This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/CfYOw4BeYVr4ZAUSZ_tNhwTcgD0.roa
File:                     CfYOw4BeYVr4ZAUSZ_tNhwTcgD0.roa (raw, json)
Hash identifier:          wgX6WO27LYBi+2fJBCtthpsXm0nbLTOpklywEDCf0FU=
Subject key identifier:   09:F6:0E:C3:80:5E:61:5A:F8:64:05:12:67:FB:4D:87:04:DC:80:3D
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       019B775906ECFFF5E906B1B0A39C50E9166A
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/CfYOw4BeYVr4ZAUSZ_tNhwTcgD0.roa
Signing time:             Thu 01 Jan 2026 02:18:01 +0000
ROA not before:           Thu 01 Jan 2026 02:18:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203369
IP address blocks:        188.114.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 11:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:06:ec:ff:f5:e9:06:b1:b0:a3:9c:50:e9:16:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 02:18:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=09f60ec3805e615af864051267fb4d8704dc803d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:cf:73:a1:ce:7a:79:48:93:87:50:4c:0d:d5:
                    f6:c9:ee:19:34:3d:b2:1e:8d:fe:4a:66:03:32:86:
                    f7:c3:d0:66:0f:fe:e6:fe:eb:c7:d0:95:13:a8:41:
                    b5:07:dd:5a:83:40:bf:a1:91:94:0f:30:d9:c8:aa:
                    84:62:33:a5:0f:25:3b:69:9d:9b:5d:68:88:b5:0a:
                    c7:e1:19:31:0b:94:3f:8d:50:d3:36:70:d9:14:1c:
                    30:8e:36:90:83:99:bf:8b:50:90:f3:45:bb:e0:78:
                    33:6f:80:29:c1:60:a1:90:1a:6d:84:14:bf:4e:72:
                    f4:57:d2:1d:5f:46:0b:ba:59:1f:cf:d4:ce:52:ab:
                    0e:c5:af:88:07:c0:1f:99:29:bc:0f:6d:00:2e:b1:
                    89:78:10:53:1f:3b:d6:ac:52:da:6a:61:94:dd:76:
                    d7:9b:8f:1f:60:a1:e6:43:be:35:8a:94:45:67:06:
                    5c:c5:49:8a:1f:da:4e:45:2b:38:0a:d3:20:8b:3f:
                    72:f2:f2:4d:32:23:70:41:ea:21:d1:fd:5a:3b:5e:
                    c1:ca:a4:83:3a:d7:97:3f:e1:f6:d4:ea:4c:92:1a:
                    3a:e4:57:9e:27:8f:00:f6:8d:80:94:d8:ac:ed:86:
                    a4:5a:e4:1c:6a:a7:69:8f:3b:52:db:a4:40:2b:c1:
                    b2:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:F6:0E:C3:80:5E:61:5A:F8:64:05:12:67:FB:4D:87:04:DC:80:3D
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/CfYOw4BeYVr4ZAUSZ_tNhwTcgD0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.114.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:6e:8f:0f:64:3a:9a:60:ed:f6:38:dc:b0:38:0a:b5:ee:fd:
         96:98:7d:d5:26:f9:18:6a:8f:58:1d:97:a2:a4:91:8a:b7:01:
         7f:fa:23:e3:a7:42:02:0a:2c:e2:1d:b2:27:3b:06:c7:0b:f8:
         42:ed:37:eb:a9:7f:d7:9a:44:10:e7:6e:df:a4:1f:85:00:38:
         a2:b3:de:24:81:9d:f9:6e:e9:21:cf:52:00:81:62:5a:3e:ab:
         db:c4:ab:cf:89:57:6a:b6:b1:c8:c2:8c:a3:67:28:fb:ca:3d:
         99:6a:6c:11:9d:02:8e:56:26:e9:53:97:85:c3:76:1a:f0:69:
         a3:35:e2:b3:f6:c6:95:c6:89:4c:3a:b8:e5:cb:e3:28:62:48:
         88:10:b5:23:d5:a0:f2:e9:e0:ab:2f:d8:d5:04:08:26:77:72:
         26:5c:f3:42:82:f5:d7:e5:3a:d0:17:d4:48:c3:28:01:d7:4a:
         9a:be:2e:02:2d:cc:78:3d:93:5d:0b:29:b3:7c:ec:ea:ae:ac:
         1f:f2:d9:62:ba:25:7a:06:eb:78:d1:9e:72:f6:04:d1:4c:59:
         b9:59:8d:bc:cf:75:ed:51:b7:02:9d:2b:8d:f6:c3:5b:2d:5b:
         87:cc:71:85:ce:30:bf:11:13:3d:d1:4d:39:71:44:74:19:a2:
         df:7d:1d:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WQbs//XpBrGwo5xQ6RZqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjYwMTAxMDIxODAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWY2MGVjMzgwNWU2MTVhZjg2NDA1MTI2N2ZiNGQ4NzA0ZGM4MDNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyM9zoc56eUiTh1BMDdX2ye4ZND2y
Ho3+SmYDMob3w9BmD/7m/uvH0JUTqEG1B91ag0C/oZGUDzDZyKqEYjOlDyU7aZ2b
XWiItQrH4RkxC5Q/jVDTNnDZFBwwjjaQg5m/i1CQ80W74Hgzb4ApwWChkBpthBS/
TnL0V9IdX0YLulkfz9TOUqsOxa+IB8AfmSm8D20ALrGJeBBTHzvWrFLaamGU3XbX
m48fYKHmQ741ipRFZwZcxUmKH9pORSs4CtMgiz9y8vJNMiNwQeoh0f1aO17ByqSD
OteXP+H21OpMkho65FeeJ48A9o2AlNis7YakWuQcaqdpjztS26RAK8GymQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAn2DsOAXmFa+GQFEmf7TYcE3IA9MB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvQ2ZZT3c0QmVZVnI0WkFVU1pfdE5od1RjZ0QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvHJDMA0G
CSqGSIb3DQEBCwUAA4IBAQAXbo8PZDqaYO32ONywOAq17v2WmH3VJvkYao9YHZei
pJGKtwF/+iPjp0ICCiziHbInOwbHC/hC7TfrqX/XmkQQ527fpB+FADiis94kgZ35
bukhz1IAgWJaPqvbxKvPiVdqtrHIwoyjZyj7yj2ZamwRnQKOVibpU5eFw3Ya8Gmj
NeKz9saVxolMOrjly+MoYkiIELUj1aDy6eCrL9jVBAgmd3ImXPNCgvXX5TrQF9RI
wygB10qavi4CLcx4PZNdCymzfOzqrqwf8tliuiV6But40Z5y9gTRTFm5WY28z3Xt
UbcCnSuN9sNbLVuHzHGFzjC/ERM90U05cUR0GaLffR3A
-----END CERTIFICATE-----