This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/6d7ecf-4b62-4367-9b50-064d7adf4be3/1/B8t2bBTkaLAR5TIW9fbMzDeK7wM.roa
File:                     B8t2bBTkaLAR5TIW9fbMzDeK7wM.roa (raw, json)
Hash identifier:          rEfJvzviw6ozBNoCBXd6KOO7hAZ89y6wXkNGYhrBaG0=
Subject key identifier:   07:CB:76:6C:14:E4:68:B0:11:E5:32:16:F5:F6:CC:CC:37:8A:EF:03
Certificate issuer:       /CN=71d83fd8dabfe14b174cccd35b35b80713334ba5
Certificate serial:       019B7F1580974887E59A75A2DF8376D7E762
Authority key identifier: 71:D8:3F:D8:DA:BF:E1:4B:17:4C:CC:D3:5B:35:B8:07:13:33:4B:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cdg_2Nq_4UsXTMzTWzW4BxMzS6U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/6d7ecf-4b62-4367-9b50-064d7adf4be3/1/B8t2bBTkaLAR5TIW9fbMzDeK7wM.roa
Signing time:             Fri 02 Jan 2026 14:21:14 +0000
ROA not before:           Fri 02 Jan 2026 14:21:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29119
IP address blocks:        103.152.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/6d7ecf-4b62-4367-9b50-064d7adf4be3/1/cdg_2Nq_4UsXTMzTWzW4BxMzS6U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/6d7ecf-4b62-4367-9b50-064d7adf4be3/1/cdg_2Nq_4UsXTMzTWzW4BxMzS6U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cdg_2Nq_4UsXTMzTWzW4BxMzS6U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:80:97:48:87:e5:9a:75:a2:df:83:76:d7:e7:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=71d83fd8dabfe14b174cccd35b35b80713334ba5
        Validity
            Not Before: Jan  2 14:21:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=07cb766c14e468b011e53216f5f6cccc378aef03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:a3:94:9d:39:0e:39:3c:6f:5a:a7:26:33:5e:
                    1b:00:53:0d:a1:c4:e0:bb:2d:c5:51:5b:39:90:59:
                    fe:b2:1e:e9:af:f4:74:c1:c1:31:f9:77:e9:63:ce:
                    3b:55:25:40:05:fd:be:ae:89:f7:1b:5d:85:d5:65:
                    fc:b6:bb:e5:2d:c4:b9:08:4b:bb:4a:21:43:36:06:
                    01:a2:ef:b9:1a:ff:f0:c9:a5:32:5c:de:2a:5f:e2:
                    b7:5e:64:76:67:75:82:d8:7e:ef:6c:78:b4:15:d9:
                    04:99:50:a4:95:54:54:a8:ff:98:9b:f4:b2:7b:3a:
                    66:4b:ee:d1:b4:fa:8a:33:e2:ce:77:28:54:4c:b8:
                    e5:27:6a:d9:61:6b:3f:25:97:13:99:8a:54:69:28:
                    86:f9:3d:90:3b:77:73:f0:5f:4e:76:17:c0:aa:cf:
                    df:e2:d1:11:ed:66:a8:dc:36:be:80:d6:ee:19:a4:
                    6b:80:ee:08:2f:81:59:e0:1d:26:08:f9:a9:66:e7:
                    40:b3:5e:2e:c2:43:06:5d:11:6e:71:c3:91:0b:ec:
                    22:9d:da:b1:a5:93:d5:24:95:03:5b:de:f7:01:60:
                    51:1e:16:61:c0:14:28:23:ce:40:e1:4b:81:8d:63:
                    9d:10:4d:1a:f6:e3:e3:e1:5b:48:5b:21:cb:f7:65:
                    5c:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:CB:76:6C:14:E4:68:B0:11:E5:32:16:F5:F6:CC:CC:37:8A:EF:03
            X509v3 Authority Key Identifier:
                keyid:71:D8:3F:D8:DA:BF:E1:4B:17:4C:CC:D3:5B:35:B8:07:13:33:4B:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cdg_2Nq_4UsXTMzTWzW4BxMzS6U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/6d7ecf-4b62-4367-9b50-064d7adf4be3/1/B8t2bBTkaLAR5TIW9fbMzDeK7wM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/6d7ecf-4b62-4367-9b50-064d7adf4be3/1/cdg_2Nq_4UsXTMzTWzW4BxMzS6U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.152.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:0e:b4:27:b5:e9:ad:b9:d0:e4:6f:c0:e1:1d:30:56:4e:80:
         42:a8:d3:e5:44:04:73:59:7f:e1:53:a9:8c:05:6d:b2:56:c6:
         94:4f:77:21:41:d8:fd:08:c5:80:dc:b1:97:ab:40:e2:a2:e2:
         43:5f:38:03:23:72:ca:47:a3:b9:52:06:b0:74:d3:3d:d0:15:
         af:1e:87:8a:1c:7a:30:09:21:24:6d:de:28:fc:49:99:0a:a6:
         5c:b4:09:e2:53:cf:d5:46:c0:80:ce:f3:48:53:61:66:b4:97:
         cd:b7:72:de:e4:84:8c:d3:23:62:cb:01:ca:63:cc:d8:42:c9:
         9e:ab:d2:fb:ea:2e:27:f0:f8:39:9d:65:41:22:62:b6:49:2f:
         9b:6e:78:74:37:24:90:89:2b:e1:bc:c6:52:8f:b9:d0:de:f2:
         11:3e:b1:5b:43:52:89:fe:e1:ba:9f:04:7e:ba:15:9e:d1:4f:
         69:07:40:c0:2b:ba:0b:84:ab:8b:20:55:20:d9:e7:52:ac:c9:
         c3:81:72:4a:07:fd:07:0f:9e:ff:4e:07:22:e7:15:24:6a:78:
         c3:cc:f6:5a:24:35:c6:9b:10:dd:64:0e:d1:7b:e2:7f:14:ef:
         64:4f:23:df:e1:a3:2e:22:66:17:3f:fe:23:8e:57:80:49:38:
         44:b2:27:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FYCXSIflmnWi34N21+diMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxZDgzZmQ4ZGFiZmUxNGIxNzRjY2NkMzViMzViODA3MTMz
MzRiYTUwHhcNMjYwMTAyMTQyMTE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2NiNzY2YzE0ZTQ2OGIwMTFlNTMyMTZmNWY2Y2NjYzM3OGFlZjAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApKOUnTkOOTxvWqcmM14bAFMNocTg
uy3FUVs5kFn+sh7pr/R0wcEx+XfpY847VSVABf2+ron3G12F1WX8trvlLcS5CEu7
SiFDNgYBou+5Gv/wyaUyXN4qX+K3XmR2Z3WC2H7vbHi0FdkEmVCklVRUqP+Ym/Sy
ezpmS+7RtPqKM+LOdyhUTLjlJ2rZYWs/JZcTmYpUaSiG+T2QO3dz8F9OdhfAqs/f
4tER7Wao3Da+gNbuGaRrgO4IL4FZ4B0mCPmpZudAs14uwkMGXRFuccORC+windqx
pZPVJJUDW973AWBRHhZhwBQoI85A4UuBjWOdEE0a9uPj4VtIWyHL92VcnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAfLdmwU5GiwEeUyFvX2zMw3iu8DMB8GA1UdIwQY
MBaAFHHYP9jav+FLF0zM01s1uAcTM0ulMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2RnXzJOcV80VXNYVE16VFd6VzRCeE16UzZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny82ZDdlY2YtNGI2Mi00MzY3LTliNTAt
MDY0ZDdhZGY0YmUzLzEvQjh0MmJCVGthTEFSNVRJVzlmYk16RGVLN3dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny82ZDdlY2YtNGI2Mi00MzY3LTliNTAtMDY0ZDdhZGY0YmUz
LzEvY2RnXzJOcV80VXNYVE16VFd6VzRCeE16UzZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ5gBMA0G
CSqGSIb3DQEBCwUAA4IBAQBSDrQntemtudDkb8DhHTBWToBCqNPlRARzWX/hU6mM
BW2yVsaUT3chQdj9CMWA3LGXq0DiouJDXzgDI3LKR6O5UgawdNM90BWvHoeKHHow
CSEkbd4o/EmZCqZctAniU8/VRsCAzvNIU2FmtJfNt3Le5ISM0yNiywHKY8zYQsme
q9L76i4n8Pg5nWVBImK2SS+bbnh0NySQiSvhvMZSj7nQ3vIRPrFbQ1KJ/uG6nwR+
uhWe0U9pB0DAK7oLhKuLIFUg2edSrMnDgXJKB/0HD57/Tgci5xUkanjDzPZaJDXG
mxDdZA7Re+J/FO9kTyPf4aMuImYXP/4jjleASThEsicw
-----END CERTIFICATE-----