This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/acd746-71eb-4cde-ae20-67685b4dc8b9/1/13bg8sr321aaC-jFOX86O1_lBzU.roa
File:                     13bg8sr321aaC-jFOX86O1_lBzU.roa (raw, json)
Hash identifier:          bU7Oi7TbB7FOIxER/ptIdZra1cEI8qAD1Nz/78F0Vtg=
Subject key identifier:   D7:76:E0:F2:CA:F7:DB:56:9A:0B:E8:C5:39:7F:3A:3B:5F:E5:07:35
Certificate issuer:       /CN=8a7bdf2f5b961232e58db289b48a9fe245fa9d6c
Certificate serial:       019B7B3653EBF93F4989E5FEFD46B132177D
Authority key identifier: 8A:7B:DF:2F:5B:96:12:32:E5:8D:B2:89:B4:8A:9F:E2:45:FA:9D:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/invfL1uWEjLljbKJtIqf4kX6nWw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/acd746-71eb-4cde-ae20-67685b4dc8b9/1/13bg8sr321aaC-jFOX86O1_lBzU.roa
Signing time:             Thu 01 Jan 2026 20:18:36 +0000
ROA not before:           Thu 01 Jan 2026 20:18:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60631
IP address blocks:        176.120.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/acd746-71eb-4cde-ae20-67685b4dc8b9/1/invfL1uWEjLljbKJtIqf4kX6nWw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/acd746-71eb-4cde-ae20-67685b4dc8b9/1/invfL1uWEjLljbKJtIqf4kX6nWw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/invfL1uWEjLljbKJtIqf4kX6nWw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 14:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:53:eb:f9:3f:49:89:e5:fe:fd:46:b1:32:17:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a7bdf2f5b961232e58db289b48a9fe245fa9d6c
        Validity
            Not Before: Jan  1 20:18:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d776e0f2caf7db569a0be8c5397f3a3b5fe50735
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:48:3a:81:a3:09:b5:76:81:92:28:ac:f1:62:
                    78:45:93:dd:87:63:74:10:b1:5b:88:66:75:27:4b:
                    d3:01:9d:6c:30:55:d7:9d:88:ce:21:68:56:e3:d8:
                    96:d1:56:46:5a:37:23:f7:51:08:ac:7c:6f:1f:19:
                    9b:31:31:d6:69:fc:c6:c7:5d:27:dc:93:fd:f9:3a:
                    21:73:6d:e4:d2:b6:18:de:f7:b5:1d:c6:ba:8c:2b:
                    31:bf:e2:7c:05:3c:75:3d:bb:6d:c5:2e:f5:b5:36:
                    f7:33:20:4f:31:98:e0:c3:2c:92:82:08:c4:07:8e:
                    04:f6:eb:84:ee:0e:ca:10:9b:58:82:46:62:ca:78:
                    af:8c:9d:8f:ca:20:09:2d:7b:e7:cb:2a:4c:6c:3d:
                    ba:e0:fe:99:02:cb:47:ba:65:27:28:4b:ab:ef:c8:
                    a2:36:2f:0d:60:72:a2:fe:91:be:1e:4f:38:c7:05:
                    c6:e0:be:c2:c7:77:60:b1:f2:3d:e9:0f:b4:2a:54:
                    95:f6:2b:19:3a:4b:57:68:d2:ba:72:39:03:6a:a1:
                    17:ae:94:4d:30:c7:6b:2a:77:9e:a5:9c:4c:20:c6:
                    8d:5a:ba:7a:f0:e0:68:da:b9:05:16:34:fb:d6:f0:
                    9c:f0:28:91:00:93:e6:0c:a9:05:bc:5c:db:01:fe:
                    26:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:76:E0:F2:CA:F7:DB:56:9A:0B:E8:C5:39:7F:3A:3B:5F:E5:07:35
            X509v3 Authority Key Identifier:
                keyid:8A:7B:DF:2F:5B:96:12:32:E5:8D:B2:89:B4:8A:9F:E2:45:FA:9D:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/invfL1uWEjLljbKJtIqf4kX6nWw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/acd746-71eb-4cde-ae20-67685b4dc8b9/1/13bg8sr321aaC-jFOX86O1_lBzU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/acd746-71eb-4cde-ae20-67685b4dc8b9/1/invfL1uWEjLljbKJtIqf4kX6nWw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.120.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:4a:57:35:e5:10:8e:d3:b5:99:a3:a2:21:1b:df:c0:cc:a2:
         2b:17:c9:72:2a:d7:1a:1b:bd:63:71:cc:67:74:92:ec:f7:4f:
         da:95:19:71:9d:82:94:db:b8:a5:9e:e4:05:e2:23:8f:d9:bd:
         55:40:44:2e:c4:12:6f:b0:d9:4c:2c:ff:f8:8f:0e:73:4e:9e:
         2c:35:1e:41:04:b0:c0:29:a7:6c:29:26:30:9b:1f:df:58:71:
         8e:f4:f8:08:aa:c5:e4:fd:12:11:37:20:c4:ee:37:1e:72:fe:
         a1:db:4b:df:e7:35:c9:66:00:d0:2a:fb:bb:75:f6:28:a5:3b:
         f1:97:cf:f0:bb:8c:6e:7e:fb:a2:58:f4:0c:03:81:11:b4:b5:
         5d:1d:97:08:7a:0e:bf:06:cb:26:de:ae:8b:da:07:79:67:d8:
         ee:00:e3:8b:10:29:72:95:7c:09:54:b8:23:44:b7:3f:b7:87:
         f3:8c:b5:37:93:31:7f:7a:75:26:cf:6f:29:b5:d9:80:66:b8:
         f7:9d:be:84:58:35:72:f7:b1:80:a1:cf:db:08:64:9d:ee:71:
         32:e1:5c:90:02:28:76:c7:fd:e6:d0:a3:a3:f8:e7:e0:a9:00:
         cb:dd:1f:c3:00:70:60:a1:ee:7e:cf:80:fc:83:95:44:fe:21:
         c5:e5:4b:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NlPr+T9JieX+/UaxMhd9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhN2JkZjJmNWI5NjEyMzJlNThkYjI4OWI0OGE5ZmUyNDVm
YTlkNmMwHhcNMjYwMTAxMjAxODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzc2ZTBmMmNhZjdkYjU2OWEwYmU4YzUzOTdmM2EzYjVmZTUwNzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkg6gaMJtXaBkiis8WJ4RZPdh2N0
ELFbiGZ1J0vTAZ1sMFXXnYjOIWhW49iW0VZGWjcj91EIrHxvHxmbMTHWafzGx10n
3JP9+Tohc23k0rYY3ve1Hca6jCsxv+J8BTx1PbttxS71tTb3MyBPMZjgwyySggjE
B44E9uuE7g7KEJtYgkZiynivjJ2PyiAJLXvnyypMbD264P6ZAstHumUnKEur78ii
Ni8NYHKi/pG+Hk84xwXG4L7Cx3dgsfI96Q+0KlSV9isZOktXaNK6cjkDaqEXrpRN
MMdrKneepZxMIMaNWrp68OBo2rkFFjT71vCc8CiRAJPmDKkFvFzbAf4mzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNd24PLK99tWmgvoxTl/Ojtf5Qc1MB8GA1UdIwQY
MBaAFIp73y9blhIy5Y2yibSKn+JF+p1sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaW52ZkwxdVdFakxsamJLSnRJcWY0a1g2bld3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS9hY2Q3NDYtNzFlYi00Y2RlLWFlMjAt
Njc2ODViNGRjOGI5LzEvMTNiZzhzcjMyMWFhQy1qRk9YODZPMV9sQnpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS9hY2Q3NDYtNzFlYi00Y2RlLWFlMjAtNjc2ODViNGRjOGI5
LzEvaW52ZkwxdVdFakxsamJLSnRJcWY0a1g2bld3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHgQMA0G
CSqGSIb3DQEBCwUAA4IBAQCPSlc15RCO07WZo6IhG9/AzKIrF8lyKtcaG71jccxn
dJLs90/alRlxnYKU27ilnuQF4iOP2b1VQEQuxBJvsNlMLP/4jw5zTp4sNR5BBLDA
KadsKSYwmx/fWHGO9PgIqsXk/RIRNyDE7jcecv6h20vf5zXJZgDQKvu7dfYopTvx
l8/wu4xufvuiWPQMA4ERtLVdHZcIeg6/Bssm3q6L2gd5Z9juAOOLEClylXwJVLgj
RLc/t4fzjLU3kzF/enUmz28ptdmAZrj3nb6EWDVy97GAoc/bCGSd7nEy4VyQAih2
x/3m0KOj+OfgqQDL3R/DAHBgoe5+z4D8g5VE/iHF5Uvb
-----END CERTIFICATE-----