This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/wH1fX9LEoDEprDxZw_CAONICi5E.roa
File:                     wH1fX9LEoDEprDxZw_CAONICi5E.roa (raw, json)
Hash identifier:          Hqr2bdICxiqRdR3mR0LvKA+QpBJMeK/K5SGXqx544ZU=
Subject key identifier:   C0:7D:5F:5F:D2:C4:A0:31:29:AC:3C:59:C3:F0:80:38:D2:02:8B:91
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019B7DCB47EB896B3425B35DCAED06918B02
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/wH1fX9LEoDEprDxZw_CAONICi5E.roa
Signing time:             Fri 02 Jan 2026 08:20:32 +0000
ROA not before:           Fri 02 Jan 2026 08:20:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     132372
IP address blocks:        151.245.110.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 18 Jan 2026 21:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:cb:47:eb:89:6b:34:25:b3:5d:ca:ed:06:91:8b:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jan  2 08:20:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c07d5f5fd2c4a03129ac3c59c3f08038d2028b91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:04:6e:5b:d7:89:e6:dd:ad:31:da:68:4f:b4:
                    1e:14:00:1f:89:5f:c6:72:c9:60:fc:4a:c7:20:aa:
                    e7:c5:02:b6:ca:25:ee:8f:ac:bc:45:ea:cc:1f:81:
                    7e:05:54:09:6f:f1:b6:85:21:1e:72:47:98:54:57:
                    fd:fc:bd:9f:7d:44:52:e0:de:e1:02:39:ad:09:13:
                    ff:62:cf:ed:b4:f4:86:45:5c:58:ee:7d:e9:09:e8:
                    af:34:48:02:fd:d5:7a:3d:35:b4:4c:16:60:19:7c:
                    1f:c6:fe:31:15:c7:50:be:40:cf:95:70:f7:72:09:
                    fd:67:89:0c:00:49:f4:bc:94:d1:f7:a9:62:7b:a4:
                    04:26:1d:39:51:87:b2:bf:5d:38:4f:d4:b4:80:95:
                    e3:ce:94:66:b0:a9:bb:36:1e:3b:f1:fc:96:0b:f4:
                    5c:ea:5d:c2:fa:03:cc:e5:31:fc:af:aa:0d:55:34:
                    c9:16:42:e1:23:b4:4d:1f:ca:cb:82:02:e6:2c:b7:
                    15:d1:5b:5b:d7:4b:68:85:a8:68:35:3f:23:25:9d:
                    df:52:7a:e9:2b:4a:17:28:c3:05:73:27:fd:cd:46:
                    c6:39:29:47:4b:c0:b9:4a:e6:07:65:4f:60:99:67:
                    1b:0c:65:6b:f9:cd:22:5f:39:a2:0e:dd:d3:5c:be:
                    cd:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:7D:5F:5F:D2:C4:A0:31:29:AC:3C:59:C3:F0:80:38:D2:02:8B:91
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/wH1fX9LEoDEprDxZw_CAONICi5E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.245.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:ce:4e:69:7f:86:b0:75:63:78:7a:3c:76:72:23:ec:eb:15:
         17:41:72:23:e9:6d:11:51:1d:19:55:66:18:01:78:37:92:6d:
         cb:c0:c6:e3:4e:0f:84:05:fb:48:4f:68:c6:aa:75:04:e4:0e:
         fb:1b:c4:40:0d:2e:4b:cf:04:76:06:e6:30:ae:b6:a3:55:c8:
         52:ef:ad:27:07:b8:9c:98:34:5d:67:fe:6a:65:8d:c5:aa:ae:
         5a:a0:bd:da:af:78:20:3a:38:99:36:7f:46:76:06:b4:55:a7:
         db:69:ba:74:5f:92:6a:e6:10:bc:74:c7:3d:04:82:6d:45:59:
         61:a2:9a:e5:54:d9:bc:88:4a:47:c7:9d:14:63:a4:ed:57:56:
         6c:70:f4:8c:c2:ea:c8:b1:b0:f3:9c:06:bc:13:74:0a:32:06:
         00:09:9d:73:dd:ec:cb:30:76:1d:c5:52:ea:33:7f:46:96:ec:
         03:d9:5b:30:92:5f:6c:7e:7f:db:00:cf:ff:21:d4:94:d1:7f:
         0e:a9:5c:94:9e:45:08:90:d9:12:32:97:30:8c:0e:87:39:0b:
         e8:6e:e5:cf:bf:85:83:4d:34:9b:b4:f3:af:fc:13:8d:9c:9e:
         36:f3:fb:90:61:53:ff:d6:a2:8e:ec:04:4a:e5:7f:3f:17:3e:
         1f:2c:3d:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9y0friWs0JbNdyu0GkYsCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwMTAyMDgyMDMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDdkNWY1ZmQyYzRhMDMxMjlhYzNjNTljM2YwODAzOGQyMDI4YjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApwRuW9eJ5t2tMdpoT7QeFAAfiV/G
cslg/ErHIKrnxQK2yiXuj6y8RerMH4F+BVQJb/G2hSEeckeYVFf9/L2ffURS4N7h
AjmtCRP/Ys/ttPSGRVxY7n3pCeivNEgC/dV6PTW0TBZgGXwfxv4xFcdQvkDPlXD3
cgn9Z4kMAEn0vJTR96lie6QEJh05UYeyv104T9S0gJXjzpRmsKm7Nh478fyWC/Rc
6l3C+gPM5TH8r6oNVTTJFkLhI7RNH8rLggLmLLcV0Vtb10tohahoNT8jJZ3fUnrp
K0oXKMMFcyf9zUbGOSlHS8C5SuYHZU9gmWcbDGVr+c0iXzmiDt3TXL7NlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMB9X1/SxKAxKaw8WcPwgDjSAouRMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvd0gxZlg5TEVvREVwckR4WndfQ0FPTklDaTVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/VuMA0G
CSqGSIb3DQEBCwUAA4IBAQB8zk5pf4awdWN4ejx2ciPs6xUXQXIj6W0RUR0ZVWYY
AXg3km3LwMbjTg+EBftIT2jGqnUE5A77G8RADS5LzwR2BuYwrrajVchS760nB7ic
mDRdZ/5qZY3Fqq5aoL3ar3ggOjiZNn9Gdga0Vafbabp0X5Jq5hC8dMc9BIJtRVlh
oprlVNm8iEpHx50UY6TtV1ZscPSMwurIsbDznAa8E3QKMgYACZ1z3ezLMHYdxVLq
M39GluwD2Vswkl9sfn/bAM//IdSU0X8OqVyUnkUIkNkSMpcwjA6HOQvobuXPv4WD
TTSbtPOv/BONnJ428/uQYVP/1qKO7ARK5X8/Fz4fLD3t
-----END CERTIFICATE-----