This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/10d5b2-85e3-49ed-bdc1-8069c46771cc/1/sPDYGaB0jdjNmv_RI00LaumXHZM.roa
File:                     sPDYGaB0jdjNmv_RI00LaumXHZM.roa (raw, json)
Hash identifier:          cR+r+JhOtPPtk4/8vr8rgMsCxMQVubUz6os2NddknO4=
Subject key identifier:   B0:F0:D8:19:A0:74:8D:D8:CD:9A:FF:D1:23:4D:0B:6A:E9:97:1D:93
Certificate issuer:       /CN=ba23b07a3c0ac9e333f52e8b5d41a768a3d39025
Certificate serial:       019B7F8472EDF551C1DB974E78FA858ED52E
Authority key identifier: BA:23:B0:7A:3C:0A:C9:E3:33:F5:2E:8B:5D:41:A7:68:A3:D3:90:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uiOwejwKyeMz9S6LXUGnaKPTkCU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/10d5b2-85e3-49ed-bdc1-8069c46771cc/1/sPDYGaB0jdjNmv_RI00LaumXHZM.roa
Signing time:             Fri 02 Jan 2026 16:22:25 +0000
ROA not before:           Fri 02 Jan 2026 16:22:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213456
IP address blocks:        212.108.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/10d5b2-85e3-49ed-bdc1-8069c46771cc/1/uiOwejwKyeMz9S6LXUGnaKPTkCU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/10d5b2-85e3-49ed-bdc1-8069c46771cc/1/uiOwejwKyeMz9S6LXUGnaKPTkCU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uiOwejwKyeMz9S6LXUGnaKPTkCU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:72:ed:f5:51:c1:db:97:4e:78:fa:85:8e:d5:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba23b07a3c0ac9e333f52e8b5d41a768a3d39025
        Validity
            Not Before: Jan  2 16:22:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b0f0d819a0748dd8cd9affd1234d0b6ae9971d93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:c6:30:fd:9d:2f:79:ea:e8:a2:24:5c:c0:de:
                    7d:c9:bd:db:bf:0c:66:f0:94:e6:51:06:06:87:3d:
                    44:e5:d8:4e:09:55:83:21:4c:82:a2:d8:e1:aa:8e:
                    2c:bf:05:4e:a7:db:b3:9c:c5:19:b0:9d:5a:f4:24:
                    4a:40:b8:3d:95:43:a2:b6:c5:93:51:f2:b2:40:d9:
                    df:99:2f:56:b8:5a:fc:68:01:6a:9a:04:39:a4:62:
                    c9:fd:6d:41:60:76:47:9a:fc:7f:65:9c:3e:b9:09:
                    c7:e9:be:5b:66:76:37:99:3f:bb:f1:5e:0c:97:b2:
                    72:46:ad:ed:52:01:8c:25:ee:a6:e4:b0:b3:8e:cf:
                    32:55:4d:89:ea:45:9e:4c:42:3b:87:58:b8:5b:50:
                    43:d3:e9:07:2e:33:c5:65:1c:ed:2a:18:72:c2:ea:
                    be:47:05:13:02:f3:b4:24:98:ac:d3:b6:83:1c:39:
                    e0:f0:b6:34:41:ec:ca:03:19:c9:b1:d0:f8:f3:fa:
                    49:84:40:41:aa:af:c9:38:3b:2e:38:be:57:6e:27:
                    e9:ec:c6:b2:ae:59:a5:d6:e8:31:91:97:ca:0a:91:
                    2b:f0:99:32:b9:84:1d:89:04:5c:13:66:73:3d:ef:
                    bf:71:5d:51:b8:f7:28:f6:a6:e4:5d:a3:4e:85:90:
                    55:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:F0:D8:19:A0:74:8D:D8:CD:9A:FF:D1:23:4D:0B:6A:E9:97:1D:93
            X509v3 Authority Key Identifier:
                keyid:BA:23:B0:7A:3C:0A:C9:E3:33:F5:2E:8B:5D:41:A7:68:A3:D3:90:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uiOwejwKyeMz9S6LXUGnaKPTkCU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/10d5b2-85e3-49ed-bdc1-8069c46771cc/1/sPDYGaB0jdjNmv_RI00LaumXHZM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/10d5b2-85e3-49ed-bdc1-8069c46771cc/1/uiOwejwKyeMz9S6LXUGnaKPTkCU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.108.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:ca:7b:30:1a:3a:d2:64:1a:32:14:96:18:15:ac:33:05:72:
         5d:0d:ec:87:f5:b6:34:d8:69:8d:19:75:5b:b0:31:3a:b2:d6:
         b9:5c:eb:75:71:33:a5:5b:6b:45:ee:60:5d:5d:e9:59:cf:7b:
         c2:bb:ac:5f:14:d7:a1:e5:06:8e:17:45:25:d1:29:0d:70:53:
         a5:46:65:74:9b:d2:d9:97:ec:99:a0:67:98:4c:4d:bb:0d:e2:
         06:1e:d5:26:a6:b0:e1:93:35:e3:13:b4:30:63:8a:a2:a9:12:
         15:c0:25:e6:40:ff:f4:54:1e:11:d2:a3:28:1b:cc:25:18:bf:
         4a:48:f7:16:07:b0:e6:27:5f:02:7a:25:9a:8c:4a:97:fa:d2:
         eb:a8:2b:54:aa:a1:27:34:30:ea:44:22:5a:75:8d:9d:15:f4:
         75:ba:f2:a0:6d:a9:86:8a:5d:77:0f:aa:86:30:b2:26:dd:47:
         cd:76:75:10:d8:3f:71:a2:a9:b9:7a:48:a0:e1:81:de:98:11:
         57:d2:02:b8:1e:f8:e3:bb:c1:fc:52:02:72:70:27:31:e2:92:
         6a:b3:bc:e3:cd:4c:c3:a6:9e:89:62:0c:1a:c5:13:51:ec:55:
         4d:f3:ad:3d:7b:60:e6:02:40:6b:8d:f8:d8:af:f2:91:09:5e:
         3a:37:a3:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hHLt9VHB25dOePqFjtUuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhMjNiMDdhM2MwYWM5ZTMzM2Y1MmU4YjVkNDFhNzY4YTNk
MzkwMjUwHhcNMjYwMTAyMTYyMjI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGYwZDgxOWEwNzQ4ZGQ4Y2Q5YWZmZDEyMzRkMGI2YWU5OTcxZDkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzcYw/Z0veerooiRcwN59yb3bvwxm
8JTmUQYGhz1E5dhOCVWDIUyCotjhqo4svwVOp9uznMUZsJ1a9CRKQLg9lUOitsWT
UfKyQNnfmS9WuFr8aAFqmgQ5pGLJ/W1BYHZHmvx/ZZw+uQnH6b5bZnY3mT+78V4M
l7JyRq3tUgGMJe6m5LCzjs8yVU2J6kWeTEI7h1i4W1BD0+kHLjPFZRztKhhywuq+
RwUTAvO0JJis07aDHDng8LY0QezKAxnJsdD48/pJhEBBqq/JODsuOL5Xbifp7May
rlml1ugxkZfKCpEr8JkyuYQdiQRcE2ZzPe+/cV1RuPco9qbkXaNOhZBVkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLDw2BmgdI3YzZr/0SNNC2rplx2TMB8GA1UdIwQY
MBaAFLojsHo8CsnjM/Uui11Bp2ij05AlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWlPd2Vqd0t5ZU16OVM2TFhVR25hS1BUa0NVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC8xMGQ1YjItODVlMy00OWVkLWJkYzEt
ODA2OWM0Njc3MWNjLzEvc1BEWUdhQjBqZGpObXZfUkkwMExhdW1YSFpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC8xMGQ1YjItODVlMy00OWVkLWJkYzEtODA2OWM0Njc3MWNj
LzEvdWlPd2Vqd0t5ZU16OVM2TFhVR25hS1BUa0NVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Gx8MA0G
CSqGSIb3DQEBCwUAA4IBAQCKynswGjrSZBoyFJYYFawzBXJdDeyH9bY02GmNGXVb
sDE6sta5XOt1cTOlW2tF7mBdXelZz3vCu6xfFNeh5QaOF0Ul0SkNcFOlRmV0m9LZ
l+yZoGeYTE27DeIGHtUmprDhkzXjE7QwY4qiqRIVwCXmQP/0VB4R0qMoG8wlGL9K
SPcWB7DmJ18CeiWajEqX+tLrqCtUqqEnNDDqRCJadY2dFfR1uvKgbamGil13D6qG
MLIm3UfNdnUQ2D9xoqm5ekig4YHemBFX0gK4Hvjju8H8UgJycCcx4pJqs7zjzUzD
pp6JYgwaxRNR7FVN8609e2DmAkBrjfjYr/KRCV46N6PC
-----END CERTIFICATE-----