This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/60e376-993c-4baf-b590-6e6481e5765c/1/tHyYlmCt8b_w6qmDnfmJNsi4fgg.roa
File:                     tHyYlmCt8b_w6qmDnfmJNsi4fgg.roa (raw, json)
Hash identifier:          kaLv44KKvA/h97d8YwPeGLLWQK0x8whGbJscB5eOBiw=
Subject key identifier:   B4:7C:98:96:60:AD:F1:BF:F0:EA:A9:83:9D:F9:89:36:C8:B8:7E:08
Certificate issuer:       /CN=2050df51f0e5bc81db4b05f449f74308d7fcfa2e
Certificate serial:       019B76EB4362694E0C7311DFA86C4F59C39F
Authority key identifier: 20:50:DF:51:F0:E5:BC:81:DB:4B:05:F4:49:F7:43:08:D7:FC:FA:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IFDfUfDlvIHbSwX0SfdDCNf8-i4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/60e376-993c-4baf-b590-6e6481e5765c/1/tHyYlmCt8b_w6qmDnfmJNsi4fgg.roa
Signing time:             Thu 01 Jan 2026 00:18:08 +0000
ROA not before:           Thu 01 Jan 2026 00:18:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201178
IP address blocks:        212.101.96.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/60e376-993c-4baf-b590-6e6481e5765c/1/IFDfUfDlvIHbSwX0SfdDCNf8-i4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/60e376-993c-4baf-b590-6e6481e5765c/1/IFDfUfDlvIHbSwX0SfdDCNf8-i4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IFDfUfDlvIHbSwX0SfdDCNf8-i4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:43:62:69:4e:0c:73:11:df:a8:6c:4f:59:c3:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2050df51f0e5bc81db4b05f449f74308d7fcfa2e
        Validity
            Not Before: Jan  1 00:18:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b47c989660adf1bff0eaa9839df98936c8b87e08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:13:e6:da:7f:92:fd:75:1c:dc:c7:3c:50:67:
                    fc:91:5e:3b:e1:28:94:07:43:e4:2f:20:e5:5f:8a:
                    bd:cb:3f:10:7d:62:7b:f7:99:e1:c4:bf:ba:4c:5c:
                    fc:0f:00:a1:4f:bf:58:1c:20:45:93:63:59:a3:70:
                    56:e6:e6:c0:f3:0c:0d:19:b8:03:c1:c1:5e:fd:88:
                    37:55:3f:a1:7c:60:b5:58:09:f7:ad:4b:6f:23:3f:
                    e4:85:49:e1:91:27:a1:00:8e:81:b0:b9:d2:78:09:
                    36:bd:85:6f:64:c5:70:db:2e:1f:63:4d:f2:9d:b4:
                    a9:f6:0f:3b:f0:c4:49:0e:f6:b2:db:44:f7:14:c7:
                    d4:4e:d2:3a:0f:20:eb:1b:b0:fb:59:b4:0d:8b:d5:
                    79:ac:19:0b:5a:e6:e7:c9:fa:5e:b7:19:05:0f:5a:
                    3f:d2:fa:65:8f:70:83:a5:92:b4:b0:34:2d:68:57:
                    38:f6:28:d5:ef:cf:05:f8:c0:e2:ee:e7:31:f3:33:
                    ac:f8:b0:3e:45:69:e6:29:f1:5a:93:92:9a:28:07:
                    70:7c:85:f8:b4:73:03:bc:f6:67:2b:60:a0:f6:1a:
                    3e:48:06:92:bb:52:27:5d:fb:ec:d3:50:1e:d9:84:
                    ad:69:ea:d4:ee:71:7e:75:3d:f4:da:35:23:d7:05:
                    d7:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:7C:98:96:60:AD:F1:BF:F0:EA:A9:83:9D:F9:89:36:C8:B8:7E:08
            X509v3 Authority Key Identifier:
                keyid:20:50:DF:51:F0:E5:BC:81:DB:4B:05:F4:49:F7:43:08:D7:FC:FA:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IFDfUfDlvIHbSwX0SfdDCNf8-i4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/60e376-993c-4baf-b590-6e6481e5765c/1/tHyYlmCt8b_w6qmDnfmJNsi4fgg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/60e376-993c-4baf-b590-6e6481e5765c/1/IFDfUfDlvIHbSwX0SfdDCNf8-i4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.101.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         10:0b:0f:bc:f0:7c:8c:7c:e9:13:d2:2d:bf:ff:ab:cd:33:31:
         fd:69:76:7d:76:ed:c7:47:a2:38:9c:91:28:1b:4a:83:9d:f1:
         75:f4:cf:47:ae:2d:fa:41:08:8b:64:82:47:25:07:3f:4c:aa:
         28:13:54:53:83:40:bb:9a:c4:3a:e8:f1:1b:84:1e:71:06:82:
         f2:98:56:4c:b4:69:a9:31:7d:81:f0:8e:76:0e:77:3b:7a:07:
         cc:91:e0:ef:a9:ac:95:84:42:f9:e1:fd:ea:83:fb:82:48:f9:
         e5:39:01:71:e2:79:bf:73:4d:1c:ec:18:20:79:75:88:9c:d1:
         71:4d:66:48:cf:e3:d5:ff:d6:ae:96:70:9e:d0:65:5e:22:79:
         bf:08:c6:62:3c:7e:11:57:7f:27:24:22:ac:ff:0c:b4:bf:2b:
         91:36:2a:60:d1:0d:9f:ad:9b:db:ac:73:12:f9:dd:18:a4:8b:
         77:fc:05:5b:ad:b8:43:01:cb:85:fe:8b:f2:e7:9a:6c:54:bf:
         78:b5:3f:18:2c:f5:81:27:a5:a3:7c:6d:e1:dc:37:0e:48:94:
         da:3f:7e:95:2f:c3:74:08:12:1c:1a:69:43:c7:8e:ea:6e:ca:
         76:27:ff:63:df:27:16:74:57:35:80:08:37:17:97:7f:d6:18:
         73:52:fb:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt260NiaU4McxHfqGxPWcOfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwNTBkZjUxZjBlNWJjODFkYjRiMDVmNDQ5Zjc0MzA4ZDdm
Y2ZhMmUwHhcNMjYwMTAxMDAxODA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDdjOTg5NjYwYWRmMWJmZjBlYWE5ODM5ZGY5ODkzNmM4Yjg3ZTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuRPm2n+S/XUc3Mc8UGf8kV474SiU
B0PkLyDlX4q9yz8QfWJ795nhxL+6TFz8DwChT79YHCBFk2NZo3BW5ubA8wwNGbgD
wcFe/Yg3VT+hfGC1WAn3rUtvIz/khUnhkSehAI6BsLnSeAk2vYVvZMVw2y4fY03y
nbSp9g878MRJDvay20T3FMfUTtI6DyDrG7D7WbQNi9V5rBkLWubnyfpetxkFD1o/
0vplj3CDpZK0sDQtaFc49ijV788F+MDi7ucx8zOs+LA+RWnmKfFak5KaKAdwfIX4
tHMDvPZnK2Cg9ho+SAaSu1InXfvs01Ae2YStaerU7nF+dT302jUj1wXXVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLR8mJZgrfG/8Oqpg535iTbIuH4IMB8GA1UdIwQY
MBaAFCBQ31Hw5byB20sF9En3QwjX/PouMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUZEZlVmRGx2SUhiU3dYMFNmZERDTmY4LWk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS82MGUzNzYtOTkzYy00YmFmLWI1OTAt
NmU2NDgxZTU3NjVjLzEvdEh5WWxtQ3Q4Yl93NnFtRG5mbUpOc2k0ZmdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS82MGUzNzYtOTkzYy00YmFmLWI1OTAtNmU2NDgxZTU3NjVj
LzEvSUZEZlVmRGx2SUhiU3dYMFNmZERDTmY4LWk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF1GVgMA0G
CSqGSIb3DQEBCwUAA4IBAQAQCw+88HyMfOkT0i2//6vNMzH9aXZ9du3HR6I4nJEo
G0qDnfF19M9Hri36QQiLZIJHJQc/TKooE1RTg0C7msQ66PEbhB5xBoLymFZMtGmp
MX2B8I52Dnc7egfMkeDvqayVhEL54f3qg/uCSPnlOQFx4nm/c00c7BggeXWInNFx
TWZIz+PV/9aulnCe0GVeInm/CMZiPH4RV38nJCKs/wy0vyuRNipg0Q2frZvbrHMS
+d0YpIt3/AVbrbhDAcuF/ovy55psVL94tT8YLPWBJ6WjfG3h3DcOSJTaP36VL8N0
CBIcGmlDx47qbsp2J/9j3ycWdFc1gAg3F5d/1hhzUvv4
-----END CERTIFICATE-----