This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/29c915-2cbc-4768-840c-aadfa9c06742/1/J85fjuSQxz3wg1fx9HApSpky-cc.roa
File:                     J85fjuSQxz3wg1fx9HApSpky-cc.roa (raw, json)
Hash identifier:          UxFrHM/u1QxNZlVa/F5dPFto/GBnUH2xgwkXvxIONS8=
Subject key identifier:   27:CE:5F:8E:E4:90:C7:3D:F0:83:57:F1:F4:70:29:4A:99:32:F9:C7
Certificate issuer:       /CN=b82e7b8068c4ae9ae4ca4c3a6b2096199a741ff2
Certificate serial:       019B7F8200F08345C6B8E9133527741116CB
Authority key identifier: B8:2E:7B:80:68:C4:AE:9A:E4:CA:4C:3A:6B:20:96:19:9A:74:1F:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uC57gGjErprkykw6ayCWGZp0H_I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/29c915-2cbc-4768-840c-aadfa9c06742/1/J85fjuSQxz3wg1fx9HApSpky-cc.roa
Signing time:             Fri 02 Jan 2026 16:19:44 +0000
ROA not before:           Fri 02 Jan 2026 16:19:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34323
IP address blocks:        91.200.82.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/29c915-2cbc-4768-840c-aadfa9c06742/1/uC57gGjErprkykw6ayCWGZp0H_I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/29c915-2cbc-4768-840c-aadfa9c06742/1/uC57gGjErprkykw6ayCWGZp0H_I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uC57gGjErprkykw6ayCWGZp0H_I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 16:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:82:00:f0:83:45:c6:b8:e9:13:35:27:74:11:16:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b82e7b8068c4ae9ae4ca4c3a6b2096199a741ff2
        Validity
            Not Before: Jan  2 16:19:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=27ce5f8ee490c73df08357f1f470294a9932f9c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:6f:89:08:bc:ff:5a:8f:3c:76:b0:a5:b0:0c:
                    03:70:03:43:3a:72:04:d2:e5:9d:dd:90:33:d0:5a:
                    8b:c5:3c:de:7f:f2:30:cf:ee:e5:10:5a:11:a1:ec:
                    23:20:c9:db:6d:7c:e4:5d:5d:33:87:e1:ba:be:05:
                    11:c8:2f:14:2b:7b:0a:3d:93:4b:5b:c0:7b:c3:27:
                    7c:27:9a:52:47:34:3d:14:85:dd:ac:3c:5c:5f:f7:
                    93:5f:bd:00:fe:11:ea:62:f3:7d:03:38:c0:36:d5:
                    75:26:fe:27:ec:74:0b:de:66:cf:e9:f6:f8:86:99:
                    cf:cb:13:36:7b:37:75:65:23:a8:b4:66:b7:dd:f3:
                    f6:d7:22:9a:f7:82:a3:8b:d1:9c:c6:5c:ba:57:d1:
                    78:8c:5a:d7:3e:ec:52:ee:2c:ef:bb:fd:35:c0:57:
                    8f:77:4e:85:67:89:d1:ee:67:1e:4c:83:87:f7:d4:
                    c9:b6:55:75:53:65:db:74:e6:8c:8f:53:a2:6c:a2:
                    bd:0a:22:c6:f7:66:a4:0d:71:f5:08:2d:b9:ce:64:
                    23:76:ef:3e:49:20:9c:98:26:52:b2:e6:a9:d5:b1:
                    77:8c:b6:d1:f8:8d:b8:d9:f1:d1:30:5b:b5:27:29:
                    77:4a:ef:83:29:42:2e:d3:7a:f8:69:74:6a:01:8e:
                    0f:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:CE:5F:8E:E4:90:C7:3D:F0:83:57:F1:F4:70:29:4A:99:32:F9:C7
            X509v3 Authority Key Identifier:
                keyid:B8:2E:7B:80:68:C4:AE:9A:E4:CA:4C:3A:6B:20:96:19:9A:74:1F:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uC57gGjErprkykw6ayCWGZp0H_I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/29c915-2cbc-4768-840c-aadfa9c06742/1/J85fjuSQxz3wg1fx9HApSpky-cc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/29c915-2cbc-4768-840c-aadfa9c06742/1/uC57gGjErprkykw6ayCWGZp0H_I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.200.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:64:7f:37:f7:0a:be:6e:c6:59:74:90:66:6e:c0:c6:11:6f:
         70:85:a8:b7:99:29:05:5b:54:60:38:75:9d:e6:ea:37:e0:df:
         c2:f3:0c:42:2d:ed:91:0a:55:68:96:cb:5f:1b:5e:7b:8c:b6:
         e4:e7:34:db:7a:ba:b8:fc:d4:72:92:77:45:40:af:b8:ca:77:
         e0:7c:03:47:63:35:bb:8e:fe:a4:c7:40:a3:02:64:7b:4b:36:
         ec:27:6c:3d:2f:6b:4f:28:52:38:35:eb:9e:11:17:de:79:b4:
         dd:a4:b3:f4:12:f2:74:ca:50:fb:78:b4:68:2f:04:5d:bd:24:
         68:a3:9d:52:6b:41:68:95:68:b5:48:a8:68:d5:83:e9:c1:13:
         3f:12:cf:b3:00:38:4f:33:e6:e5:03:dd:dd:3d:7f:51:95:f4:
         dc:5e:3f:ca:c1:15:73:28:f5:b3:7d:29:08:81:00:1f:82:cb:
         79:47:ac:0a:f4:44:4a:25:1c:cf:dc:d6:92:71:ac:62:33:95:
         3b:45:57:90:29:d8:96:91:5b:46:33:81:97:24:29:ca:da:26:
         b2:7f:88:c5:e9:ef:aa:e4:d8:c9:be:9b:bf:b8:46:cb:5f:4e:
         aa:c7:0e:a9:e9:a4:28:f5:90:15:1b:32:99:28:e8:4f:a0:8a:
         49:70:aa:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/ggDwg0XGuOkTNSd0ERbLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MmU3YjgwNjhjNGFlOWFlNGNhNGMzYTZiMjA5NjE5OWE3
NDFmZjIwHhcNMjYwMTAyMTYxOTQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2NlNWY4ZWU0OTBjNzNkZjA4MzU3ZjFmNDcwMjk0YTk5MzJmOWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlW+JCLz/Wo88drClsAwDcANDOnIE
0uWd3ZAz0FqLxTzef/Iwz+7lEFoRoewjIMnbbXzkXV0zh+G6vgURyC8UK3sKPZNL
W8B7wyd8J5pSRzQ9FIXdrDxcX/eTX70A/hHqYvN9AzjANtV1Jv4n7HQL3mbP6fb4
hpnPyxM2ezd1ZSOotGa33fP21yKa94Kji9Gcxly6V9F4jFrXPuxS7izvu/01wFeP
d06FZ4nR7mceTIOH99TJtlV1U2XbdOaMj1OibKK9CiLG92akDXH1CC25zmQjdu8+
SSCcmCZSsuap1bF3jLbR+I242fHRMFu1Jyl3Su+DKUIu03r4aXRqAY4P8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCfOX47kkMc98INX8fRwKUqZMvnHMB8GA1UdIwQY
MBaAFLgue4BoxK6a5MpMOmsglhmadB/yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUM1N2dHakVycHJreWt3NmF5Q1dHWnAwSF9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny8yOWM5MTUtMmNiYy00NzY4LTg0MGMt
YWFkZmE5YzA2NzQyLzEvSjg1Zmp1U1F4ejN3ZzFmeDlIQXBTcGt5LWNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny8yOWM5MTUtMmNiYy00NzY4LTg0MGMtYWFkZmE5YzA2NzQy
LzEvdUM1N2dHakVycHJreWt3NmF5Q1dHWnAwSF9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8hSMA0G
CSqGSIb3DQEBCwUAA4IBAQA5ZH839wq+bsZZdJBmbsDGEW9whai3mSkFW1RgOHWd
5uo34N/C8wxCLe2RClVolstfG157jLbk5zTberq4/NRykndFQK+4ynfgfANHYzW7
jv6kx0CjAmR7SzbsJ2w9L2tPKFI4NeueERfeebTdpLP0EvJ0ylD7eLRoLwRdvSRo
o51Sa0FolWi1SKho1YPpwRM/Es+zADhPM+blA93dPX9RlfTcXj/KwRVzKPWzfSkI
gQAfgst5R6wK9ERKJRzP3NaScaxiM5U7RVeQKdiWkVtGM4GXJCnK2iayf4jF6e+q
5NjJvpu/uEbLX06qxw6p6aQo9ZAVGzKZKOhPoIpJcKoS
-----END CERTIFICATE-----