This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/WLvpNSFQRhdWZaC9I_Ah1bgcC0I.roa
File:                     WLvpNSFQRhdWZaC9I_Ah1bgcC0I.roa (raw, json)
Hash identifier:          PDyeHlRCszFX07KKXj3dedhf6EgMf4av9amiMdMXQ3U=
Subject key identifier:   58:BB:E9:35:21:50:46:17:56:65:A0:BD:23:F0:21:D5:B8:1C:0B:42
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       019B7CEE2F9C5D8F342ADC187C397D82BCF9
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/WLvpNSFQRhdWZaC9I_Ah1bgcC0I.roa
Signing time:             Fri 02 Jan 2026 04:19:03 +0000
ROA not before:           Fri 02 Jan 2026 04:19:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     174
IP address blocks:        37.34.88.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 18:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ee:2f:9c:5d:8f:34:2a:dc:18:7c:39:7d:82:bc:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Jan  2 04:19:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=58bbe935215046175665a0bd23f021d5b81c0b42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:62:cc:cf:24:1f:da:3b:e9:df:b2:cb:cd:04:
                    27:43:07:81:28:83:fc:7b:2f:2b:de:50:84:03:c4:
                    47:bf:c1:11:10:f8:c3:ce:cd:e1:c1:81:07:e0:75:
                    e8:70:0e:be:3e:f8:80:64:12:db:92:12:60:98:0b:
                    4e:6b:14:3d:65:08:93:e6:db:7c:2a:70:48:f3:62:
                    9d:6a:97:98:4e:2d:e9:91:3d:63:55:2c:9e:ad:90:
                    f6:48:33:12:fc:95:84:8c:07:6a:f8:60:6b:ad:25:
                    6e:56:b9:31:c8:3d:f9:ba:1a:40:9d:f0:b9:fe:8e:
                    ee:17:4d:3a:e9:95:c5:a3:ae:f6:47:0f:a7:04:1a:
                    ce:31:24:6f:75:cb:28:17:54:a6:43:73:37:36:67:
                    76:18:73:62:6d:b9:5f:55:40:87:51:ba:e7:20:66:
                    95:44:5b:8b:e7:7c:2e:a9:70:e0:48:1a:09:a4:25:
                    ec:23:9b:db:2d:b5:54:bb:2a:ee:2a:76:63:93:65:
                    07:5e:7c:c1:7b:bd:f3:dd:6f:91:fc:5e:c0:13:d1:
                    ea:f2:62:2b:49:d9:87:fc:7f:9d:22:df:30:03:6f:
                    33:0e:ad:25:8f:1d:19:8c:78:4a:8e:51:86:6c:f5:
                    c3:41:91:38:38:01:b4:52:6b:80:c1:bb:96:32:06:
                    d7:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:BB:E9:35:21:50:46:17:56:65:A0:BD:23:F0:21:D5:B8:1C:0B:42
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/WLvpNSFQRhdWZaC9I_Ah1bgcC0I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.34.88.0/21

    Signature Algorithm: sha256WithRSAEncryption
         34:8f:61:c2:5c:c7:68:51:4e:f7:19:db:c4:1a:3b:be:20:18:
         6d:7a:55:89:b0:f8:ca:b6:4a:01:2a:31:84:53:71:db:23:78:
         79:f4:3b:d3:b1:2e:74:40:cd:4a:34:93:11:3f:e3:45:19:9e:
         f8:eb:30:e1:6f:81:a8:40:6a:0b:1c:27:f5:17:9c:f2:09:3d:
         eb:0d:01:fa:4d:ac:2b:c4:e6:51:c4:06:05:2b:99:8e:f0:39:
         58:79:7f:24:30:8e:df:b1:83:4a:a3:e6:52:3c:1d:38:e2:c8:
         5c:f6:aa:e2:8c:fc:de:6b:3a:ff:98:df:2e:4d:55:81:de:8f:
         ad:12:c5:a2:6e:70:66:c3:b9:c8:58:a4:b3:f3:63:d9:b5:17:
         72:c4:a0:cd:84:5b:b3:83:98:d9:c6:16:95:a6:4d:86:cb:4a:
         b5:29:e0:b0:02:f1:8c:ec:ed:82:f4:f2:56:ed:ce:d1:b5:bb:
         53:58:94:9a:72:e6:4d:9b:56:f4:6d:07:48:b6:5e:5d:3e:dd:
         ba:59:2f:10:ee:2d:6f:a4:b1:eb:2a:0a:fb:59:00:f4:12:e8:
         0c:e2:6f:59:4d:22:03:db:89:81:30:58:7e:5c:9a:80:d0:4d:
         e3:b0:3c:24:5c:62:f2:da:13:a2:75:07:f4:11:15:62:22:aa:
         17:74:63:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87i+cXY80KtwYfDl9grz5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjYwMTAyMDQxOTAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGJiZTkzNTIxNTA0NjE3NTY2NWEwYmQyM2YwMjFkNWI4MWMwYjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2LMzyQf2jvp37LLzQQnQweBKIP8
ey8r3lCEA8RHv8EREPjDzs3hwYEH4HXocA6+PviAZBLbkhJgmAtOaxQ9ZQiT5tt8
KnBI82KdapeYTi3pkT1jVSyerZD2SDMS/JWEjAdq+GBrrSVuVrkxyD35uhpAnfC5
/o7uF0066ZXFo672Rw+nBBrOMSRvdcsoF1SmQ3M3Nmd2GHNibblfVUCHUbrnIGaV
RFuL53wuqXDgSBoJpCXsI5vbLbVUuyruKnZjk2UHXnzBe73z3W+R/F7AE9Hq8mIr
SdmH/H+dIt8wA28zDq0ljx0ZjHhKjlGGbPXDQZE4OAG0UmuAwbuWMgbXUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFi76TUhUEYXVmWgvSPwIdW4HAtCMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvV0x2cE5TRlFSaGRXWmFDOUlfQWgxYmdjQzBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDJSJYMA0G
CSqGSIb3DQEBCwUAA4IBAQA0j2HCXMdoUU73GdvEGju+IBhtelWJsPjKtkoBKjGE
U3HbI3h59DvTsS50QM1KNJMRP+NFGZ746zDhb4GoQGoLHCf1F5zyCT3rDQH6Tawr
xOZRxAYFK5mO8DlYeX8kMI7fsYNKo+ZSPB044shc9qrijPzeazr/mN8uTVWB3o+t
EsWibnBmw7nIWKSz82PZtRdyxKDNhFuzg5jZxhaVpk2Gy0q1KeCwAvGM7O2C9PJW
7c7RtbtTWJSacuZNm1b0bQdItl5dPt26WS8Q7i1vpLHrKgr7WQD0EugM4m9ZTSID
24mBMFh+XJqA0E3jsDwkXGLy2hOidQf0ERViIqoXdGPm
-----END CERTIFICATE-----