This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/fadff6-5cc0-4694-9c62-1358c2b5d541/1/sLh8Z3ykKeKmTd5LP1t35ARuEh0.roa
File:                     sLh8Z3ykKeKmTd5LP1t35ARuEh0.roa (raw, json)
Hash identifier:          g77XM78yPqe/jsFF9utIzh8pLf0nSfOh1N48HUcncso=
Subject key identifier:   B0:B8:7C:67:7C:A4:29:E2:A6:4D:DE:4B:3F:5B:77:E4:04:6E:12:1D
Certificate issuer:       /CN=5230b65d6116d4b60d36fdf7b6c6d5e5b954639e
Certificate serial:       019B7F15820DB3AE08865436A4D1B398F567
Authority key identifier: 52:30:B6:5D:61:16:D4:B6:0D:36:FD:F7:B6:C6:D5:E5:B9:54:63:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UjC2XWEW1LYNNv33tsbV5blUY54.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/fadff6-5cc0-4694-9c62-1358c2b5d541/1/sLh8Z3ykKeKmTd5LP1t35ARuEh0.roa
Signing time:             Fri 02 Jan 2026 14:21:14 +0000
ROA not before:           Fri 02 Jan 2026 14:21:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29605
IP address blocks:        212.67.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/fadff6-5cc0-4694-9c62-1358c2b5d541/1/UjC2XWEW1LYNNv33tsbV5blUY54.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/fadff6-5cc0-4694-9c62-1358c2b5d541/1/UjC2XWEW1LYNNv33tsbV5blUY54.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UjC2XWEW1LYNNv33tsbV5blUY54.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 11:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:82:0d:b3:ae:08:86:54:36:a4:d1:b3:98:f5:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5230b65d6116d4b60d36fdf7b6c6d5e5b954639e
        Validity
            Not Before: Jan  2 14:21:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b0b87c677ca429e2a64dde4b3f5b77e4046e121d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:bc:ac:d9:df:d8:89:45:19:2f:d0:44:42:5c:
                    09:af:5f:e5:24:6c:1e:0f:61:45:fc:2b:22:90:af:
                    b6:f3:3f:31:fc:9c:a9:66:e4:35:36:98:bd:b4:f8:
                    3f:80:e1:ef:bf:61:a0:73:7b:ba:f9:7b:d1:fd:bb:
                    98:2f:6b:df:12:25:41:dd:98:bb:ce:c2:25:c3:b1:
                    d1:4f:53:b2:0e:86:6a:90:a4:d2:68:88:a5:b9:e8:
                    78:90:f8:b2:c9:97:0a:8a:b3:dc:c2:9d:6e:d1:91:
                    5b:3f:81:b1:c2:2c:aa:ed:b7:dc:a2:a1:34:91:50:
                    de:97:e6:4c:f3:d2:40:21:ff:de:25:ad:2f:c5:1b:
                    ca:2a:bc:f4:c2:00:29:d1:ad:5c:cd:71:d5:b5:d5:
                    be:39:f5:23:44:40:4e:27:71:da:cf:10:7a:e9:20:
                    35:b2:24:a6:e6:03:c2:a5:0a:e8:31:61:90:28:39:
                    ec:92:2f:8b:8c:58:33:f2:6a:d6:1a:7c:0f:50:f8:
                    bf:7c:56:70:2e:2a:fb:79:20:ce:70:bf:62:a3:12:
                    cf:97:93:72:ba:1a:f7:93:0b:73:18:40:dc:40:31:
                    d7:de:32:8f:86:54:cb:4e:05:f4:9e:56:1f:64:b9:
                    a5:7d:5f:95:e9:45:71:6c:70:9f:43:a4:55:20:15:
                    63:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:B8:7C:67:7C:A4:29:E2:A6:4D:DE:4B:3F:5B:77:E4:04:6E:12:1D
            X509v3 Authority Key Identifier:
                keyid:52:30:B6:5D:61:16:D4:B6:0D:36:FD:F7:B6:C6:D5:E5:B9:54:63:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UjC2XWEW1LYNNv33tsbV5blUY54.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/fadff6-5cc0-4694-9c62-1358c2b5d541/1/sLh8Z3ykKeKmTd5LP1t35ARuEh0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/fadff6-5cc0-4694-9c62-1358c2b5d541/1/UjC2XWEW1LYNNv33tsbV5blUY54.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.67.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:b0:0e:8d:8d:1e:87:cc:3d:75:d5:6d:2d:2d:8c:66:06:90:
         ba:3e:eb:d0:27:02:d8:5d:65:86:03:d0:71:5a:e3:27:e7:75:
         c4:14:2e:46:b4:21:6d:91:6a:d6:c0:0d:fb:0b:7d:14:e8:59:
         5e:44:18:00:d4:8e:9f:5d:40:b7:d6:2d:36:ce:d9:5d:1e:3f:
         c4:51:6d:db:d0:b9:17:d4:b7:1f:85:dd:f5:6b:83:f6:13:05:
         9d:5c:13:a5:bd:67:88:3a:2b:2a:35:3d:e6:9c:61:26:e3:2d:
         48:08:74:ba:0f:a3:f6:93:22:72:14:0c:85:1b:11:3f:50:98:
         8f:c5:96:52:bc:86:38:be:a7:15:8a:42:e4:05:10:dc:de:3a:
         e2:69:b6:22:b5:b1:03:a9:45:52:6f:8d:a9:62:9c:d2:4c:8c:
         2e:c9:ed:05:f2:31:0b:fd:a6:86:25:9a:1a:6c:40:f5:2b:54:
         db:01:a0:d4:b4:c6:cb:86:2b:cb:1a:a5:d1:a6:d9:fb:c3:af:
         01:bd:0f:9c:f7:b2:f9:91:8f:27:ab:60:47:14:7b:77:ca:14:
         64:4e:64:24:5f:42:ae:d6:13:eb:7f:d8:82:f1:94:9d:6d:00:
         44:70:53:76:9e:55:05:36:d2:17:9d:e6:39:b1:32:25:dc:c5:
         88:9b:bf:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FYINs64IhlQ2pNGzmPVnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMzBiNjVkNjExNmQ0YjYwZDM2ZmRmN2I2YzZkNWU1Yjk1
NDYzOWUwHhcNMjYwMTAyMTQyMTE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGI4N2M2NzdjYTQyOWUyYTY0ZGRlNGIzZjViNzdlNDA0NmUxMjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAybys2d/YiUUZL9BEQlwJr1/lJGwe
D2FF/CsikK+28z8x/JypZuQ1Npi9tPg/gOHvv2Ggc3u6+XvR/buYL2vfEiVB3Zi7
zsIlw7HRT1OyDoZqkKTSaIilueh4kPiyyZcKirPcwp1u0ZFbP4Gxwiyq7bfcoqE0
kVDel+ZM89JAIf/eJa0vxRvKKrz0wgAp0a1czXHVtdW+OfUjREBOJ3HazxB66SA1
siSm5gPCpQroMWGQKDnski+LjFgz8mrWGnwPUPi/fFZwLir7eSDOcL9ioxLPl5Ny
uhr3kwtzGEDcQDHX3jKPhlTLTgX0nlYfZLmlfV+V6UVxbHCfQ6RVIBVjKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLC4fGd8pCnipk3eSz9bd+QEbhIdMB8GA1UdIwQY
MBaAFFIwtl1hFtS2DTb997bG1eW5VGOeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWpDMlhXRVcxTFlOTnYzM3RzYlY1YmxVWTU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9mYWRmZjYtNWNjMC00Njk0LTljNjIt
MTM1OGMyYjVkNTQxLzEvc0xoOFozeWtLZUttVGQ1TFAxdDM1QVJ1RWgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9mYWRmZjYtNWNjMC00Njk0LTljNjItMTM1OGMyYjVkNTQx
LzEvVWpDMlhXRVcxTFlOTnYzM3RzYlY1YmxVWTU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1EMnMA0G
CSqGSIb3DQEBCwUAA4IBAQCgsA6NjR6HzD111W0tLYxmBpC6PuvQJwLYXWWGA9Bx
WuMn53XEFC5GtCFtkWrWwA37C30U6FleRBgA1I6fXUC31i02ztldHj/EUW3b0LkX
1Lcfhd31a4P2EwWdXBOlvWeIOisqNT3mnGEm4y1ICHS6D6P2kyJyFAyFGxE/UJiP
xZZSvIY4vqcVikLkBRDc3jriabYitbEDqUVSb42pYpzSTIwuye0F8jEL/aaGJZoa
bED1K1TbAaDUtMbLhivLGqXRptn7w68BvQ+c97L5kY8nq2BHFHt3yhRkTmQkX0Ku
1hPrf9iC8ZSdbQBEcFN2nlUFNtIXneY5sTIl3MWIm7+2
-----END CERTIFICATE-----