This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/8kKGHHFNawB4dRM2-SmTp26Z850.roa
File:                     8kKGHHFNawB4dRM2-SmTp26Z850.roa (raw, json)
Hash identifier:          DtU+tMPVUSJrUgMssFbpzi8i/xL96ylYzBa5s1qKCCE=
Subject key identifier:   F2:42:86:1C:71:4D:6B:00:78:75:13:36:F9:29:93:A7:6E:99:F3:9D
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       019B7FF2ACCD321054322414557D96508521
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/8kKGHHFNawB4dRM2-SmTp26Z850.roa
Signing time:             Fri 02 Jan 2026 18:22:49 +0000
ROA not before:           Fri 02 Jan 2026 18:22:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56322
IP address blocks:        217.28.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 15:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f2:ac:cd:32:10:54:32:24:14:55:7d:96:50:85:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: Jan  2 18:22:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f242861c714d6b0078751336f92993a76e99f39d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:f8:df:9d:df:84:a1:13:db:6c:a2:ce:dd:54:
                    95:ee:2e:38:9b:e6:1f:8b:32:06:28:ed:da:fd:13:
                    6b:41:54:2a:c4:33:95:7c:23:ff:12:68:48:82:f2:
                    f0:f8:f6:86:5f:a2:70:e9:2e:98:5c:74:0f:af:4c:
                    a8:80:df:69:1c:10:aa:af:86:71:ff:97:62:b9:9e:
                    68:21:15:50:32:c5:4a:3c:0a:88:d6:d6:5a:d7:24:
                    30:b3:cc:fe:b9:e7:c7:51:12:d2:36:f5:e4:ef:e4:
                    3c:1c:33:92:f2:6f:ef:3b:c1:9e:10:ad:6a:51:3e:
                    ac:c1:41:93:ef:9e:c8:b0:bf:5b:f8:78:e7:c1:76:
                    bf:12:cf:76:25:5e:e8:ff:36:c5:37:95:6d:15:c4:
                    d4:52:ce:31:9a:9e:74:2d:d7:ca:a0:91:e8:b6:c7:
                    62:65:8c:d0:e1:1f:a4:0a:ef:d6:39:5c:e6:62:13:
                    36:f5:fb:f8:55:52:9e:10:08:42:99:0d:9b:b3:49:
                    29:aa:eb:59:da:e0:f3:ba:80:ba:6b:cf:34:e4:20:
                    63:cb:c9:27:86:2b:12:16:b1:a6:20:8e:aa:85:fc:
                    5e:40:cd:d0:76:1d:bb:c7:76:6a:55:96:cb:c5:f1:
                    2f:3a:90:44:9b:1b:6b:1b:be:04:40:5a:40:a4:5f:
                    0c:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:42:86:1C:71:4D:6B:00:78:75:13:36:F9:29:93:A7:6E:99:F3:9D
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/8kKGHHFNawB4dRM2-SmTp26Z850.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.28.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c6:44:99:a1:6d:41:db:29:2b:be:e5:81:87:54:9e:e5:c9:79:
         dc:98:f7:5f:a7:df:99:b1:e4:8d:85:c5:2d:17:e9:f2:86:f6:
         1b:35:f5:75:45:51:23:23:17:46:94:74:3a:54:cd:6c:c6:e1:
         40:c2:9c:6c:9a:49:c6:62:3b:38:c1:47:75:49:66:f9:4f:79:
         31:de:de:a9:0c:78:eb:d9:e8:3d:33:5e:f7:78:ad:1f:58:a0:
         cc:1e:0f:1c:39:b4:61:5c:f1:df:8c:f7:f5:a3:a7:d0:2b:78:
         cd:f0:56:db:b4:e6:57:42:2d:a6:42:d6:4c:18:95:4d:a0:51:
         c6:ab:37:36:90:5c:95:92:3e:d5:bf:71:f9:35:c3:d4:80:da:
         7a:83:53:51:68:bc:fa:a5:3d:ad:01:f8:37:f8:cb:56:26:fd:
         4f:6a:b8:ad:24:1b:53:fd:20:7e:4c:d2:c2:d1:a6:45:ef:5f:
         be:d9:e2:15:d6:e8:0c:61:7d:c4:ac:47:70:ec:12:66:da:1a:
         3b:54:6f:4a:25:07:1a:18:3a:a4:d8:41:ab:31:3d:cb:35:56:
         c6:01:31:4f:fc:4a:e7:8c:3c:2c:b6:f7:50:9c:f4:64:c0:6a:
         89:88:2d:b3:37:06:55:13:33:d2:e0:46:0e:b0:d1:13:8b:ad:
         41:b3:ad:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/8qzNMhBUMiQUVX2WUIUhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjYwMTAyMTgyMjQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjQyODYxYzcxNGQ2YjAwNzg3NTEzMzZmOTI5OTNhNzZlOTlmMzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1fjfnd+EoRPbbKLO3VSV7i44m+Yf
izIGKO3a/RNrQVQqxDOVfCP/EmhIgvLw+PaGX6Jw6S6YXHQPr0yogN9pHBCqr4Zx
/5diuZ5oIRVQMsVKPAqI1tZa1yQws8z+uefHURLSNvXk7+Q8HDOS8m/vO8GeEK1q
UT6swUGT757IsL9b+HjnwXa/Es92JV7o/zbFN5VtFcTUUs4xmp50LdfKoJHotsdi
ZYzQ4R+kCu/WOVzmYhM29fv4VVKeEAhCmQ2bs0kpqutZ2uDzuoC6a8805CBjy8kn
hisSFrGmII6qhfxeQM3Qdh27x3ZqVZbLxfEvOpBEmxtrG74EQFpApF8MNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPJChhxxTWsAeHUTNvkpk6dumfOdMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvOGtLR0hIRk5hd0I0ZFJNMi1TbVRwMjZaODUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2RyCMA0G
CSqGSIb3DQEBCwUAA4IBAQDGRJmhbUHbKSu+5YGHVJ7lyXncmPdfp9+ZseSNhcUt
F+nyhvYbNfV1RVEjIxdGlHQ6VM1sxuFAwpxsmknGYjs4wUd1SWb5T3kx3t6pDHjr
2eg9M173eK0fWKDMHg8cObRhXPHfjPf1o6fQK3jN8FbbtOZXQi2mQtZMGJVNoFHG
qzc2kFyVkj7Vv3H5NcPUgNp6g1NRaLz6pT2tAfg3+MtWJv1ParitJBtT/SB+TNLC
0aZF71++2eIV1ugMYX3ErEdw7BJm2ho7VG9KJQcaGDqk2EGrMT3LNVbGATFP/Ern
jDwstvdQnPRkwGqJiC2zNwZVEzPS4EYOsNETi61Bs633
-----END CERTIFICATE-----