This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/9f9590-7f0a-41b3-ac4f-efd14db957fb/1/FHwGNHrCl9ZDaI5iHSATgi0eQI4.roa
File:                     FHwGNHrCl9ZDaI5iHSATgi0eQI4.roa (raw, json)
Hash identifier:          Ry8wkccjRDgFgOO1ND+5XAwtEK69W7guaqIyY6Z98Uk=
Subject key identifier:   14:7C:06:34:7A:C2:97:D6:43:68:8E:62:1D:20:13:82:2D:1E:40:8E
Certificate issuer:       /CN=f9856d674f0e9dbf6012d5b5d3d96b43afd76473
Certificate serial:       019B78A29B1B4AF474D1AB373719543754CB
Authority key identifier: F9:85:6D:67:4F:0E:9D:BF:60:12:D5:B5:D3:D9:6B:43:AF:D7:64:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-YVtZ08Onb9gEtW109lrQ6_XZHM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/9f9590-7f0a-41b3-ac4f-efd14db957fb/1/FHwGNHrCl9ZDaI5iHSATgi0eQI4.roa
Signing time:             Thu 01 Jan 2026 08:18:01 +0000
ROA not before:           Thu 01 Jan 2026 08:18:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9116
IP address blocks:        82.102.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/9f9590-7f0a-41b3-ac4f-efd14db957fb/1/1-YVtZ08Onb9gEtW109lrQ6_XZHM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/9f9590-7f0a-41b3-ac4f-efd14db957fb/1/1-YVtZ08Onb9gEtW109lrQ6_XZHM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-YVtZ08Onb9gEtW109lrQ6_XZHM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 02 Jan 2026 08:19:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:9b:1b:4a:f4:74:d1:ab:37:37:19:54:37:54:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f9856d674f0e9dbf6012d5b5d3d96b43afd76473
        Validity
            Not Before: Jan  1 08:18:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=147c06347ac297d643688e621d2013822d1e408e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:10:d6:e1:4e:18:e8:35:c8:7f:e5:e4:9a:22:
                    3d:a5:be:33:3c:ba:46:02:91:a1:96:bf:26:ef:3c:
                    cb:0d:28:f2:fb:26:a9:63:4d:e2:aa:3b:0c:03:9d:
                    31:c2:cc:57:df:0e:a0:7b:88:fc:81:f7:75:c9:e5:
                    3a:fd:9f:68:98:eb:10:70:6d:b7:6b:31:f8:11:62:
                    73:1e:b5:31:97:fa:43:2e:24:97:f9:ef:4c:c5:8e:
                    fc:82:bd:59:38:fc:bf:3a:00:6d:34:01:cc:b2:43:
                    da:43:1a:9b:8b:38:c2:a5:7c:ee:de:1f:eb:a2:e7:
                    3e:c9:0e:8d:ac:0f:b5:c5:c3:50:1e:8b:6c:4e:b3:
                    0b:d3:ae:d2:d5:26:56:7f:e1:9b:56:4a:2c:56:8c:
                    c0:0b:ea:99:3f:6a:a2:4e:5e:f2:d3:ce:22:45:31:
                    7e:93:29:4d:19:8e:48:7b:c7:fa:e3:c5:10:87:5a:
                    64:b6:f7:ee:83:a2:2d:7c:89:df:6b:7d:c9:83:5f:
                    72:8a:1a:e8:63:d7:c6:52:a1:f0:7b:16:f8:03:2e:
                    f1:ac:a4:e5:d9:d0:c9:72:c0:54:79:82:24:cc:55:
                    29:a5:0c:fc:c1:91:a7:de:61:40:87:52:ef:53:2f:
                    56:6c:c7:68:3a:22:75:66:fc:7b:b5:37:97:53:3b:
                    d0:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:7C:06:34:7A:C2:97:D6:43:68:8E:62:1D:20:13:82:2D:1E:40:8E
            X509v3 Authority Key Identifier:
                keyid:F9:85:6D:67:4F:0E:9D:BF:60:12:D5:B5:D3:D9:6B:43:AF:D7:64:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-YVtZ08Onb9gEtW109lrQ6_XZHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/9f9590-7f0a-41b3-ac4f-efd14db957fb/1/FHwGNHrCl9ZDaI5iHSATgi0eQI4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/9f9590-7f0a-41b3-ac4f-efd14db957fb/1/1-YVtZ08Onb9gEtW109lrQ6_XZHM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.102.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:bb:2a:3e:54:ce:01:b3:a9:69:80:64:03:f6:b3:a2:03:61:
         03:fc:57:ea:57:4b:6d:99:c2:a0:e8:db:fc:df:46:81:0d:9f:
         e6:51:a6:c5:54:e0:94:3c:9b:47:01:53:a2:ed:9d:99:db:99:
         c8:9f:2b:43:bc:18:e7:cb:93:18:fc:f4:7b:49:e0:ea:43:2d:
         0e:c7:10:79:06:f5:ac:23:a6:cb:14:fd:42:e6:a0:d0:46:60:
         d1:32:55:67:58:c9:38:8b:d3:57:b3:e8:15:d6:aa:7c:d3:37:
         4d:80:f6:bf:b2:28:78:6e:12:de:55:c4:c9:96:71:56:ad:4b:
         9a:d3:d9:34:02:f4:f9:4e:43:08:8e:dd:8d:61:05:c7:47:77:
         31:0c:17:f8:79:ce:c3:28:4d:64:14:8e:72:8e:20:fa:52:11:
         43:18:56:9f:5e:5c:ea:5c:ae:1c:85:02:f7:13:00:17:86:be:
         ff:7c:c4:fa:78:19:21:8c:72:36:bd:e7:e7:68:b5:a8:b5:e8:
         34:63:e1:b7:8c:75:af:2d:77:4b:6b:9d:c2:04:f8:46:73:1e:
         28:98:62:7a:e8:38:f1:88:49:f2:b6:28:03:a0:54:6b:70:33:
         d4:62:0f:24:59:d8:e1:cb:12:ad:6b:1a:79:67:7f:12:3f:78:
         4b:e6:3e:e0
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt4opsbSvR00as3NxlUN1TLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5ODU2ZDY3NGYwZTlkYmY2MDEyZDViNWQzZDk2YjQzYWZk
NzY0NzMwHhcNMjYwMTAxMDgxODAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDdjMDYzNDdhYzI5N2Q2NDM2ODhlNjIxZDIwMTM4MjJkMWU0MDhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5hDW4U4Y6DXIf+XkmiI9pb4zPLpG
ApGhlr8m7zzLDSjy+yapY03iqjsMA50xwsxX3w6ge4j8gfd1yeU6/Z9omOsQcG23
azH4EWJzHrUxl/pDLiSX+e9MxY78gr1ZOPy/OgBtNAHMskPaQxqbizjCpXzu3h/r
ouc+yQ6NrA+1xcNQHotsTrML067S1SZWf+GbVkosVozAC+qZP2qiTl7y084iRTF+
kylNGY5Ie8f648UQh1pktvfug6ItfInfa33Jg19yihroY9fGUqHwexb4Ay7xrKTl
2dDJcsBUeYIkzFUppQz8wZGn3mFAh1LvUy9WbMdoOiJ1Zvx7tTeXUzvQCwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFBR8BjR6wpfWQ2iOYh0gE4ItHkCOMB8GA1UdIwQY
MBaAFPmFbWdPDp2/YBLVtdPZa0Ov12RzMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1ZVnRaMDhPbmI5Z0V0VzEwOWxyUTZfWFpITS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMGEvOWY5NTkwLTdmMGEtNDFiMy1hYzRm
LWVmZDE0ZGI5NTdmYi8xL0ZId0dOSHJDbDlaRGFJNWlIU0FUZ2kwZVFJNC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMGEvOWY5NTkwLTdmMGEtNDFiMy1hYzRmLWVmZDE0ZGI5NTdm
Yi8xLzEtWVZ0WjA4T25iOWdFdFcxMDlsclE2X1haSE0uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSZqEw
DQYJKoZIhvcNAQELBQADggEBAHK7Kj5UzgGzqWmAZAP2s6IDYQP8V+pXS22ZwqDo
2/zfRoENn+ZRpsVU4JQ8m0cBU6LtnZnbmcifK0O8GOfLkxj89HtJ4OpDLQ7HEHkG
9awjpssU/ULmoNBGYNEyVWdYyTiL01ez6BXWqnzTN02A9r+yKHhuEt5VxMmWcVat
S5rT2TQC9PlOQwiO3Y1hBcdHdzEMF/h5zsMoTWQUjnKOIPpSEUMYVp9eXOpcrhyF
AvcTABeGvv98xPp4GSGMcja95+dotai16DRj4beMda8td0trncIE+EZzHiiYYnro
OPGISfK2KAOgVGtwM9RiDyRZ2OHLEq1rGnlnfxI/eEvmPuA=
-----END CERTIFICATE-----