This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.


Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/DkJySsuMNN6nq461mGfbyUWm0-k.roa
File:                     DkJySsuMNN6nq461mGfbyUWm0-k.roa (raw, json)
Hash identifier:          iY8LvJa5Jmr9jGV3kx+0nM5jdDiiKJJw60Z6kxgQP3U=
Subject key identifier:   0E:42:72:4A:CB:8C:34:DE:A7:AB:8E:B5:98:67:DB:C9:45:A6:D3:E9
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       019B9CEA885CA00DCEC6B6421B49991F2E44
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/DkJySsuMNN6nq461mGfbyUWm0-k.roa
Signing time:             Thu 08 Jan 2026 09:22:54 +0000
ROA not before:           Thu 08 Jan 2026 09:22:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25198
IP address blocks:        88.209.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 06:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:9c:ea:88:5c:a0:0d:ce:c6:b6:42:1b:49:99:1f:2e:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jan  8 09:22:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0e42724acb8c34dea7ab8eb59867dbc945a6d3e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:2b:d1:60:4e:27:41:82:4a:e3:ca:d1:51:ed:
                    9b:0f:41:6d:3f:9a:fd:39:5b:60:6f:d6:f1:98:15:
                    0b:de:4a:f5:8e:ee:3d:e9:39:cd:91:2f:9a:df:f9:
                    2b:cb:2f:75:d4:4f:89:f9:df:de:a9:f6:1d:b7:05:
                    78:4e:a5:ab:38:e3:a4:0a:e2:fa:29:1e:45:ff:54:
                    b2:e5:85:42:be:58:28:7c:80:a5:34:f9:c6:bc:83:
                    0c:6a:19:57:d7:76:fe:c3:4f:8f:f8:72:6f:37:37:
                    cb:f2:ba:1b:8f:96:b0:f6:59:3f:75:b1:8a:46:77:
                    f6:9c:42:98:35:44:11:43:98:56:65:a9:28:ed:25:
                    dc:ed:5b:4e:54:95:f1:0e:9a:61:eb:6e:09:bc:af:
                    99:60:e8:71:34:71:74:f2:57:b4:13:5b:2d:3e:30:
                    c8:e1:ae:6b:38:6d:e2:88:30:b9:3d:a4:1d:24:de:
                    40:f2:1e:90:72:67:2f:bf:f1:c7:96:8e:98:7b:26:
                    f4:03:ac:24:00:88:87:99:f0:b6:6c:56:ee:71:48:
                    cb:81:8e:b4:b9:9d:d6:ff:49:c4:48:91:c9:72:f8:
                    21:93:6e:36:78:52:66:e4:65:fc:31:ac:03:d6:63:
                    14:a7:cc:d1:76:e7:57:64:64:52:9a:37:9e:2f:16:
                    9a:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:42:72:4A:CB:8C:34:DE:A7:AB:8E:B5:98:67:DB:C9:45:A6:D3:E9
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/DkJySsuMNN6nq461mGfbyUWm0-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.209.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:d1:19:f5:9d:b4:6d:cc:bf:24:50:be:02:6a:83:43:a4:9f:
         6e:b5:d6:a6:a6:96:f4:6c:7d:64:01:ab:4f:d6:15:e0:f1:4f:
         63:ed:72:dc:1c:1d:5b:91:5e:d6:02:fc:34:ee:d7:5b:8b:6d:
         09:c3:da:de:35:a3:64:b2:42:1b:39:9b:e0:ca:f4:d6:af:72:
         d4:a6:b1:d7:1e:fe:49:a2:67:52:26:b1:8f:61:cd:fc:21:27:
         ac:98:04:0d:2c:05:3a:94:46:3c:b6:bf:1e:af:01:9e:a0:e2:
         5c:0e:25:c9:92:4a:49:84:f3:3e:a9:66:76:2c:d8:46:e5:d5:
         66:b7:08:e6:59:4e:0f:e9:b7:76:52:f5:d0:e3:c1:a9:6b:d1:
         05:eb:3e:15:c2:51:43:26:68:05:9a:0e:99:34:aa:4e:c9:e6:
         fe:d8:1c:d8:19:47:eb:90:3e:87:9e:64:0a:68:18:82:2e:49:
         8d:86:ed:da:7e:1e:46:66:b4:46:3d:0a:7c:e5:db:a9:15:a2:
         98:d4:be:f6:41:c5:38:5d:c8:8a:96:90:87:6a:9c:c8:1d:81:
         97:3b:1f:20:63:95:7c:0a:30:b8:ca:39:75:b1:ec:cb:23:96:
         00:82:ef:6b:62:df:f6:20:ec:1b:9a:53:4b:49:21:d8:75:12:
         2b:36:b1:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZuc6ohcoA3OxrZCG0mZHy5EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjYwMTA4MDkyMjU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTQyNzI0YWNiOGMzNGRlYTdhYjhlYjU5ODY3ZGJjOTQ1YTZkM2U5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtyvRYE4nQYJK48rRUe2bD0FtP5r9
OVtgb9bxmBUL3kr1ju496TnNkS+a3/kryy911E+J+d/eqfYdtwV4TqWrOOOkCuL6
KR5F/1Sy5YVCvlgofIClNPnGvIMMahlX13b+w0+P+HJvNzfL8robj5aw9lk/dbGK
Rnf2nEKYNUQRQ5hWZako7SXc7VtOVJXxDpph624JvK+ZYOhxNHF08le0E1stPjDI
4a5rOG3iiDC5PaQdJN5A8h6Qcmcvv/HHlo6Yeyb0A6wkAIiHmfC2bFbucUjLgY60
uZ3W/0nESJHJcvghk242eFJm5GX8MawD1mMUp8zRdudXZGRSmjeeLxaacQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA5CckrLjDTep6uOtZhn28lFptPpMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvRGtKeVNzdU1OTjZucTQ2MW1HZmJ5VVdtMC1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNHRMA0G
CSqGSIb3DQEBCwUAA4IBAQB80Rn1nbRtzL8kUL4CaoNDpJ9utdamppb0bH1kAatP
1hXg8U9j7XLcHB1bkV7WAvw07tdbi20Jw9reNaNkskIbOZvgyvTWr3LUprHXHv5J
omdSJrGPYc38ISesmAQNLAU6lEY8tr8erwGeoOJcDiXJkkpJhPM+qWZ2LNhG5dVm
twjmWU4P6bd2UvXQ48Gpa9EF6z4VwlFDJmgFmg6ZNKpOyeb+2BzYGUfrkD6HnmQK
aBiCLkmNhu3afh5GZrRGPQp85dupFaKY1L72QcU4XciKlpCHapzIHYGXOx8gY5V8
CjC4yjl1sezLI5YAgu9rYt/2IOwbmlNLSSHYdRIrNrGU
-----END CERTIFICATE-----
Generated at Mon Jan 19 16:54:17 2026 by rpki-client