This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/cfcffa-6029-42dd-9ef8-9d3a0f23cbe7/1/glf2RLsF1blKne8DsYrjLp0dv0E.roa
File:                     glf2RLsF1blKne8DsYrjLp0dv0E.roa (raw, json)
Hash identifier:          9xOA/W8QJQTfjVt2oAPBotD9rA+lAklAdSAciHQpc54=
Subject key identifier:   82:57:F6:44:BB:05:D5:B9:4A:9D:EF:03:B1:8A:E3:2E:9D:1D:BF:41
Certificate issuer:       /CN=28f8ede20b78f995993da98f434a966074d562c2
Certificate serial:       019B79ECC94E88FE5B10ADE4CB97D51D64E9
Authority key identifier: 28:F8:ED:E2:0B:78:F9:95:99:3D:A9:8F:43:4A:96:60:74:D5:62:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KPjt4gt4-ZWZPamPQ0qWYHTVYsI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/cfcffa-6029-42dd-9ef8-9d3a0f23cbe7/1/glf2RLsF1blKne8DsYrjLp0dv0E.roa
Signing time:             Thu 01 Jan 2026 14:18:39 +0000
ROA not before:           Thu 01 Jan 2026 14:18:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12399
IP address blocks:        213.153.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/cfcffa-6029-42dd-9ef8-9d3a0f23cbe7/1/KPjt4gt4-ZWZPamPQ0qWYHTVYsI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/cfcffa-6029-42dd-9ef8-9d3a0f23cbe7/1/KPjt4gt4-ZWZPamPQ0qWYHTVYsI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KPjt4gt4-ZWZPamPQ0qWYHTVYsI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:c9:4e:88:fe:5b:10:ad:e4:cb:97:d5:1d:64:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28f8ede20b78f995993da98f434a966074d562c2
        Validity
            Not Before: Jan  1 14:18:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8257f644bb05d5b94a9def03b18ae32e9d1dbf41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:7d:5d:51:39:d4:ce:bc:92:a4:76:8f:fd:85:
                    78:5c:d2:29:7a:df:df:56:1d:ac:0d:1f:da:23:93:
                    05:25:51:43:e3:1f:5b:b9:c8:b0:f4:a7:61:98:fb:
                    04:d6:78:4b:dd:0f:ea:07:cf:f4:e7:fe:01:3f:54:
                    00:13:02:ed:55:3b:cb:9b:d7:54:fb:07:3b:32:a0:
                    2f:62:b2:d9:5f:e4:24:87:fe:26:22:ab:12:be:dc:
                    9f:a3:ef:1c:e8:ed:e4:11:a3:70:bc:22:8d:a1:cc:
                    17:b1:c2:f7:ed:46:86:e9:a2:80:8b:ec:48:b3:ab:
                    3c:64:34:e9:65:50:5f:ac:7d:91:b0:6f:9f:55:c9:
                    ac:c1:2c:06:ff:ba:15:54:da:30:7d:7b:f0:16:f1:
                    05:c0:fb:f6:f0:85:af:e4:f9:a1:30:3c:4f:ca:80:
                    a2:df:ce:a4:aa:d1:ab:1f:ff:b8:4f:e2:6f:b6:01:
                    ec:83:36:c1:65:24:7d:f6:a6:b7:65:e4:77:fe:40:
                    dc:65:3f:11:09:cf:11:d1:7b:5f:6c:e3:a0:ae:88:
                    94:f9:0a:4a:6d:8c:d6:5b:3e:d6:1e:6c:67:f7:d0:
                    2d:8e:b9:0d:0f:37:0d:18:47:23:c4:b1:7b:1f:1f:
                    12:22:27:6a:b4:b5:7f:7d:d3:7d:e6:e8:7e:f9:4e:
                    db:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:57:F6:44:BB:05:D5:B9:4A:9D:EF:03:B1:8A:E3:2E:9D:1D:BF:41
            X509v3 Authority Key Identifier:
                keyid:28:F8:ED:E2:0B:78:F9:95:99:3D:A9:8F:43:4A:96:60:74:D5:62:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KPjt4gt4-ZWZPamPQ0qWYHTVYsI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/cfcffa-6029-42dd-9ef8-9d3a0f23cbe7/1/glf2RLsF1blKne8DsYrjLp0dv0E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/cfcffa-6029-42dd-9ef8-9d3a0f23cbe7/1/KPjt4gt4-ZWZPamPQ0qWYHTVYsI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.153.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:66:2e:ff:50:73:4b:92:1c:d4:b7:2f:4f:f5:5c:d1:03:8c:
         6b:6a:38:f9:90:ae:bf:f6:88:71:32:c0:4a:cf:ad:ce:13:59:
         a6:01:a7:a0:4f:2e:d9:bd:20:1c:45:26:e4:bb:7d:b1:d6:70:
         1c:7a:fe:ed:2d:bd:73:e4:23:63:58:2c:e0:10:ef:96:97:15:
         99:8b:a0:03:b6:19:59:bc:b9:a7:a4:e4:cc:c3:81:eb:b7:aa:
         6a:c7:d6:26:36:17:e3:9c:7d:73:e9:e0:10:48:bc:82:7a:d7:
         e6:63:36:8e:c2:57:67:d8:9c:d8:3e:49:e5:bd:5f:47:d3:5b:
         6e:21:59:b9:e9:ba:f0:3f:96:90:6c:41:bf:70:a7:b5:2c:f4:
         ca:46:97:ed:f9:93:13:3e:0c:47:07:db:08:ce:bd:f2:22:1c:
         96:d4:3c:af:f3:cc:44:f2:6c:9d:7c:11:f8:0f:43:85:73:0e:
         2a:e5:9c:b2:93:f7:fc:ab:e5:77:de:87:28:0c:bc:78:26:4a:
         cd:dc:05:d1:5d:ed:05:2b:13:79:80:7b:a2:37:25:64:ac:ae:
         30:4d:a9:49:a1:40:52:f3:e3:52:56:7d:90:d7:f5:47:52:9a:
         7e:5f:01:2e:eb:50:76:0c:8f:c6:d8:05:bf:62:6a:6b:03:01:
         c2:56:7d:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57MlOiP5bEK3ky5fVHWTpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4ZjhlZGUyMGI3OGY5OTU5OTNkYTk4ZjQzNGE5NjYwNzRk
NTYyYzIwHhcNMjYwMTAxMTQxODM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjU3ZjY0NGJiMDVkNWI5NGE5ZGVmMDNiMThhZTMyZTlkMWRiZjQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt31dUTnUzrySpHaP/YV4XNIpet/f
Vh2sDR/aI5MFJVFD4x9buciw9KdhmPsE1nhL3Q/qB8/05/4BP1QAEwLtVTvLm9dU
+wc7MqAvYrLZX+Qkh/4mIqsSvtyfo+8c6O3kEaNwvCKNocwXscL37UaG6aKAi+xI
s6s8ZDTpZVBfrH2RsG+fVcmswSwG/7oVVNowfXvwFvEFwPv28IWv5PmhMDxPyoCi
386kqtGrH/+4T+JvtgHsgzbBZSR99qa3ZeR3/kDcZT8RCc8R0XtfbOOgroiU+QpK
bYzWWz7WHmxn99AtjrkNDzcNGEcjxLF7Hx8SIidqtLV/fdN95uh++U7bHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIJX9kS7BdW5Sp3vA7GK4y6dHb9BMB8GA1UdIwQY
MBaAFCj47eILePmVmT2pj0NKlmB01WLCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1BqdDRndDQtWldaUGFtUFEwcVdZSFRWWXNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9jZmNmZmEtNjAyOS00MmRkLTllZjgt
OWQzYTBmMjNjYmU3LzEvZ2xmMlJMc0YxYmxLbmU4RHNZcmpMcDBkdjBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9jZmNmZmEtNjAyOS00MmRkLTllZjgtOWQzYTBmMjNjYmU3
LzEvS1BqdDRndDQtWldaUGFtUFEwcVdZSFRWWXNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1ZlCMA0G
CSqGSIb3DQEBCwUAA4IBAQBiZi7/UHNLkhzUty9P9VzRA4xrajj5kK6/9ohxMsBK
z63OE1mmAaegTy7ZvSAcRSbku32x1nAcev7tLb1z5CNjWCzgEO+WlxWZi6ADthlZ
vLmnpOTMw4Hrt6pqx9YmNhfjnH1z6eAQSLyCetfmYzaOwldn2JzYPknlvV9H01tu
IVm56brwP5aQbEG/cKe1LPTKRpft+ZMTPgxHB9sIzr3yIhyW1Dyv88xE8mydfBH4
D0OFcw4q5Zyyk/f8q+V33ocoDLx4JkrN3AXRXe0FKxN5gHuiNyVkrK4wTalJoUBS
8+NSVn2Q1/VHUpp+XwEu61B2DI/G2AW/YmprAwHCVn1L
-----END CERTIFICATE-----