This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/L_d7sC1R-mbLzW9DrMzKNe6UOAg.roa
File:                     L_d7sC1R-mbLzW9DrMzKNe6UOAg.roa (raw, json)
Hash identifier:          YuFXusfcI5nio5zXfyLJHyv9wkoAQsqQQp2+ktVOe60=
Subject key identifier:   2F:F7:7B:B0:2D:51:FA:66:CB:CD:6F:43:AC:CC:CA:35:EE:94:38:08
Certificate issuer:       /CN=279669579b3ce61ee8ee7d6af7e314b0f726361f
Certificate serial:       019B7FF06ECC152FD8867F9C07B7AFE055EA
Authority key identifier: 27:96:69:57:9B:3C:E6:1E:E8:EE:7D:6A:F7:E3:14:B0:F7:26:36:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J5ZpV5s85h7o7n1q9-MUsPcmNh8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/L_d7sC1R-mbLzW9DrMzKNe6UOAg.roa
Signing time:             Fri 02 Jan 2026 18:20:22 +0000
ROA not before:           Fri 02 Jan 2026 18:20:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8400
IP address blocks:        185.129.120.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/J5ZpV5s85h7o7n1q9-MUsPcmNh8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/J5ZpV5s85h7o7n1q9-MUsPcmNh8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J5ZpV5s85h7o7n1q9-MUsPcmNh8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f0:6e:cc:15:2f:d8:86:7f:9c:07:b7:af:e0:55:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279669579b3ce61ee8ee7d6af7e314b0f726361f
        Validity
            Not Before: Jan  2 18:20:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2ff77bb02d51fa66cbcd6f43acccca35ee943808
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:b3:14:9f:02:de:4f:64:e7:b3:c8:90:3b:8d:
                    bd:87:4b:16:05:9e:59:1e:b2:c6:bf:25:9f:8e:ff:
                    ce:d8:1f:55:56:5a:01:f3:d7:09:ef:0f:7b:11:31:
                    e9:50:c4:63:f1:af:5a:76:96:66:5b:59:ef:3b:73:
                    d9:25:77:d6:9b:96:4b:f7:46:05:b8:b0:ba:c9:4c:
                    94:da:57:27:4f:05:6a:66:9b:f9:84:35:8e:ad:ec:
                    c2:cd:d4:ea:2b:10:35:c4:18:50:6b:7b:c8:cd:b3:
                    29:c2:14:34:e0:b8:ba:51:b8:78:eb:9b:fa:1b:a0:
                    e2:6e:04:b5:e0:85:a7:91:8f:2e:fd:60:df:72:38:
                    3f:e5:4d:89:85:35:b6:1f:cc:57:02:48:22:eb:88:
                    5e:b9:c6:ca:ce:2b:fa:4c:bd:af:29:4a:bd:d8:d5:
                    16:69:4f:c3:a3:63:b4:57:2f:af:8d:dc:ed:e7:1e:
                    49:38:52:f8:a8:89:63:0a:77:bd:94:c2:e8:ad:73:
                    60:39:a6:b8:2d:d6:ea:c6:de:50:d4:b3:93:0e:10:
                    03:87:8f:47:1e:17:9e:fe:8e:55:9a:47:db:cd:2c:
                    ec:dd:59:0e:73:b4:01:0f:74:b5:52:12:c0:0a:5a:
                    fc:a7:80:8f:3d:d5:e5:22:fa:e4:40:0f:8d:69:09:
                    23:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:F7:7B:B0:2D:51:FA:66:CB:CD:6F:43:AC:CC:CA:35:EE:94:38:08
            X509v3 Authority Key Identifier:
                keyid:27:96:69:57:9B:3C:E6:1E:E8:EE:7D:6A:F7:E3:14:B0:F7:26:36:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J5ZpV5s85h7o7n1q9-MUsPcmNh8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/L_d7sC1R-mbLzW9DrMzKNe6UOAg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/J5ZpV5s85h7o7n1q9-MUsPcmNh8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.129.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:eb:b2:3a:b8:e8:ca:81:9c:80:27:64:5d:4e:c8:76:b1:cb:
         63:f4:99:c1:08:db:3c:f4:28:6d:29:3e:d4:86:f3:f9:42:2c:
         10:30:4e:d1:c2:34:93:79:93:ba:4d:eb:64:5a:d0:e9:65:85:
         cd:6b:8d:c6:b8:98:3f:10:d0:cc:a4:5f:35:9e:1b:1c:a9:8c:
         9c:4c:ca:94:02:43:57:9e:0c:46:f7:a4:e3:59:aa:86:90:ec:
         52:cb:17:6f:e0:38:73:26:ec:66:51:94:a7:ee:f3:60:35:f2:
         3b:81:5e:84:97:84:27:71:c0:42:07:f9:18:48:da:d5:f2:8f:
         32:f0:d7:90:16:a8:19:f4:aa:68:1e:64:36:7b:35:fc:20:85:
         4a:f0:b9:7e:20:80:a9:92:b0:1d:82:d8:41:14:03:61:02:fc:
         49:6d:f5:80:fa:0b:76:73:0d:6b:97:f4:57:21:2a:26:42:97:
         c5:77:f1:3b:db:49:d4:64:5f:5f:ec:cf:4b:72:1c:d1:fe:87:
         7f:5a:27:25:e3:5e:62:35:b9:09:a3:11:dd:9c:72:d2:14:09:
         33:ff:cf:44:3e:71:24:e3:18:d8:1f:d2:4e:22:91:05:e6:61:
         ba:7d:d3:56:d6:30:b4:6d:0f:0e:dc:71:66:63:6c:6f:c8:c3:
         0d:6c:f2:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/8G7MFS/Yhn+cB7ev4FXqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OTY2OTU3OWIzY2U2MWVlOGVlN2Q2YWY3ZTMxNGIwZjcy
NjM2MWYwHhcNMjYwMTAyMTgyMDIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmY3N2JiMDJkNTFmYTY2Y2JjZDZmNDNhY2NjY2EzNWVlOTQzODA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuLMUnwLeT2Tns8iQO429h0sWBZ5Z
HrLGvyWfjv/O2B9VVloB89cJ7w97ETHpUMRj8a9adpZmW1nvO3PZJXfWm5ZL90YF
uLC6yUyU2lcnTwVqZpv5hDWOrezCzdTqKxA1xBhQa3vIzbMpwhQ04Li6Ubh465v6
G6DibgS14IWnkY8u/WDfcjg/5U2JhTW2H8xXAkgi64heucbKziv6TL2vKUq92NUW
aU/Do2O0Vy+vjdzt5x5JOFL4qIljCne9lMLorXNgOaa4Ldbqxt5Q1LOTDhADh49H
Hhee/o5VmkfbzSzs3VkOc7QBD3S1UhLAClr8p4CPPdXlIvrkQA+NaQkjHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC/3e7AtUfpmy81vQ6zMyjXulDgIMB8GA1UdIwQY
MBaAFCeWaVebPOYe6O59avfjFLD3JjYfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjVacFY1czg1aDdvN24xcTktTVVzUGNtTmg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS8xMTg0MTMtYjdhYS00NTljLTk5ZmEt
NGRlMWI1MjBhNTk0LzEvTF9kN3NDMVItbWJMelc5RHJNektOZTZVT0FnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS8xMTg0MTMtYjdhYS00NTljLTk5ZmEtNGRlMWI1MjBhNTk0
LzEvSjVacFY1czg1aDdvN24xcTktTVVzUGNtTmg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYF4MA0G
CSqGSIb3DQEBCwUAA4IBAQAq67I6uOjKgZyAJ2RdTsh2sctj9JnBCNs89ChtKT7U
hvP5QiwQME7RwjSTeZO6TetkWtDpZYXNa43GuJg/ENDMpF81nhscqYycTMqUAkNX
ngxG96TjWaqGkOxSyxdv4DhzJuxmUZSn7vNgNfI7gV6El4QnccBCB/kYSNrV8o8y
8NeQFqgZ9KpoHmQ2ezX8IIVK8Ll+IICpkrAdgthBFANhAvxJbfWA+gt2cw1rl/RX
ISomQpfFd/E720nUZF9f7M9LchzR/od/Wicl415iNbkJoxHdnHLSFAkz/89EPnEk
4xjYH9JOIpEF5mG6fdNW1jC0bQ8O3HFmY2xvyMMNbPIO
-----END CERTIFICATE-----