This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/63da8a-de6f-4b12-a864-e3dd52799bda/1/8kLexoC86Do5vfxQjSviKxTow3s.roa
File:                     8kLexoC86Do5vfxQjSviKxTow3s.roa (raw, json)
Hash identifier:          R+3NYgMoxiJU1fSK7xfN36pT86q7Kv/cYyTRhCNtf3g=
Subject key identifier:   F2:42:DE:C6:80:BC:E8:3A:39:BD:FC:50:8D:2B:E2:2B:14:E8:C3:7B
Certificate issuer:       /CN=0cefacb37441dd19183bd1cb57db5ee55477a7a7
Certificate serial:       019B7834B90E1F4D44C195B517B09AD588F3
Authority key identifier: 0C:EF:AC:B3:74:41:DD:19:18:3B:D1:CB:57:DB:5E:E5:54:77:A7:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DO-ss3RB3RkYO9HLV9te5VR3p6c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/63da8a-de6f-4b12-a864-e3dd52799bda/1/8kLexoC86Do5vfxQjSviKxTow3s.roa
Signing time:             Thu 01 Jan 2026 06:17:59 +0000
ROA not before:           Thu 01 Jan 2026 06:17:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200190
IP address blocks:        185.169.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/63da8a-de6f-4b12-a864-e3dd52799bda/1/DO-ss3RB3RkYO9HLV9te5VR3p6c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/63da8a-de6f-4b12-a864-e3dd52799bda/1/DO-ss3RB3RkYO9HLV9te5VR3p6c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DO-ss3RB3RkYO9HLV9te5VR3p6c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:b9:0e:1f:4d:44:c1:95:b5:17:b0:9a:d5:88:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0cefacb37441dd19183bd1cb57db5ee55477a7a7
        Validity
            Not Before: Jan  1 06:17:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f242dec680bce83a39bdfc508d2be22b14e8c37b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:5e:a4:f8:76:ed:3d:91:85:e1:b1:97:6d:e8:
                    6a:cf:3e:da:6d:48:a8:d0:a9:7e:a8:5c:7c:90:73:
                    f2:a0:82:31:a3:f7:3f:87:a2:97:e2:a9:8b:9a:59:
                    db:18:68:2b:ab:ad:17:20:26:d2:69:50:24:22:73:
                    b7:a2:76:0b:bd:c1:98:82:7c:e7:5e:e3:a6:92:4f:
                    17:ae:49:ba:c0:9e:d7:8a:01:11:d0:e5:bf:76:73:
                    33:c7:15:f3:8b:a1:d7:b5:7a:8c:2c:42:6b:e9:b0:
                    a1:33:c4:4f:e4:f9:e4:88:45:a6:2f:54:56:67:10:
                    05:e6:b7:09:d3:11:12:05:20:8b:31:d4:cd:6f:6b:
                    ab:30:f7:3f:75:5b:61:44:b8:fa:71:c6:8d:73:5a:
                    7e:98:4c:d3:15:c8:b5:73:06:42:82:a5:20:87:37:
                    82:e4:c2:ab:7e:0b:a8:23:a7:9f:f8:1f:a8:3f:29:
                    63:f4:d2:ff:92:3c:30:c9:e5:47:e8:30:ae:30:64:
                    f2:1f:5b:e0:c7:a7:25:5a:35:e8:03:5f:5a:36:8e:
                    cf:fb:2b:12:74:7d:63:51:e3:e9:8d:59:75:0d:1c:
                    92:3e:0e:dc:88:a2:ec:1c:5b:85:dc:63:05:b4:14:
                    1b:3d:ba:70:c6:a0:92:fe:05:f2:55:70:8d:d9:09:
                    bd:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:42:DE:C6:80:BC:E8:3A:39:BD:FC:50:8D:2B:E2:2B:14:E8:C3:7B
            X509v3 Authority Key Identifier:
                keyid:0C:EF:AC:B3:74:41:DD:19:18:3B:D1:CB:57:DB:5E:E5:54:77:A7:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DO-ss3RB3RkYO9HLV9te5VR3p6c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/63da8a-de6f-4b12-a864-e3dd52799bda/1/8kLexoC86Do5vfxQjSviKxTow3s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/63da8a-de6f-4b12-a864-e3dd52799bda/1/DO-ss3RB3RkYO9HLV9te5VR3p6c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.169.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:0a:15:71:35:9a:64:30:b2:3a:3f:00:db:76:23:9c:12:c4:
         71:28:fc:a9:99:3f:0a:a6:aa:24:f1:4d:19:5a:b6:73:4f:dc:
         9e:95:fd:6a:a4:9a:84:15:e2:05:b8:25:68:a1:8f:75:57:64:
         4f:60:24:d3:b4:9f:31:32:49:ce:f7:d1:a6:fc:c8:46:c3:3e:
         26:3a:f1:9e:b9:7c:ea:bc:a3:e6:7a:50:3c:f6:28:df:a6:35:
         89:b6:bb:ba:7c:e9:0c:51:45:7c:ae:d5:60:ae:d8:46:31:a8:
         eb:b8:f4:02:ee:be:79:50:c1:0f:0a:36:f7:83:1d:66:f2:e8:
         0a:31:85:db:f1:72:2c:81:7b:55:8a:3f:13:04:23:85:18:b8:
         ea:46:16:8f:f6:b2:29:23:86:33:4f:63:64:ee:75:5e:d3:e2:
         44:5a:e5:c1:f6:8c:fb:d1:ad:68:6f:50:c2:1f:96:1e:45:13:
         b0:7b:2e:c9:bb:39:bc:9e:12:9a:19:2a:5a:2c:0d:54:60:1e:
         ee:6d:c7:a0:64:1f:a3:6a:61:65:51:6e:2c:4a:0f:fd:44:e0:
         2d:43:cc:e1:d8:5f:da:b4:fc:14:b1:33:fb:40:42:6b:78:a2:
         9f:5b:9b:a6:4e:dd:36:ae:df:db:85:a4:2c:66:e2:f2:e4:ec:
         75:ad:ec:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NLkOH01EwZW1F7Ca1YjzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZWZhY2IzNzQ0MWRkMTkxODNiZDFjYjU3ZGI1ZWU1NTQ3
N2E3YTcwHhcNMjYwMTAxMDYxNzU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjQyZGVjNjgwYmNlODNhMzliZGZjNTA4ZDJiZTIyYjE0ZThjMzdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArl6k+HbtPZGF4bGXbehqzz7abUio
0Kl+qFx8kHPyoIIxo/c/h6KX4qmLmlnbGGgrq60XICbSaVAkInO3onYLvcGYgnzn
XuOmkk8Xrkm6wJ7XigER0OW/dnMzxxXzi6HXtXqMLEJr6bChM8RP5PnkiEWmL1RW
ZxAF5rcJ0xESBSCLMdTNb2urMPc/dVthRLj6ccaNc1p+mEzTFci1cwZCgqUghzeC
5MKrfguoI6ef+B+oPylj9NL/kjwwyeVH6DCuMGTyH1vgx6clWjXoA19aNo7P+ysS
dH1jUePpjVl1DRySPg7ciKLsHFuF3GMFtBQbPbpwxqCS/gXyVXCN2Qm9IwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPJC3saAvOg6Ob38UI0r4isU6MN7MB8GA1UdIwQY
MBaAFAzvrLN0Qd0ZGDvRy1fbXuVUd6enMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE8tc3MzUkIzUmtZTzlITFY5dGU1VlIzcDZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS82M2RhOGEtZGU2Zi00YjEyLWE4NjQt
ZTNkZDUyNzk5YmRhLzEvOGtMZXhvQzg2RG81dmZ4UWpTdmlLeFRvdzNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS82M2RhOGEtZGU2Zi00YjEyLWE4NjQtZTNkZDUyNzk5YmRh
LzEvRE8tc3MzUkIzUmtZTzlITFY5dGU1VlIzcDZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAualNMA0G
CSqGSIb3DQEBCwUAA4IBAQAvChVxNZpkMLI6PwDbdiOcEsRxKPypmT8Kpqok8U0Z
WrZzT9yelf1qpJqEFeIFuCVooY91V2RPYCTTtJ8xMknO99Gm/MhGwz4mOvGeuXzq
vKPmelA89ijfpjWJtru6fOkMUUV8rtVgrthGMajruPQC7r55UMEPCjb3gx1m8ugK
MYXb8XIsgXtVij8TBCOFGLjqRhaP9rIpI4YzT2Nk7nVe0+JEWuXB9oz70a1ob1DC
H5YeRROwey7Juzm8nhKaGSpaLA1UYB7ubcegZB+jamFlUW4sSg/9ROAtQ8zh2F/a
tPwUsTP7QEJreKKfW5umTt02rt/bhaQsZuLy5Ox1rewZ
-----END CERTIFICATE-----