This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/d36b8b-8656-485b-93b2-3892aca277b0/1/i8r_KcfZKeFV_hgBzyCFH1FvU2Q.roa
File:                     i8r_KcfZKeFV_hgBzyCFH1FvU2Q.roa (raw, json)
Hash identifier:          q7K3PKVBwmAslABYzD36Nuj0tVHPXSk4xv3r0eaKenA=
Subject key identifier:   8B:CA:FF:29:C7:D9:29:E1:55:FE:18:01:CF:20:85:1F:51:6F:53:64
Certificate issuer:       /CN=fe8e85232980a63f0d4df5b049163e3fd02f54b3
Certificate serial:       019B7F155A83AA9D86ED4248E2950174ACFA
Authority key identifier: FE:8E:85:23:29:80:A6:3F:0D:4D:F5:B0:49:16:3E:3F:D0:2F:54:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_o6FIymApj8NTfWwSRY-P9AvVLM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/d36b8b-8656-485b-93b2-3892aca277b0/1/i8r_KcfZKeFV_hgBzyCFH1FvU2Q.roa
Signing time:             Fri 02 Jan 2026 14:21:04 +0000
ROA not before:           Fri 02 Jan 2026 14:21:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62037
IP address blocks:        195.225.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/d36b8b-8656-485b-93b2-3892aca277b0/1/_o6FIymApj8NTfWwSRY-P9AvVLM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/d36b8b-8656-485b-93b2-3892aca277b0/1/_o6FIymApj8NTfWwSRY-P9AvVLM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_o6FIymApj8NTfWwSRY-P9AvVLM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 20:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:5a:83:aa:9d:86:ed:42:48:e2:95:01:74:ac:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe8e85232980a63f0d4df5b049163e3fd02f54b3
        Validity
            Not Before: Jan  2 14:21:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8bcaff29c7d929e155fe1801cf20851f516f5364
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:20:66:e5:73:8f:87:a6:f6:a2:1f:96:e2:cc:
                    51:35:fe:f9:ea:22:6f:53:cd:96:24:08:4d:61:32:
                    4f:87:4b:18:c1:96:f4:bc:5e:f1:7a:25:c0:89:04:
                    df:5d:e5:66:0a:27:bd:01:da:93:63:a0:70:52:33:
                    c8:bc:b5:f9:a5:32:9e:07:36:cf:f9:28:2c:94:74:
                    f9:05:88:ee:e2:f2:df:62:46:86:fa:f2:d9:1c:dc:
                    fd:c0:43:13:1a:53:aa:90:43:ff:3c:08:da:bd:67:
                    84:3a:62:38:79:c1:00:27:c5:f3:7a:6e:5d:9e:7e:
                    f9:f0:fa:cf:a2:c6:d4:dc:b2:2c:5d:8f:02:63:17:
                    16:74:78:f0:fa:cc:be:a1:92:9a:b8:af:6c:22:36:
                    93:60:f8:12:7f:08:4d:a1:44:8b:dc:70:88:ef:de:
                    62:58:de:c4:55:a3:17:d4:eb:8c:cc:7c:0c:a3:6c:
                    b0:1b:2d:59:e2:89:52:78:3e:2c:60:26:52:8b:a8:
                    4d:a3:16:01:a9:f5:3a:72:64:dc:9a:c9:df:0f:9f:
                    41:c9:91:2c:88:81:f5:8d:f9:de:79:56:8c:ce:bb:
                    d3:78:a6:90:c8:9a:13:ea:6d:b7:42:50:b3:45:e3:
                    74:66:01:33:e6:2c:ef:00:c9:17:3e:f7:9d:29:94:
                    40:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:CA:FF:29:C7:D9:29:E1:55:FE:18:01:CF:20:85:1F:51:6F:53:64
            X509v3 Authority Key Identifier:
                keyid:FE:8E:85:23:29:80:A6:3F:0D:4D:F5:B0:49:16:3E:3F:D0:2F:54:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_o6FIymApj8NTfWwSRY-P9AvVLM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/d36b8b-8656-485b-93b2-3892aca277b0/1/i8r_KcfZKeFV_hgBzyCFH1FvU2Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/d36b8b-8656-485b-93b2-3892aca277b0/1/_o6FIymApj8NTfWwSRY-P9AvVLM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.225.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:98:73:98:ce:49:fb:9f:7b:8c:aa:1d:8f:dd:17:96:c9:45:
         f1:51:03:68:44:02:44:82:0b:8f:8a:83:98:bc:12:c2:53:dc:
         c8:f1:40:5d:a6:70:a6:5c:50:34:68:c9:cd:0d:51:00:30:44:
         30:5c:5f:6d:6d:8b:59:81:67:79:79:3d:a4:de:c5:8e:b3:03:
         ed:bb:53:7f:3c:a8:cd:b5:eb:1f:83:98:e0:ff:58:98:f1:9d:
         91:dc:3d:4c:f2:d8:3d:8c:e5:02:9d:cd:17:7c:bd:f8:aa:01:
         26:83:ae:ae:a8:cb:45:01:82:75:f4:05:d0:44:da:a7:b6:13:
         63:31:1a:1f:67:e6:aa:ff:0c:ab:05:c5:7b:32:d7:b3:f5:fa:
         42:fb:5a:b8:a3:3c:f4:16:63:42:ea:63:55:82:45:4c:a7:7d:
         0c:76:3e:6f:07:0a:14:c3:d9:4f:48:3f:fd:4e:2e:2e:34:98:
         30:27:60:9e:e3:43:71:10:9d:34:41:c2:bc:6f:27:29:fb:ef:
         23:aa:23:c1:07:67:ce:4e:79:1d:d5:17:c4:83:e5:d9:ac:e3:
         a6:89:37:ef:dd:7a:90:db:ab:b8:e1:31:3d:c6:93:12:7e:b4:
         24:85:e0:bf:8d:77:34:96:2f:b5:48:5b:2b:12:50:6d:f1:a7:
         a1:a2:b4:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FVqDqp2G7UJI4pUBdKz6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlOGU4NTIzMjk4MGE2M2YwZDRkZjViMDQ5MTYzZTNmZDAy
ZjU0YjMwHhcNMjYwMTAyMTQyMTA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmNhZmYyOWM3ZDkyOWUxNTVmZTE4MDFjZjIwODUxZjUxNmY1MzY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAryBm5XOPh6b2oh+W4sxRNf756iJv
U82WJAhNYTJPh0sYwZb0vF7xeiXAiQTfXeVmCie9AdqTY6BwUjPIvLX5pTKeBzbP
+SgslHT5BYju4vLfYkaG+vLZHNz9wEMTGlOqkEP/PAjavWeEOmI4ecEAJ8Xzem5d
nn758PrPosbU3LIsXY8CYxcWdHjw+sy+oZKauK9sIjaTYPgSfwhNoUSL3HCI795i
WN7EVaMX1OuMzHwMo2ywGy1Z4olSeD4sYCZSi6hNoxYBqfU6cmTcmsnfD59ByZEs
iIH1jfneeVaMzrvTeKaQyJoT6m23QlCzReN0ZgEz5izvAMkXPvedKZRAAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIvK/ynH2SnhVf4YAc8ghR9Rb1NkMB8GA1UdIwQY
MBaAFP6OhSMpgKY/DU31sEkWPj/QL1SzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX282Rkl5bUFwajhOVGZXd1NSWS1QOUF2VkxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9kMzZiOGItODY1Ni00ODViLTkzYjIt
Mzg5MmFjYTI3N2IwLzEvaThyX0tjZlpLZUZWX2hnQnp5Q0ZIMUZ2VTJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9kMzZiOGItODY1Ni00ODViLTkzYjItMzg5MmFjYTI3N2Iw
LzEvX282Rkl5bUFwajhOVGZXd1NSWS1QOUF2VkxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+EzMA0G
CSqGSIb3DQEBCwUAA4IBAQAkmHOYzkn7n3uMqh2P3ReWyUXxUQNoRAJEgguPioOY
vBLCU9zI8UBdpnCmXFA0aMnNDVEAMEQwXF9tbYtZgWd5eT2k3sWOswPtu1N/PKjN
tesfg5jg/1iY8Z2R3D1M8tg9jOUCnc0XfL34qgEmg66uqMtFAYJ19AXQRNqnthNj
MRofZ+aq/wyrBcV7Mtez9fpC+1q4ozz0FmNC6mNVgkVMp30Mdj5vBwoUw9lPSD/9
Ti4uNJgwJ2Ce40NxEJ00QcK8bycp++8jqiPBB2fOTnkd1RfEg+XZrOOmiTfv3XqQ
26u44TE9xpMSfrQkheC/jXc0li+1SFsrElBt8aehorR3
-----END CERTIFICATE-----