This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/db5f5e-7b7d-4b28-a9b3-0ac1bbd434d0/1/jshUcB9xo_4UjMSMpv_Atyyty9w.roa
File:                     jshUcB9xo_4UjMSMpv_Atyyty9w.roa (raw, json)
Hash identifier:          An++hrgldtP3cS4PiEwsT48K4V8iq3LI6SDvvL0nHOE=
Subject key identifier:   8E:C8:54:70:1F:71:A3:FE:14:8C:C4:8C:A6:FF:C0:B7:2C:AD:CB:DC
Certificate issuer:       /CN=bf3ac720a117b74d4d13c263f79477929edbb4bc
Certificate serial:       019B78A2AAE11791673D758BDEA96358CEC7
Authority key identifier: BF:3A:C7:20:A1:17:B7:4D:4D:13:C2:63:F7:94:77:92:9E:DB:B4:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vzrHIKEXt01NE8Jj95R3kp7btLw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/db5f5e-7b7d-4b28-a9b3-0ac1bbd434d0/1/jshUcB9xo_4UjMSMpv_Atyyty9w.roa
Signing time:             Thu 01 Jan 2026 08:18:04 +0000
ROA not before:           Thu 01 Jan 2026 08:18:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198906
IP address blocks:        176.118.136.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/db5f5e-7b7d-4b28-a9b3-0ac1bbd434d0/1/vzrHIKEXt01NE8Jj95R3kp7btLw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/db5f5e-7b7d-4b28-a9b3-0ac1bbd434d0/1/vzrHIKEXt01NE8Jj95R3kp7btLw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vzrHIKEXt01NE8Jj95R3kp7btLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:aa:e1:17:91:67:3d:75:8b:de:a9:63:58:ce:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf3ac720a117b74d4d13c263f79477929edbb4bc
        Validity
            Not Before: Jan  1 08:18:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8ec854701f71a3fe148cc48ca6ffc0b72cadcbdc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:d2:b7:1e:33:35:31:2d:1d:87:2b:0f:35:08:
                    a4:be:32:4f:9d:11:fa:c8:e2:2b:71:40:75:b8:38:
                    8e:06:4c:b5:fb:2d:1f:a3:aa:30:e6:80:f5:e4:7a:
                    b9:46:48:74:59:1a:14:ce:8a:9a:ba:5c:7b:ff:1a:
                    16:71:52:4e:b3:fa:7a:7e:d0:45:c8:0b:11:59:12:
                    78:15:b0:af:28:62:cf:27:f0:27:34:12:7c:c5:8a:
                    c3:1d:b0:b2:f7:85:87:37:e4:73:22:4d:cc:c2:43:
                    17:6b:66:f7:49:3b:2e:3b:05:0f:95:96:81:bf:f9:
                    b3:d9:7e:07:eb:13:42:43:6e:0c:44:a4:7f:58:fc:
                    7b:7c:f9:36:c8:06:f5:0f:5a:f8:0e:85:6b:51:15:
                    4b:d3:e7:e3:83:67:e3:38:fc:45:24:34:79:ed:40:
                    d7:1e:b0:f5:b3:80:48:0f:fc:41:83:28:70:43:87:
                    42:bf:d2:d0:c3:16:24:17:0c:e0:8b:61:76:52:0f:
                    1a:93:b5:17:12:09:2e:d9:91:42:7a:19:fc:9c:89:
                    8b:7d:82:21:4b:85:82:1e:c0:39:85:28:ae:be:50:
                    da:52:b2:d6:af:ab:fd:7e:6e:96:14:70:1b:3e:50:
                    6e:92:f1:ad:0a:70:eb:32:e8:96:02:04:92:2d:54:
                    75:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:C8:54:70:1F:71:A3:FE:14:8C:C4:8C:A6:FF:C0:B7:2C:AD:CB:DC
            X509v3 Authority Key Identifier:
                keyid:BF:3A:C7:20:A1:17:B7:4D:4D:13:C2:63:F7:94:77:92:9E:DB:B4:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vzrHIKEXt01NE8Jj95R3kp7btLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db5f5e-7b7d-4b28-a9b3-0ac1bbd434d0/1/jshUcB9xo_4UjMSMpv_Atyyty9w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db5f5e-7b7d-4b28-a9b3-0ac1bbd434d0/1/vzrHIKEXt01NE8Jj95R3kp7btLw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.118.136.0/21

    Signature Algorithm: sha256WithRSAEncryption
         17:58:57:d6:39:2e:12:f7:44:c3:46:7d:a2:32:00:69:29:e6:
         1c:5d:74:06:7c:cb:f1:9e:82:26:c2:2a:7e:b5:2b:8a:4e:e3:
         4a:7d:c6:24:c4:88:c8:c7:c3:c8:8d:c5:a1:cf:77:60:4f:6f:
         93:b4:d5:9e:e6:da:70:93:52:a3:43:59:c7:33:7c:37:9f:91:
         34:c6:47:b4:a8:b1:c6:d8:21:51:bc:61:68:d0:d6:cb:ec:c8:
         36:bd:de:45:48:59:dc:9b:2c:5f:e8:81:d5:ba:3d:9a:e3:a2:
         be:82:45:1b:9a:78:99:20:00:e3:b0:aa:cf:c3:e7:74:45:b3:
         e0:48:df:e9:9d:91:e7:fd:14:1b:11:96:d7:9b:19:88:b7:fd:
         b2:26:43:b3:b7:2e:6f:e5:c1:7e:28:bd:7d:25:60:b7:e9:ed:
         4c:23:d7:13:ca:da:ea:72:b7:56:dc:69:32:1d:a9:ee:75:e7:
         4c:83:d4:70:6e:60:0a:b5:04:74:07:8f:64:b1:34:52:36:83:
         b6:45:4e:fb:3b:a7:66:bc:18:b1:d3:15:82:94:8c:09:bd:37:
         77:ac:0d:a0:e4:87:eb:60:8d:ca:79:90:48:fe:56:18:4f:f0:
         ec:84:7e:3b:a4:8c:0a:36:97:ea:fa:9f:82:db:41:32:bf:2a:
         e2:77:08:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4oqrhF5FnPXWL3qljWM7HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmM2FjNzIwYTExN2I3NGQ0ZDEzYzI2M2Y3OTQ3NzkyOWVk
YmI0YmMwHhcNMjYwMTAxMDgxODA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWM4NTQ3MDFmNzFhM2ZlMTQ4Y2M0OGNhNmZmYzBiNzJjYWRjYmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr9K3HjM1MS0dhysPNQikvjJPnRH6
yOIrcUB1uDiOBky1+y0fo6ow5oD15Hq5Rkh0WRoUzoqaulx7/xoWcVJOs/p6ftBF
yAsRWRJ4FbCvKGLPJ/AnNBJ8xYrDHbCy94WHN+RzIk3MwkMXa2b3STsuOwUPlZaB
v/mz2X4H6xNCQ24MRKR/WPx7fPk2yAb1D1r4DoVrURVL0+fjg2fjOPxFJDR57UDX
HrD1s4BID/xBgyhwQ4dCv9LQwxYkFwzgi2F2Ug8ak7UXEgku2ZFCehn8nImLfYIh
S4WCHsA5hSiuvlDaUrLWr6v9fm6WFHAbPlBukvGtCnDrMuiWAgSSLVR1eQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI7IVHAfcaP+FIzEjKb/wLcsrcvcMB8GA1UdIwQY
MBaAFL86xyChF7dNTRPCY/eUd5Ke27S8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnpySElLRVh0MDFORThKajk1UjNrcDdidEx3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9kYjVmNWUtN2I3ZC00YjI4LWE5YjMt
MGFjMWJiZDQzNGQwLzEvanNoVWNCOXhvXzRVak1TTXB2X0F0eXl0eTl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9kYjVmNWUtN2I3ZC00YjI4LWE5YjMtMGFjMWJiZDQzNGQw
LzEvdnpySElLRVh0MDFORThKajk1UjNrcDdidEx3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDsHaIMA0G
CSqGSIb3DQEBCwUAA4IBAQAXWFfWOS4S90TDRn2iMgBpKeYcXXQGfMvxnoImwip+
tSuKTuNKfcYkxIjIx8PIjcWhz3dgT2+TtNWe5tpwk1KjQ1nHM3w3n5E0xke0qLHG
2CFRvGFo0NbL7Mg2vd5FSFncmyxf6IHVuj2a46K+gkUbmniZIADjsKrPw+d0RbPg
SN/pnZHn/RQbEZbXmxmIt/2yJkOzty5v5cF+KL19JWC36e1MI9cTytrqcrdW3Gky
HanudedMg9RwbmAKtQR0B49ksTRSNoO2RU77O6dmvBix0xWClIwJvTd3rA2g5Ifr
YI3KeZBI/lYYT/DshH47pIwKNpfq+p+C20EyvyridwgC
-----END CERTIFICATE-----