This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/gYcrvQwtqYo-zXt2MlI2__2qyrs.roa
File:                     gYcrvQwtqYo-zXt2MlI2__2qyrs.roa (raw, json)
Hash identifier:          7IenEYrIUNDwPACEjHuFIvJytPHusUhzdhduU7XIXns=
Subject key identifier:   81:87:2B:BD:0C:2D:A9:8A:3E:CD:7B:76:32:52:36:FF:FD:AA:CA:BB
Certificate issuer:       /CN=ca61478e4d659bece8203c5e8ba8e8f82f0470d7
Certificate serial:       019A97C4A36688B85834AA26CE6D527986AE
Authority key identifier: CA:61:47:8E:4D:65:9B:EC:E8:20:3C:5E:8B:A8:E8:F8:2F:04:70:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ymFHjk1lm-zoIDxei6jo-C8EcNc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/gYcrvQwtqYo-zXt2MlI2__2qyrs.roa
Signing time:             Tue 18 Nov 2025 16:20:37 +0000
ROA not before:           Tue 18 Nov 2025 16:20:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208191
IP address blocks:        176.117.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/ymFHjk1lm-zoIDxei6jo-C8EcNc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/ymFHjk1lm-zoIDxei6jo-C8EcNc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ymFHjk1lm-zoIDxei6jo-C8EcNc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Dec 2025 21:22:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:97:c4:a3:66:88:b8:58:34:aa:26:ce:6d:52:79:86:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca61478e4d659bece8203c5e8ba8e8f82f0470d7
        Validity
            Not Before: Nov 18 16:20:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=81872bbd0c2da98a3ecd7b76325236fffdaacabb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:86:c2:18:96:dc:c6:51:e2:5d:07:1d:eb:bf:
                    60:d8:23:7d:a7:b8:2a:26:27:4e:ad:96:c4:43:49:
                    7b:61:24:e4:92:a6:b5:51:bd:fb:28:76:2e:41:2f:
                    81:32:77:2c:15:47:49:d3:b5:70:01:ef:8b:22:ee:
                    c9:19:f9:97:e5:00:5c:8b:f3:a7:21:1c:1a:80:ed:
                    3f:2b:0c:ea:21:e8:c8:53:bb:0f:a4:b4:97:9d:ba:
                    03:71:50:f0:e4:17:9f:85:8f:53:0e:d5:77:11:42:
                    a1:81:47:92:da:48:80:2a:8b:c3:a6:75:67:ce:6f:
                    49:91:cb:38:92:b6:ee:fe:b5:1c:04:91:26:c5:51:
                    4c:97:ab:95:8e:cd:5c:03:b9:d8:8c:ce:79:e5:3a:
                    c7:9c:32:e7:0c:bd:91:b6:89:01:eb:c1:05:62:25:
                    85:63:86:92:3d:04:b1:bd:03:e1:b4:00:a9:46:34:
                    f1:cb:ef:0d:42:cb:46:2c:7d:ed:31:35:13:c1:61:
                    95:f3:9b:22:9c:47:91:e9:7b:87:34:aa:c8:76:4c:
                    22:e6:21:53:f7:d1:7a:07:d4:c1:20:ee:9d:98:f4:
                    1b:e4:dd:3b:86:aa:38:06:7a:5e:69:5d:76:f5:8b:
                    b6:ed:17:c0:b2:ba:5f:3a:9d:2d:70:3e:96:04:d8:
                    df:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:87:2B:BD:0C:2D:A9:8A:3E:CD:7B:76:32:52:36:FF:FD:AA:CA:BB
            X509v3 Authority Key Identifier:
                keyid:CA:61:47:8E:4D:65:9B:EC:E8:20:3C:5E:8B:A8:E8:F8:2F:04:70:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ymFHjk1lm-zoIDxei6jo-C8EcNc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/gYcrvQwtqYo-zXt2MlI2__2qyrs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/ymFHjk1lm-zoIDxei6jo-C8EcNc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.117.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:8d:ad:a1:9b:b0:b5:b3:a2:98:70:7b:aa:1c:1a:09:72:e5:
         86:bf:5f:82:cd:3c:96:d3:57:3f:bf:00:02:e7:cb:cc:f1:dc:
         e8:e3:36:23:a4:11:13:e1:1c:c5:b3:c6:ce:7b:e1:a5:b3:36:
         db:34:5c:55:f5:f3:8e:86:00:0e:7d:f6:5e:ca:21:4d:54:31:
         48:dd:cf:81:23:33:bb:d6:30:69:66:5d:99:55:db:e3:57:25:
         37:41:20:a4:c8:79:1e:26:1d:62:8e:34:fd:e4:bf:ce:4f:93:
         e6:be:40:b3:91:26:0c:cb:c3:52:2d:93:e3:5e:5a:73:e3:cb:
         fb:da:5d:e0:f4:c5:b9:ae:6d:b4:5a:fc:d2:f8:82:8a:a6:ea:
         c8:2a:9c:62:65:ec:1f:13:ed:12:56:eb:26:65:75:d0:b6:15:
         30:e9:82:ee:1f:75:be:63:41:e4:7a:e2:03:9f:89:c6:be:f0:
         d2:12:de:61:05:cc:ef:50:37:c5:67:b3:78:03:f9:d1:37:fa:
         dd:ed:c8:ef:b4:5b:59:c4:5f:9a:f4:70:28:27:22:f3:9d:93:
         d6:4b:3b:68:79:fc:01:1b:6f:52:87:ef:35:a7:b0:85:85:2c:
         06:7c:9f:a5:6c:9f:5b:f0:da:eb:0e:6e:00:7d:78:69:f2:6d:
         ee:df:7f:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZqXxKNmiLhYNKomzm1SeYauMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNjE0NzhlNGQ2NTliZWNlODIwM2M1ZThiYThlOGY4MmYw
NDcwZDcwHhcNMjUxMTE4MTYyMDM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTg3MmJiZDBjMmRhOThhM2VjZDdiNzYzMjUyMzZmZmZkYWFjYWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxIbCGJbcxlHiXQcd679g2CN9p7gq
JidOrZbEQ0l7YSTkkqa1Ub37KHYuQS+BMncsFUdJ07VwAe+LIu7JGfmX5QBci/On
IRwagO0/KwzqIejIU7sPpLSXnboDcVDw5BefhY9TDtV3EUKhgUeS2kiAKovDpnVn
zm9Jkcs4krbu/rUcBJEmxVFMl6uVjs1cA7nYjM555TrHnDLnDL2RtokB68EFYiWF
Y4aSPQSxvQPhtACpRjTxy+8NQstGLH3tMTUTwWGV85sinEeR6XuHNKrIdkwi5iFT
99F6B9TBIO6dmPQb5N07hqo4BnpeaV129Yu27RfAsrpfOp0tcD6WBNjfbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIGHK70MLamKPs17djJSNv/9qsq7MB8GA1UdIwQY
MBaAFMphR45NZZvs6CA8Xouo6PgvBHDXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveW1GSGprMWxtLXpvSUR4ZWk2am8tQzhFY05jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8yNzliNjYtMzhmMS00MWE1LTkwZTIt
OTQ2ZGE1ZjVlZmJiLzEvZ1ljcnZRd3RxWW8telh0Mk1sSTJfXzJxeXJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8yNzliNjYtMzhmMS00MWE1LTkwZTItOTQ2ZGE1ZjVlZmJi
LzEveW1GSGprMWxtLXpvSUR4ZWk2am8tQzhFY05jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHVrMA0G
CSqGSIb3DQEBCwUAA4IBAQBBja2hm7C1s6KYcHuqHBoJcuWGv1+CzTyW01c/vwAC
58vM8dzo4zYjpBET4RzFs8bOe+GlszbbNFxV9fOOhgAOffZeyiFNVDFI3c+BIzO7
1jBpZl2ZVdvjVyU3QSCkyHkeJh1ijjT95L/OT5PmvkCzkSYMy8NSLZPjXlpz48v7
2l3g9MW5rm20WvzS+IKKpurIKpxiZewfE+0SVusmZXXQthUw6YLuH3W+Y0HkeuID
n4nGvvDSEt5hBczvUDfFZ7N4A/nRN/rd7cjvtFtZxF+a9HAoJyLznZPWSztoefwB
G29Sh+81p7CFhSwGfJ+lbJ9b8NrrDm4AfXhp8m3u33/r
-----END CERTIFICATE-----