This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/6a9cf9-c0cc-4011-860e-4685782ac2c3/1/cHfaPvW5Vud_9pj79Xxvj7kuddE.roa
File:                     cHfaPvW5Vud_9pj79Xxvj7kuddE.roa (raw, json)
Hash identifier:          bGFOgs4ZrshgcJyva0SGzm2fyOyJP6p6s4rmZXREF64=
Subject key identifier:   70:77:DA:3E:F5:B9:56:E7:7F:F6:98:FB:F5:7C:6F:8F:B9:2E:75:D1
Certificate issuer:       /CN=753d476db96de1e58623119a70b9d7b00b676da0
Certificate serial:       019B7D5CBFC4386E9A632425E6F1F39225CD
Authority key identifier: 75:3D:47:6D:B9:6D:E1:E5:86:23:11:9A:70:B9:D7:B0:0B:67:6D:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dT1Hbblt4eWGIxGacLnXsAtnbaA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/6a9cf9-c0cc-4011-860e-4685782ac2c3/1/cHfaPvW5Vud_9pj79Xxvj7kuddE.roa
Signing time:             Fri 02 Jan 2026 06:19:48 +0000
ROA not before:           Fri 02 Jan 2026 06:19:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20980
IP address blocks:        193.108.8.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/6a9cf9-c0cc-4011-860e-4685782ac2c3/1/dT1Hbblt4eWGIxGacLnXsAtnbaA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/6a9cf9-c0cc-4011-860e-4685782ac2c3/1/dT1Hbblt4eWGIxGacLnXsAtnbaA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dT1Hbblt4eWGIxGacLnXsAtnbaA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 21:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5c:bf:c4:38:6e:9a:63:24:25:e6:f1:f3:92:25:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=753d476db96de1e58623119a70b9d7b00b676da0
        Validity
            Not Before: Jan  2 06:19:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7077da3ef5b956e77ff698fbf57c6f8fb92e75d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:ca:33:d1:f4:1e:06:a7:97:c1:61:04:80:7d:
                    8e:c0:b1:1f:d0:bf:81:c9:83:fd:1a:ae:23:55:f5:
                    ee:23:ae:68:fe:e5:8d:7b:06:df:c0:78:c3:f5:80:
                    ca:fe:2b:08:07:9f:88:c2:c7:ff:4f:2e:1c:71:f2:
                    cc:4c:b7:24:75:a0:c2:1d:e9:3b:6a:cc:e9:4d:6d:
                    76:4d:65:92:19:bd:09:e1:b3:b3:d7:9f:c7:d4:1f:
                    c9:e3:15:79:ad:4b:90:20:ca:27:94:f8:05:c4:53:
                    19:7a:ec:10:15:ed:5e:26:08:a0:9d:9f:94:0e:f6:
                    77:a1:61:3a:52:05:e4:d3:d0:1f:2a:f8:9e:89:78:
                    91:f8:23:63:83:15:aa:33:af:1a:41:47:dc:72:6a:
                    88:d3:79:40:5d:51:7e:4d:58:70:c3:3f:f6:08:1e:
                    3f:ba:33:b9:51:05:54:f3:98:2a:db:12:cf:75:d2:
                    13:ae:c1:d9:4e:ad:d4:08:4e:0b:2f:7e:8d:b9:5a:
                    b7:f0:6e:2d:c4:82:4d:43:5a:d4:41:b9:4b:91:a2:
                    39:c3:de:26:3e:a6:4c:17:19:91:ad:aa:51:c6:f8:
                    87:63:1d:04:49:0b:47:82:d1:b9:99:51:f2:ed:39:
                    1e:62:fa:59:28:5b:85:51:0a:49:9b:cb:38:75:ad:
                    6d:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:77:DA:3E:F5:B9:56:E7:7F:F6:98:FB:F5:7C:6F:8F:B9:2E:75:D1
            X509v3 Authority Key Identifier:
                keyid:75:3D:47:6D:B9:6D:E1:E5:86:23:11:9A:70:B9:D7:B0:0B:67:6D:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dT1Hbblt4eWGIxGacLnXsAtnbaA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/6a9cf9-c0cc-4011-860e-4685782ac2c3/1/cHfaPvW5Vud_9pj79Xxvj7kuddE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/6a9cf9-c0cc-4011-860e-4685782ac2c3/1/dT1Hbblt4eWGIxGacLnXsAtnbaA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.108.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         3e:48:16:a1:fc:00:cb:12:65:50:bc:0e:32:ed:f9:41:73:0c:
         2a:6f:19:29:14:ed:4f:d7:f9:32:39:2b:c9:4f:ce:e4:30:e7:
         b7:33:df:2e:57:03:6d:e9:9f:f1:c4:27:2a:0b:9f:80:63:6d:
         18:cf:88:f2:f1:00:57:2a:4b:1f:de:2b:f5:09:72:98:c7:4c:
         d5:d9:02:95:8f:57:69:b8:9e:dc:cd:4e:93:21:b4:47:c7:31:
         90:31:92:0d:59:ac:b2:c9:fb:de:47:bb:c0:9e:c4:74:72:66:
         50:22:b8:6f:dd:e2:84:5e:0f:48:8e:8e:a8:d0:db:58:2b:22:
         f3:34:63:e3:77:40:66:b1:24:f3:70:c2:66:42:78:43:96:7b:
         2b:f1:da:8e:64:09:68:27:30:70:34:9e:69:94:22:11:24:7a:
         85:7a:4a:66:1b:3b:27:be:ce:3f:3b:40:08:6d:f2:8f:69:2e:
         21:1d:52:ad:d7:75:7b:56:da:ad:5f:66:80:4f:ee:8f:09:12:
         c8:5c:e0:68:89:41:16:58:c4:44:d7:6d:ed:a3:48:e4:9c:3b:
         f1:f2:8b:b3:68:1d:6b:1a:47:ac:51:b4:de:97:c0:46:e6:bb:
         fe:15:94:77:0b:ac:25:c9:fe:44:79:9c:aa:84:d6:03:86:96:
         de:3d:58:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XL/EOG6aYyQl5vHzkiXNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1M2Q0NzZkYjk2ZGUxZTU4NjIzMTE5YTcwYjlkN2IwMGI2
NzZkYTAwHhcNMjYwMTAyMDYxOTQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDc3ZGEzZWY1Yjk1NmU3N2ZmNjk4ZmJmNTdjNmY4ZmI5MmU3NWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAucoz0fQeBqeXwWEEgH2OwLEf0L+B
yYP9Gq4jVfXuI65o/uWNewbfwHjD9YDK/isIB5+Iwsf/Ty4ccfLMTLckdaDCHek7
aszpTW12TWWSGb0J4bOz15/H1B/J4xV5rUuQIMonlPgFxFMZeuwQFe1eJgignZ+U
DvZ3oWE6UgXk09AfKvieiXiR+CNjgxWqM68aQUfccmqI03lAXVF+TVhwwz/2CB4/
ujO5UQVU85gq2xLPddITrsHZTq3UCE4LL36NuVq38G4txIJNQ1rUQblLkaI5w94m
PqZMFxmRrapRxviHYx0ESQtHgtG5mVHy7TkeYvpZKFuFUQpJm8s4da1tlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHB32j71uVbnf/aY+/V8b4+5LnXRMB8GA1UdIwQY
MBaAFHU9R225beHlhiMRmnC517ALZ22gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFQxSGJibHQ0ZVdHSXhHYWNMblhzQXRuYmFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi82YTljZjktYzBjYy00MDExLTg2MGUt
NDY4NTc4MmFjMmMzLzEvY0hmYVB2VzVWdWRfOXBqNzlYeHZqN2t1ZGRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi82YTljZjktYzBjYy00MDExLTg2MGUtNDY4NTc4MmFjMmMz
LzEvZFQxSGJibHQ0ZVdHSXhHYWNMblhzQXRuYmFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDwWwIMA0G
CSqGSIb3DQEBCwUAA4IBAQA+SBah/ADLEmVQvA4y7flBcwwqbxkpFO1P1/kyOSvJ
T87kMOe3M98uVwNt6Z/xxCcqC5+AY20Yz4jy8QBXKksf3iv1CXKYx0zV2QKVj1dp
uJ7czU6TIbRHxzGQMZINWayyyfveR7vAnsR0cmZQIrhv3eKEXg9Ijo6o0NtYKyLz
NGPjd0BmsSTzcMJmQnhDlnsr8dqOZAloJzBwNJ5plCIRJHqFekpmGzsnvs4/O0AI
bfKPaS4hHVKt13V7VtqtX2aAT+6PCRLIXOBoiUEWWMRE123to0jknDvx8ouzaB1r
GkesUbTel8BG5rv+FZR3C6wlyf5EeZyqhNYDhpbePViB
-----END CERTIFICATE-----