This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/GU71SIKDNqtDYi7P5ZGVJfaZ9Ng.roa
File:                     GU71SIKDNqtDYi7P5ZGVJfaZ9Ng.roa (raw, json)
Hash identifier:          7ZQhqryE0L0rNOAz1gL32gj8EsSrO0yhlKkyCkXl4cc=
Subject key identifier:   19:4E:F5:48:82:83:36:AB:43:62:2E:CF:E5:91:95:25:F6:99:F4:D8
Certificate issuer:       /CN=f0ff2c6229af763a99f5349a32510df4a4526143
Certificate serial:       019B7B367483FBE4C7F22610B375845B2EAF
Authority key identifier: F0:FF:2C:62:29:AF:76:3A:99:F5:34:9A:32:51:0D:F4:A4:52:61:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8P8sYimvdjqZ9TSaMlEN9KRSYUM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/GU71SIKDNqtDYi7P5ZGVJfaZ9Ng.roa
Signing time:             Thu 01 Jan 2026 20:18:44 +0000
ROA not before:           Thu 01 Jan 2026 20:18:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203878
IP address blocks:        212.54.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/8P8sYimvdjqZ9TSaMlEN9KRSYUM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/8P8sYimvdjqZ9TSaMlEN9KRSYUM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8P8sYimvdjqZ9TSaMlEN9KRSYUM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:74:83:fb:e4:c7:f2:26:10:b3:75:84:5b:2e:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0ff2c6229af763a99f5349a32510df4a4526143
        Validity
            Not Before: Jan  1 20:18:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=194ef548828336ab43622ecfe5919525f699f4d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:f0:c3:76:c7:44:c5:5d:81:ec:35:2f:bc:27:
                    07:c4:80:c9:b2:ae:6f:54:ae:55:3c:08:ac:ac:04:
                    0d:01:79:eb:c0:5b:2a:c6:0f:b1:67:3b:5e:fe:01:
                    db:55:b6:b4:89:4e:cd:6f:23:cb:b8:fc:0a:10:a5:
                    a7:7b:0d:1e:57:10:72:e7:3c:bf:d5:8f:ca:fc:3d:
                    3b:9b:3f:41:bf:62:48:99:74:6b:4f:ae:71:8b:c6:
                    ab:cf:e2:c6:98:85:59:7e:c9:29:75:ce:a2:c2:01:
                    5c:96:7c:49:6f:93:ac:84:b4:a3:9a:57:d0:8c:9f:
                    54:63:88:f5:59:61:9a:67:16:4a:37:85:e3:18:23:
                    62:bb:db:eb:a2:cf:3b:66:d6:50:ec:c8:14:c5:7b:
                    5b:4a:84:84:87:41:c8:b8:d9:a7:a4:93:d4:bf:e0:
                    75:d7:33:36:4f:11:e9:bb:3e:bc:21:3b:d6:49:d6:
                    51:ea:36:7a:2f:46:30:13:11:79:52:d8:fd:7e:55:
                    87:99:10:9f:77:13:00:79:5b:e8:9d:a3:91:f8:d9:
                    02:c8:5d:be:83:4a:b6:23:61:00:cd:b0:35:0f:df:
                    66:53:1a:b6:46:c1:f5:4f:2d:50:fd:8f:dd:6b:7d:
                    d6:08:8d:93:ae:a5:7f:f9:85:23:0c:fe:4b:1d:ec:
                    c0:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:4E:F5:48:82:83:36:AB:43:62:2E:CF:E5:91:95:25:F6:99:F4:D8
            X509v3 Authority Key Identifier:
                keyid:F0:FF:2C:62:29:AF:76:3A:99:F5:34:9A:32:51:0D:F4:A4:52:61:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8P8sYimvdjqZ9TSaMlEN9KRSYUM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/GU71SIKDNqtDYi7P5ZGVJfaZ9Ng.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/8P8sYimvdjqZ9TSaMlEN9KRSYUM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.54.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:d0:33:1c:23:fa:85:34:e5:dc:c3:c9:b5:9c:c4:55:d2:b5:
         74:c8:8c:99:2b:8f:13:e7:8e:4f:7e:d1:aa:36:1a:a7:f5:ae:
         ca:ea:95:1a:26:2f:e5:56:aa:9b:ab:09:30:c4:cd:24:e6:14:
         7a:23:60:ab:61:b6:b1:b5:2e:83:32:6d:2c:0f:74:b3:86:ac:
         90:cd:a5:c5:32:61:4d:28:ff:f2:dd:db:8d:de:dc:69:9b:0f:
         96:97:0e:f7:90:00:19:af:be:93:f8:5c:f7:8e:f8:35:6e:fe:
         97:1a:13:3c:c5:c9:45:3d:18:da:c0:b5:8f:22:dd:81:7f:1b:
         20:fc:b1:d0:92:9a:01:c9:54:bf:86:7e:b6:9b:9c:39:99:24:
         56:51:7a:2c:f2:5d:c7:04:00:82:69:a1:cb:cb:a6:ae:c7:64:
         0a:38:59:49:91:27:cb:9f:7c:2d:02:07:cf:80:39:cf:3f:c4:
         ac:7b:01:ab:61:4d:da:a4:4f:a5:4e:2a:4c:3d:90:40:2e:8a:
         2e:4f:00:41:d4:56:38:c4:4b:e9:bd:d4:f9:94:00:54:f5:fc:
         1d:7c:1c:aa:fc:6d:88:17:71:91:d5:6b:79:c9:c6:e0:c8:0e:
         c1:4a:c9:e4:2f:c1:45:c9:73:b0:8b:c6:b5:7e:5c:b3:43:b6:
         ca:f4:b3:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NnSD++TH8iYQs3WEWy6vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZmYyYzYyMjlhZjc2M2E5OWY1MzQ5YTMyNTEwZGY0YTQ1
MjYxNDMwHhcNMjYwMTAxMjAxODQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTRlZjU0ODgyODMzNmFiNDM2MjJlY2ZlNTkxOTUyNWY2OTlmNGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqvDDdsdExV2B7DUvvCcHxIDJsq5v
VK5VPAisrAQNAXnrwFsqxg+xZzte/gHbVba0iU7NbyPLuPwKEKWnew0eVxBy5zy/
1Y/K/D07mz9Bv2JImXRrT65xi8arz+LGmIVZfskpdc6iwgFclnxJb5OshLSjmlfQ
jJ9UY4j1WWGaZxZKN4XjGCNiu9vros87ZtZQ7MgUxXtbSoSEh0HIuNmnpJPUv+B1
1zM2TxHpuz68ITvWSdZR6jZ6L0YwExF5Utj9flWHmRCfdxMAeVvonaOR+NkCyF2+
g0q2I2EAzbA1D99mUxq2RsH1Ty1Q/Y/da33WCI2TrqV/+YUjDP5LHezAEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBlO9UiCgzarQ2Iuz+WRlSX2mfTYMB8GA1UdIwQY
MBaAFPD/LGIpr3Y6mfU0mjJRDfSkUmFDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFA4c1lpbXZkanFaOVRTYU1sRU45S1JTWVVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8wNTFmYTItYzU4MC00YTAyLWExODYt
ZTY5ZjdhNWQyZDkwLzEvR1U3MVNJS0ROcXREWWk3UDVaR1ZKZmFaOU5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8wNTFmYTItYzU4MC00YTAyLWExODYtZTY5ZjdhNWQyZDkw
LzEvOFA4c1lpbXZkanFaOVRTYU1sRU45S1JTWVVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1DbVMA0G
CSqGSIb3DQEBCwUAA4IBAQBG0DMcI/qFNOXcw8m1nMRV0rV0yIyZK48T545PftGq
Nhqn9a7K6pUaJi/lVqqbqwkwxM0k5hR6I2CrYbaxtS6DMm0sD3SzhqyQzaXFMmFN
KP/y3duN3txpmw+Wlw73kAAZr76T+Fz3jvg1bv6XGhM8xclFPRjawLWPIt2Bfxsg
/LHQkpoByVS/hn62m5w5mSRWUXos8l3HBACCaaHLy6aux2QKOFlJkSfLn3wtAgfP
gDnPP8SsewGrYU3apE+lTipMPZBALoouTwBB1FY4xEvpvdT5lABU9fwdfByq/G2I
F3GR1Wt5ycbgyA7BSsnkL8FFyXOwi8a1flyzQ7bK9LOe
-----END CERTIFICATE-----