This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/47dff0-2b11-44bc-b721-96c81fb651a0/1/sGoNKu-l1gztUu2GqMmntwl0pCA.roa
File:                     sGoNKu-l1gztUu2GqMmntwl0pCA.roa (raw, json)
Hash identifier:          OhFOwa5pVHrJsZulyfQ+KO9kGSEhqaNeINk4y7wW5WU=
Subject key identifier:   B0:6A:0D:2A:EF:A5:D6:0C:ED:52:ED:86:A8:C9:A7:B7:09:74:A4:20
Certificate issuer:       /CN=0d04913d043dbb117cf6b9323c8ab247cb52e251
Certificate serial:       019B78A321548594DFF9359D536FB4A1DA17
Authority key identifier: 0D:04:91:3D:04:3D:BB:11:7C:F6:B9:32:3C:8A:B2:47:CB:52:E2:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQSRPQQ9uxF89rkyPIqyR8tS4lE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/47dff0-2b11-44bc-b721-96c81fb651a0/1/sGoNKu-l1gztUu2GqMmntwl0pCA.roa
Signing time:             Thu 01 Jan 2026 08:18:35 +0000
ROA not before:           Thu 01 Jan 2026 08:18:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2586
IP address blocks:        176.124.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/47dff0-2b11-44bc-b721-96c81fb651a0/1/DQSRPQQ9uxF89rkyPIqyR8tS4lE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/47dff0-2b11-44bc-b721-96c81fb651a0/1/DQSRPQQ9uxF89rkyPIqyR8tS4lE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQSRPQQ9uxF89rkyPIqyR8tS4lE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:35:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:21:54:85:94:df:f9:35:9d:53:6f:b4:a1:da:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d04913d043dbb117cf6b9323c8ab247cb52e251
        Validity
            Not Before: Jan  1 08:18:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b06a0d2aefa5d60ced52ed86a8c9a7b70974a420
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:1f:75:89:f3:13:82:51:9d:87:00:6a:39:e0:
                    c5:9f:7d:e9:18:d2:4d:e4:50:d5:ec:0e:cd:64:b4:
                    10:59:45:0b:a5:5b:07:71:c7:ef:b8:45:db:67:86:
                    ab:87:c0:49:ca:2b:dd:98:53:de:5f:f0:d9:8f:1d:
                    b4:a2:57:c6:5d:d3:c1:9d:c8:0a:75:37:0e:5c:3d:
                    17:1d:12:1f:51:88:1d:84:1f:44:e5:48:6d:73:dc:
                    d9:84:c8:08:71:d8:58:93:30:3f:fa:dc:b7:0a:f6:
                    5b:95:46:46:54:9f:c6:00:14:c9:31:0b:56:03:0e:
                    aa:d2:7e:f5:2b:b4:e8:75:ca:26:1e:b0:20:9e:63:
                    a0:c5:72:e0:e6:cd:5f:56:d3:f7:49:e0:7a:c0:d3:
                    29:31:b5:bd:61:d4:9c:3d:a9:dd:19:99:cb:12:b5:
                    0f:dd:08:b9:64:e1:81:6c:19:c3:59:8c:fe:6a:b0:
                    dc:c6:12:88:e0:fb:e4:d7:ad:3a:d3:c0:a6:6f:04:
                    e7:c3:d8:f7:bc:13:4e:dc:8e:01:f2:15:f1:ca:35:
                    c5:6f:36:2d:d1:c0:ef:d5:9d:b3:48:6b:fd:5b:dd:
                    c4:c0:f8:b4:73:5d:9d:81:82:cb:6c:13:36:80:b4:
                    56:84:2c:9e:cb:a7:e3:40:c2:db:cd:5e:23:36:30:
                    0b:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:6A:0D:2A:EF:A5:D6:0C:ED:52:ED:86:A8:C9:A7:B7:09:74:A4:20
            X509v3 Authority Key Identifier:
                keyid:0D:04:91:3D:04:3D:BB:11:7C:F6:B9:32:3C:8A:B2:47:CB:52:E2:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQSRPQQ9uxF89rkyPIqyR8tS4lE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/47dff0-2b11-44bc-b721-96c81fb651a0/1/sGoNKu-l1gztUu2GqMmntwl0pCA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/47dff0-2b11-44bc-b721-96c81fb651a0/1/DQSRPQQ9uxF89rkyPIqyR8tS4lE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.124.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:67:07:49:c8:87:d5:25:24:2f:00:66:76:e3:21:c3:c6:89:
         a1:e4:8c:41:31:68:91:ce:72:47:30:03:0f:8d:76:5d:b4:91:
         37:d0:a9:41:fc:5e:59:4b:a8:fc:bc:7a:08:44:2c:45:c9:55:
         a6:f8:4a:24:7b:cd:d8:4d:b0:96:42:95:ad:1d:c9:98:33:16:
         73:e6:83:8d:d6:82:d7:73:e7:be:e1:7c:10:f6:37:72:26:77:
         b3:a8:eb:d0:73:36:f4:a1:77:d5:a0:ba:4c:6a:55:75:31:e6:
         0a:30:71:8b:71:ad:af:df:7f:30:90:5f:7c:07:8c:80:61:f7:
         d8:1d:ce:29:96:2e:3d:d9:ba:0c:4b:49:24:f5:38:22:85:13:
         03:ef:0a:00:fd:78:41:33:5f:ec:90:7c:4a:14:5b:d8:31:ea:
         1c:99:f0:b5:f1:1e:3c:61:28:96:f5:7a:c0:da:87:6a:00:3d:
         40:5c:dd:19:10:c5:0d:ac:cf:f7:a9:f6:05:ba:11:15:b0:4d:
         ee:39:13:ec:00:ab:1c:ca:a5:b1:e6:29:7a:b4:ef:73:51:92:
         38:73:c4:70:6e:ba:eb:36:45:86:78:b6:9d:16:25:8f:7d:e4:
         40:44:57:eb:7e:c1:cb:48:75:ff:cf:b3:4c:ac:56:19:aa:1f:
         a5:69:cd:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4oyFUhZTf+TWdU2+0odoXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMDQ5MTNkMDQzZGJiMTE3Y2Y2YjkzMjNjOGFiMjQ3Y2I1
MmUyNTEwHhcNMjYwMTAxMDgxODM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDZhMGQyYWVmYTVkNjBjZWQ1MmVkODZhOGM5YTdiNzA5NzRhNDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0B91ifMTglGdhwBqOeDFn33pGNJN
5FDV7A7NZLQQWUULpVsHccfvuEXbZ4arh8BJyivdmFPeX/DZjx20olfGXdPBncgK
dTcOXD0XHRIfUYgdhB9E5Uhtc9zZhMgIcdhYkzA/+ty3CvZblUZGVJ/GABTJMQtW
Aw6q0n71K7TodcomHrAgnmOgxXLg5s1fVtP3SeB6wNMpMbW9YdScPandGZnLErUP
3Qi5ZOGBbBnDWYz+arDcxhKI4Pvk160608CmbwTnw9j3vBNO3I4B8hXxyjXFbzYt
0cDv1Z2zSGv9W93EwPi0c12dgYLLbBM2gLRWhCyey6fjQMLbzV4jNjALywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLBqDSrvpdYM7VLthqjJp7cJdKQgMB8GA1UdIwQY
MBaAFA0EkT0EPbsRfPa5MjyKskfLUuJRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFFTUlBRUTl1eEY4OXJreVBJcXlSOHRTNGxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS80N2RmZjAtMmIxMS00NGJjLWI3MjEt
OTZjODFmYjY1MWEwLzEvc0dvTkt1LWwxZ3p0VXUyR3FNbW50d2wwcENBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS80N2RmZjAtMmIxMS00NGJjLWI3MjEtOTZjODFmYjY1MWEw
LzEvRFFTUlBRUTl1eEY4OXJreVBJcXlSOHRTNGxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHz3MA0G
CSqGSIb3DQEBCwUAA4IBAQAwZwdJyIfVJSQvAGZ24yHDxomh5IxBMWiRznJHMAMP
jXZdtJE30KlB/F5ZS6j8vHoIRCxFyVWm+Eoke83YTbCWQpWtHcmYMxZz5oON1oLX
c+e+4XwQ9jdyJnezqOvQczb0oXfVoLpMalV1MeYKMHGLca2v338wkF98B4yAYffY
Hc4pli492boMS0kk9TgihRMD7woA/XhBM1/skHxKFFvYMeocmfC18R48YSiW9XrA
2odqAD1AXN0ZEMUNrM/3qfYFuhEVsE3uORPsAKscyqWx5il6tO9zUZI4c8Rwbrrr
NkWGeLadFiWPfeRARFfrfsHLSHX/z7NMrFYZqh+lac09
-----END CERTIFICATE-----