This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/8ftxC7wXgtXbZcTzF9Qw8TNBHeY.roa
File:                     8ftxC7wXgtXbZcTzF9Qw8TNBHeY.roa (raw, json)
Hash identifier:          f76HXbcEy/4BVnyKmwn86qGP4ZS36d+ZneNtOEJLrrc=
Subject key identifier:   F1:FB:71:0B:BC:17:82:D5:DB:65:C4:F3:17:D4:30:F1:33:41:1D:E6
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       019B7BA49BAAD52C809D9ED90F5536AA77DA
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/8ftxC7wXgtXbZcTzF9Qw8TNBHeY.roa
Signing time:             Thu 01 Jan 2026 22:19:03 +0000
ROA not before:           Thu 01 Jan 2026 22:19:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58330
IP address blocks:        194.213.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a4:9b:aa:d5:2c:80:9d:9e:d9:0f:55:36:aa:77:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan  1 22:19:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f1fb710bbc1782d5db65c4f317d430f133411de6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:63:69:17:49:ee:38:52:7c:0e:39:68:27:79:
                    03:c2:6a:a9:53:41:fc:a1:a7:49:07:f1:68:3a:30:
                    21:a5:73:c3:1e:99:02:93:85:cf:fd:b1:07:37:27:
                    e5:39:24:f2:f8:c8:28:63:16:4b:d4:6b:12:28:30:
                    84:8b:24:5d:f7:eb:22:89:46:49:e6:84:b1:22:fc:
                    ab:f8:28:d0:9c:62:36:6b:6e:8f:7a:8a:df:ca:20:
                    ae:41:ac:ee:d6:8c:be:23:5e:ee:8b:5a:cf:91:af:
                    7a:71:fa:f1:56:49:a7:de:b6:69:5e:5b:78:55:c2:
                    21:1f:b7:98:b8:ac:a4:b2:c1:73:bf:6a:3f:f2:a2:
                    22:9d:9b:59:2a:c5:9c:62:6d:d0:2d:74:6a:26:d5:
                    ed:92:85:7f:37:72:33:fb:3c:bd:01:16:dd:55:15:
                    68:d4:1e:70:49:90:f9:dd:c3:05:7a:d6:f5:9e:5b:
                    08:85:d9:72:0e:d2:8d:1d:b8:cd:76:0e:ec:a5:d8:
                    0d:a7:1f:a7:05:72:0c:c5:8b:fb:16:39:42:94:3c:
                    d0:a2:36:c7:95:b2:b3:3a:96:68:90:23:d2:c7:1e:
                    88:5a:c4:9e:b8:ef:5b:a8:78:d2:09:f2:e6:d8:e4:
                    da:19:f4:17:84:e8:1e:8b:ba:1b:5f:dd:49:1a:b3:
                    60:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:FB:71:0B:BC:17:82:D5:DB:65:C4:F3:17:D4:30:F1:33:41:1D:E6
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/8ftxC7wXgtXbZcTzF9Qw8TNBHeY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.213.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:7d:fd:37:70:50:3c:23:15:31:8f:f1:8e:ec:59:73:14:02:
         c1:80:48:8f:8f:b9:5e:e4:bb:31:a1:ad:5f:b7:cc:57:2c:bf:
         73:ff:64:83:28:b3:65:b0:cb:22:ef:22:89:44:1e:81:c9:34:
         71:f0:e8:5e:6b:f6:2b:06:16:ee:47:d7:e6:fd:5b:a4:50:27:
         23:22:e0:52:62:ad:1c:63:13:b8:6e:d0:85:e5:28:33:fa:5a:
         8c:23:80:54:b5:07:06:ed:e6:05:8d:ad:15:37:a2:bf:a2:cf:
         46:45:58:01:b5:14:1d:3d:54:34:c3:82:8a:3b:ea:82:bd:9b:
         e3:2a:28:5a:e8:b9:c5:bc:28:09:66:cd:c3:75:18:0c:09:c2:
         9e:a6:45:86:fa:18:7e:6b:5f:ad:1b:62:83:75:86:02:00:a6:
         ae:21:98:db:ca:7f:62:17:a6:2b:b5:c1:b2:f1:be:6a:69:5c:
         cb:e0:7b:d7:f8:c2:64:6c:19:02:bd:85:4f:ba:e1:0a:2f:21:
         5e:75:79:aa:bb:13:df:83:b2:9c:e5:f7:74:fe:05:3a:bf:0b:
         44:2b:56:c1:46:78:df:54:4a:6f:84:25:48:67:3b:3b:b0:e6:
         8d:db:65:ab:28:2c:3b:9f:3a:82:b2:0c:f2:eb:9c:05:5b:9a:
         3e:2d:b9:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pJuq1SyAnZ7ZD1U2qnfaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjYwMTAxMjIxOTAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWZiNzEwYmJjMTc4MmQ1ZGI2NWM0ZjMxN2Q0MzBmMTMzNDExZGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9GNpF0nuOFJ8DjloJ3kDwmqpU0H8
oadJB/FoOjAhpXPDHpkCk4XP/bEHNyflOSTy+MgoYxZL1GsSKDCEiyRd9+siiUZJ
5oSxIvyr+CjQnGI2a26PeorfyiCuQazu1oy+I17ui1rPka96cfrxVkmn3rZpXlt4
VcIhH7eYuKykssFzv2o/8qIinZtZKsWcYm3QLXRqJtXtkoV/N3Iz+zy9ARbdVRVo
1B5wSZD53cMFetb1nlsIhdlyDtKNHbjNdg7spdgNpx+nBXIMxYv7FjlClDzQojbH
lbKzOpZokCPSxx6IWsSeuO9bqHjSCfLm2OTaGfQXhOgei7obX91JGrNgkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPH7cQu8F4LV22XE8xfUMPEzQR3mMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvOGZ0eEM3d1hndFhiWmNUekY5UXc4VE5CSGVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwtUQMA0G
CSqGSIb3DQEBCwUAA4IBAQCOff03cFA8IxUxj/GO7FlzFALBgEiPj7le5Lsxoa1f
t8xXLL9z/2SDKLNlsMsi7yKJRB6ByTRx8Ohea/YrBhbuR9fm/VukUCcjIuBSYq0c
YxO4btCF5Sgz+lqMI4BUtQcG7eYFja0VN6K/os9GRVgBtRQdPVQ0w4KKO+qCvZvj
Kiha6LnFvCgJZs3DdRgMCcKepkWG+hh+a1+tG2KDdYYCAKauIZjbyn9iF6YrtcGy
8b5qaVzL4HvX+MJkbBkCvYVPuuEKLyFedXmquxPfg7Kc5fd0/gU6vwtEK1bBRnjf
VEpvhCVIZzs7sOaN22WrKCw7nzqCsgzy65wFW5o+LblU
-----END CERTIFICATE-----