This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/apmk7tWFvaFZ0QFLcfm6ckJspe8.roa
File:                     apmk7tWFvaFZ0QFLcfm6ckJspe8.roa (raw, json)
Hash identifier:          858cv8xIwVAB9mkb1OioAaEjEYQ+x2KAHSk0XrigiQM=
Subject key identifier:   6A:99:A4:EE:D5:85:BD:A1:59:D1:01:4B:71:F9:BA:72:42:6C:A5:EF
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019BA7BB1679E4254FCABE0215F9CB6C9EE7
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/apmk7tWFvaFZ0QFLcfm6ckJspe8.roa
Signing time:             Sat 10 Jan 2026 11:46:54 +0000
ROA not before:           Sat 10 Jan 2026 11:46:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61112
IP address blocks:        212.135.32.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 00:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:a7:bb:16:79:e4:25:4f:ca:be:02:15:f9:cb:6c:9e:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Jan 10 11:46:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6a99a4eed585bda159d1014b71f9ba72426ca5ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:b3:20:15:a0:a2:ee:1f:26:f9:a2:07:ed:c4:
                    14:61:0d:cf:c8:5f:63:14:13:57:fd:28:bd:87:84:
                    69:84:af:38:b2:ce:20:f6:9f:b6:7c:f1:b7:63:a8:
                    84:59:72:d2:de:d7:81:85:23:01:9a:0d:e8:b3:a4:
                    f7:3a:1c:5d:b2:3f:f9:b5:99:2a:fc:cd:c8:c0:fe:
                    14:da:a6:49:cb:cd:67:60:c2:8e:f1:0a:cd:a5:bf:
                    90:77:71:8e:0b:b7:90:da:53:7b:bb:de:db:5b:c7:
                    cc:b4:bb:1f:12:bc:ef:c4:d2:f0:3a:5f:89:ed:b5:
                    b0:6a:19:34:d0:a5:d7:11:37:9c:94:f6:62:b0:49:
                    31:9e:8b:06:e4:4d:d1:25:a3:17:99:fb:d5:90:a3:
                    07:92:13:ea:b8:43:64:45:32:38:e5:6e:3a:38:30:
                    5d:87:0c:d5:ec:56:af:a1:a0:f7:86:c2:9b:8c:a2:
                    0b:20:69:ec:0b:a0:bb:db:bd:c6:69:04:ba:94:0e:
                    e0:95:75:8e:85:63:31:68:3b:bb:d5:85:8c:42:cf:
                    1c:bb:9e:dc:21:2c:2b:5b:9a:b1:02:94:cd:1b:6d:
                    58:66:21:ef:cc:65:31:50:4c:52:a6:31:f0:89:ce:
                    b1:45:eb:ae:aa:5d:17:4b:be:1d:d7:60:86:01:3e:
                    fb:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:99:A4:EE:D5:85:BD:A1:59:D1:01:4B:71:F9:BA:72:42:6C:A5:EF
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/apmk7tWFvaFZ0QFLcfm6ckJspe8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.135.32.0/20

    Signature Algorithm: sha256WithRSAEncryption
         3d:2b:b7:6e:a2:09:f3:4b:50:06:6a:ce:8a:e1:c9:6d:9a:14:
         b9:e9:f8:1f:6a:69:ba:d5:50:54:65:46:9f:4f:71:17:c5:8d:
         e2:4a:4a:2e:92:9d:93:30:59:6a:e3:4d:99:1e:34:cd:5b:80:
         2e:3a:ec:5d:ef:4c:51:b8:04:f0:d8:7e:29:88:46:2b:ad:b0:
         61:08:60:ae:96:03:0f:45:c6:e9:d5:a8:b5:1a:8b:f6:35:41:
         18:cd:3a:88:70:66:65:37:51:ab:94:79:6a:1f:02:df:4d:d7:
         37:91:d3:cf:5b:44:b4:6e:19:77:c7:58:c2:1c:bc:ca:81:b8:
         0f:30:91:84:83:b9:d6:81:30:cb:ec:eb:6e:f5:68:db:5a:89:
         95:7f:60:81:09:04:b2:b4:59:b1:a5:c3:51:c0:4f:f1:00:34:
         cc:79:42:de:b5:38:ca:34:93:69:ba:31:37:c2:c8:1e:66:24:
         a5:f7:70:c5:16:41:0a:ac:4d:2c:41:f8:36:41:46:68:ee:1d:
         3f:fb:3c:f2:40:bd:bd:2d:c2:85:75:1e:49:25:11:76:29:f6:
         47:4b:09:de:fc:94:6b:7e:5b:ac:81:05:f5:13:40:92:03:3d:
         6c:ab:5a:33:23:8d:d1:8d:26:99:8d:65:e9:9a:fc:b2:80:90:
         08:17:6f:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZunuxZ55CVPyr4CFfnLbJ7nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwMTEwMTE0NjU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTk5YTRlZWQ1ODViZGExNTlkMTAxNGI3MWY5YmE3MjQyNmNhNWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoLMgFaCi7h8m+aIH7cQUYQ3PyF9j
FBNX/Si9h4RphK84ss4g9p+2fPG3Y6iEWXLS3teBhSMBmg3os6T3Ohxdsj/5tZkq
/M3IwP4U2qZJy81nYMKO8QrNpb+Qd3GOC7eQ2lN7u97bW8fMtLsfErzvxNLwOl+J
7bWwahk00KXXETeclPZisEkxnosG5E3RJaMXmfvVkKMHkhPquENkRTI45W46ODBd
hwzV7FavoaD3hsKbjKILIGnsC6C7273GaQS6lA7glXWOhWMxaDu71YWMQs8cu57c
ISwrW5qxApTNG21YZiHvzGUxUExSpjHwic6xReuuql0XS74d12CGAT77ZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGqZpO7Vhb2hWdEBS3H5unJCbKXvMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvYXBtazd0V0Z2YUZaMFFGTGNmbTZja0pzcGU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE1IcgMA0G
CSqGSIb3DQEBCwUAA4IBAQA9K7duognzS1AGas6K4cltmhS56fgfamm61VBUZUaf
T3EXxY3iSkoukp2TMFlq402ZHjTNW4AuOuxd70xRuATw2H4piEYrrbBhCGCulgMP
Rcbp1ai1Gov2NUEYzTqIcGZlN1GrlHlqHwLfTdc3kdPPW0S0bhl3x1jCHLzKgbgP
MJGEg7nWgTDL7Otu9WjbWomVf2CBCQSytFmxpcNRwE/xADTMeULetTjKNJNpujE3
wsgeZiSl93DFFkEKrE0sQfg2QUZo7h0/+zzyQL29LcKFdR5JJRF2KfZHSwne/JRr
flusgQX1E0CSAz1sq1ozI43RjSaZjWXpmvyygJAIF2/z
-----END CERTIFICATE-----