This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/cgCEBnU77I-bEDqihb_af2ku1v4.roa
File:                     cgCEBnU77I-bEDqihb_af2ku1v4.roa (raw, json)
Hash identifier:          /P4zad1nR4Y8V5tw2WsVOFE+5OMkF4+H8RotTtPLmMw=
Subject key identifier:   72:00:84:06:75:3B:EC:8F:9B:10:3A:A2:85:BF:DA:7F:69:2E:D6:FE
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019B7F855771DB8578BB38E194EF57819916
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/cgCEBnU77I-bEDqihb_af2ku1v4.roa
Signing time:             Fri 02 Jan 2026 16:23:23 +0000
ROA not before:           Fri 02 Jan 2026 16:23:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62240
IP address blocks:        212.192.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 13:02:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:85:57:71:db:85:78:bb:38:e1:94:ef:57:81:99:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 16:23:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=72008406753bec8f9b103aa285bfda7f692ed6fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:60:fb:5e:7b:d1:68:e5:18:f4:cc:5a:bf:d7:
                    0e:66:ba:6d:b4:94:97:42:e3:b7:20:62:d3:3a:8e:
                    ba:c0:51:e2:9a:79:9a:54:ab:b3:67:d8:3f:95:3d:
                    0b:c5:d2:1e:ab:3c:fe:53:fa:24:c8:1d:34:51:1c:
                    74:60:ab:f4:cf:93:8b:21:04:4b:6c:6f:b1:aa:3a:
                    ee:35:00:74:aa:bd:ad:df:20:3f:9d:1a:9a:39:c1:
                    25:49:67:73:7e:af:3b:54:51:cf:0a:cf:cf:25:86:
                    b1:71:ce:39:41:a6:71:95:6b:89:4f:a9:ba:34:75:
                    6e:c3:ee:6c:53:46:ab:38:dd:a5:88:21:b9:37:d3:
                    ea:fd:38:b4:f3:9b:1b:b1:c5:00:b3:0a:e7:42:d1:
                    7b:0e:70:41:54:91:f3:fc:a5:b5:5f:4c:51:8e:31:
                    6c:cf:6c:d3:0a:fe:ec:5a:1f:41:d3:1f:de:dc:6b:
                    d5:d9:db:fb:d5:79:a1:a3:9c:d4:48:44:fe:f5:33:
                    ba:42:9e:68:23:b0:61:c8:9f:43:be:25:39:28:c8:
                    2e:ec:a8:31:3e:73:1d:ec:57:56:82:88:7c:a8:b6:
                    29:b5:a8:f8:11:b6:fd:da:5d:ed:33:71:39:27:c0:
                    94:73:d9:7d:e6:48:7f:ae:cd:eb:7b:6b:bc:37:d6:
                    6d:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:00:84:06:75:3B:EC:8F:9B:10:3A:A2:85:BF:DA:7F:69:2E:D6:FE
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/cgCEBnU77I-bEDqihb_af2ku1v4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.192.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:47:d7:8a:41:d4:00:e9:7b:88:a6:40:87:62:af:d3:4c:15:
         c6:19:5d:cf:5f:68:58:dd:56:8e:41:85:e6:73:40:80:6c:2c:
         8f:bd:29:5f:42:69:bd:57:e1:c0:ff:01:3e:9b:2b:9d:0f:28:
         f0:ec:b9:a9:34:d4:60:7d:da:ca:8c:56:23:55:f0:74:8e:52:
         f4:82:c9:75:8a:6f:86:d6:42:b5:36:89:fa:1f:3d:f2:83:f0:
         d5:be:23:e7:7c:68:e9:c6:4f:d3:a1:f7:f2:76:e2:96:4d:93:
         7c:35:9f:8b:7d:3c:c8:96:01:0c:e7:d8:3a:f4:63:c2:29:66:
         f4:a7:43:7e:b9:1a:10:62:b0:2d:52:79:bb:ef:83:4b:76:5b:
         73:2a:e5:db:fb:4f:8c:6a:67:3d:84:9e:ce:8e:77:57:cd:c5:
         cc:fe:ea:29:2f:0f:9b:a3:4a:90:04:57:38:c5:0a:21:f9:60:
         fc:4e:89:9c:bd:b3:c5:74:45:03:ac:df:57:ba:e4:ce:25:2a:
         1c:f2:14:e6:49:63:b9:ff:e4:9c:79:8b:0a:6e:1e:bb:85:fd:
         65:24:77:65:62:bf:b3:bd:9f:e2:f8:10:35:ee:76:96:5d:a0:
         86:82:d9:c3:8b:c7:ad:09:b9:e2:39:60:ae:40:b7:8c:ad:61:
         d9:cd:da:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hVdx24V4uzjhlO9XgZkWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjYwMTAyMTYyMzIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjAwODQwNjc1M2JlYzhmOWIxMDNhYTI4NWJmZGE3ZjY5MmVkNmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw2D7XnvRaOUY9Mxav9cOZrpttJSX
QuO3IGLTOo66wFHimnmaVKuzZ9g/lT0LxdIeqzz+U/okyB00URx0YKv0z5OLIQRL
bG+xqjruNQB0qr2t3yA/nRqaOcElSWdzfq87VFHPCs/PJYaxcc45QaZxlWuJT6m6
NHVuw+5sU0arON2liCG5N9Pq/Ti085sbscUAswrnQtF7DnBBVJHz/KW1X0xRjjFs
z2zTCv7sWh9B0x/e3GvV2dv71Xmho5zUSET+9TO6Qp5oI7BhyJ9DviU5KMgu7Kgx
PnMd7FdWgoh8qLYptaj4Ebb92l3tM3E5J8CUc9l95kh/rs3re2u8N9ZtbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHIAhAZ1O+yPmxA6ooW/2n9pLtb+MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvY2dDRUJuVTc3SS1iRURxaWhiX2FmMmt1MXY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1MD7MA0G
CSqGSIb3DQEBCwUAA4IBAQBOR9eKQdQA6XuIpkCHYq/TTBXGGV3PX2hY3VaOQYXm
c0CAbCyPvSlfQmm9V+HA/wE+myudDyjw7LmpNNRgfdrKjFYjVfB0jlL0gsl1im+G
1kK1Non6Hz3yg/DVviPnfGjpxk/ToffyduKWTZN8NZ+LfTzIlgEM59g69GPCKWb0
p0N+uRoQYrAtUnm774NLdltzKuXb+0+Mamc9hJ7OjndXzcXM/uopLw+bo0qQBFc4
xQoh+WD8TomcvbPFdEUDrN9XuuTOJSoc8hTmSWO5/+SceYsKbh67hf1lJHdlYr+z
vZ/i+BA17naWXaCGgtnDi8etCbniOWCuQLeMrWHZzdoG
-----END CERTIFICATE-----