This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/1baff1-dda3-4304-b1b3-5182eede2a29/1/WPsZu0t0gwCtDu9DluM2JpNAigM.roa
File:                     WPsZu0t0gwCtDu9DluM2JpNAigM.roa (raw, json)
Hash identifier:          1nZv6ryPRTSI42lJffh2EsY2m6JCVkOOWCXauYoQ2vk=
Subject key identifier:   58:FB:19:BB:4B:74:83:00:AD:0E:EF:43:96:E3:36:26:93:40:8A:03
Certificate issuer:       /CN=64366a73915f9090d4b1083897aa402577e163de
Certificate serial:       019B7C134EDA159D203617E7401C33CCC647
Authority key identifier: 64:36:6A:73:91:5F:90:90:D4:B1:08:38:97:AA:40:25:77:E1:63:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZDZqc5FfkJDUsQg4l6pAJXfhY94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/1baff1-dda3-4304-b1b3-5182eede2a29/1/WPsZu0t0gwCtDu9DluM2JpNAigM.roa
Signing time:             Fri 02 Jan 2026 00:19:58 +0000
ROA not before:           Fri 02 Jan 2026 00:19:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210509
IP address blocks:        212.23.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/1baff1-dda3-4304-b1b3-5182eede2a29/1/ZDZqc5FfkJDUsQg4l6pAJXfhY94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/1baff1-dda3-4304-b1b3-5182eede2a29/1/ZDZqc5FfkJDUsQg4l6pAJXfhY94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZDZqc5FfkJDUsQg4l6pAJXfhY94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:13:4e:da:15:9d:20:36:17:e7:40:1c:33:cc:c6:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64366a73915f9090d4b1083897aa402577e163de
        Validity
            Not Before: Jan  2 00:19:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=58fb19bb4b748300ad0eef4396e3362693408a03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:a1:de:c5:15:af:4d:da:fe:53:33:55:7f:76:
                    f2:43:4d:64:f4:89:c3:6f:63:6a:26:27:4c:bc:88:
                    23:e3:e5:36:5f:af:8d:95:93:50:64:d7:f8:d8:e5:
                    5f:0d:7e:81:f6:77:d4:85:f2:86:5d:3f:2e:f1:5a:
                    99:52:1b:d8:33:cd:c0:ea:2a:4b:c1:c8:e2:9a:62:
                    d9:3b:31:0f:b1:2c:ce:e8:6a:d7:20:c0:78:eb:d2:
                    01:70:55:c9:74:e4:4a:f3:0b:ce:ff:15:b7:e2:9a:
                    98:5b:41:a4:17:b4:7c:45:6a:3f:cc:d6:5f:64:3c:
                    12:ba:6a:47:16:c0:ea:e3:b8:87:b7:89:a3:2e:15:
                    c8:71:6b:1e:f1:4d:08:9f:2e:11:75:e8:de:c5:d6:
                    11:33:21:c1:3d:8d:34:68:5a:2b:72:78:57:92:7d:
                    10:36:02:b0:75:11:af:08:a8:a7:ca:29:2b:a5:c4:
                    8d:0d:5f:b9:ed:7a:a5:7c:fc:92:45:4e:e3:db:a5:
                    7a:7c:f5:74:2e:bd:1d:d3:83:97:96:f2:1a:23:6b:
                    ec:33:b8:5f:84:f6:57:e8:6e:53:b8:03:60:b2:07:
                    3b:83:99:bf:f4:36:eb:33:83:ae:44:8b:49:49:97:
                    0e:cc:6e:23:45:7b:75:ea:07:ef:04:0e:bd:8a:09:
                    a5:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:FB:19:BB:4B:74:83:00:AD:0E:EF:43:96:E3:36:26:93:40:8A:03
            X509v3 Authority Key Identifier:
                keyid:64:36:6A:73:91:5F:90:90:D4:B1:08:38:97:AA:40:25:77:E1:63:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZDZqc5FfkJDUsQg4l6pAJXfhY94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/1baff1-dda3-4304-b1b3-5182eede2a29/1/WPsZu0t0gwCtDu9DluM2JpNAigM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/1baff1-dda3-4304-b1b3-5182eede2a29/1/ZDZqc5FfkJDUsQg4l6pAJXfhY94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.23.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:a1:8d:78:c4:50:2a:4c:dc:82:a0:bf:bc:fe:e3:57:47:58:
         ce:4f:9a:9c:63:29:fc:a5:9e:20:0e:c3:88:f4:27:b4:b7:10:
         74:d7:1b:75:0d:f4:8c:fb:23:e0:80:d6:08:f9:43:23:c8:7a:
         1c:63:bc:97:3d:ee:4a:85:59:76:87:af:d2:04:a6:db:5c:77:
         23:ff:5e:17:f4:c8:3e:21:47:e9:70:77:92:5e:e7:58:de:18:
         0d:b4:b5:a2:56:80:30:0d:57:55:2b:b0:47:aa:09:fc:33:05:
         c9:1b:75:95:9b:ae:e7:b6:52:09:18:0c:92:7c:a8:87:64:2a:
         6d:cf:31:d5:ca:e6:a5:08:ad:48:6a:2a:0f:99:f9:61:7e:06:
         61:4a:47:92:f4:d2:8a:04:37:e8:61:a6:b0:18:9d:4b:3e:0d:
         d4:ea:4d:76:58:51:98:b2:56:11:df:0c:c6:23:a1:c5:0a:71:
         7b:55:31:b2:0b:b3:b7:26:f2:22:66:21:34:c1:a8:7b:33:7a:
         f9:98:a2:23:08:97:67:80:5c:47:fa:d1:6f:82:f5:0a:ea:7e:
         8b:27:04:af:db:2d:4e:27:c9:da:17:3c:c5:b9:c9:ca:73:80:
         e9:61:a4:2d:5c:90:26:34:8a:2f:0f:23:13:fd:8d:7d:6f:86:
         34:15:af:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8E07aFZ0gNhfnQBwzzMZHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0MzY2YTczOTE1ZjkwOTBkNGIxMDgzODk3YWE0MDI1Nzdl
MTYzZGUwHhcNMjYwMTAyMDAxOTU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGZiMTliYjRiNzQ4MzAwYWQwZWVmNDM5NmUzMzYyNjkzNDA4YTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA06HexRWvTdr+UzNVf3byQ01k9InD
b2NqJidMvIgj4+U2X6+NlZNQZNf42OVfDX6B9nfUhfKGXT8u8VqZUhvYM83A6ipL
wcjimmLZOzEPsSzO6GrXIMB469IBcFXJdORK8wvO/xW34pqYW0GkF7R8RWo/zNZf
ZDwSumpHFsDq47iHt4mjLhXIcWse8U0Iny4RdejexdYRMyHBPY00aForcnhXkn0Q
NgKwdRGvCKinyikrpcSNDV+57XqlfPySRU7j26V6fPV0Lr0d04OXlvIaI2vsM7hf
hPZX6G5TuANgsgc7g5m/9DbrM4OuRItJSZcOzG4jRXt16gfvBA69igmlqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFj7GbtLdIMArQ7vQ5bjNiaTQIoDMB8GA1UdIwQY
MBaAFGQ2anORX5CQ1LEIOJeqQCV34WPeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkRacWM1RmZrSkRVc1FnNGw2cEFKWGZoWTk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC8xYmFmZjEtZGRhMy00MzA0LWIxYjMt
NTE4MmVlZGUyYTI5LzEvV1BzWnUwdDBnd0N0RHU5RGx1TTJKcE5BaWdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC8xYmFmZjEtZGRhMy00MzA0LWIxYjMtNTE4MmVlZGUyYTI5
LzEvWkRacWM1RmZrSkRVc1FnNGw2cEFKWGZoWTk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1BfZMA0G
CSqGSIb3DQEBCwUAA4IBAQCwoY14xFAqTNyCoL+8/uNXR1jOT5qcYyn8pZ4gDsOI
9Ce0txB01xt1DfSM+yPggNYI+UMjyHocY7yXPe5KhVl2h6/SBKbbXHcj/14X9Mg+
IUfpcHeSXudY3hgNtLWiVoAwDVdVK7BHqgn8MwXJG3WVm67ntlIJGAySfKiHZCpt
zzHVyualCK1IaioPmflhfgZhSkeS9NKKBDfoYaawGJ1LPg3U6k12WFGYslYR3wzG
I6HFCnF7VTGyC7O3JvIiZiE0wah7M3r5mKIjCJdngFxH+tFvgvUK6n6LJwSv2y1O
J8naFzzFucnKc4DpYaQtXJAmNIovDyMT/Y19b4Y0Fa/f
-----END CERTIFICATE-----