This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/51fdbb-8ba2-4b7e-980f-ee60b0ddbdaa/1/v6hZlCLBBmxSHliCj0VjnvLOn9M.roa
File:                     v6hZlCLBBmxSHliCj0VjnvLOn9M.roa (raw, json)
Hash identifier:          fL2kZZLRxFW7FCE2FWvmH/Er7BzpFmXug5hP8LnWm4M=
Subject key identifier:   BF:A8:59:94:22:C1:06:6C:52:1E:58:82:8F:45:63:9E:F2:CE:9F:D3
Certificate issuer:       /CN=90dcce91000451494c43c15d172da2eb9d5b7956
Certificate serial:       019B7BA52733A35E0559612C45352E6D90E1
Authority key identifier: 90:DC:CE:91:00:04:51:49:4C:43:C1:5D:17:2D:A2:EB:9D:5B:79:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kNzOkQAEUUlMQ8FdFy2i651beVY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/51fdbb-8ba2-4b7e-980f-ee60b0ddbdaa/1/v6hZlCLBBmxSHliCj0VjnvLOn9M.roa
Signing time:             Thu 01 Jan 2026 22:19:39 +0000
ROA not before:           Thu 01 Jan 2026 22:19:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     137
IP address blocks:        131.114.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/51fdbb-8ba2-4b7e-980f-ee60b0ddbdaa/1/kNzOkQAEUUlMQ8FdFy2i651beVY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/51fdbb-8ba2-4b7e-980f-ee60b0ddbdaa/1/kNzOkQAEUUlMQ8FdFy2i651beVY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kNzOkQAEUUlMQ8FdFy2i651beVY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 13:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:27:33:a3:5e:05:59:61:2c:45:35:2e:6d:90:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=90dcce91000451494c43c15d172da2eb9d5b7956
        Validity
            Not Before: Jan  1 22:19:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bfa8599422c1066c521e58828f45639ef2ce9fd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:93:7d:be:a4:7f:56:93:e1:9c:8a:70:7d:fe:
                    8e:70:f8:30:4a:42:b0:ca:65:73:55:9c:e0:57:cd:
                    18:2b:19:c0:07:64:90:fc:23:c0:2f:5f:14:d3:3d:
                    e3:4f:39:51:d5:51:a4:0e:d0:0c:b4:9c:fc:70:98:
                    4c:2d:98:ac:51:1e:70:6c:8a:ec:da:5e:d0:85:0d:
                    85:1c:56:de:e0:6e:f2:2b:f4:97:41:8c:c9:1b:94:
                    21:d0:b0:8c:f9:e6:e4:07:20:cb:16:f3:ed:5f:85:
                    b5:1a:b4:9f:7b:06:4e:1a:b3:2b:fe:24:bd:20:ae:
                    22:cb:f1:95:95:fb:47:37:19:3c:cc:3d:ef:90:01:
                    32:52:e4:8d:d7:34:3f:cf:a5:17:a2:d5:9d:4f:48:
                    a2:41:1a:d7:59:e4:a4:ea:b8:33:42:e7:ff:9f:30:
                    fa:22:2d:e7:40:5a:a9:f0:82:5b:af:77:fb:6a:62:
                    c9:c6:24:ec:97:70:bf:63:ad:01:71:9d:18:9a:ad:
                    3b:b8:47:c0:f0:7f:bd:b5:bd:aa:e8:2d:8b:31:82:
                    3a:7a:60:56:d1:a7:f9:d3:85:cf:a0:41:92:90:f4:
                    91:05:dc:d2:60:0b:a5:5b:1b:3e:a0:fa:f4:23:ea:
                    c1:65:04:e6:1c:4f:b3:14:ad:59:2b:4a:c1:ad:83:
                    2f:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:A8:59:94:22:C1:06:6C:52:1E:58:82:8F:45:63:9E:F2:CE:9F:D3
            X509v3 Authority Key Identifier:
                keyid:90:DC:CE:91:00:04:51:49:4C:43:C1:5D:17:2D:A2:EB:9D:5B:79:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kNzOkQAEUUlMQ8FdFy2i651beVY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/51fdbb-8ba2-4b7e-980f-ee60b0ddbdaa/1/v6hZlCLBBmxSHliCj0VjnvLOn9M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/51fdbb-8ba2-4b7e-980f-ee60b0ddbdaa/1/kNzOkQAEUUlMQ8FdFy2i651beVY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  131.114.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         20:86:7b:cb:18:63:4f:5f:02:02:3f:0d:bb:99:1a:f7:b0:0f:
         67:b8:12:47:dd:4e:23:b3:d0:d8:85:a2:cc:b6:47:be:0c:d4:
         17:c7:d1:a1:fe:72:7a:ab:0b:82:87:b2:b7:2d:fb:ba:33:4f:
         ea:32:e4:d5:45:ae:f9:4c:85:da:e4:cd:4c:f7:8a:ad:43:c2:
         69:9d:2f:44:24:73:50:7e:c4:2d:c2:f1:5b:6c:8a:ab:45:7f:
         88:e0:db:dc:ab:6f:23:87:20:d1:04:93:e8:d7:3e:b6:5f:64:
         f8:46:31:96:69:2d:5d:97:a3:dc:e0:7b:d5:b5:84:a9:f9:97:
         e7:bf:f9:f7:7f:ad:03:a0:96:49:e2:a7:2a:90:d5:af:a5:c9:
         96:20:03:24:df:16:af:ce:61:39:99:75:48:18:97:a5:60:67:
         88:4a:c1:7c:3c:10:a8:9f:7f:4f:59:76:b3:94:78:8e:2b:85:
         ff:3f:76:bd:b1:54:5b:a1:3a:c2:4b:a9:d8:ec:2a:f8:f4:d1:
         94:f5:98:65:67:64:4c:a5:9c:fa:e3:88:ae:42:68:d9:ea:0b:
         88:aa:74:d6:08:9f:4f:ca:44:fc:0d:69:05:b4:f9:d4:02:bc:
         d8:3d:91:44:c0:a5:44:f4:6e:ef:7f:96:80:e8:93:8d:12:ee:
         0d:0f:e3:2d
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZt7pSczo14FWWEsRTUubZDhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwZGNjZTkxMDAwNDUxNDk0YzQzYzE1ZDE3MmRhMmViOWQ1
Yjc5NTYwHhcNMjYwMTAxMjIxOTM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmE4NTk5NDIyYzEwNjZjNTIxZTU4ODI4ZjQ1NjM5ZWYyY2U5ZmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmJN9vqR/VpPhnIpwff6OcPgwSkKw
ymVzVZzgV80YKxnAB2SQ/CPAL18U0z3jTzlR1VGkDtAMtJz8cJhMLZisUR5wbIrs
2l7QhQ2FHFbe4G7yK/SXQYzJG5Qh0LCM+ebkByDLFvPtX4W1GrSfewZOGrMr/iS9
IK4iy/GVlftHNxk8zD3vkAEyUuSN1zQ/z6UXotWdT0iiQRrXWeSk6rgzQuf/nzD6
Ii3nQFqp8IJbr3f7amLJxiTsl3C/Y60BcZ0Ymq07uEfA8H+9tb2q6C2LMYI6emBW
0af504XPoEGSkPSRBdzSYAulWxs+oPr0I+rBZQTmHE+zFK1ZK0rBrYMvzQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFL+oWZQiwQZsUh5Ygo9FY57yzp/TMB8GA1UdIwQY
MBaAFJDczpEABFFJTEPBXRctouudW3lWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva056T2tRQUVVVWxNUThGZEZ5Mmk2NTFiZVZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi81MWZkYmItOGJhMi00YjdlLTk4MGYt
ZWU2MGIwZGRiZGFhLzEvdjZoWmxDTEJCbXhTSGxpQ2owVmpudkxPbjlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi81MWZkYmItOGJhMi00YjdlLTk4MGYtZWU2MGIwZGRiZGFh
LzEva056T2tRQUVVVWxNUThGZEZ5Mmk2NTFiZVZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAg3IwDQYJ
KoZIhvcNAQELBQADggEBACCGe8sYY09fAgI/DbuZGvewD2e4EkfdTiOz0NiFosy2
R74M1BfH0aH+cnqrC4KHsrct+7ozT+oy5NVFrvlMhdrkzUz3iq1DwmmdL0Qkc1B+
xC3C8VtsiqtFf4jg29yrbyOHINEEk+jXPrZfZPhGMZZpLV2Xo9zge9W1hKn5l+e/
+fd/rQOglknipyqQ1a+lyZYgAyTfFq/OYTmZdUgYl6VgZ4hKwXw8EKiff09ZdrOU
eI4rhf8/dr2xVFuhOsJLqdjsKvj00ZT1mGVnZEylnPrjiK5CaNnqC4iqdNYIn0/K
RPwNaQW0+dQCvNg9kUTApUT0bu9/loDok40S7g0P4y0=
-----END CERTIFICATE-----