AE:A3:58:AE:EE:B7:D0:B9:E0:F9:3D:23:F6:7D:29:A7:EC:62:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v66jWK7ut9C54Pk9I_Z9KafsYsg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/288416-a46e-49c3-9337-249ce0c312b3/1/SDoF-WCqCPjknLT2mM2_4GQ1V00.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/288416-a46e-49c3-9337-249ce0c312b3/1/v66jWK7ut9C54Pk9I_Z9KafsYsg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.234.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c1:1d:4f:6f:fa:99:d9:4e:25:61:58:5d:19:a7:3a:c5:94:17:
         b5:d6:1b:cf:c9:76:83:fc:ad:ba:a1:ba:12:d8:32:0b:bd:34:
         f0:00:01:38:c1:34:8d:a5:be:91:38:50:f7:08:06:27:c3:b8:
         1c:66:63:0c:bf:dc:89:7b:1a:40:44:db:2d:b7:f0:f3:e9:2a:
         65:09:4c:9f:73:b0:6f:c4:6c:a5:fa:1c:57:78:81:be:0d:a3:
         11:7b:df:29:92:e7:26:48:b5:ab:ce:fe:ca:aa:f1:96:4e:61:
         1b:8d:d7:bf:40:d4:89:3d:a4:ec:29:27:21:11:c9:2e:9e:68:
         3d:f5:18:cd:c2:29:cc:12:36:a4:8a:e3:bf:28:a4:ac:7f:50:
         53:4e:03:5e:b1:75:10:45:d4:80:31:69:d8:35:cb:05:6a:77:
         af:be:94:e2:94:54:b8:f3:1c:07:47:4e:a4:f7:7b:69:9b:14:
         76:61:8b:9b:c8:bd:8b:0d:54:11:32:b9:0e:e8:f4:c8:dd:ba:
         bb:e2:5d:61:68:ee:78:71:e8:10:ce:0c:de:de:74:46:11:4e:
         cc:ac:a5:e7:c5:73:c9:5e:1e:af:11:f8:71:6a:33:77:41:1e:
         69:1f:7c:e9:8e:6e:2c:b5:93:ec:89:6d:58:40:9b:8d:4a:f1:
         d3:e9:27:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4osuC03AEzrM0VkU9OkxoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYWVhMzU4YWVlZWI3ZDBiOWUwZjkzZDIzZjY3ZDI5YTdl
YzYyYzgwHhcNMjYwMTAxMDgxODEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODNhMDVmOTYwYWEwOGY4ZTQ5Y2I0ZjY5OGNkYmZlMDY0MzU1NzRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq5/zID5ktlgq80FQmT23C2yGnh/w
15V8iefyIQqmS+v2ETnAXP49AyyUaI2ZTMuVYpuFvldkMsbVIRiPh4k1zpO0Y0pK
91iDG7xU/CPMM5PP79WXTIxelT82p9wbwyl8xuV7da8/0iQlnOAtkoUbCEgv3qFi
ReymLVVo+a7zpO4lngC5qn6tgNE7T8NJbQ7P8zEQK6DvHrdHYtg7DAh0PmL09qSX
/zTfRfTOv11XhUvV9XQ2vfbeqk45JH4q8iMjwTXnqdikaieSqZy1E3zDpVyGAeDA
GkH/ulASz+EnmE4J4yvz9sU7rj13hQqn+ovhLJJLMjaiv9gI48hsIeXLNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEg6Bflgqgj45Jy09pjNv+BkNVdNMB8GA1UdIwQY
MBaAFL+uo1iu7rfQueD5PSP2fSmn7GLIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjY2aldLN3V0OUM1NFBrOUlfWjlLYWZzWXNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC8yODg0MTYtYTQ2ZS00OWMzLTkzMzct
MjQ5Y2UwYzMxMmIzLzEvU0RvRi1XQ3FDUGprbkxUMm1NMl80R1ExVjAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC8yODg0MTYtYTQ2ZS00OWMzLTkzMzctMjQ5Y2UwYzMxMmIz
LzEvdjY2aldLN3V0OUM1NFBrOUlfWjlLYWZzWXNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw+pMMA0G
CSqGSIb3DQEBCwUAA4IBAQDBHU9v+pnZTiVhWF0ZpzrFlBe11hvPyXaD/K26oboS
2DILvTTwAAE4wTSNpb6ROFD3CAYnw7gcZmMMv9yJexpARNstt/Dz6SplCUyfc7Bv
xGyl+hxXeIG+DaMRe98pkucmSLWrzv7KqvGWTmEbjde/QNSJPaTsKSchEckunmg9
9RjNwinMEjakiuO/KKSsf1BTTgNesXUQRdSAMWnYNcsFanevvpTilFS48xwHR06k
93tpmxR2YYubyL2LDVQRMrkO6PTI3bq74l1haO54cegQzgze3nRGEU7MrKXnxXPJ
Xh6vEfhxajN3QR5pH3zpjm4stZPsiW1YQJuNSvHT6Sfr
-----END CERTIFICATE-----