This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/WDsKhGMO3OHNYRaC-5QcEkox9Qg.roa
File:                     WDsKhGMO3OHNYRaC-5QcEkox9Qg.roa (raw, json)
Hash identifier:          Cm/3O5IuL4o/UJItWLuKmISPdDUtgWfTLiRIdqE/I5Q=
Subject key identifier:   58:3B:0A:84:63:0E:DC:E1:CD:61:16:82:FB:94:1C:12:4A:31:F5:08
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019A9BFD15B1BB7532A7F225A83EA5F9BA2C
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/WDsKhGMO3OHNYRaC-5QcEkox9Qg.roa
Signing time:             Wed 19 Nov 2025 12:00:45 +0000
ROA not before:           Wed 19 Nov 2025 12:00:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20712
IP address blocks:        212.134.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Dec 2025 15:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:9b:fd:15:b1:bb:75:32:a7:f2:25:a8:3e:a5:f9:ba:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Nov 19 12:00:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=583b0a84630edce1cd611682fb941c124a31f508
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:47:1d:f3:4a:86:bc:87:65:b7:39:ff:5c:9e:
                    f9:8c:ec:c3:a9:79:7e:3d:cd:1f:91:9e:ae:94:cf:
                    ed:f3:8d:f0:7d:6b:89:e8:b6:bb:0a:66:5d:5a:6b:
                    18:17:b0:54:46:05:53:a8:c9:cd:86:63:92:d5:08:
                    e8:a6:ac:00:98:6b:88:83:cb:cd:80:26:b6:09:8f:
                    a6:4f:7e:79:09:e7:d5:59:03:b0:63:e4:92:97:cf:
                    87:38:11:39:a9:5f:ff:08:e1:49:2d:01:93:b8:24:
                    fb:e5:4e:cb:bb:5b:49:e7:fc:4b:79:cf:61:6d:61:
                    ff:43:d1:30:ea:57:65:55:55:79:d0:7c:fa:56:43:
                    ce:84:dd:7c:29:ca:5e:92:fe:e5:c6:56:1e:61:36:
                    32:5a:e6:bc:06:65:a2:fc:49:43:f8:53:eb:51:aa:
                    69:f7:03:8d:28:09:ca:b3:7d:9c:5d:ee:86:04:72:
                    c0:1c:e9:14:98:12:2a:c3:79:cb:7f:1c:87:c8:8b:
                    ae:5f:0a:aa:f2:1f:cc:46:8f:a1:e7:c6:37:f8:da:
                    40:b3:68:91:07:64:73:44:11:e6:c9:ee:99:44:f4:
                    46:d4:a1:ef:cc:89:f4:fe:fb:1d:3c:93:00:d0:9a:
                    c4:b6:61:8e:ed:31:6f:80:3c:1b:e4:3d:05:80:72:
                    e1:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:3B:0A:84:63:0E:DC:E1:CD:61:16:82:FB:94:1C:12:4A:31:F5:08
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/WDsKhGMO3OHNYRaC-5QcEkox9Qg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:36:8a:ef:01:a0:91:24:95:06:6e:30:b4:ad:d6:25:5f:55:
         06:b1:3a:c1:03:64:da:db:4b:ac:90:ea:7e:02:cb:a5:68:93:
         00:55:44:73:d1:eb:5e:5c:39:d1:37:a7:3b:af:c2:6e:9d:a2:
         05:26:af:3b:02:20:d4:49:3f:09:93:0e:66:5f:d8:97:62:35:
         a2:0b:9b:4c:ef:a5:3e:28:c8:de:74:ac:28:51:31:0b:57:64:
         76:86:b6:c4:27:16:95:96:0c:bf:00:2e:43:20:1c:f5:84:eb:
         5c:d2:78:a2:1b:c0:19:05:04:12:a0:13:77:f5:86:7f:f7:45:
         8a:7b:9e:af:5e:ae:86:e4:1b:47:24:61:66:ed:00:f8:1a:49:
         ed:83:68:85:6f:60:64:c8:88:1f:bf:94:85:38:fa:7e:d5:f5:
         eb:ea:22:d1:22:48:ab:45:c4:fd:9f:e0:a3:27:c4:46:b2:b4:
         c5:9e:e9:b8:98:b2:10:c0:4c:c9:df:a2:8a:9f:eb:9c:a2:bf:
         cc:65:9f:41:10:f9:91:86:c9:29:7c:15:84:7c:ff:e5:f8:16:
         fd:aa:54:ae:81:78:19:02:95:3d:66:61:29:f1:f3:e9:2e:e9:
         71:ee:cb:7d:1f:cf:b8:fd:6f:23:51:a9:a8:be:4e:26:13:25:
         6d:3e:b2:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZqb/RWxu3Uyp/IlqD6l+bosMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjUxMTE5MTIwMDQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODNiMGE4NDYzMGVkY2UxY2Q2MTE2ODJmYjk0MWMxMjRhMzFmNTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr0cd80qGvIdltzn/XJ75jOzDqXl+
Pc0fkZ6ulM/t843wfWuJ6La7CmZdWmsYF7BURgVTqMnNhmOS1QjopqwAmGuIg8vN
gCa2CY+mT355CefVWQOwY+SSl8+HOBE5qV//COFJLQGTuCT75U7Lu1tJ5/xLec9h
bWH/Q9Ew6ldlVVV50Hz6VkPOhN18Kcpekv7lxlYeYTYyWua8BmWi/ElD+FPrUapp
9wONKAnKs32cXe6GBHLAHOkUmBIqw3nLfxyHyIuuXwqq8h/MRo+h58Y3+NpAs2iR
B2RzRBHmye6ZRPRG1KHvzIn0/vsdPJMA0JrEtmGO7TFvgDwb5D0FgHLhNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFg7CoRjDtzhzWEWgvuUHBJKMfUIMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvV0RzS2hHTU8zT0hOWVJhQy01UWNFa294OVFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1IbkMA0G
CSqGSIb3DQEBCwUAA4IBAQACNorvAaCRJJUGbjC0rdYlX1UGsTrBA2Ta20uskOp+
AsulaJMAVURz0eteXDnRN6c7r8JunaIFJq87AiDUST8Jkw5mX9iXYjWiC5tM76U+
KMjedKwoUTELV2R2hrbEJxaVlgy/AC5DIBz1hOtc0niiG8AZBQQSoBN39YZ/90WK
e56vXq6G5BtHJGFm7QD4Gkntg2iFb2BkyIgfv5SFOPp+1fXr6iLRIkirRcT9n+Cj
J8RGsrTFnum4mLIQwEzJ36KKn+ucor/MZZ9BEPmRhskpfBWEfP/l+Bb9qlSugXgZ
ApU9ZmEp8fPpLulx7st9H8+4/W8jUamovk4mEyVtPrIM
-----END CERTIFICATE-----