This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/t8okKOVlMXFRYEnOglPzUXmRJtY.roa
File:                     t8okKOVlMXFRYEnOglPzUXmRJtY.roa (raw, json)
Hash identifier:          vdQx3AUgTfcRLy7u3EB04tzewsjG4P3un6PAJS1fk74=
Subject key identifier:   B7:CA:24:28:E5:65:31:71:51:60:49:CE:82:53:F3:51:79:91:26:D6
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       019B7D5B1996D6E8616A30781B63491BC6E4
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/t8okKOVlMXFRYEnOglPzUXmRJtY.roa
Signing time:             Fri 02 Jan 2026 06:18:00 +0000
ROA not before:           Fri 02 Jan 2026 06:18:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200805
IP address blocks:        130.185.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 24 Jan 2026 10:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5b:19:96:d6:e8:61:6a:30:78:1b:63:49:1b:c6:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jan  2 06:18:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b7ca2428e5653171516049ce8253f351799126d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:ad:80:a6:35:85:4f:5b:71:c6:60:ad:c9:da:
                    8c:34:1d:5b:a9:3f:b5:4d:ef:da:a4:76:04:cd:6f:
                    12:dc:b0:f2:8d:3f:85:cf:ab:41:2c:28:ea:09:75:
                    b4:97:fa:dc:8f:b7:ea:46:e4:fd:9f:8b:fb:1c:12:
                    86:71:23:5e:bf:47:9e:48:f8:99:74:06:7a:72:8a:
                    10:74:89:f2:f6:f0:d1:d1:de:11:77:3e:6a:c9:27:
                    15:c2:d3:9b:5b:79:4d:3d:ff:39:18:e9:2e:b8:b4:
                    47:e2:51:b4:9c:be:2a:22:7e:f2:ad:45:3f:40:db:
                    e3:3f:46:cb:49:3e:3a:c6:3c:d8:e8:e1:c8:90:e7:
                    15:50:db:c9:cd:36:94:c5:bb:0c:c9:0b:0b:87:9c:
                    02:a1:59:98:2b:c1:81:fd:3d:c5:e2:e1:81:a5:0a:
                    e7:3e:64:98:63:61:a5:13:a8:4d:f8:78:5f:bf:c2:
                    95:0b:e0:a1:11:bc:c1:c6:18:6b:ba:d3:30:bd:ad:
                    51:02:00:af:88:23:4d:35:3b:be:14:cd:1b:3f:99:
                    16:c3:5f:fc:bf:e3:cc:47:31:91:80:c8:a7:1b:9f:
                    e1:4b:a8:28:9f:b7:3e:f5:f4:a2:38:73:07:fe:d7:
                    fb:5d:fb:12:0f:f7:0d:35:37:b3:93:59:41:f6:08:
                    6d:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:CA:24:28:E5:65:31:71:51:60:49:CE:82:53:F3:51:79:91:26:D6
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/t8okKOVlMXFRYEnOglPzUXmRJtY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.185.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:dc:35:7c:a0:f8:8f:48:ec:f5:fc:48:21:c7:c5:55:87:2e:
         a2:38:63:ac:58:df:10:d9:73:00:0a:21:38:5a:ae:28:cd:a2:
         3c:d4:fa:ff:2a:01:55:ec:2e:99:99:d4:2c:1d:15:e0:f0:a5:
         64:7c:b6:34:da:d7:ce:d2:af:62:23:43:6d:27:88:36:f4:66:
         26:b0:9d:6a:6d:a0:eb:3e:d9:c2:42:35:61:3c:56:98:eb:bb:
         42:a2:fd:2e:d7:23:fc:3a:6f:0c:79:52:aa:bc:9c:74:72:78:
         24:76:f0:39:a1:bd:a1:27:67:78:98:10:6d:e3:cc:c6:c7:56:
         30:99:f4:54:34:46:67:dd:d6:31:e4:80:18:75:48:b0:57:c8:
         47:51:d6:16:87:46:58:67:db:ba:9d:2e:00:29:da:87:2a:85:
         34:db:4f:52:d2:91:6d:83:ba:d1:f0:b9:df:dd:2e:6d:46:24:
         a3:0b:bd:da:9b:e9:07:e7:73:89:09:e8:9b:33:ac:5c:3d:a6:
         a3:fa:dc:0e:63:a1:14:f7:e7:cf:59:7d:46:10:b8:4c:42:e3:
         8d:64:4a:25:bb:30:4c:23:c5:ec:f4:3b:bf:b0:07:a2:86:26:
         89:e0:80:2a:1f:74:0a:8a:7d:18:86:09:1e:88:81:2d:76:94:
         0b:84:70:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9WxmW1uhhajB4G2NJG8bkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjYwMTAyMDYxODAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2NhMjQyOGU1NjUzMTcxNTE2MDQ5Y2U4MjUzZjM1MTc5OTEyNmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv62ApjWFT1txxmCtydqMNB1bqT+1
Te/apHYEzW8S3LDyjT+Fz6tBLCjqCXW0l/rcj7fqRuT9n4v7HBKGcSNev0eeSPiZ
dAZ6cooQdIny9vDR0d4Rdz5qyScVwtObW3lNPf85GOkuuLRH4lG0nL4qIn7yrUU/
QNvjP0bLST46xjzY6OHIkOcVUNvJzTaUxbsMyQsLh5wCoVmYK8GB/T3F4uGBpQrn
PmSYY2GlE6hN+Hhfv8KVC+ChEbzBxhhrutMwva1RAgCviCNNNTu+FM0bP5kWw1/8
v+PMRzGRgMinG5/hS6gon7c+9fSiOHMH/tf7XfsSD/cNNTezk1lB9ghtSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLfKJCjlZTFxUWBJzoJT81F5kSbWMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvdDhva0tPVmxNWEZSWUVuT2dsUHpVWG1SSnRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAgrn/MA0G
CSqGSIb3DQEBCwUAA4IBAQCM3DV8oPiPSOz1/Eghx8VVhy6iOGOsWN8Q2XMACiE4
Wq4ozaI81Pr/KgFV7C6ZmdQsHRXg8KVkfLY02tfO0q9iI0NtJ4g29GYmsJ1qbaDr
PtnCQjVhPFaY67tCov0u1yP8Om8MeVKqvJx0cngkdvA5ob2hJ2d4mBBt48zGx1Yw
mfRUNEZn3dYx5IAYdUiwV8hHUdYWh0ZYZ9u6nS4AKdqHKoU0209S0pFtg7rR8Lnf
3S5tRiSjC73am+kH53OJCeibM6xcPaaj+twOY6EU9+fPWX1GELhMQuONZEoluzBM
I8Xs9Du/sAeihiaJ4IAqH3QKin0YhgkeiIEtdpQLhHAP
-----END CERTIFICATE-----