This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/ea0196-ab79-42cf-ab2b-fc4b03710ae0/1/uYcmPBoPe0dy5jc0jk1_pwkMfEo.roa
File:                     uYcmPBoPe0dy5jc0jk1_pwkMfEo.roa (raw, json)
Hash identifier:          0SmAw2whgX+CEp/lCzfQR+CIod0NWK+0ehDPmmqX/7M=
Subject key identifier:   B9:87:26:3C:1A:0F:7B:47:72:E6:37:34:8E:4D:7F:A7:09:0C:7C:4A
Certificate issuer:       /CN=4cad0397487799e2118ff4cbcf8f159747f35891
Certificate serial:       019B7AC8B2FD4527B8CEC4442B67A3D814EE
Authority key identifier: 4C:AD:03:97:48:77:99:E2:11:8F:F4:CB:CF:8F:15:97:47:F3:58:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TK0Dl0h3meIRj_TLz48Vl0fzWJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/ea0196-ab79-42cf-ab2b-fc4b03710ae0/1/uYcmPBoPe0dy5jc0jk1_pwkMfEo.roa
Signing time:             Thu 01 Jan 2026 18:18:51 +0000
ROA not before:           Thu 01 Jan 2026 18:18:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200020
IP address blocks:        212.114.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/ea0196-ab79-42cf-ab2b-fc4b03710ae0/1/TK0Dl0h3meIRj_TLz48Vl0fzWJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/ea0196-ab79-42cf-ab2b-fc4b03710ae0/1/TK0Dl0h3meIRj_TLz48Vl0fzWJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TK0Dl0h3meIRj_TLz48Vl0fzWJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 17:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:b2:fd:45:27:b8:ce:c4:44:2b:67:a3:d8:14:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cad0397487799e2118ff4cbcf8f159747f35891
        Validity
            Not Before: Jan  1 18:18:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b987263c1a0f7b4772e637348e4d7fa7090c7c4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:95:f6:9f:09:d4:28:c4:c4:26:51:4d:42:d7:
                    52:f6:f6:99:f9:1b:10:96:03:1d:f7:fd:cf:0a:66:
                    af:10:bd:bc:ea:1b:45:b2:ef:65:3d:ec:d3:16:6d:
                    53:aa:1b:ff:4d:cf:10:78:9a:65:c7:d2:62:c1:48:
                    e3:27:b9:9d:20:d7:db:e1:bb:e2:40:85:6d:07:f1:
                    29:b3:31:e8:67:16:15:72:e0:b5:81:b1:8d:e3:56:
                    0d:13:2c:19:a9:c3:29:ed:6b:cb:f1:98:e5:5e:5a:
                    6d:51:0c:eb:81:4d:4b:50:cc:d4:2d:b9:ee:a3:a9:
                    7b:58:2c:2f:27:02:f6:8e:9d:e2:a5:d7:f1:53:c1:
                    f8:37:fe:fc:f9:86:6e:65:d8:c2:bf:44:61:73:74:
                    3b:8d:5e:3d:9b:84:7e:20:9e:11:50:76:c7:94:11:
                    13:77:ec:a7:fe:c9:fb:8d:70:95:cc:2d:41:90:91:
                    79:4a:56:3f:22:88:1f:26:49:22:31:f4:69:98:51:
                    6f:a6:66:65:02:be:8f:66:46:fb:75:a3:bf:ee:c2:
                    f9:55:18:cd:d0:1f:71:8c:c9:67:b0:32:1c:51:c9:
                    3a:16:98:c9:be:99:02:95:a3:42:cf:36:ca:66:4b:
                    0e:b1:11:2c:76:78:a5:e6:b5:69:1c:55:c8:9e:a8:
                    41:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:87:26:3C:1A:0F:7B:47:72:E6:37:34:8E:4D:7F:A7:09:0C:7C:4A
            X509v3 Authority Key Identifier:
                keyid:4C:AD:03:97:48:77:99:E2:11:8F:F4:CB:CF:8F:15:97:47:F3:58:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TK0Dl0h3meIRj_TLz48Vl0fzWJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/ea0196-ab79-42cf-ab2b-fc4b03710ae0/1/uYcmPBoPe0dy5jc0jk1_pwkMfEo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/ea0196-ab79-42cf-ab2b-fc4b03710ae0/1/TK0Dl0h3meIRj_TLz48Vl0fzWJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.114.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:ea:e7:6b:f4:1f:af:3f:7e:12:43:41:67:3e:bc:10:53:1d:
         78:a4:09:50:30:d8:aa:db:f3:f2:15:1c:80:42:58:94:86:cf:
         e8:40:1e:28:d4:5b:56:73:fc:48:6b:5d:f3:46:dc:8a:38:b4:
         27:bf:42:70:67:75:9d:a9:ad:7f:cd:b2:4b:df:ae:31:09:bc:
         d9:98:89:a0:54:2c:29:5f:3b:62:ab:9c:d4:b0:cd:3e:64:a8:
         5f:9b:f1:4f:b6:08:ff:ba:ec:43:20:ad:0c:32:f5:0c:a3:37:
         c6:33:90:b7:4d:32:de:d3:a7:4a:2b:35:0f:10:c4:96:eb:86:
         6e:1f:0a:9c:5b:5f:44:b2:c3:70:b4:7f:e0:25:20:a8:81:54:
         05:c0:75:3e:ad:38:a2:39:23:72:41:17:23:f8:77:aa:f6:10:
         98:d4:c7:bd:4f:48:1a:ce:47:b9:24:93:d7:1b:fc:95:43:26:
         58:13:d5:0e:d8:70:a8:fb:05:0d:82:eb:12:86:20:a7:86:6d:
         83:b5:42:45:f9:0a:fe:41:18:43:f4:4a:93:bb:bf:35:4b:fb:
         86:89:1e:14:b8:ed:12:37:c4:f2:81:e3:c6:ac:31:0d:52:34:
         af:50:37:e8:95:6a:3a:3e:ff:a2:f2:b1:4c:af:30:34:3a:d2:
         db:8c:f8:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yLL9RSe4zsREK2ej2BTuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjYWQwMzk3NDg3Nzk5ZTIxMThmZjRjYmNmOGYxNTk3NDdm
MzU4OTEwHhcNMjYwMTAxMTgxODUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTg3MjYzYzFhMGY3YjQ3NzJlNjM3MzQ4ZTRkN2ZhNzA5MGM3YzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJX2nwnUKMTEJlFNQtdS9vaZ+RsQ
lgMd9/3PCmavEL286htFsu9lPezTFm1Tqhv/Tc8QeJplx9JiwUjjJ7mdINfb4bvi
QIVtB/EpszHoZxYVcuC1gbGN41YNEywZqcMp7WvL8ZjlXlptUQzrgU1LUMzULbnu
o6l7WCwvJwL2jp3ipdfxU8H4N/78+YZuZdjCv0Rhc3Q7jV49m4R+IJ4RUHbHlBET
d+yn/sn7jXCVzC1BkJF5SlY/IogfJkkiMfRpmFFvpmZlAr6PZkb7daO/7sL5VRjN
0B9xjMlnsDIcUck6FpjJvpkClaNCzzbKZksOsREsdnil5rVpHFXInqhBwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLmHJjwaD3tHcuY3NI5Nf6cJDHxKMB8GA1UdIwQY
MBaAFEytA5dId5niEY/0y8+PFZdH81iRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEswRGwwaDNtZUlSal9UTHo0OFZsMGZ6V0pFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9lYTAxOTYtYWI3OS00MmNmLWFiMmIt
ZmM0YjAzNzEwYWUwLzEvdVljbVBCb1BlMGR5NWpjMGprMV9wd2tNZkVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9lYTAxOTYtYWI3OS00MmNmLWFiMmItZmM0YjAzNzEwYWUw
LzEvVEswRGwwaDNtZUlSal9UTHo0OFZsMGZ6V0pFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1HJwMA0G
CSqGSIb3DQEBCwUAA4IBAQC96udr9B+vP34SQ0FnPrwQUx14pAlQMNiq2/PyFRyA
QliUhs/oQB4o1FtWc/xIa13zRtyKOLQnv0JwZ3Wdqa1/zbJL364xCbzZmImgVCwp
Xztiq5zUsM0+ZKhfm/FPtgj/uuxDIK0MMvUMozfGM5C3TTLe06dKKzUPEMSW64Zu
HwqcW19EssNwtH/gJSCogVQFwHU+rTiiOSNyQRcj+Heq9hCY1Me9T0gazke5JJPX
G/yVQyZYE9UO2HCo+wUNgusShiCnhm2DtUJF+Qr+QRhD9EqTu781S/uGiR4UuO0S
N8TygePGrDENUjSvUDfolWo6Pv+i8rFMrzA0OtLbjPio
-----END CERTIFICATE-----