This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/y8jNpNhJhN8HEtdIA-w7AJf_i5Q.roa
File:                     y8jNpNhJhN8HEtdIA-w7AJf_i5Q.roa (raw, json)
Hash identifier:          8sIOOrWgw4Q4JWzlfJJ/cqOkQmwBNx1SNCCheRpOVMM=
Subject key identifier:   CB:C8:CD:A4:D8:49:84:DF:07:12:D7:48:03:EC:3B:00:97:FF:8B:94
Certificate issuer:       /CN=74e3c336972094b1a8c13d41816857d197a3aae9
Certificate serial:       019B7FF2145D75A5FC9BE7B6198DD72CDC8A
Authority key identifier: 74:E3:C3:36:97:20:94:B1:A8:C1:3D:41:81:68:57:D1:97:A3:AA:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dOPDNpcglLGowT1BgWhX0Zejquk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/y8jNpNhJhN8HEtdIA-w7AJf_i5Q.roa
Signing time:             Fri 02 Jan 2026 18:22:09 +0000
ROA not before:           Fri 02 Jan 2026 18:22:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     59711
IP address blocks:        176.97.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/dOPDNpcglLGowT1BgWhX0Zejquk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/dOPDNpcglLGowT1BgWhX0Zejquk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dOPDNpcglLGowT1BgWhX0Zejquk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 06:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f2:14:5d:75:a5:fc:9b:e7:b6:19:8d:d7:2c:dc:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74e3c336972094b1a8c13d41816857d197a3aae9
        Validity
            Not Before: Jan  2 18:22:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cbc8cda4d84984df0712d74803ec3b0097ff8b94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:33:43:17:ef:5c:e7:83:3b:2c:33:5a:ae:94:
                    bc:09:f1:56:9c:4d:ed:f7:37:cf:f1:6e:7f:6e:08:
                    68:8c:96:79:46:bb:17:c5:9a:fb:fe:03:fc:0c:b6:
                    92:b8:4b:06:8e:9b:66:29:cf:d4:29:b9:eb:19:5c:
                    32:6d:76:f9:6a:60:fc:bd:64:51:99:16:40:63:e9:
                    7a:37:43:4f:f2:5f:5d:82:55:e3:38:1c:03:c0:6d:
                    1e:1d:c6:8a:80:71:cb:32:e1:a7:26:91:37:f8:66:
                    bd:a0:fd:80:ec:45:5c:6b:be:72:95:37:99:ed:fe:
                    e1:33:45:05:a2:e3:12:f3:78:22:88:fd:c3:05:9d:
                    0f:5a:67:ab:1f:43:90:32:e2:a4:75:da:dc:e4:62:
                    d2:c5:2d:86:04:95:2a:ca:dc:d5:fd:0a:63:96:f3:
                    3c:4d:c4:6a:72:86:53:f0:95:35:6a:ef:ca:49:4b:
                    99:cc:66:db:98:06:55:1a:80:97:78:1f:fd:b9:7d:
                    80:20:77:8f:06:79:8d:be:fd:b3:62:1d:42:cc:03:
                    58:ed:d1:b0:ce:ec:15:4d:b7:85:f1:1a:b9:e9:44:
                    99:4f:3e:d5:00:6e:dc:e2:ad:52:07:ac:36:c6:c3:
                    70:03:3a:6f:54:fe:75:78:b1:50:fa:aa:7a:37:a2:
                    4c:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:C8:CD:A4:D8:49:84:DF:07:12:D7:48:03:EC:3B:00:97:FF:8B:94
            X509v3 Authority Key Identifier:
                keyid:74:E3:C3:36:97:20:94:B1:A8:C1:3D:41:81:68:57:D1:97:A3:AA:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dOPDNpcglLGowT1BgWhX0Zejquk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/y8jNpNhJhN8HEtdIA-w7AJf_i5Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/dOPDNpcglLGowT1BgWhX0Zejquk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.97.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:db:74:17:fe:b7:8b:42:3e:ad:d2:07:81:84:f8:02:a8:01:
         5a:3e:9e:8a:52:20:51:de:ba:2e:e5:48:aa:93:e6:59:93:57:
         bc:49:6c:7a:3b:b3:24:ee:0b:3e:e3:26:9c:2a:eb:85:45:97:
         d8:df:c4:7e:d7:fa:4e:50:82:cc:a1:4b:00:28:7e:a3:3b:b3:
         71:a8:5b:a1:07:35:21:cd:22:fe:d4:3c:2c:2c:77:04:e1:01:
         f7:06:35:c5:a4:f1:28:56:50:f8:59:35:4e:81:4a:d9:76:bf:
         b0:c6:7c:41:8e:de:9c:26:a1:59:17:86:0b:3f:2e:1d:d6:75:
         75:ab:79:73:61:b6:b7:06:dd:5a:9c:32:b9:20:9f:7a:dc:8a:
         bb:c5:1e:89:49:2a:06:89:7b:29:e7:50:93:31:69:47:d0:15:
         51:e8:68:6c:69:74:45:c5:68:23:4a:4f:b3:ea:80:15:1d:56:
         33:01:fa:1e:91:60:32:27:70:99:0b:f9:fd:6a:59:ca:e7:a0:
         93:24:b7:95:b0:d6:8a:3b:00:16:86:6d:f4:4d:c1:02:dc:93:
         8d:3c:f7:18:dd:7d:21:6b:0e:e8:b8:31:01:69:fe:e4:62:96:
         82:e0:3e:82:2c:d5:4d:39:b7:33:c4:2a:ca:6e:2d:eb:be:1b:
         be:67:ab:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/8hRddaX8m+e2GY3XLNyKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0ZTNjMzM2OTcyMDk0YjFhOGMxM2Q0MTgxNjg1N2QxOTdh
M2FhZTkwHhcNMjYwMTAyMTgyMjA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmM4Y2RhNGQ4NDk4NGRmMDcxMmQ3NDgwM2VjM2IwMDk3ZmY4Yjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvjNDF+9c54M7LDNarpS8CfFWnE3t
9zfP8W5/bghojJZ5RrsXxZr7/gP8DLaSuEsGjptmKc/UKbnrGVwybXb5amD8vWRR
mRZAY+l6N0NP8l9dglXjOBwDwG0eHcaKgHHLMuGnJpE3+Ga9oP2A7EVca75ylTeZ
7f7hM0UFouMS83giiP3DBZ0PWmerH0OQMuKkddrc5GLSxS2GBJUqytzV/QpjlvM8
TcRqcoZT8JU1au/KSUuZzGbbmAZVGoCXeB/9uX2AIHePBnmNvv2zYh1CzANY7dGw
zuwVTbeF8Rq56USZTz7VAG7c4q1SB6w2xsNwAzpvVP51eLFQ+qp6N6JM9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMvIzaTYSYTfBxLXSAPsOwCX/4uUMB8GA1UdIwQY
MBaAFHTjwzaXIJSxqME9QYFoV9GXo6rpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZE9QRE5wY2dsTEdvd1QxQmdXaFgwWmVqcXVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8xOGM0OTgtMjE3MS00ZTFjLThkODAt
YTZjNDllYjI4Mjg3LzEveThqTnBOaEpoTjhIRXRkSUEtdzdBSmZfaTVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8xOGM0OTgtMjE3MS00ZTFjLThkODAtYTZjNDllYjI4Mjg3
LzEvZE9QRE5wY2dsTEdvd1QxQmdXaFgwWmVqcXVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsGEAMA0G
CSqGSIb3DQEBCwUAA4IBAQB723QX/reLQj6t0geBhPgCqAFaPp6KUiBR3rou5Uiq
k+ZZk1e8SWx6O7Mk7gs+4yacKuuFRZfY38R+1/pOUILMoUsAKH6jO7NxqFuhBzUh
zSL+1DwsLHcE4QH3BjXFpPEoVlD4WTVOgUrZdr+wxnxBjt6cJqFZF4YLPy4d1nV1
q3lzYba3Bt1anDK5IJ963Iq7xR6JSSoGiXsp51CTMWlH0BVR6GhsaXRFxWgjSk+z
6oAVHVYzAfoekWAyJ3CZC/n9alnK56CTJLeVsNaKOwAWhm30TcEC3JONPPcY3X0h
aw7ouDEBaf7kYpaC4D6CLNVNObczxCrKbi3rvhu+Z6vu
-----END CERTIFICATE-----