This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/160905-126b-47df-9899-1199bb979d5a/1/v8_8DKvZOnzxasJAbNXpzowIUCE.roa
File:                     v8_8DKvZOnzxasJAbNXpzowIUCE.roa (raw, json)
Hash identifier:          HcyRJAy9Zv+3jNMhxrtzHJEmC5Piizes2AarKRvNeZc=
Subject key identifier:   BF:CF:FC:0C:AB:D9:3A:7C:F1:6A:C2:40:6C:D5:E9:CE:8C:08:50:21
Certificate issuer:       /CN=2c07bf3b733a5c3a71d9ca8c3626948df712705b
Certificate serial:       019C0F06CFB254244E058E08C875CCA43408
Authority key identifier: 2C:07:BF:3B:73:3A:5C:3A:71:D9:CA:8C:36:26:94:8D:F7:12:70:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LAe_O3M6XDpx2cqMNiaUjfcScFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/160905-126b-47df-9899-1199bb979d5a/1/v8_8DKvZOnzxasJAbNXpzowIUCE.roa
Signing time:             Fri 30 Jan 2026 13:10:30 +0000
ROA not before:           Fri 30 Jan 2026 13:10:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214366
IP address blocks:        153.51.32.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/160905-126b-47df-9899-1199bb979d5a/1/LAe_O3M6XDpx2cqMNiaUjfcScFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/160905-126b-47df-9899-1199bb979d5a/1/LAe_O3M6XDpx2cqMNiaUjfcScFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LAe_O3M6XDpx2cqMNiaUjfcScFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Feb 2026 07:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:0f:06:cf:b2:54:24:4e:05:8e:08:c8:75:cc:a4:34:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c07bf3b733a5c3a71d9ca8c3626948df712705b
        Validity
            Not Before: Jan 30 13:10:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bfcffc0cabd93a7cf16ac2406cd5e9ce8c085021
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:57:4d:5d:81:d7:6a:38:8f:b6:8d:ce:4c:c5:
                    08:fe:b0:94:a1:62:35:2b:0a:61:74:b1:4e:42:15:
                    f9:99:eb:5e:0a:d3:49:6f:41:51:fe:ff:c9:bd:3a:
                    9e:eb:21:84:74:ed:14:46:9f:16:2b:14:17:f0:3f:
                    28:e9:83:62:1b:5b:1e:b3:1c:35:16:22:bc:8a:4c:
                    33:7a:f0:88:9c:b4:d7:5b:9a:4a:01:8f:5e:5d:0d:
                    9b:7f:e2:b0:c1:55:6a:11:09:d5:22:48:40:23:94:
                    b2:f8:47:99:46:74:73:fa:72:e6:6f:77:88:5b:d5:
                    47:59:4a:23:a4:02:b0:28:5f:59:14:eb:04:37:fc:
                    f8:4f:bb:3b:b2:ad:03:63:61:f9:5a:2d:46:b6:74:
                    64:5d:32:06:90:17:ac:31:86:ea:97:6f:69:85:16:
                    b6:b0:16:e6:e7:98:b2:b6:63:df:fc:df:fc:5b:85:
                    7e:4f:90:b2:0f:e9:1c:87:03:80:ab:f5:6d:3b:0c:
                    bb:78:78:af:0c:a5:41:34:5c:59:ce:b4:56:0b:de:
                    22:f0:eb:04:12:1c:95:d5:6c:87:a4:23:33:7f:b7:
                    af:39:e0:9e:7f:ef:25:63:63:e7:80:fe:41:24:9d:
                    83:d9:9c:fb:e7:c2:4d:5e:d0:98:ed:fc:5f:a5:18:
                    07:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:CF:FC:0C:AB:D9:3A:7C:F1:6A:C2:40:6C:D5:E9:CE:8C:08:50:21
            X509v3 Authority Key Identifier:
                keyid:2C:07:BF:3B:73:3A:5C:3A:71:D9:CA:8C:36:26:94:8D:F7:12:70:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LAe_O3M6XDpx2cqMNiaUjfcScFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/160905-126b-47df-9899-1199bb979d5a/1/v8_8DKvZOnzxasJAbNXpzowIUCE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/160905-126b-47df-9899-1199bb979d5a/1/LAe_O3M6XDpx2cqMNiaUjfcScFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.51.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1b:51:63:9c:23:8b:d6:d0:b9:c9:dd:17:c5:df:8f:b4:0e:77:
         86:39:2f:d8:04:34:7e:31:07:68:36:65:61:5d:0a:2c:f9:ac:
         71:18:b9:21:6e:c9:ab:57:c8:70:d5:30:ce:f2:0f:95:d5:92:
         ae:d1:96:2a:b4:93:c3:4c:d3:27:ff:ef:27:2d:0d:aa:c5:cf:
         b6:b2:1f:d9:38:08:e6:92:ee:d7:5b:49:b5:07:84:0f:fc:81:
         62:5a:fb:ea:01:98:24:90:fb:a5:7d:40:c8:2b:08:8d:07:29:
         78:4b:8e:54:88:4a:2f:16:a5:53:bf:3d:e1:c2:fe:ea:d4:35:
         c6:cf:a8:11:48:c9:9f:39:37:3e:29:4b:fc:fb:89:2e:78:29:
         67:e1:74:25:02:82:54:7a:fc:7b:a4:b7:47:e2:2e:4a:55:57:
         03:06:0c:91:c7:f0:5e:a7:d9:27:9d:3d:fc:c0:59:ae:12:fa:
         37:82:2f:0c:5c:7d:62:a1:18:54:a0:43:13:6b:32:af:43:43:
         b3:2d:64:b6:bf:07:dd:cf:56:96:09:f8:06:8b:b0:e0:29:c9:
         b5:30:70:d7:3f:98:ec:f7:17:f2:18:9c:e7:0e:4d:5a:ed:22:
         48:0c:ad:e1:e2:07:45:01:7d:d8:8e:19:a6:f7:8a:8b:90:e6:
         4a:e1:96:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwPBs+yVCROBY4IyHXMpDQIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjMDdiZjNiNzMzYTVjM2E3MWQ5Y2E4YzM2MjY5NDhkZjcx
MjcwNWIwHhcNMjYwMTMwMTMxMDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmNmZmMwY2FiZDkzYTdjZjE2YWMyNDA2Y2Q1ZTljZThjMDg1MDIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjldNXYHXajiPto3OTMUI/rCUoWI1
KwphdLFOQhX5meteCtNJb0FR/v/JvTqe6yGEdO0URp8WKxQX8D8o6YNiG1sesxw1
FiK8ikwzevCInLTXW5pKAY9eXQ2bf+KwwVVqEQnVIkhAI5Sy+EeZRnRz+nLmb3eI
W9VHWUojpAKwKF9ZFOsEN/z4T7s7sq0DY2H5Wi1GtnRkXTIGkBesMYbql29phRa2
sBbm55iytmPf/N/8W4V+T5CyD+kchwOAq/VtOwy7eHivDKVBNFxZzrRWC94i8OsE
EhyV1WyHpCMzf7evOeCef+8lY2PngP5BJJ2D2Zz758JNXtCY7fxfpRgHEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL/P/Ayr2Tp88WrCQGzV6c6MCFAhMB8GA1UdIwQY
MBaAFCwHvztzOlw6cdnKjDYmlI33EnBbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEFlX08zTTZYRHB4MmNxTU5pYVVqZmNTY0ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy8xNjA5MDUtMTI2Yi00N2RmLTk4OTkt
MTE5OWJiOTc5ZDVhLzEvdjhfOERLdlpPbnp4YXNKQWJOWHB6b3dJVUNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy8xNjA5MDUtMTI2Yi00N2RmLTk4OTktMTE5OWJiOTc5ZDVh
LzEvTEFlX08zTTZYRHB4MmNxTU5pYVVqZmNTY0ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCmTMgMA0G
CSqGSIb3DQEBCwUAA4IBAQAbUWOcI4vW0LnJ3RfF34+0DneGOS/YBDR+MQdoNmVh
XQos+axxGLkhbsmrV8hw1TDO8g+V1ZKu0ZYqtJPDTNMn/+8nLQ2qxc+2sh/ZOAjm
ku7XW0m1B4QP/IFiWvvqAZgkkPulfUDIKwiNByl4S45UiEovFqVTvz3hwv7q1DXG
z6gRSMmfOTc+KUv8+4kueCln4XQlAoJUevx7pLdH4i5KVVcDBgyRx/Bep9knnT38
wFmuEvo3gi8MXH1ioRhUoEMTazKvQ0OzLWS2vwfdz1aWCfgGi7DgKcm1MHDXP5js
9xfyGJznDk1a7SJIDK3h4gdFAX3Yjhmm94qLkOZK4Zbd
-----END CERTIFICATE-----