This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/exmOhRi-6QM5QMwrvTDO0PpHlU8.roa
File:                     exmOhRi-6QM5QMwrvTDO0PpHlU8.roa (raw, json)
Hash identifier:          4Qp1/ibvMkLGC74o2WsGwKqLvwHH0XDSfh5c29oEHq0=
Subject key identifier:   7B:19:8E:85:18:BE:E9:03:39:40:CC:2B:BD:30:CE:D0:FA:47:95:4F
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       019AD9FBC9F583F1E1440BD57A9BB958AE8B
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/exmOhRi-6QM5QMwrvTDO0PpHlU8.roa
Signing time:             Mon 01 Dec 2025 12:55:48 +0000
ROA not before:           Mon 01 Dec 2025 12:55:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     23470
IP address blocks:        88.209.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Dec 2025 10:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:d9:fb:c9:f5:83:f1:e1:44:0b:d5:7a:9b:b9:58:ae:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Dec  1 12:55:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7b198e8518bee9033940cc2bbd30ced0fa47954f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:a2:95:be:5f:db:ca:d1:99:32:de:98:72:32:
                    6e:d6:27:e9:ca:fe:dd:87:40:23:14:d3:da:4d:e6:
                    7b:70:05:9a:84:02:f6:60:0a:5f:9b:f4:ac:39:8a:
                    58:70:23:62:52:e3:b9:b1:67:ae:7c:d0:f8:8e:79:
                    80:4d:8b:2f:5e:59:d7:77:e3:17:23:24:aa:6e:78:
                    34:d6:70:d0:aa:be:98:ea:e8:14:01:08:97:a8:76:
                    57:2e:00:0d:6a:5a:b9:02:68:90:c4:3d:98:2b:20:
                    8f:e9:ce:5a:9d:e0:3f:7d:f4:31:38:c6:2b:22:58:
                    8d:04:83:e5:7c:a4:58:85:1d:42:c0:17:90:27:4c:
                    26:b1:a2:92:e3:cd:3c:f3:69:98:af:a3:8c:ca:e9:
                    69:86:9a:ef:f3:e6:bd:2b:a7:5f:a7:33:a4:32:73:
                    e3:64:d9:ea:a6:d7:e1:99:59:1e:91:d8:e3:25:08:
                    d4:f7:5b:2b:5e:33:d3:91:d9:0a:38:82:df:92:1a:
                    70:6f:ca:e0:25:8b:07:51:84:1e:35:6e:0d:cf:00:
                    8b:9a:f1:1a:8b:ae:9b:dc:22:3c:11:2c:d7:1b:2b:
                    c5:bd:8f:2c:18:1d:e8:b0:8d:0b:9e:0d:b7:32:c4:
                    08:af:be:c6:28:55:63:9d:dc:fe:0f:92:8a:9c:c8:
                    f7:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:19:8E:85:18:BE:E9:03:39:40:CC:2B:BD:30:CE:D0:FA:47:95:4F
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/exmOhRi-6QM5QMwrvTDO0PpHlU8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.209.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:ab:26:c4:c1:5f:be:84:3b:e3:ff:1b:3d:5c:d5:f1:5a:86:
         65:75:9c:6f:63:2a:f6:c5:7a:a4:ad:09:2e:eb:a0:52:d6:85:
         1c:27:65:f0:b4:3b:ba:b4:31:6d:e0:a7:75:df:24:02:1a:7b:
         24:eb:b0:fb:6e:f6:06:94:f5:56:da:79:8c:51:71:74:02:e3:
         7b:85:e2:f8:bd:a7:86:50:2f:30:aa:bd:c7:e1:91:94:7c:ae:
         ff:9c:d4:36:56:d1:97:af:ab:6d:89:a3:07:50:38:00:e6:fc:
         5b:b6:33:00:50:8f:b6:8e:0f:ff:b6:d8:02:21:37:61:42:8c:
         55:d5:2c:82:c8:32:53:a5:cb:c3:88:94:a8:64:25:95:91:7e:
         36:1d:82:25:05:e4:1c:77:04:55:4c:1d:e6:3c:60:50:43:c1:
         fb:06:fb:e9:fa:36:c9:b8:e3:a6:89:4f:00:b3:85:e1:ba:48:
         6e:84:50:bb:4b:32:be:f2:ff:b0:15:f4:85:ee:60:64:c5:25:
         50:fc:0d:42:f1:b6:0a:cf:1c:8b:ce:38:bd:21:02:b8:24:f8:
         f3:26:d8:e2:8d:9b:4c:80:8a:7a:1d:d6:2d:9c:3b:fb:bc:0e:
         56:e4:90:a4:f1:b5:5e:08:98:e9:cb:01:51:fa:bb:bb:8f:f9:
         e8:9a:3c:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZrZ+8n1g/HhRAvVepu5WK6LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjUxMjAxMTI1NTQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjE5OGU4NTE4YmVlOTAzMzk0MGNjMmJiZDMwY2VkMGZhNDc5NTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu6KVvl/bytGZMt6YcjJu1ifpyv7d
h0AjFNPaTeZ7cAWahAL2YApfm/SsOYpYcCNiUuO5sWeufND4jnmATYsvXlnXd+MX
IySqbng01nDQqr6Y6ugUAQiXqHZXLgANalq5AmiQxD2YKyCP6c5aneA/ffQxOMYr
IliNBIPlfKRYhR1CwBeQJ0wmsaKS480882mYr6OMyulphprv8+a9K6dfpzOkMnPj
ZNnqptfhmVkekdjjJQjU91srXjPTkdkKOILfkhpwb8rgJYsHUYQeNW4NzwCLmvEa
i66b3CI8ESzXGyvFvY8sGB3osI0Lng23MsQIr77GKFVjndz+D5KKnMj3KwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHsZjoUYvukDOUDMK70wztD6R5VPMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvZXhtT2hSaS02UU01UU13cnZURE8wUHBIbFU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNHHMA0G
CSqGSIb3DQEBCwUAA4IBAQAIqybEwV++hDvj/xs9XNXxWoZldZxvYyr2xXqkrQku
66BS1oUcJ2XwtDu6tDFt4Kd13yQCGnsk67D7bvYGlPVW2nmMUXF0AuN7heL4vaeG
UC8wqr3H4ZGUfK7/nNQ2VtGXr6ttiaMHUDgA5vxbtjMAUI+2jg//ttgCITdhQoxV
1SyCyDJTpcvDiJSoZCWVkX42HYIlBeQcdwRVTB3mPGBQQ8H7Bvvp+jbJuOOmiU8A
s4XhukhuhFC7SzK+8v+wFfSF7mBkxSVQ/A1C8bYKzxyLzji9IQK4JPjzJtjijZtM
gIp6HdYtnDv7vA5W5JCk8bVeCJjpywFR+ru7j/nomjxL
-----END CERTIFICATE-----