This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/a25f89-639b-4f9e-ac9d-7d928c131724/1/8_gr7ArTRAbIwtF4BAs2Yb1Q5X8.roa
File:                     8_gr7ArTRAbIwtF4BAs2Yb1Q5X8.roa (raw, json)
Hash identifier:          mNo3tCakCblgrlbHW+icbibgZLAMJGmCUvTiUz7GkBc=
Subject key identifier:   F3:F8:2B:EC:0A:D3:44:06:C8:C2:D1:78:04:0B:36:61:BD:50:E5:7F
Certificate issuer:       /CN=f07fa98d521d84c28daec8a89f7488bbce800215
Certificate serial:       019B7F1480C49BD7ACC11041818A0AF885AC
Authority key identifier: F0:7F:A9:8D:52:1D:84:C2:8D:AE:C8:A8:9F:74:88:BB:CE:80:02:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8H-pjVIdhMKNrsion3SIu86AAhU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/a25f89-639b-4f9e-ac9d-7d928c131724/1/8_gr7ArTRAbIwtF4BAs2Yb1Q5X8.roa
Signing time:             Fri 02 Jan 2026 14:20:08 +0000
ROA not before:           Fri 02 Jan 2026 14:20:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213641
IP address blocks:        194.169.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/a25f89-639b-4f9e-ac9d-7d928c131724/1/8H-pjVIdhMKNrsion3SIu86AAhU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/a25f89-639b-4f9e-ac9d-7d928c131724/1/8H-pjVIdhMKNrsion3SIu86AAhU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8H-pjVIdhMKNrsion3SIu86AAhU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:14:80:c4:9b:d7:ac:c1:10:41:81:8a:0a:f8:85:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f07fa98d521d84c28daec8a89f7488bbce800215
        Validity
            Not Before: Jan  2 14:20:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f3f82bec0ad34406c8c2d178040b3661bd50e57f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:6e:f0:63:66:57:29:2c:9b:e9:01:da:7f:c3:
                    28:34:bc:95:75:ae:ae:bd:98:0f:05:0f:33:17:66:
                    23:77:c1:4c:15:06:70:6d:b1:4b:60:a1:d0:fa:7f:
                    d6:f2:17:61:f6:64:7a:a8:74:c2:a8:d2:6b:d6:e1:
                    40:ea:7b:78:3e:76:9d:4b:34:04:23:e2:2a:2c:60:
                    e3:46:a9:04:bd:f2:b8:ed:33:13:df:e3:9c:f6:34:
                    5d:cf:7b:b5:f6:ab:f2:19:d9:98:25:14:f9:35:eb:
                    8e:cd:1f:8a:2c:46:c7:9b:52:bb:7a:d7:53:29:a5:
                    f3:e4:dc:64:df:c0:33:c8:d1:3a:f3:47:34:51:29:
                    2a:9f:83:ec:41:9e:01:85:65:82:eb:c5:56:e0:e4:
                    41:db:d8:c4:bd:9c:ca:12:55:98:55:f3:78:55:a1:
                    61:bc:f7:e4:c0:45:02:f3:fb:c0:52:e5:5a:99:b7:
                    df:d8:c0:d8:b1:ce:db:11:8b:02:98:8f:ae:1b:48:
                    9f:cf:a8:a6:ce:2c:64:59:83:a3:e8:de:ad:69:86:
                    b6:21:56:17:bd:54:6b:ea:b3:e0:6a:0c:81:f3:51:
                    69:3d:d9:1c:8a:a6:7a:04:f7:50:70:dc:c9:ba:a8:
                    11:f2:61:d9:17:df:17:8b:9e:24:2a:bc:de:8b:72:
                    5c:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:F8:2B:EC:0A:D3:44:06:C8:C2:D1:78:04:0B:36:61:BD:50:E5:7F
            X509v3 Authority Key Identifier:
                keyid:F0:7F:A9:8D:52:1D:84:C2:8D:AE:C8:A8:9F:74:88:BB:CE:80:02:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8H-pjVIdhMKNrsion3SIu86AAhU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/a25f89-639b-4f9e-ac9d-7d928c131724/1/8_gr7ArTRAbIwtF4BAs2Yb1Q5X8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/a25f89-639b-4f9e-ac9d-7d928c131724/1/8H-pjVIdhMKNrsion3SIu86AAhU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.169.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:1b:d7:5e:ff:57:e1:d7:1a:56:b8:dd:51:14:f9:5c:e7:16:
         ff:64:db:6b:19:28:7e:45:8e:d2:cf:7f:eb:28:a0:21:b7:0d:
         40:60:de:19:3d:b7:ba:7c:90:ad:d9:eb:67:a2:26:79:d3:27:
         ca:9d:2e:a1:0b:08:4a:fb:21:cf:98:7f:dd:c7:fc:1c:9b:49:
         74:1e:bd:eb:66:38:f2:e7:ac:1e:fa:6f:be:6d:a6:51:bc:48:
         0a:bb:1d:b5:a9:c0:86:50:21:49:3f:ac:ef:21:d6:50:2c:6d:
         2e:34:18:0e:52:fe:1e:c7:28:68:d4:f1:bf:6c:18:33:af:db:
         1e:fd:5e:73:1d:1d:a7:0a:9f:7f:49:96:8d:db:24:98:b9:82:
         3f:84:5c:33:7b:b4:25:30:fb:2a:28:82:d3:99:f9:cb:23:6e:
         30:67:9d:c7:22:df:dd:4c:d0:e1:fd:65:ff:8d:be:f1:75:18:
         d0:fe:e8:77:c6:91:63:de:02:9e:6d:db:a4:f0:86:ba:d2:d7:
         bb:3e:9a:ba:e8:f6:fd:52:95:4f:c4:17:ca:66:44:07:58:9d:
         2c:61:d8:97:d5:50:11:3c:11:50:3d:d4:d7:7a:27:29:e3:91:
         07:92:74:1b:10:c4:4d:3f:36:60:e4:55:e4:b7:10:11:7f:ab:
         96:50:e9:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FIDEm9eswRBBgYoK+IWsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwN2ZhOThkNTIxZDg0YzI4ZGFlYzhhODlmNzQ4OGJiY2U4
MDAyMTUwHhcNMjYwMTAyMTQyMDA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2Y4MmJlYzBhZDM0NDA2YzhjMmQxNzgwNDBiMzY2MWJkNTBlNTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmW7wY2ZXKSyb6QHaf8MoNLyVda6u
vZgPBQ8zF2Yjd8FMFQZwbbFLYKHQ+n/W8hdh9mR6qHTCqNJr1uFA6nt4PnadSzQE
I+IqLGDjRqkEvfK47TMT3+Oc9jRdz3u19qvyGdmYJRT5NeuOzR+KLEbHm1K7etdT
KaXz5Nxk38AzyNE680c0USkqn4PsQZ4BhWWC68VW4ORB29jEvZzKElWYVfN4VaFh
vPfkwEUC8/vAUuVambff2MDYsc7bEYsCmI+uG0ifz6imzixkWYOj6N6taYa2IVYX
vVRr6rPgagyB81FpPdkciqZ6BPdQcNzJuqgR8mHZF98Xi54kKrzei3JckwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPP4K+wK00QGyMLReAQLNmG9UOV/MB8GA1UdIwQY
MBaAFPB/qY1SHYTCja7IqJ90iLvOgAIVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEgtcGpWSWRoTUtOcnNpb24zU0l1ODZBQWhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS9hMjVmODktNjM5Yi00ZjllLWFjOWQt
N2Q5MjhjMTMxNzI0LzEvOF9ncjdBclRSQWJJd3RGNEJBczJZYjFRNVg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS9hMjVmODktNjM5Yi00ZjllLWFjOWQtN2Q5MjhjMTMxNzI0
LzEvOEgtcGpWSWRoTUtOcnNpb24zU0l1ODZBQWhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwqmdMA0G
CSqGSIb3DQEBCwUAA4IBAQCHG9de/1fh1xpWuN1RFPlc5xb/ZNtrGSh+RY7Sz3/r
KKAhtw1AYN4ZPbe6fJCt2etnoiZ50yfKnS6hCwhK+yHPmH/dx/wcm0l0Hr3rZjjy
56we+m++baZRvEgKux21qcCGUCFJP6zvIdZQLG0uNBgOUv4exyho1PG/bBgzr9se
/V5zHR2nCp9/SZaN2ySYuYI/hFwze7QlMPsqKILTmfnLI24wZ53HIt/dTNDh/WX/
jb7xdRjQ/uh3xpFj3gKebduk8Ia60te7Ppq66Pb9UpVPxBfKZkQHWJ0sYdiX1VAR
PBFQPdTXeicp45EHknQbEMRNPzZg5FXktxARf6uWUOnd
-----END CERTIFICATE-----