This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/0fkL8v4esEN2MwzFGnesjudCKjs.roa
File:                     0fkL8v4esEN2MwzFGnesjudCKjs.roa (raw, json)
Hash identifier:          7WXMV5Hm7GZ4WWLkAlRdl21YkXZqcjivmsLV5TyRKpk=
Subject key identifier:   D1:F9:0B:F2:FE:1E:B0:43:76:33:0C:C5:1A:77:AC:8E:E7:42:2A:3B
Certificate issuer:       /CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
Certificate serial:       019B7E37E462C74F4869072194E785CCF83A
Authority key identifier: 56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/0fkL8v4esEN2MwzFGnesjudCKjs.roa
Signing time:             Fri 02 Jan 2026 10:19:10 +0000
ROA not before:           Fri 02 Jan 2026 10:19:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12873
IP address blocks:        212.15.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:e4:62:c7:4f:48:69:07:21:94:e7:85:cc:f8:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
        Validity
            Not Before: Jan  2 10:19:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d1f90bf2fe1eb04376330cc51a77ac8ee7422a3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:a7:5a:20:8e:b0:f6:a3:fe:e5:24:96:bf:8b:
                    bb:8b:c2:38:40:c5:b6:a1:d7:cb:54:c9:55:49:b0:
                    35:c9:df:8c:2e:6a:5b:47:b9:7a:fb:94:52:f4:8a:
                    1e:78:2a:f6:95:6c:1e:19:75:a6:21:9e:c0:32:07:
                    ef:e1:cd:fc:ed:af:1b:a0:f7:cf:19:bf:1d:10:08:
                    63:25:ad:44:c3:2f:f9:50:ca:1f:8f:82:d7:86:d0:
                    90:73:2b:71:f5:c5:81:3d:21:57:94:cb:20:f8:af:
                    db:94:55:61:1a:d9:f2:88:23:4a:6a:1a:3a:2f:65:
                    c0:dc:98:e2:b9:f5:a1:53:10:33:01:1d:e4:6c:30:
                    a3:4f:51:1b:ff:d2:dd:81:8e:53:f2:44:a4:35:14:
                    c6:6e:9f:33:e9:be:10:86:87:2c:3a:b9:c6:c6:05:
                    d8:55:93:35:da:ce:0b:4d:ad:5b:ac:d3:ec:53:3f:
                    ef:a2:2e:c3:08:d1:5a:52:d3:e6:b2:71:d8:38:0b:
                    b8:10:42:e0:38:94:6e:4f:2b:19:3c:57:9a:b7:d2:
                    f0:1a:b4:10:78:49:f6:72:cb:d5:e6:2d:8b:e6:17:
                    e8:c9:df:7f:12:8d:b9:fb:84:55:88:52:fb:69:49:
                    51:eb:20:ea:f1:8c:1f:cc:22:59:29:4e:aa:b4:25:
                    0c:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:F9:0B:F2:FE:1E:B0:43:76:33:0C:C5:1A:77:AC:8E:E7:42:2A:3B
            X509v3 Authority Key Identifier:
                keyid:56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/0fkL8v4esEN2MwzFGnesjudCKjs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.15.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d1:20:28:b4:7c:dc:68:a6:d1:66:1c:68:10:f4:b6:93:20:a4:
         ad:e9:e2:53:9e:1e:c7:a2:c6:e6:12:c4:6a:cc:a8:4e:23:20:
         12:29:4e:bd:00:d3:ca:4a:7c:ae:e5:09:ad:2b:77:c2:8e:9c:
         14:46:e2:a8:5a:f7:b2:54:49:fa:a1:a5:56:6d:83:53:a2:70:
         cb:cc:c5:7c:26:f6:92:f4:23:5f:09:b6:22:10:25:1c:2d:ca:
         23:34:f4:d2:75:c8:be:e6:9d:90:71:62:70:4e:16:a6:7d:ff:
         49:46:29:bb:3d:2e:2e:41:04:a1:b1:ee:f5:9d:57:b2:75:f1:
         f4:8d:9f:1a:66:8d:ac:b7:d5:e9:dd:c9:26:f5:26:28:7b:24:
         e9:ca:b2:a3:d8:f1:65:4a:c0:a9:77:78:21:a3:35:02:6c:66:
         12:fc:86:54:bd:2a:ed:e4:89:4e:d7:27:7d:d1:2f:23:af:d6:
         76:a2:e5:ae:57:c1:41:8d:2d:5d:64:b4:09:e9:df:62:09:85:
         18:57:16:4e:73:a8:ad:a2:81:58:91:33:ab:25:af:42:66:f0:
         9f:26:c9:b6:55:6c:87:ab:c4:b7:04:d5:86:54:42:58:8a:e7:
         b6:87:47:13:e5:40:ea:b9:78:ab:c4:1a:9a:67:ad:76:c9:c8:
         30:02:a1:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+N+Rix09IaQchlOeFzPg6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2OGZlMzVjYzk2MjYzM2EyNzU3YWYxMGEwZTZlOGFiNmQw
MWY0YzkwHhcNMjYwMTAyMTAxOTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWY5MGJmMmZlMWViMDQzNzYzMzBjYzUxYTc3YWM4ZWU3NDIyYTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvKdaII6w9qP+5SSWv4u7i8I4QMW2
odfLVMlVSbA1yd+MLmpbR7l6+5RS9IoeeCr2lWweGXWmIZ7AMgfv4c387a8boPfP
Gb8dEAhjJa1Ewy/5UMofj4LXhtCQcytx9cWBPSFXlMsg+K/blFVhGtnyiCNKaho6
L2XA3JjiufWhUxAzAR3kbDCjT1Eb/9LdgY5T8kSkNRTGbp8z6b4QhocsOrnGxgXY
VZM12s4LTa1brNPsUz/voi7DCNFaUtPmsnHYOAu4EELgOJRuTysZPFeat9LwGrQQ
eEn2csvV5i2L5hfoyd9/Eo25+4RViFL7aUlR6yDq8YwfzCJZKU6qtCUM4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNH5C/L+HrBDdjMMxRp3rI7nQio7MB8GA1UdIwQY
MBaAFFaP41zJYmM6J1evEKDm6KttAfTJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVm9falhNbGlZem9uVjY4UW9PYm9xMjBCOU1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8zN2ViZTYtOGJmZS00YzFmLWExODMt
ODNkNjQ4Zjc5NzQ2LzEvMGZrTDh2NGVzRU4yTXd6RkduZXNqdWRDS2pzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8zN2ViZTYtOGJmZS00YzFmLWExODMtODNkNjQ4Zjc5NzQ2
LzEvVm9falhNbGlZem9uVjY4UW9PYm9xMjBCOU1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1A8JMA0G
CSqGSIb3DQEBCwUAA4IBAQDRICi0fNxoptFmHGgQ9LaTIKSt6eJTnh7HosbmEsRq
zKhOIyASKU69ANPKSnyu5QmtK3fCjpwURuKoWveyVEn6oaVWbYNTonDLzMV8JvaS
9CNfCbYiECUcLcojNPTSdci+5p2QcWJwThamff9JRim7PS4uQQShse71nVeydfH0
jZ8aZo2st9Xp3ckm9SYoeyTpyrKj2PFlSsCpd3ghozUCbGYS/IZUvSrt5IlO1yd9
0S8jr9Z2ouWuV8FBjS1dZLQJ6d9iCYUYVxZOc6itooFYkTOrJa9CZvCfJsm2VWyH
q8S3BNWGVEJYiue2h0cT5UDquXirxBqaZ612ycgwAqFP
-----END CERTIFICATE-----