This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/5873c4-b5e5-497e-9242-fe0b2226cfb3/1/8r77MtNd6JHrFBBnLm_5J_BuAIQ.roa
File:                     8r77MtNd6JHrFBBnLm_5J_BuAIQ.roa (raw, json)
Hash identifier:          VZcgGbj6NNnM5Pi5ovNgKWOCK7R74IyyThYZ0XXcsZw=
Subject key identifier:   F2:BE:FB:32:D3:5D:E8:91:EB:14:10:67:2E:6F:F9:27:F0:6E:00:84
Certificate issuer:       /CN=f266a0f986f21945c80d831567baf29620107adc
Certificate serial:       019B79ECD94C3A5E53149BCE4883B108191E
Authority key identifier: F2:66:A0:F9:86:F2:19:45:C8:0D:83:15:67:BA:F2:96:20:10:7A:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8mag-YbyGUXIDYMVZ7ryliAQetw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/5873c4-b5e5-497e-9242-fe0b2226cfb3/1/8r77MtNd6JHrFBBnLm_5J_BuAIQ.roa
Signing time:             Thu 01 Jan 2026 14:18:43 +0000
ROA not before:           Thu 01 Jan 2026 14:18:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61231
IP address blocks:        212.162.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/5873c4-b5e5-497e-9242-fe0b2226cfb3/1/8mag-YbyGUXIDYMVZ7ryliAQetw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/5873c4-b5e5-497e-9242-fe0b2226cfb3/1/8mag-YbyGUXIDYMVZ7ryliAQetw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8mag-YbyGUXIDYMVZ7ryliAQetw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:d9:4c:3a:5e:53:14:9b:ce:48:83:b1:08:19:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f266a0f986f21945c80d831567baf29620107adc
        Validity
            Not Before: Jan  1 14:18:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f2befb32d35de891eb1410672e6ff927f06e0084
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:44:4c:6a:55:f4:7c:76:ff:b7:e2:b1:9d:18:
                    8d:36:39:66:ca:c2:67:81:c0:68:da:bb:85:a7:1d:
                    94:48:fc:fa:fe:30:15:af:e6:f3:5f:19:c9:5c:6b:
                    75:24:8d:14:cf:55:58:80:ac:d6:44:a1:21:4e:ac:
                    b1:1e:7a:63:40:48:7f:3a:91:7c:1e:1f:dd:42:51:
                    64:48:6f:75:0d:2e:33:fd:4a:d6:28:4a:f1:57:1b:
                    40:d3:64:4b:08:e1:ff:0a:95:91:14:45:d7:3b:68:
                    0c:1a:38:9c:1d:d7:2b:2e:3a:d9:6d:b9:b5:54:03:
                    4d:29:80:45:f1:70:8c:84:3a:81:86:03:de:c7:5a:
                    33:c2:bf:d7:3e:21:f8:77:49:7a:ac:02:94:f2:38:
                    f2:e8:dd:72:35:6c:db:08:06:24:67:22:b2:c7:4a:
                    0e:b2:ff:ee:5f:cd:bb:e5:92:4f:8a:30:69:b7:34:
                    14:77:81:e1:23:d7:69:ce:78:23:6d:8d:9c:c7:cb:
                    e0:db:3a:06:92:1c:45:58:f7:a3:2a:80:5a:9e:34:
                    49:52:2f:6d:39:d6:42:3b:a7:44:c5:47:35:c8:31:
                    be:47:b4:32:1b:e6:f7:4f:51:9f:e7:f1:24:3c:f0:
                    b2:8d:a3:e4:06:08:1b:7b:6b:88:fc:35:19:bc:24:
                    0d:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:BE:FB:32:D3:5D:E8:91:EB:14:10:67:2E:6F:F9:27:F0:6E:00:84
            X509v3 Authority Key Identifier:
                keyid:F2:66:A0:F9:86:F2:19:45:C8:0D:83:15:67:BA:F2:96:20:10:7A:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8mag-YbyGUXIDYMVZ7ryliAQetw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/5873c4-b5e5-497e-9242-fe0b2226cfb3/1/8r77MtNd6JHrFBBnLm_5J_BuAIQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/5873c4-b5e5-497e-9242-fe0b2226cfb3/1/8mag-YbyGUXIDYMVZ7ryliAQetw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.162.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:91:48:2c:30:83:a2:ee:5e:80:ff:88:9e:3d:70:41:ad:01:
         01:40:f1:16:04:1d:22:a1:93:6e:26:b1:2e:43:7a:ad:63:e5:
         b3:d1:09:da:46:4b:90:a9:76:32:0d:ab:19:68:28:a2:36:8a:
         44:0b:5f:22:ee:2e:25:2f:45:94:c5:93:91:cb:fb:bf:48:42:
         eb:09:05:0b:72:17:7f:03:85:87:ed:3f:4e:ff:d5:d3:6e:c6:
         c8:dd:95:ca:bf:95:d1:08:20:c3:9c:fb:94:b6:4d:00:fe:e7:
         9d:02:86:6c:b5:54:4e:10:0c:75:64:2e:1c:b6:d1:72:fd:20:
         9d:62:6b:78:1f:6f:ba:f1:29:5c:74:67:8e:6c:5e:0c:c1:47:
         84:34:1d:8f:53:64:4b:e7:99:4e:d7:cf:cc:7f:71:d8:db:5c:
         11:b7:58:d4:06:2c:8d:5c:10:88:63:57:00:ad:80:fb:b9:8c:
         f9:f5:53:fe:2e:f4:73:92:32:12:7c:1b:0f:47:8f:d5:a5:33:
         18:72:5e:a6:fb:f4:51:91:2c:2d:60:1a:5f:85:11:2e:1c:4c:
         ec:d0:1e:c7:88:a3:ca:1e:34:92:ca:3a:72:32:0b:fd:86:db:
         4a:d9:cd:5d:53:c4:df:0e:94:f1:3e:6c:41:2f:10:c9:33:a7:
         af:57:de:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57NlMOl5TFJvOSIOxCBkeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyNjZhMGY5ODZmMjE5NDVjODBkODMxNTY3YmFmMjk2MjAx
MDdhZGMwHhcNMjYwMTAxMTQxODQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmJlZmIzMmQzNWRlODkxZWIxNDEwNjcyZTZmZjkyN2YwNmUwMDg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAukRMalX0fHb/t+KxnRiNNjlmysJn
gcBo2ruFpx2USPz6/jAVr+bzXxnJXGt1JI0Uz1VYgKzWRKEhTqyxHnpjQEh/OpF8
Hh/dQlFkSG91DS4z/UrWKErxVxtA02RLCOH/CpWRFEXXO2gMGjicHdcrLjrZbbm1
VANNKYBF8XCMhDqBhgPex1ozwr/XPiH4d0l6rAKU8jjy6N1yNWzbCAYkZyKyx0oO
sv/uX8275ZJPijBptzQUd4HhI9dpzngjbY2cx8vg2zoGkhxFWPejKoBanjRJUi9t
OdZCO6dExUc1yDG+R7QyG+b3T1Gf5/EkPPCyjaPkBggbe2uI/DUZvCQNSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPK++zLTXeiR6xQQZy5v+SfwbgCEMB8GA1UdIwQY
MBaAFPJmoPmG8hlFyA2DFWe68pYgEHrcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOG1hZy1ZYnlHVVhJRFlNVlo3cnlsaUFRZXR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS81ODczYzQtYjVlNS00OTdlLTkyNDIt
ZmUwYjIyMjZjZmIzLzEvOHI3N010TmQ2SkhyRkJCbkxtXzVKX0J1QUlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS81ODczYzQtYjVlNS00OTdlLTkyNDItZmUwYjIyMjZjZmIz
LzEvOG1hZy1ZYnlHVVhJRFlNVlo3cnlsaUFRZXR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1KKBMA0G
CSqGSIb3DQEBCwUAA4IBAQBCkUgsMIOi7l6A/4iePXBBrQEBQPEWBB0ioZNuJrEu
Q3qtY+Wz0QnaRkuQqXYyDasZaCiiNopEC18i7i4lL0WUxZORy/u/SELrCQULchd/
A4WH7T9O/9XTbsbI3ZXKv5XRCCDDnPuUtk0A/uedAoZstVROEAx1ZC4cttFy/SCd
Ymt4H2+68SlcdGeObF4MwUeENB2PU2RL55lO18/Mf3HY21wRt1jUBiyNXBCIY1cA
rYD7uYz59VP+LvRzkjISfBsPR4/VpTMYcl6m+/RRkSwtYBpfhREuHEzs0B7HiKPK
HjSSyjpyMgv9httK2c1dU8TfDpTxPmxBLxDJM6evV941
-----END CERTIFICATE-----