This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/dHK8p--AMZ07sj6i4S0BZReOvsA.roa
File:                     dHK8p--AMZ07sj6i4S0BZReOvsA.roa (raw, json)
Hash identifier:          PxUJaA8IfeZZJPgChyRiYpYQqk3oLszebwc+piBUn+8=
Subject key identifier:   74:72:BC:A7:EF:80:31:9D:3B:B2:3E:A2:E1:2D:01:65:17:8E:BE:C0
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       019B7DCB841083D57603578A6C6C4D442161
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/dHK8p--AMZ07sj6i4S0BZReOvsA.roa
Signing time:             Fri 02 Jan 2026 08:20:48 +0000
ROA not before:           Fri 02 Jan 2026 08:20:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213999
IP address blocks:        212.107.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:cb:84:10:83:d5:76:03:57:8a:6c:6c:4d:44:21:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Jan  2 08:20:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7472bca7ef80319d3bb23ea2e12d0165178ebec0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:11:a0:fd:24:42:35:70:b0:84:f2:ab:54:a6:
                    bc:e4:c1:bc:9c:9a:f3:05:f4:63:7c:91:ff:a4:70:
                    f6:78:b0:dd:bd:e9:89:a8:6a:1c:ef:63:1f:fd:2c:
                    5a:18:26:ce:eb:3d:2d:16:ae:8c:9d:d1:10:22:10:
                    3e:12:e5:81:40:45:8d:6e:5e:61:8a:90:2f:54:0e:
                    07:3c:9c:23:83:63:c5:b3:18:cb:3e:46:11:d4:62:
                    73:b6:8e:ad:dd:00:38:ac:34:f2:41:6e:9b:37:e6:
                    9e:03:9f:ec:89:6f:53:e0:28:8e:78:b7:9d:60:4f:
                    5a:4a:fd:91:91:0a:a5:32:67:7f:6c:24:f1:39:fa:
                    b7:f9:5a:e1:29:e7:c9:49:b2:1a:16:d0:f3:a5:95:
                    43:ab:de:45:02:10:01:b4:cb:6c:1a:1f:1c:d6:ae:
                    a7:e5:78:b5:2a:30:f4:c2:33:92:a6:40:cf:be:57:
                    f4:ac:0b:b9:d6:e5:89:8a:13:50:22:fc:d4:a6:f9:
                    bd:92:06:1a:dc:86:84:e7:ab:2a:98:b2:66:fa:9b:
                    39:57:4f:79:21:58:64:43:4d:b1:d7:bb:1e:f8:ab:
                    91:98:db:83:0f:5f:19:49:9f:db:91:67:ac:f6:62:
                    87:4a:62:07:34:be:c4:01:37:b5:61:5b:68:fa:95:
                    20:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:72:BC:A7:EF:80:31:9D:3B:B2:3E:A2:E1:2D:01:65:17:8E:BE:C0
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/dHK8p--AMZ07sj6i4S0BZReOvsA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.107.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:de:09:75:b0:7e:98:0d:ff:b5:1b:2d:18:99:62:d8:ab:9f:
         23:e0:f4:98:ce:f9:fc:96:28:95:ad:55:72:60:3b:dc:b2:ee:
         e1:f3:ce:91:c2:da:a9:2e:d9:c0:70:6b:91:67:de:33:02:75:
         1c:e3:3b:c3:8c:3c:21:ba:13:fa:c3:8f:94:37:64:75:c5:f4:
         78:d7:5f:20:8c:61:bc:64:4f:b7:42:e1:6d:da:ab:2a:5f:30:
         5f:4b:99:21:8e:ab:e3:90:71:34:df:d0:cc:57:08:1a:d9:ef:
         16:3b:ff:b3:37:b0:67:a0:62:8a:63:e0:86:fe:78:03:62:80:
         88:b1:35:ce:92:12:04:17:b1:74:fa:7e:90:54:61:6e:a9:ea:
         5f:28:90:26:3f:f7:b3:e7:88:61:e9:e4:ae:14:d4:a3:93:5a:
         62:58:22:d0:2c:5f:5f:6a:18:c7:f0:b1:43:76:e6:0f:67:c0:
         72:6a:7a:6f:1c:b3:ec:8d:f6:2c:63:3c:4b:ba:ac:f6:65:1c:
         5b:e3:25:ca:d6:62:fe:e8:90:d0:cf:cf:50:e8:ef:67:60:f3:
         54:d6:34:12:ef:d8:af:b9:57:b0:b7:db:5f:99:79:70:26:f9:
         fb:fc:2a:41:fd:6d:28:8a:bd:8d:44:43:c7:07:a0:47:a0:73:
         7d:d0:b8:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9y4QQg9V2A1eKbGxNRCFhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjYwMTAyMDgyMDQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDcyYmNhN2VmODAzMTlkM2JiMjNlYTJlMTJkMDE2NTE3OGViZWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsRGg/SRCNXCwhPKrVKa85MG8nJrz
BfRjfJH/pHD2eLDdvemJqGoc72Mf/SxaGCbO6z0tFq6MndEQIhA+EuWBQEWNbl5h
ipAvVA4HPJwjg2PFsxjLPkYR1GJzto6t3QA4rDTyQW6bN+aeA5/siW9T4CiOeLed
YE9aSv2RkQqlMmd/bCTxOfq3+VrhKefJSbIaFtDzpZVDq95FAhABtMtsGh8c1q6n
5Xi1KjD0wjOSpkDPvlf0rAu51uWJihNQIvzUpvm9kgYa3IaE56sqmLJm+ps5V095
IVhkQ02x17se+KuRmNuDD18ZSZ/bkWes9mKHSmIHNL7EATe1YVto+pUgMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHRyvKfvgDGdO7I+ouEtAWUXjr7AMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvZEhLOHAtLUFNWjA3c2o2aTRTMEJaUmVPdnNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GsbMA0G
CSqGSIb3DQEBCwUAA4IBAQBE3gl1sH6YDf+1Gy0YmWLYq58j4PSYzvn8liiVrVVy
YDvcsu7h886RwtqpLtnAcGuRZ94zAnUc4zvDjDwhuhP6w4+UN2R1xfR4118gjGG8
ZE+3QuFt2qsqXzBfS5khjqvjkHE039DMVwga2e8WO/+zN7BnoGKKY+CG/ngDYoCI
sTXOkhIEF7F0+n6QVGFuqepfKJAmP/ez54hh6eSuFNSjk1piWCLQLF9fahjH8LFD
duYPZ8ByanpvHLPsjfYsYzxLuqz2ZRxb4yXK1mL+6JDQz89Q6O9nYPNU1jQS79iv
uVewt9tfmXlwJvn7/CpB/W0oir2NREPHB6BHoHN90LiX
-----END CERTIFICATE-----