This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/AFSCjuh7AfVopsTbDSgayu9zIW8.roa
File:                     AFSCjuh7AfVopsTbDSgayu9zIW8.roa (raw, json)
Hash identifier:          XO+OMGLrm/K5bTuZohfVujGS4p4G3sl3LlpzWWmW0kQ=
Subject key identifier:   00:54:82:8E:E8:7B:01:F5:68:A6:C4:DB:0D:28:1A:CA:EF:73:21:6F
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       019B77C6BF4D2ECF9217E37A89C760FF6EED
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/AFSCjuh7AfVopsTbDSgayu9zIW8.roa
Signing time:             Thu 01 Jan 2026 04:17:52 +0000
ROA not before:           Thu 01 Jan 2026 04:17:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215670
IP address blocks:        188.130.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:bf:4d:2e:cf:92:17:e3:7a:89:c7:60:ff:6e:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  1 04:17:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0054828ee87b01f568a6c4db0d281acaef73216f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:77:4f:2b:18:e4:72:54:7e:bb:14:85:f1:c4:
                    93:35:4a:8e:6b:44:41:77:35:8d:eb:3d:e9:7d:f8:
                    3a:e7:71:bb:8b:a9:45:ed:71:1d:c6:c0:29:56:b0:
                    e7:76:77:7c:93:be:ef:7d:3a:69:0e:d6:48:98:35:
                    14:9b:00:85:e7:89:34:e0:0d:96:34:14:f9:73:60:
                    a1:78:95:8f:92:01:ad:e2:9c:57:b0:3e:07:76:c2:
                    cd:88:ac:1a:63:fd:f8:5f:83:f9:be:c1:65:33:d3:
                    89:2b:31:02:44:ed:64:1d:fd:84:b7:1d:47:d9:9b:
                    13:7b:13:d6:be:ba:d8:fe:7a:3d:c6:c9:e4:9c:50:
                    88:b0:96:e7:a6:09:2f:18:bc:da:bd:56:ce:36:95:
                    5f:9e:ce:23:40:7c:ae:ef:02:a1:3b:40:30:b6:e4:
                    6c:de:85:99:40:b5:ef:35:ee:6c:64:26:b4:79:81:
                    3b:04:ef:2c:50:43:61:ae:08:78:b3:c5:78:d3:49:
                    59:d0:a7:80:aa:4d:4d:b0:2c:da:9f:3a:c1:f2:88:
                    3b:71:b8:ec:a7:dd:f5:49:77:58:32:24:ba:11:1d:
                    d5:4d:ae:30:69:be:53:46:76:ee:d4:d4:01:3a:e0:
                    4d:30:48:2c:ba:10:3e:2e:de:ad:f3:ba:9d:ff:95:
                    7e:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:54:82:8E:E8:7B:01:F5:68:A6:C4:DB:0D:28:1A:CA:EF:73:21:6F
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/AFSCjuh7AfVopsTbDSgayu9zIW8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.130.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:b9:7e:0d:db:d2:b8:87:09:b9:72:00:b2:55:0f:35:82:eb:
         69:6e:5d:52:9b:f9:b8:60:f0:71:d2:f4:d9:aa:5c:2b:25:79:
         07:ad:a6:d7:56:97:18:ca:f9:cf:ee:a7:b6:b0:c7:66:f6:f3:
         7f:90:f6:ce:8e:ba:f3:49:12:90:75:81:4f:07:38:6c:2c:6e:
         5e:b2:ba:b6:18:57:d3:4f:d5:02:6c:45:ff:40:6f:a3:cd:e1:
         d4:c8:54:56:44:17:25:bd:6e:37:6d:6a:f2:df:e4:aa:41:cc:
         81:60:37:e4:07:85:5c:4c:02:5b:9a:cc:bf:cb:f5:e0:08:63:
         13:8b:d0:94:6a:b9:3f:18:50:d1:94:2a:7e:7c:11:41:79:d8:
         57:27:80:41:fd:67:37:13:c4:d9:8c:50:f6:d7:02:8e:4c:04:
         ce:56:b8:05:11:fe:29:8a:a2:8e:a7:59:17:f9:b6:3f:22:51:
         31:09:41:6d:3d:e5:0f:f4:0e:5e:e6:71:86:66:70:1a:ed:b6:
         94:f5:cd:42:bc:29:d4:24:e0:cc:6c:39:d0:f9:eb:d4:23:11:
         7f:e3:80:54:2d:e0:09:82:61:39:6f:ff:48:b5:ea:8b:71:54:
         cf:79:9e:64:a5:b2:ec:11:1b:8b:d4:22:57:4b:48:30:14:5f:
         0e:1c:8e:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xr9NLs+SF+N6icdg/27tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjYwMTAxMDQxNzUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDU0ODI4ZWU4N2IwMWY1NjhhNmM0ZGIwZDI4MWFjYWVmNzMyMTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmHdPKxjkclR+uxSF8cSTNUqOa0RB
dzWN6z3pffg653G7i6lF7XEdxsApVrDndnd8k77vfTppDtZImDUUmwCF54k04A2W
NBT5c2CheJWPkgGt4pxXsD4HdsLNiKwaY/34X4P5vsFlM9OJKzECRO1kHf2Etx1H
2ZsTexPWvrrY/no9xsnknFCIsJbnpgkvGLzavVbONpVfns4jQHyu7wKhO0AwtuRs
3oWZQLXvNe5sZCa0eYE7BO8sUENhrgh4s8V400lZ0KeAqk1NsCzanzrB8og7cbjs
p931SXdYMiS6ER3VTa4wab5TRnbu1NQBOuBNMEgsuhA+Lt6t87qd/5V+3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFABUgo7oewH1aKbE2w0oGsrvcyFvMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvQUZTQ2p1aDdBZlZvcHNUYkRTZ2F5dTl6SVc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvILuMA0G
CSqGSIb3DQEBCwUAA4IBAQB3uX4N29K4hwm5cgCyVQ81gutpbl1Sm/m4YPBx0vTZ
qlwrJXkHrabXVpcYyvnP7qe2sMdm9vN/kPbOjrrzSRKQdYFPBzhsLG5esrq2GFfT
T9UCbEX/QG+jzeHUyFRWRBclvW43bWry3+SqQcyBYDfkB4VcTAJbmsy/y/XgCGMT
i9CUark/GFDRlCp+fBFBedhXJ4BB/Wc3E8TZjFD21wKOTATOVrgFEf4piqKOp1kX
+bY/IlExCUFtPeUP9A5e5nGGZnAa7baU9c1CvCnUJODMbDnQ+evUIxF/44BULeAJ
gmE5b/9IteqLcVTPeZ5kpbLsERuL1CJXS0gwFF8OHI6W
-----END CERTIFICATE-----