This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/_sN8yzKDKHcnVU5p49CbRL2H3ig.roa
File:                     _sN8yzKDKHcnVU5p49CbRL2H3ig.roa (raw, json)
Hash identifier:          kgkv7xILeg1lxV+k1BaZVXsKuUZT1LhEAwckSMdm8JQ=
Subject key identifier:   FE:C3:7C:CB:32:83:28:77:27:55:4E:69:E3:D0:9B:44:BD:87:DE:28
Certificate issuer:       /CN=706d3abbb478b74ef2adef9bb7c4336e34111d51
Certificate serial:       019B7F84377DBA3E555DAE3B5629798963BC
Authority key identifier: 70:6D:3A:BB:B4:78:B7:4E:F2:AD:EF:9B:B7:C4:33:6E:34:11:1D:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cG06u7R4t07yre-bt8QzbjQRHVE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/_sN8yzKDKHcnVU5p49CbRL2H3ig.roa
Signing time:             Fri 02 Jan 2026 16:22:10 +0000
ROA not before:           Fri 02 Jan 2026 16:22:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212477
IP address blocks:        217.119.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/cG06u7R4t07yre-bt8QzbjQRHVE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/cG06u7R4t07yre-bt8QzbjQRHVE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cG06u7R4t07yre-bt8QzbjQRHVE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 07:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:37:7d:ba:3e:55:5d:ae:3b:56:29:79:89:63:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=706d3abbb478b74ef2adef9bb7c4336e34111d51
        Validity
            Not Before: Jan  2 16:22:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fec37ccb3283287727554e69e3d09b44bd87de28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:0e:59:b6:12:2f:7c:70:ed:b0:84:d7:7e:30:
                    91:c5:96:3e:d2:e7:d3:22:c3:33:3e:4c:93:41:27:
                    62:be:89:1b:be:67:d6:a3:1e:3f:fe:cb:6f:de:2c:
                    0d:54:d3:6f:eb:37:a5:88:c6:47:5f:34:35:f9:c5:
                    1c:4a:ec:3b:d7:b7:97:08:33:2e:c0:77:0d:af:03:
                    9b:bf:cb:6e:68:83:81:f4:92:d5:08:7d:ed:9d:70:
                    d0:4b:2b:5d:09:c6:34:4a:a6:62:18:fc:01:47:24:
                    82:a0:b9:c8:21:8c:2f:e2:24:39:80:2d:2e:15:6f:
                    53:2d:0f:53:7f:9e:d3:d3:52:b9:7d:83:e6:14:3f:
                    1c:48:b0:81:36:4d:2e:65:ed:57:22:d0:e6:47:6b:
                    13:66:9b:73:63:d3:6f:91:89:82:1e:6e:5f:20:a6:
                    86:7c:10:94:86:c7:5d:b6:1f:d3:aa:08:aa:42:93:
                    ee:ec:3a:5e:bd:1b:56:d5:7f:af:86:02:b2:5b:36:
                    de:8c:e0:47:18:09:7b:66:4f:53:38:5a:dd:36:7f:
                    a7:73:56:d4:0d:05:07:48:6b:54:64:18:6d:d7:a1:
                    ed:31:d0:cf:eb:3c:38:9e:cc:06:16:78:c4:f7:cb:
                    b9:44:42:e9:4d:1e:11:4e:0e:28:38:ee:40:e9:ba:
                    12:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:C3:7C:CB:32:83:28:77:27:55:4E:69:E3:D0:9B:44:BD:87:DE:28
            X509v3 Authority Key Identifier:
                keyid:70:6D:3A:BB:B4:78:B7:4E:F2:AD:EF:9B:B7:C4:33:6E:34:11:1D:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cG06u7R4t07yre-bt8QzbjQRHVE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/_sN8yzKDKHcnVU5p49CbRL2H3ig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/cG06u7R4t07yre-bt8QzbjQRHVE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.119.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:4f:10:6a:6b:29:2a:40:e9:55:8e:8f:2e:27:d4:84:59:75:
         74:3d:6d:1b:f3:37:ae:b9:46:0a:61:3f:ec:1b:8b:df:8c:31:
         1b:c2:66:7a:a7:6e:eb:0e:bc:20:26:ec:3e:6c:8f:a8:bf:dc:
         c0:a2:21:9e:b3:b2:ec:4b:ea:87:9d:c4:1d:65:7e:83:27:79:
         45:17:eb:17:3f:94:3c:ea:79:70:fb:7f:79:6e:33:ec:7b:d0:
         fc:5c:b3:6b:8e:5a:bf:02:b7:fa:49:fd:c4:cf:68:7a:ae:dc:
         0f:c6:28:07:fe:f0:be:f0:b4:07:36:1f:3f:75:24:f6:92:61:
         9c:36:ad:a7:32:db:8c:74:78:36:4f:bb:da:00:a4:3f:ef:ae:
         7f:9c:63:2f:5d:be:6f:51:6c:7b:30:32:46:4e:ed:1b:55:39:
         2a:8c:cd:ba:6a:52:89:eb:45:64:cf:9e:a1:38:9c:16:ca:ff:
         3b:0e:ae:a6:fc:08:4d:f1:fe:36:f2:6e:62:71:85:b4:66:06:
         a4:26:0a:0a:f6:69:d6:ea:09:e5:58:a2:14:ad:c2:e0:6f:22:
         da:73:0d:03:b8:19:79:11:53:fc:5e:ce:02:c0:37:ca:89:f3:
         4e:d1:bc:43:8e:6a:9a:b1:5f:dd:69:f7:8e:f1:13:f2:e7:2a:
         78:9f:61:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hDd9uj5VXa47Vil5iWO8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwNmQzYWJiYjQ3OGI3NGVmMmFkZWY5YmI3YzQzMzZlMzQx
MTFkNTEwHhcNMjYwMTAyMTYyMjEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWMzN2NjYjMyODMyODc3Mjc1NTRlNjllM2QwOWI0NGJkODdkZTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArA5ZthIvfHDtsITXfjCRxZY+0ufT
IsMzPkyTQSdivokbvmfWox4//stv3iwNVNNv6zeliMZHXzQ1+cUcSuw717eXCDMu
wHcNrwObv8tuaIOB9JLVCH3tnXDQSytdCcY0SqZiGPwBRySCoLnIIYwv4iQ5gC0u
FW9TLQ9Tf57T01K5fYPmFD8cSLCBNk0uZe1XItDmR2sTZptzY9NvkYmCHm5fIKaG
fBCUhsddth/TqgiqQpPu7DpevRtW1X+vhgKyWzbejOBHGAl7Zk9TOFrdNn+nc1bU
DQUHSGtUZBht16HtMdDP6zw4nswGFnjE98u5RELpTR4RTg4oOO5A6boS2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP7DfMsygyh3J1VOaePQm0S9h94oMB8GA1UdIwQY
MBaAFHBtOru0eLdO8q3vm7fEM240ER1RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0cwNnU3UjR0MDd5cmUtYnQ4UXpialFSSFZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy8wYzZmNDctNDcxMy00NDcxLWIwOGYt
YTQyMTNjOTNmMWY3LzEvX3NOOHl6S0RLSGNuVlU1cDQ5Q2JSTDJIM2lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy8wYzZmNDctNDcxMy00NDcxLWIwOGYtYTQyMTNjOTNmMWY3
LzEvY0cwNnU3UjR0MDd5cmUtYnQ4UXpialFSSFZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2XeEMA0G
CSqGSIb3DQEBCwUAA4IBAQCoTxBqaykqQOlVjo8uJ9SEWXV0PW0b8zeuuUYKYT/s
G4vfjDEbwmZ6p27rDrwgJuw+bI+ov9zAoiGes7LsS+qHncQdZX6DJ3lFF+sXP5Q8
6nlw+395bjPse9D8XLNrjlq/Arf6Sf3Ez2h6rtwPxigH/vC+8LQHNh8/dST2kmGc
Nq2nMtuMdHg2T7vaAKQ/765/nGMvXb5vUWx7MDJGTu0bVTkqjM26alKJ60Vkz56h
OJwWyv87Dq6m/AhN8f428m5icYW0ZgakJgoK9mnW6gnlWKIUrcLgbyLacw0DuBl5
EVP8Xs4CwDfKifNO0bxDjmqasV/dafeO8RPy5yp4n2HZ
-----END CERTIFICATE-----