This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/mSvuD1vQznzYwDaYNfhsuzgBPdk.roa
File:                     mSvuD1vQznzYwDaYNfhsuzgBPdk.roa (raw, json)
Hash identifier:          pT3+tt+O+obFw6QkZJCnaOQnAuZekv0bmkAffI5ehAs=
Subject key identifier:   99:2B:EE:0F:5B:D0:CE:7C:D8:C0:36:98:35:F8:6C:BB:38:01:3D:D9
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       019B7BA55202DE12CCABB21CFFA79D82C61D
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/mSvuD1vQznzYwDaYNfhsuzgBPdk.roa
Signing time:             Thu 01 Jan 2026 22:19:50 +0000
ROA not before:           Thu 01 Jan 2026 22:19:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213357
IP address blocks:        212.25.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:52:02:de:12:cc:ab:b2:1c:ff:a7:9d:82:c6:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 22:19:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=992bee0f5bd0ce7cd8c0369835f86cbb38013dd9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:0d:0c:38:1d:93:e5:6f:d1:6b:a8:0c:d5:85:
                    ce:76:80:3f:1d:39:82:ff:23:4f:76:bc:e0:46:b9:
                    73:e8:78:34:52:d9:e5:30:96:ca:b0:7d:89:bb:d7:
                    ed:15:d5:12:df:43:f8:94:03:a7:1d:e0:e6:6b:cd:
                    f4:98:52:62:1d:92:2b:a7:b7:b9:da:86:ba:de:fb:
                    59:2c:1a:fb:6c:9f:7e:ec:66:a0:44:57:db:fe:7e:
                    2f:f1:56:0a:3e:2d:58:b3:88:31:d5:01:e9:1f:fc:
                    ae:50:0b:56:0a:05:39:ba:98:fa:3b:92:f8:82:4a:
                    b3:2b:ef:e6:3b:b3:5a:40:d9:21:5d:bd:9a:dc:35:
                    87:0c:60:f9:63:c0:c4:99:ac:76:91:49:6c:74:b6:
                    25:75:d9:b1:a2:f0:d0:ed:db:fe:16:08:a6:35:d4:
                    5a:ef:13:2b:9d:2e:3b:cf:84:ef:b8:66:bf:d4:f2:
                    26:85:4c:13:82:14:c7:44:57:c5:60:46:00:56:b9:
                    57:b9:d9:76:c7:7c:bb:50:26:da:0d:8b:ce:44:30:
                    35:0c:6a:03:98:85:98:54:be:b7:d0:f0:0e:38:d7:
                    4f:eb:88:88:be:b1:bd:05:60:3c:8a:77:b2:b8:12:
                    11:18:c2:0c:17:cc:21:52:69:ff:1f:d4:58:80:0f:
                    02:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:2B:EE:0F:5B:D0:CE:7C:D8:C0:36:98:35:F8:6C:BB:38:01:3D:D9
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/mSvuD1vQznzYwDaYNfhsuzgBPdk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.25.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:dd:12:d7:a2:b5:18:89:7a:e7:c5:41:83:dd:b7:56:9e:57:
         1c:3b:88:d3:f1:e8:e3:17:ae:d6:1e:e2:d1:cd:47:16:91:71:
         50:b2:83:cb:61:a3:63:12:47:bf:13:6e:ee:e5:ee:93:11:78:
         7a:93:2b:9f:21:7d:fa:e5:27:5f:9e:a3:a6:1d:7b:e1:22:77:
         17:3d:d4:0b:01:01:da:67:da:34:73:dd:d1:9d:96:4f:5d:2a:
         85:0b:d8:cf:13:b1:6c:aa:94:8f:26:aa:f4:1c:1e:f0:1f:d9:
         57:84:02:4f:78:3a:64:41:93:2b:e2:43:12:22:57:45:8d:04:
         31:af:16:70:41:82:e1:b0:9c:30:a8:d3:1d:4d:75:a4:1e:1d:
         b9:0e:f0:db:a9:9f:5c:d5:be:44:00:8c:e1:57:2d:75:6c:5a:
         75:cc:57:5c:91:08:a6:40:d4:5a:81:5c:31:45:0f:e3:c3:9c:
         b7:7f:38:c2:cb:6d:91:8f:03:fe:86:ab:ba:b2:89:33:6f:0c:
         35:52:54:63:5c:7b:8b:f5:9b:82:b4:c2:e0:80:94:d7:19:78:
         3e:0a:ad:e4:d4:3a:6d:cf:66:96:77:28:b9:a4:58:d0:4c:e3:
         9f:5a:20:53:58:3f:6d:d2:55:ee:38:b3:9b:86:9f:ec:ae:6f:
         6a:ab:2d:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pVIC3hLMq7Ic/6edgsYdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjYwMTAxMjIxOTUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTJiZWUwZjViZDBjZTdjZDhjMDM2OTgzNWY4NmNiYjM4MDEzZGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0g0MOB2T5W/Ra6gM1YXOdoA/HTmC
/yNPdrzgRrlz6Hg0UtnlMJbKsH2Ju9ftFdUS30P4lAOnHeDma830mFJiHZIrp7e5
2oa63vtZLBr7bJ9+7GagRFfb/n4v8VYKPi1Ys4gx1QHpH/yuUAtWCgU5upj6O5L4
gkqzK+/mO7NaQNkhXb2a3DWHDGD5Y8DEmax2kUlsdLYlddmxovDQ7dv+FgimNdRa
7xMrnS47z4TvuGa/1PImhUwTghTHRFfFYEYAVrlXudl2x3y7UCbaDYvORDA1DGoD
mIWYVL630PAOONdP64iIvrG9BWA8ineyuBIRGMIMF8whUmn/H9RYgA8CowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJkr7g9b0M582MA2mDX4bLs4AT3ZMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvbVN2dUQxdlF6bnpZd0RhWU5maHN1emdCUGRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Bk4MA0G
CSqGSIb3DQEBCwUAA4IBAQCg3RLXorUYiXrnxUGD3bdWnlccO4jT8ejjF67WHuLR
zUcWkXFQsoPLYaNjEke/E27u5e6TEXh6kyufIX365SdfnqOmHXvhIncXPdQLAQHa
Z9o0c93RnZZPXSqFC9jPE7FsqpSPJqr0HB7wH9lXhAJPeDpkQZMr4kMSIldFjQQx
rxZwQYLhsJwwqNMdTXWkHh25DvDbqZ9c1b5EAIzhVy11bFp1zFdckQimQNRagVwx
RQ/jw5y3fzjCy22RjwP+hqu6sokzbww1UlRjXHuL9ZuCtMLggJTXGXg+Cq3k1Dpt
z2aWdyi5pFjQTOOfWiBTWD9t0lXuOLObhp/srm9qqy3N
-----END CERTIFICATE-----