This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/8Gf4ilOOHDPy8ShRA6DADyswUBw.roa
File:                     8Gf4ilOOHDPy8ShRA6DADyswUBw.roa (raw, json)
Hash identifier:          Gg3fjKtbtCo3yrbVLuhlxWrBwdUSi5rHbyxOcOG2L30=
Subject key identifier:   F0:67:F8:8A:53:8E:1C:33:F2:F1:28:51:03:A0:C0:0F:2B:30:50:1C
Certificate issuer:       /CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
Certificate serial:       019B7C1284832DDC811E8CD0E3121B5B1A72
Authority key identifier: 07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/8Gf4ilOOHDPy8ShRA6DADyswUBw.roa
Signing time:             Fri 02 Jan 2026 00:19:06 +0000
ROA not before:           Fri 02 Jan 2026 00:19:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49418
IP address blocks:        87.251.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:84:83:2d:dc:81:1e:8c:d0:e3:12:1b:5b:1a:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
        Validity
            Not Before: Jan  2 00:19:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f067f88a538e1c33f2f1285103a0c00f2b30501c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:fa:81:3c:89:4f:17:39:fc:3e:67:47:43:4e:
                    b2:b6:71:7c:9a:9a:24:c2:0b:d4:ea:ea:f7:5c:da:
                    c0:45:e3:2c:fd:21:0a:df:15:f9:83:e2:68:42:84:
                    64:0c:ea:8d:72:64:2e:14:bd:35:dd:67:96:4c:ed:
                    68:10:69:e0:d6:f9:5f:20:0b:55:3b:3f:8a:36:a7:
                    63:24:e1:23:ca:ca:41:2b:5b:5d:9e:b9:64:80:b1:
                    19:64:0a:19:df:ce:d3:97:4a:87:0f:b9:68:f1:11:
                    c6:28:58:7f:cf:f0:ab:be:2a:4a:be:7b:04:2b:0a:
                    6e:29:0a:3a:63:9d:c6:c8:db:ba:13:5a:f7:e8:01:
                    7b:ea:ff:18:ee:70:1d:e3:ca:f1:b7:61:b1:de:06:
                    8d:13:08:a8:af:0a:0f:87:15:d6:cd:2c:aa:d7:09:
                    62:31:b1:fa:bf:19:05:f0:4c:76:ad:fb:23:f0:4a:
                    65:16:a6:d2:ad:0c:99:aa:59:95:58:e8:62:b5:14:
                    d8:28:67:e8:19:c3:d6:4d:a7:6e:1b:ba:e7:8c:9a:
                    1c:ee:a7:4f:90:70:e2:ed:10:37:e7:25:ff:4f:18:
                    f3:14:f8:69:29:4f:6d:0b:1a:0f:15:fa:3f:ba:80:
                    69:9e:2f:41:40:44:7a:5b:42:8c:aa:1b:2b:3c:ec:
                    20:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:67:F8:8A:53:8E:1C:33:F2:F1:28:51:03:A0:C0:0F:2B:30:50:1C
            X509v3 Authority Key Identifier:
                keyid:07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/8Gf4ilOOHDPy8ShRA6DADyswUBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.251.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:e7:1f:f7:5b:ef:57:0d:ea:15:91:14:9a:70:83:dd:64:b4:
         8e:61:a3:3c:ae:67:55:06:e7:9d:b9:d1:3d:79:62:b1:74:72:
         d6:8f:48:ab:d3:f5:d7:49:46:fa:3a:77:a5:46:5e:27:11:f3:
         69:f7:3d:69:29:e2:ce:31:c7:2c:56:4d:f2:22:04:89:7e:2f:
         de:b1:c0:14:ee:f6:c9:da:2c:5e:38:3f:94:20:49:7a:fc:86:
         d3:f1:2f:e2:09:0f:5d:14:c2:c5:84:8f:5d:4d:18:94:24:3f:
         89:27:e5:b3:f9:55:6f:7e:36:95:6a:27:e7:99:3e:ae:42:77:
         5e:e4:a7:95:cf:bc:eb:72:e9:d3:9a:84:cd:21:12:60:b7:04:
         e2:62:3b:15:f8:a2:d5:f1:66:a9:c3:73:63:5d:96:9f:3b:87:
         13:73:fa:85:1b:0d:c6:fd:6a:35:b0:a2:8b:3d:03:94:8f:82:
         1c:15:8a:b0:c0:4c:ac:40:b5:80:a0:53:b8:b4:44:91:c3:48:
         b6:e5:5f:38:27:5a:03:2e:9f:65:83:84:99:94:92:24:9c:8d:
         63:a8:cd:e9:e8:5f:bc:72:2c:69:c5:98:6b:e4:af:d2:17:5d:
         be:5b:f4:6e:43:51:78:64:a1:e9:f9:4f:fb:7c:63:87:78:00:
         2e:f4:ca:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EoSDLdyBHozQ4xIbWxpyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3M2I0YzEyNDhjNGJjZjIyYjA1NzdkZmNhOWIxNGQ5MDYz
YzI4YzAwHhcNMjYwMTAyMDAxOTA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDY3Zjg4YTUzOGUxYzMzZjJmMTI4NTEwM2EwYzAwZjJiMzA1MDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8PqBPIlPFzn8PmdHQ06ytnF8mpok
wgvU6ur3XNrAReMs/SEK3xX5g+JoQoRkDOqNcmQuFL013WeWTO1oEGng1vlfIAtV
Oz+KNqdjJOEjyspBK1tdnrlkgLEZZAoZ387Tl0qHD7lo8RHGKFh/z/CrvipKvnsE
KwpuKQo6Y53GyNu6E1r36AF76v8Y7nAd48rxt2Gx3gaNEwiorwoPhxXWzSyq1wli
MbH6vxkF8Ex2rfsj8EplFqbSrQyZqlmVWOhitRTYKGfoGcPWTaduG7rnjJoc7qdP
kHDi7RA35yX/TxjzFPhpKU9tCxoPFfo/uoBpni9BQER6W0KMqhsrPOwgqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPBn+IpTjhwz8vEoUQOgwA8rMFAcMB8GA1UdIwQY
MBaAFAc7TBJIxLzyKwV338qbFNkGPCjAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQt
YThkMzYxY2U2NGFhLzEvOEdmNGlsT09IRFB5OFNoUkE2REFEeXN3VUJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQtYThkMzYxY2U2NGFh
LzEvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/tZMA0G
CSqGSIb3DQEBCwUAA4IBAQBG5x/3W+9XDeoVkRSacIPdZLSOYaM8rmdVBuedudE9
eWKxdHLWj0ir0/XXSUb6OnelRl4nEfNp9z1pKeLOMccsVk3yIgSJfi/escAU7vbJ
2ixeOD+UIEl6/IbT8S/iCQ9dFMLFhI9dTRiUJD+JJ+Wz+VVvfjaVaifnmT6uQnde
5KeVz7zrcunTmoTNIRJgtwTiYjsV+KLV8Wapw3NjXZafO4cTc/qFGw3G/Wo1sKKL
PQOUj4IcFYqwwEysQLWAoFO4tESRw0i25V84J1oDLp9lg4SZlJIknI1jqM3p6F+8
cixpxZhr5K/SF12+W/RuQ1F4ZKHp+U/7fGOHeAAu9MpQ
-----END CERTIFICATE-----