This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/iv-DGbHi7jhC6-KbaXRuWKrxSJw.roa
File:                     iv-DGbHi7jhC6-KbaXRuWKrxSJw.roa (raw, json)
Hash identifier:          DCqm4T/AKjotRXUc3PC/vHyXchhsUr3+zqTpdaE+yuM=
Subject key identifier:   8A:FF:83:19:B1:E2:EE:38:42:EB:E2:9B:69:74:6E:58:AA:F1:48:9C
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       019B7E38A9A6133BCB09B7C67B1D11C8DA20
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/iv-DGbHi7jhC6-KbaXRuWKrxSJw.roa
Signing time:             Fri 02 Jan 2026 10:20:01 +0000
ROA not before:           Fri 02 Jan 2026 10:20:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34450
IP address blocks:        212.111.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 Jan 2026 21:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:a9:a6:13:3b:cb:09:b7:c6:7b:1d:11:c8:da:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Jan  2 10:20:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8aff8319b1e2ee3842ebe29b69746e58aaf1489c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:ac:f5:60:00:7b:76:3f:01:96:8d:a3:6d:34:
                    41:d4:c7:43:b0:9f:2d:8f:51:eb:f5:6b:d6:83:8b:
                    e3:0c:c8:fb:85:f3:aa:a8:42:9f:5a:02:17:e7:3e:
                    ec:d9:fa:59:52:f0:71:de:2d:67:89:26:ae:e7:70:
                    1d:5a:20:e9:7c:dd:c2:55:88:61:2e:14:1e:66:f1:
                    e6:7b:e5:12:36:d9:15:ec:bc:3e:c0:3e:83:e0:64:
                    17:7f:fc:aa:14:2b:d8:28:7a:48:ec:f3:83:b3:bf:
                    59:93:44:4c:91:f8:02:bf:96:54:d2:d0:c2:be:ee:
                    a0:a5:a1:68:6e:6c:9e:ae:29:f4:60:41:cb:49:1a:
                    34:0e:34:70:15:6c:d2:90:2c:ba:a1:0e:c9:fb:85:
                    05:5a:55:1c:e1:e6:b3:28:66:e7:dc:f0:b3:c3:02:
                    d5:55:a6:65:47:df:d2:55:2b:28:ee:70:ba:14:f6:
                    ea:24:fe:09:db:6f:e0:58:46:de:ff:a3:33:b5:b5:
                    5d:ce:dc:53:14:72:23:85:d0:37:68:e6:3f:4f:fd:
                    21:37:d0:41:14:3d:51:d3:75:da:3b:71:fa:44:45:
                    a3:8b:f5:60:52:1a:5a:19:a6:b0:0f:70:7a:6f:a6:
                    19:7a:02:68:10:da:3a:84:ca:3c:6b:ae:3a:32:ba:
                    1d:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:FF:83:19:B1:E2:EE:38:42:EB:E2:9B:69:74:6E:58:AA:F1:48:9C
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/iv-DGbHi7jhC6-KbaXRuWKrxSJw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.111.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:f2:77:3b:79:05:99:c4:64:f1:bc:40:23:0b:1e:91:69:15:
         ab:2d:92:4a:1e:a4:85:61:43:b7:87:bf:a4:c3:62:41:a6:cd:
         84:43:10:56:c5:8e:2f:61:4b:00:4c:31:77:11:68:22:1b:38:
         58:fb:7d:e6:0c:c8:89:74:16:fa:f3:6b:38:e8:34:eb:f9:1f:
         4d:f8:7f:55:8e:8b:4e:84:f7:f9:d3:db:b1:2a:77:59:ff:5f:
         12:1d:c2:80:74:1d:f9:83:db:89:2c:08:47:56:6e:5f:2a:40:
         f3:8b:8d:db:d0:22:be:57:54:21:23:27:20:26:f0:c0:31:b3:
         d3:c4:f7:90:ce:57:ad:d6:93:12:1d:51:95:1d:30:07:54:74:
         3d:ce:27:81:88:b3:35:99:a5:e6:76:da:7c:e8:9f:62:ad:28:
         cf:8c:95:cb:bf:ac:79:5c:ce:a5:b7:10:b1:91:b2:91:61:b0:
         61:8b:78:6a:f7:23:57:87:5c:de:75:57:df:3f:f7:6e:bf:be:
         91:59:5d:57:ee:4c:d3:77:a2:21:06:ec:3e:16:49:08:2f:f3:
         95:b6:1b:f5:10:26:73:d0:dc:bc:02:a1:66:47:d4:d8:d7:eb:
         4e:1a:25:b3:98:14:ec:04:4a:c0:0b:cc:d8:34:84:b6:64:42:
         6e:f7:74:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OKmmEzvLCbfGex0RyNogMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjYwMTAyMTAyMDAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWZmODMxOWIxZTJlZTM4NDJlYmUyOWI2OTc0NmU1OGFhZjE0ODljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuKz1YAB7dj8Blo2jbTRB1MdDsJ8t
j1Hr9WvWg4vjDMj7hfOqqEKfWgIX5z7s2fpZUvBx3i1niSau53AdWiDpfN3CVYhh
LhQeZvHme+USNtkV7Lw+wD6D4GQXf/yqFCvYKHpI7PODs79Zk0RMkfgCv5ZU0tDC
vu6gpaFobmyerin0YEHLSRo0DjRwFWzSkCy6oQ7J+4UFWlUc4eazKGbn3PCzwwLV
VaZlR9/SVSso7nC6FPbqJP4J22/gWEbe/6MztbVdztxTFHIjhdA3aOY/T/0hN9BB
FD1R03XaO3H6REWji/VgUhpaGaawD3B6b6YZegJoENo6hMo8a646MrodbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIr/gxmx4u44Quvim2l0bliq8UicMB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvaXYtREdiSGk3amhDNi1LYmFYUnVXS3J4U0p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1G/IMA0G
CSqGSIb3DQEBCwUAA4IBAQAz8nc7eQWZxGTxvEAjCx6RaRWrLZJKHqSFYUO3h7+k
w2JBps2EQxBWxY4vYUsATDF3EWgiGzhY+33mDMiJdBb682s46DTr+R9N+H9VjotO
hPf509uxKndZ/18SHcKAdB35g9uJLAhHVm5fKkDzi43b0CK+V1QhIycgJvDAMbPT
xPeQzlet1pMSHVGVHTAHVHQ9zieBiLM1maXmdtp86J9irSjPjJXLv6x5XM6ltxCx
kbKRYbBhi3hq9yNXh1zedVffP/duv76RWV1X7kzTd6IhBuw+FkkIL/OVthv1ECZz
0Ny8AqFmR9TY1+tOGiWzmBTsBErAC8zYNIS2ZEJu93QQ
-----END CERTIFICATE-----