This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/7f290b-81c7-42b7-947f-d33fa1605ae1/1/WFGsTkyDEkw_wabTopaC390evNc.roa
File:                     WFGsTkyDEkw_wabTopaC390evNc.roa (raw, json)
Hash identifier:          lJG4HZa8hX3A9smSi2LkkvTTIiCw5MIKUs7X4ZXob7U=
Subject key identifier:   58:51:AC:4E:4C:83:12:4C:3F:C1:A6:D3:A2:96:82:DF:DD:1E:BC:D7
Certificate issuer:       /CN=29db7ca4eee1e453d26fab99c8201adf894612be
Certificate serial:       019B7B36A5D5E792EAD2B8DF5963553D7FBC
Authority key identifier: 29:DB:7C:A4:EE:E1:E4:53:D2:6F:AB:99:C8:20:1A:DF:89:46:12:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kdt8pO7h5FPSb6uZyCAa34lGEr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/7f290b-81c7-42b7-947f-d33fa1605ae1/1/WFGsTkyDEkw_wabTopaC390evNc.roa
Signing time:             Thu 01 Jan 2026 20:18:57 +0000
ROA not before:           Thu 01 Jan 2026 20:18:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203
IP address blocks:        37.123.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/7f290b-81c7-42b7-947f-d33fa1605ae1/1/Kdt8pO7h5FPSb6uZyCAa34lGEr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/7f290b-81c7-42b7-947f-d33fa1605ae1/1/Kdt8pO7h5FPSb6uZyCAa34lGEr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Kdt8pO7h5FPSb6uZyCAa34lGEr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 23 Jan 2026 00:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:a5:d5:e7:92:ea:d2:b8:df:59:63:55:3d:7f:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29db7ca4eee1e453d26fab99c8201adf894612be
        Validity
            Not Before: Jan  1 20:18:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5851ac4e4c83124c3fc1a6d3a29682dfdd1ebcd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:72:96:24:9e:f1:ff:e8:eb:61:a7:7b:01:4e:
                    76:c2:d3:49:86:0c:b4:95:c7:58:af:8d:5a:9b:a5:
                    60:17:8e:28:db:74:68:60:6c:ee:e5:39:91:5b:49:
                    f0:e9:39:99:82:94:75:67:eb:5d:d1:fd:15:bc:13:
                    e5:3f:ef:a4:50:ae:ba:99:ab:6f:8d:b4:60:69:b0:
                    f8:49:c3:ae:71:2b:a1:14:f8:07:7c:99:00:67:90:
                    75:a0:b7:4f:0b:c5:b2:ac:e3:d5:60:4a:15:08:f8:
                    b7:74:71:96:d4:9d:ac:08:7e:85:02:99:67:2f:86:
                    33:3f:4d:f3:70:11:c1:cf:fb:40:00:22:67:f2:27:
                    a7:c8:99:e9:c9:76:da:38:92:a7:2c:c8:b4:57:08:
                    71:76:94:a0:9a:2b:46:c1:e2:2c:46:47:1e:e4:6b:
                    a2:6f:2b:41:aa:19:01:08:e9:4f:d1:b7:72:b1:15:
                    d5:af:55:9c:a2:03:c5:4e:fb:1c:6a:5e:3a:2a:65:
                    53:6e:4e:a2:ef:48:49:52:29:55:91:6e:bd:a6:ab:
                    39:4a:da:43:cb:0d:4e:7e:c4:8f:54:57:19:85:1d:
                    6d:fd:d3:9b:3d:8e:22:3b:d5:5e:9e:39:34:9f:e6:
                    de:ee:92:fd:64:1e:fb:92:0e:bc:cd:b8:a5:ec:43:
                    3d:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:51:AC:4E:4C:83:12:4C:3F:C1:A6:D3:A2:96:82:DF:DD:1E:BC:D7
            X509v3 Authority Key Identifier:
                keyid:29:DB:7C:A4:EE:E1:E4:53:D2:6F:AB:99:C8:20:1A:DF:89:46:12:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kdt8pO7h5FPSb6uZyCAa34lGEr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/7f290b-81c7-42b7-947f-d33fa1605ae1/1/WFGsTkyDEkw_wabTopaC390evNc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/7f290b-81c7-42b7-947f-d33fa1605ae1/1/Kdt8pO7h5FPSb6uZyCAa34lGEr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.123.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:6e:51:c2:24:da:5c:d8:76:b6:5d:28:40:9e:93:83:87:2c:
         8a:06:2c:d8:5e:cf:4e:9f:80:b0:a6:0d:44:ea:ce:ea:e3:18:
         91:f0:7b:c7:cf:cf:d7:fc:1a:62:ac:c8:6f:25:4a:da:c2:4f:
         3b:63:ec:b3:ea:c1:74:97:05:51:27:e5:5e:f1:8d:f9:27:86:
         f1:1a:2c:02:d9:02:96:db:ad:02:75:24:63:48:61:bf:c8:63:
         f6:88:84:1d:8d:6b:de:79:d9:0d:2a:b8:59:17:9f:af:80:d1:
         2c:09:d4:32:dd:18:53:d5:71:22:a8:c1:35:8a:34:fd:cb:43:
         7c:96:99:71:b3:5d:58:fb:0e:82:c5:d5:d2:9c:f2:5e:da:42:
         4a:94:f4:4e:ff:c2:32:65:ca:94:5e:83:8a:e8:af:7a:2e:5d:
         d7:22:b7:d3:f7:9b:d1:89:e6:9c:97:63:2d:47:61:bd:7b:ea:
         c6:67:ed:76:61:e5:68:dc:05:85:e2:e6:15:5f:16:0c:8a:98:
         c3:52:84:f5:b3:1c:71:ba:5b:f1:45:84:7f:a0:89:6e:7b:3e:
         bd:28:fb:dd:d4:32:ae:ba:12:11:71:48:bb:3f:6b:18:40:5c:
         41:6a:1b:91:a7:1d:04:73:eb:45:15:7a:14:e8:7a:4f:61:47:
         49:b4:63:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NqXV55Lq0rjfWWNVPX+8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZGI3Y2E0ZWVlMWU0NTNkMjZmYWI5OWM4MjAxYWRmODk0
NjEyYmUwHhcNMjYwMTAxMjAxODU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODUxYWM0ZTRjODMxMjRjM2ZjMWE2ZDNhMjk2ODJkZmRkMWViY2Q3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArnKWJJ7x/+jrYad7AU52wtNJhgy0
lcdYr41am6VgF44o23RoYGzu5TmRW0nw6TmZgpR1Z+td0f0VvBPlP++kUK66matv
jbRgabD4ScOucSuhFPgHfJkAZ5B1oLdPC8WyrOPVYEoVCPi3dHGW1J2sCH6FApln
L4YzP03zcBHBz/tAACJn8ienyJnpyXbaOJKnLMi0VwhxdpSgmitGweIsRkce5Gui
bytBqhkBCOlP0bdysRXVr1WcogPFTvscal46KmVTbk6i70hJUilVkW69pqs5StpD
yw1OfsSPVFcZhR1t/dObPY4iO9Venjk0n+be7pL9ZB77kg68zbil7EM9NQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFhRrE5MgxJMP8Gm06KWgt/dHrzXMB8GA1UdIwQY
MBaAFCnbfKTu4eRT0m+rmcggGt+JRhK+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2R0OHBPN2g1RlBTYjZ1WnlDQWEzNGxHRXI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy83ZjI5MGItODFjNy00MmI3LTk0N2Yt
ZDMzZmExNjA1YWUxLzEvV0ZHc1RreURFa3dfd2FiVG9wYUMzOTBldk5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy83ZjI5MGItODFjNy00MmI3LTk0N2YtZDMzZmExNjA1YWUx
LzEvS2R0OHBPN2g1RlBTYjZ1WnlDQWEzNGxHRXI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJXv+MA0G
CSqGSIb3DQEBCwUAA4IBAQBhblHCJNpc2Ha2XShAnpODhyyKBizYXs9On4Cwpg1E
6s7q4xiR8HvHz8/X/BpirMhvJUrawk87Y+yz6sF0lwVRJ+Ve8Y35J4bxGiwC2QKW
260CdSRjSGG/yGP2iIQdjWveedkNKrhZF5+vgNEsCdQy3RhT1XEiqME1ijT9y0N8
lplxs11Y+w6CxdXSnPJe2kJKlPRO/8IyZcqUXoOK6K96Ll3XIrfT95vRieacl2Mt
R2G9e+rGZ+12YeVo3AWF4uYVXxYMipjDUoT1sxxxulvxRYR/oIluez69KPvd1DKu
uhIRcUi7P2sYQFxBahuRpx0Ec+tFFXoU6HpPYUdJtGNM
-----END CERTIFICATE-----