This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/2c0f0b-7831-41d3-916d-d9655987874a/1/ANa1GBLoP5xu32cExEGS1ucyPeI.roa
File:                     ANa1GBLoP5xu32cExEGS1ucyPeI.roa (raw, json)
Hash identifier:          03Pv5w9P0hLlvZZZpgrIUfLMLj2sMsn6vZZ11knaFKk=
Subject key identifier:   00:D6:B5:18:12:E8:3F:9C:6E:DF:67:04:C4:41:92:D6:E7:32:3D:E2
Certificate issuer:       /CN=0277acd112f1c6c833bec22f8b53cc70d2390876
Certificate serial:       019B7B35E274BDE385E9CED7A52AB5DB57B2
Authority key identifier: 02:77:AC:D1:12:F1:C6:C8:33:BE:C2:2F:8B:53:CC:70:D2:39:08:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Anes0RLxxsgzvsIvi1PMcNI5CHY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/2c0f0b-7831-41d3-916d-d9655987874a/1/ANa1GBLoP5xu32cExEGS1ucyPeI.roa
Signing time:             Thu 01 Jan 2026 20:18:07 +0000
ROA not before:           Thu 01 Jan 2026 20:18:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     399587
IP address blocks:        176.58.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/2c0f0b-7831-41d3-916d-d9655987874a/1/Anes0RLxxsgzvsIvi1PMcNI5CHY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/2c0f0b-7831-41d3-916d-d9655987874a/1/Anes0RLxxsgzvsIvi1PMcNI5CHY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Anes0RLxxsgzvsIvi1PMcNI5CHY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:e2:74:bd:e3:85:e9:ce:d7:a5:2a:b5:db:57:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0277acd112f1c6c833bec22f8b53cc70d2390876
        Validity
            Not Before: Jan  1 20:18:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=00d6b51812e83f9c6edf6704c44192d6e7323de2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:5d:08:ca:9f:1c:b2:1f:67:03:82:93:03:61:
                    c4:87:2b:c2:0e:98:51:09:67:9d:e5:23:98:bf:c4:
                    26:6d:db:96:c2:af:42:e7:ce:02:f7:04:9f:e7:ce:
                    7b:c9:64:8b:68:96:9a:57:aa:cb:17:a9:e1:ec:08:
                    4e:59:59:2e:aa:f2:46:d7:65:ff:a8:9e:d0:7b:21:
                    51:3f:a1:5e:da:92:89:92:ce:f2:b7:20:c7:44:36:
                    c9:c8:4e:a5:e3:e3:11:e7:2b:35:10:41:b3:1c:d7:
                    05:ad:a0:fb:06:83:d0:d5:50:1c:db:8f:24:6d:1f:
                    c8:6f:bc:0e:ca:86:86:a3:4a:0b:9a:b1:ff:9b:5f:
                    56:7e:d5:68:13:d8:e8:5d:45:12:87:d5:43:5e:25:
                    0c:39:11:af:01:da:91:dd:f7:7b:2a:8b:c0:c0:71:
                    68:cb:ad:4f:3c:a0:86:fb:ef:36:d7:cd:43:fd:5e:
                    cd:af:9c:63:b1:bc:d0:b9:11:13:49:4c:ac:9b:b4:
                    79:b6:7d:73:95:fb:eb:71:5f:c4:a1:03:11:12:7e:
                    b7:3b:e2:86:8c:e0:23:e3:a5:73:1c:f7:5b:88:eb:
                    d6:e1:b3:32:2f:6d:44:f3:cf:a5:bf:51:ff:26:aa:
                    2e:a9:14:42:f6:85:c7:2b:17:0e:ed:7b:5a:b8:7d:
                    8f:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:D6:B5:18:12:E8:3F:9C:6E:DF:67:04:C4:41:92:D6:E7:32:3D:E2
            X509v3 Authority Key Identifier:
                keyid:02:77:AC:D1:12:F1:C6:C8:33:BE:C2:2F:8B:53:CC:70:D2:39:08:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Anes0RLxxsgzvsIvi1PMcNI5CHY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/2c0f0b-7831-41d3-916d-d9655987874a/1/ANa1GBLoP5xu32cExEGS1ucyPeI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/2c0f0b-7831-41d3-916d-d9655987874a/1/Anes0RLxxsgzvsIvi1PMcNI5CHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.58.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:96:1a:07:a9:d8:5c:3f:7f:d7:aa:f3:23:ff:f5:9d:7f:c3:
         c6:a3:0d:64:31:de:b9:a6:c5:42:33:04:94:80:a6:49:70:20:
         35:94:21:49:81:40:9f:93:d8:b1:92:40:2d:34:5d:dc:15:34:
         6a:09:37:f2:11:f1:2d:79:cd:da:55:2c:ce:7b:7b:e4:74:61:
         4e:61:07:b0:ae:5c:17:70:1e:7d:52:16:8d:76:c7:30:57:2a:
         84:d7:b5:fb:16:be:13:d8:91:e3:2a:23:22:b7:09:b4:09:7a:
         45:82:5b:e1:43:cb:c3:d8:4c:e8:8b:d7:c6:cd:6d:2b:ec:94:
         58:b4:ca:80:8b:26:41:70:71:84:23:65:ff:92:0b:b4:a9:22:
         b6:d3:d9:ee:76:b5:b7:1b:ad:56:b5:3a:29:45:41:bb:34:b0:
         5e:84:76:91:63:d3:48:eb:65:dd:3f:46:4f:b0:ee:de:47:f2:
         9b:70:30:2e:98:75:1e:1e:50:af:bc:be:fb:49:91:e9:80:8d:
         4a:e2:03:bb:f0:9b:88:eb:4a:cd:56:b2:a2:51:0e:3e:1a:1b:
         4f:a4:68:11:b4:c4:37:18:80:c9:1f:77:b5:6e:1d:09:ca:42:
         68:b1:b3:2b:1d:e1:c4:69:e9:53:5a:d6:7a:a8:fa:40:51:80:
         9a:5c:5a:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NeJ0veOF6c7XpSq121eyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyNzdhY2QxMTJmMWM2YzgzM2JlYzIyZjhiNTNjYzcwZDIz
OTA4NzYwHhcNMjYwMTAxMjAxODA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGQ2YjUxODEyZTgzZjljNmVkZjY3MDRjNDQxOTJkNmU3MzIzZGUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt10Iyp8csh9nA4KTA2HEhyvCDphR
CWed5SOYv8QmbduWwq9C584C9wSf5857yWSLaJaaV6rLF6nh7AhOWVkuqvJG12X/
qJ7QeyFRP6Fe2pKJks7ytyDHRDbJyE6l4+MR5ys1EEGzHNcFraD7BoPQ1VAc248k
bR/Ib7wOyoaGo0oLmrH/m19WftVoE9joXUUSh9VDXiUMORGvAdqR3fd7KovAwHFo
y61PPKCG++82181D/V7Nr5xjsbzQuRETSUysm7R5tn1zlfvrcV/EoQMREn63O+KG
jOAj46VzHPdbiOvW4bMyL21E88+lv1H/JqouqRRC9oXHKxcO7XtauH2P9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFADWtRgS6D+cbt9nBMRBktbnMj3iMB8GA1UdIwQY
MBaAFAJ3rNES8cbIM77CL4tTzHDSOQh2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQW5lczBSTHh4c2d6dnNJdmkxUE1jTkk1Q0hZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8yYzBmMGItNzgzMS00MWQzLTkxNmQt
ZDk2NTU5ODc4NzRhLzEvQU5hMUdCTG9QNXh1MzJjRXhFR1MxdWN5UGVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8yYzBmMGItNzgzMS00MWQzLTkxNmQtZDk2NTU5ODc4NzRh
LzEvQW5lczBSTHh4c2d6dnNJdmkxUE1jTkk1Q0hZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsDpIMA0G
CSqGSIb3DQEBCwUAA4IBAQB4lhoHqdhcP3/XqvMj//Wdf8PGow1kMd65psVCMwSU
gKZJcCA1lCFJgUCfk9ixkkAtNF3cFTRqCTfyEfEtec3aVSzOe3vkdGFOYQewrlwX
cB59UhaNdscwVyqE17X7Fr4T2JHjKiMitwm0CXpFglvhQ8vD2Ezoi9fGzW0r7JRY
tMqAiyZBcHGEI2X/kgu0qSK209nudrW3G61WtTopRUG7NLBehHaRY9NI62XdP0ZP
sO7eR/KbcDAumHUeHlCvvL77SZHpgI1K4gO78JuI60rNVrKiUQ4+GhtPpGgRtMQ3
GIDJH3e1bh0JykJosbMrHeHEaelTWtZ6qPpAUYCaXFqU
-----END CERTIFICATE-----