This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/u2zHl19ZbKXvPmvwNMcLmzmNdVQ.roa
File:                     u2zHl19ZbKXvPmvwNMcLmzmNdVQ.roa (raw, json)
Hash identifier:          WRAI6nEvaTJojleXKNb/BhG/0hyUOSj983OO/f7RP2A=
Subject key identifier:   BB:6C:C7:97:5F:59:6C:A5:EF:3E:6B:F0:34:C7:0B:9B:39:8D:75:54
Certificate issuer:       /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial:       019B78A277A9C1F97865553EA49732347682
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/u2zHl19ZbKXvPmvwNMcLmzmNdVQ.roa
Signing time:             Thu 01 Jan 2026 08:17:51 +0000
ROA not before:           Thu 01 Jan 2026 08:17:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     32780
IP address blocks:        212.60.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 12:01:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:77:a9:c1:f9:78:65:55:3e:a4:97:32:34:76:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
        Validity
            Not Before: Jan  1 08:17:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bb6cc7975f596ca5ef3e6bf034c70b9b398d7554
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:1c:fd:ca:72:e4:e7:c3:78:cb:f9:69:89:97:
                    4b:1d:11:66:07:cf:4e:a9:6e:38:1c:e8:90:f5:e3:
                    23:7c:21:d7:82:52:cc:c8:1e:f3:1b:24:22:91:06:
                    0b:82:78:2d:13:57:84:f9:45:65:33:f8:92:77:18:
                    14:e2:1a:6c:51:5f:7e:ad:02:23:55:db:3e:45:23:
                    04:02:c4:e1:da:19:63:78:d5:1e:ff:76:0b:d4:a5:
                    33:dc:ac:d7:84:66:75:5e:a5:bc:07:c0:c2:cf:55:
                    cb:ec:3b:8c:9d:ac:16:78:4a:c5:20:8d:1f:10:7e:
                    d1:ba:6b:6e:74:71:2d:6e:76:1b:8e:34:0b:01:0e:
                    04:47:c3:c4:41:4c:25:60:7f:c6:19:ec:01:3e:fe:
                    8b:5f:30:68:37:9e:2a:b7:78:65:16:a7:ff:ac:25:
                    b4:d4:20:38:8c:74:94:dc:67:57:ee:32:f5:25:53:
                    f4:7a:77:08:68:56:74:c7:b0:59:5a:9d:a1:df:a1:
                    c1:e7:ad:00:15:d5:7b:36:d3:94:14:b8:0f:00:7a:
                    d8:2a:aa:34:79:d9:d4:e9:cd:20:16:87:5d:06:f0:
                    90:dc:33:7d:3f:c9:36:91:8e:56:8c:fd:b8:cd:dc:
                    4d:e9:31:6c:1b:c2:cc:7d:39:77:16:24:59:ed:b6:
                    17:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:6C:C7:97:5F:59:6C:A5:EF:3E:6B:F0:34:C7:0B:9B:39:8D:75:54
            X509v3 Authority Key Identifier:
                keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/u2zHl19ZbKXvPmvwNMcLmzmNdVQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.60.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:e6:8e:73:c3:1d:d6:f0:9f:fe:3a:37:f1:7a:7f:e5:7f:0f:
         3e:3d:89:73:09:9b:2a:19:86:12:d9:54:9e:2c:79:74:ac:74:
         82:4a:ca:d0:e3:07:64:fa:2e:aa:f7:cb:6b:34:f8:a3:f3:87:
         03:7f:64:a7:fd:23:93:bd:92:28:5c:12:0f:af:e0:5b:1c:2c:
         08:90:69:2f:5d:8d:86:25:29:8b:31:88:c1:06:0e:5d:a7:ed:
         bb:c3:33:bb:dd:d6:a0:68:5e:a0:1f:0f:27:64:df:0a:d6:96:
         b5:32:ba:c7:a3:16:53:45:b2:14:12:e8:a8:61:27:9d:a1:65:
         cf:c4:81:73:c7:57:a6:c0:01:39:56:e2:c8:0d:fd:df:0c:c1:
         02:1b:b5:d7:e0:c3:a3:82:85:1d:5d:34:07:0e:ae:e2:a3:a6:
         ee:d2:f5:38:f6:b8:7c:71:2a:8f:3e:9a:04:41:54:9d:ab:9b:
         63:ff:aa:26:f6:4e:83:9d:c8:00:e6:27:1c:73:d0:84:b9:62:
         80:c7:c0:90:2c:16:55:da:59:59:93:a7:d3:1d:8b:72:cb:63:
         3b:60:d8:5b:80:56:a5:34:f0:3b:c8:c7:38:63:a9:f2:49:99:
         1e:0f:cd:f0:8f:5e:83:83:1b:f7:92:45:53:f2:3c:56:de:50:
         06:21:a8:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4onepwfl4ZVU+pJcyNHaCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjYwMTAxMDgxNzUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjZjYzc5NzVmNTk2Y2E1ZWYzZTZiZjAzNGM3MGI5YjM5OGQ3NTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhz9ynLk58N4y/lpiZdLHRFmB89O
qW44HOiQ9eMjfCHXglLMyB7zGyQikQYLgngtE1eE+UVlM/iSdxgU4hpsUV9+rQIj
Vds+RSMEAsTh2hljeNUe/3YL1KUz3KzXhGZ1XqW8B8DCz1XL7DuMnawWeErFII0f
EH7RumtudHEtbnYbjjQLAQ4ER8PEQUwlYH/GGewBPv6LXzBoN54qt3hlFqf/rCW0
1CA4jHSU3GdX7jL1JVP0encIaFZ0x7BZWp2h36HB560AFdV7NtOUFLgPAHrYKqo0
ednU6c0gFoddBvCQ3DN9P8k2kY5WjP24zdxN6TFsG8LMfTl3FiRZ7bYXNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLtsx5dfWWyl7z5r8DTHC5s5jXVUMB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvdTJ6SGwxOVpiS1h2UG12d05NY0xtem1OZFZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1DwMMA0G
CSqGSIb3DQEBCwUAA4IBAQA15o5zwx3W8J/+Ojfxen/lfw8+PYlzCZsqGYYS2VSe
LHl0rHSCSsrQ4wdk+i6q98trNPij84cDf2Sn/SOTvZIoXBIPr+BbHCwIkGkvXY2G
JSmLMYjBBg5dp+27wzO73dagaF6gHw8nZN8K1pa1MrrHoxZTRbIUEuioYSedoWXP
xIFzx1emwAE5VuLIDf3fDMECG7XX4MOjgoUdXTQHDq7io6bu0vU49rh8cSqPPpoE
QVSdq5tj/6om9k6DncgA5iccc9CEuWKAx8CQLBZV2llZk6fTHYtyy2M7YNhbgFal
NPA7yMc4Y6nySZkeD83wj16Dgxv3kkVT8jxW3lAGIagy
-----END CERTIFICATE-----