This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/969dc2-fa56-45b6-a3de-52ee43642e10/1/5IpNdlCgrUHJ7pHRr0b5ArsqYU0.roa
File:                     5IpNdlCgrUHJ7pHRr0b5ArsqYU0.roa (raw, json)
Hash identifier:          xr8w8Pcm6xv8Iv8GF0pLNSo2PiY57WXM/44P4LGrF7o=
Subject key identifier:   E4:8A:4D:76:50:A0:AD:41:C9:EE:91:D1:AF:46:F9:02:BB:2A:61:4D
Certificate issuer:       /CN=8a6060353b98f53316d022fa01d299d75fff22d6
Certificate serial:       019B77C758572619026BF1CEA37E4A2BC06E
Authority key identifier: 8A:60:60:35:3B:98:F5:33:16:D0:22:FA:01:D2:99:D7:5F:FF:22:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/imBgNTuY9TMW0CL6AdKZ11__ItY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/969dc2-fa56-45b6-a3de-52ee43642e10/1/5IpNdlCgrUHJ7pHRr0b5ArsqYU0.roa
Signing time:             Thu 01 Jan 2026 04:18:31 +0000
ROA not before:           Thu 01 Jan 2026 04:18:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8075
IP address blocks:        194.33.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/969dc2-fa56-45b6-a3de-52ee43642e10/1/imBgNTuY9TMW0CL6AdKZ11__ItY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/969dc2-fa56-45b6-a3de-52ee43642e10/1/imBgNTuY9TMW0CL6AdKZ11__ItY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/imBgNTuY9TMW0CL6AdKZ11__ItY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 06:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:58:57:26:19:02:6b:f1:ce:a3:7e:4a:2b:c0:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a6060353b98f53316d022fa01d299d75fff22d6
        Validity
            Not Before: Jan  1 04:18:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e48a4d7650a0ad41c9ee91d1af46f902bb2a614d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:72:57:07:b4:25:7a:ed:4a:1d:8a:60:8f:02:
                    79:46:50:30:40:cd:d5:17:5a:1d:e7:67:5f:d1:ae:
                    d8:ac:6d:ad:8d:46:b0:9a:d1:30:ee:8b:8e:35:68:
                    49:2d:f0:09:54:4d:01:e2:2a:55:ef:67:4c:02:96:
                    48:1b:35:32:3c:48:26:30:a4:30:b5:57:ea:01:43:
                    2b:84:0e:5d:cd:c8:22:db:9d:63:7e:60:06:90:bb:
                    ba:92:84:35:e3:c4:43:19:43:97:53:d0:3d:44:ed:
                    31:60:4c:e2:9e:e7:32:77:1f:2c:e8:27:55:e7:3f:
                    84:16:42:f3:ff:3d:98:37:c0:26:0b:f5:e4:cc:1f:
                    6b:6a:11:82:db:7f:54:56:91:7d:08:38:ff:b9:ef:
                    02:f1:9b:e8:22:b8:a4:af:d4:9d:5f:da:4a:d8:7e:
                    41:66:11:82:dd:71:8d:88:c6:9d:29:f7:36:9a:9d:
                    6b:52:61:23:ef:99:75:44:55:e4:69:c7:6b:de:10:
                    79:e3:5e:16:e7:fd:e0:d1:df:d9:f7:d7:1f:e5:e2:
                    51:ce:f0:e7:31:0f:6d:0d:44:2f:2d:8f:91:d7:95:
                    e1:05:fd:6f:71:1f:a2:fb:ae:e8:6e:a4:0d:85:f4:
                    84:28:5a:45:2a:6e:b0:32:8f:80:73:45:97:80:14:
                    90:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:8A:4D:76:50:A0:AD:41:C9:EE:91:D1:AF:46:F9:02:BB:2A:61:4D
            X509v3 Authority Key Identifier:
                keyid:8A:60:60:35:3B:98:F5:33:16:D0:22:FA:01:D2:99:D7:5F:FF:22:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/imBgNTuY9TMW0CL6AdKZ11__ItY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/969dc2-fa56-45b6-a3de-52ee43642e10/1/5IpNdlCgrUHJ7pHRr0b5ArsqYU0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/969dc2-fa56-45b6-a3de-52ee43642e10/1/imBgNTuY9TMW0CL6AdKZ11__ItY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.33.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:b9:69:90:65:bc:23:f0:9f:c7:a3:2d:42:eb:3a:9c:82:b9:
         0a:74:82:3c:3e:86:9a:84:4f:cb:62:23:ce:1f:35:10:6b:68:
         90:19:67:e7:89:e0:13:cd:3b:cb:ca:04:ca:6e:35:1a:88:94:
         11:a8:10:f8:46:7e:87:7f:30:f2:01:48:50:b4:db:5d:48:a4:
         dd:6a:f6:91:f7:c2:75:81:47:08:6b:58:0d:f7:ec:f0:a2:2a:
         01:cf:22:a4:88:bf:3a:df:07:cd:5f:6f:fa:ab:42:e9:3c:bf:
         f5:cd:0b:2c:78:a8:cc:e9:29:9e:68:b3:e1:fe:8c:12:c2:e8:
         52:e6:e5:5c:10:05:56:c4:8b:bc:d0:f4:06:a5:61:b1:61:10:
         81:cb:30:51:2e:26:43:7a:7a:52:b8:39:bc:84:86:9f:5a:53:
         77:60:d1:69:c9:20:7a:62:59:44:8e:9c:a9:e2:5e:39:68:6d:
         60:3e:72:de:b2:08:31:99:5c:6a:78:48:ac:1a:44:e8:cc:15:
         94:71:de:ed:e3:49:56:aa:22:85:39:90:e2:d2:2f:f8:c5:cd:
         7c:1f:44:bc:d2:dc:16:2d:7d:07:f2:8f:cf:2d:01:87:60:59:
         bd:b9:f7:f4:74:72:2c:81:36:85:d9:f1:d1:7c:06:3a:42:77:
         02:c9:76:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3x1hXJhkCa/HOo35KK8BuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhNjA2MDM1M2I5OGY1MzMxNmQwMjJmYTAxZDI5OWQ3NWZm
ZjIyZDYwHhcNMjYwMTAxMDQxODMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDhhNGQ3NjUwYTBhZDQxYzllZTkxZDFhZjQ2ZjkwMmJiMmE2MTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAinJXB7Qleu1KHYpgjwJ5RlAwQM3V
F1od52df0a7YrG2tjUawmtEw7ouONWhJLfAJVE0B4ipV72dMApZIGzUyPEgmMKQw
tVfqAUMrhA5dzcgi251jfmAGkLu6koQ148RDGUOXU9A9RO0xYEzinucydx8s6CdV
5z+EFkLz/z2YN8AmC/XkzB9rahGC239UVpF9CDj/ue8C8ZvoIrikr9SdX9pK2H5B
ZhGC3XGNiMadKfc2mp1rUmEj75l1RFXkacdr3hB5414W5/3g0d/Z99cf5eJRzvDn
MQ9tDUQvLY+R15XhBf1vcR+i+67obqQNhfSEKFpFKm6wMo+Ac0WXgBSQrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOSKTXZQoK1Bye6R0a9G+QK7KmFNMB8GA1UdIwQY
MBaAFIpgYDU7mPUzFtAi+gHSmddf/yLWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaW1CZ05UdVk5VE1XMENMNkFkS1oxMV9fSXRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS85NjlkYzItZmE1Ni00NWI2LWEzZGUt
NTJlZTQzNjQyZTEwLzEvNUlwTmRsQ2dyVUhKN3BIUnIwYjVBcnNxWVUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS85NjlkYzItZmE1Ni00NWI2LWEzZGUtNTJlZTQzNjQyZTEw
LzEvaW1CZ05UdVk5VE1XMENMNkFkS1oxMV9fSXRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiFtMA0G
CSqGSIb3DQEBCwUAA4IBAQATuWmQZbwj8J/Hoy1C6zqcgrkKdII8PoaahE/LYiPO
HzUQa2iQGWfnieATzTvLygTKbjUaiJQRqBD4Rn6HfzDyAUhQtNtdSKTdavaR98J1
gUcIa1gN9+zwoioBzyKkiL863wfNX2/6q0LpPL/1zQsseKjM6SmeaLPh/owSwuhS
5uVcEAVWxIu80PQGpWGxYRCByzBRLiZDenpSuDm8hIafWlN3YNFpySB6YllEjpyp
4l45aG1gPnLesggxmVxqeEisGkTozBWUcd7t40lWqiKFOZDi0i/4xc18H0S80twW
LX0H8o/PLQGHYFm9uff0dHIsgTaF2fHRfAY6QncCyXZH
-----END CERTIFICATE-----