This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/8h_MXgB8CHt4pVo3hhkzuVR8UeE.roa
File:                     8h_MXgB8CHt4pVo3hhkzuVR8UeE.roa (raw, json)
Hash identifier:          6zfjT+xp3/NBDc+/uiauLAz/t0qrDE3jLAUyYHa96hI=
Subject key identifier:   F2:1F:CC:5E:00:7C:08:7B:78:A5:5A:37:86:19:33:B9:54:7C:51:E1
Certificate issuer:       /CN=2fa16ab06020067740a4c1fb47a912622f1d0722
Certificate serial:       019BB150B37317A8183BA0211FF254353F79
Authority key identifier: 2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/8h_MXgB8CHt4pVo3hhkzuVR8UeE.roa
Signing time:             Mon 12 Jan 2026 08:26:54 +0000
ROA not before:           Mon 12 Jan 2026 08:26:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     137235
IP address blocks:        213.145.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 11:02:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:b1:50:b3:73:17:a8:18:3b:a0:21:1f:f2:54:35:3f:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fa16ab06020067740a4c1fb47a912622f1d0722
        Validity
            Not Before: Jan 12 08:26:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f21fcc5e007c087b78a55a37861933b9547c51e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:11:ce:2a:1d:d7:f8:9b:12:56:d6:1f:53:fa:
                    e1:60:f0:3b:70:da:a4:1b:06:58:e8:1e:52:72:b8:
                    c3:5e:d2:a9:eb:e9:12:bb:5b:a8:d6:52:33:d7:a7:
                    58:9a:3d:27:99:1e:94:ad:58:61:1c:ff:4f:91:60:
                    98:dd:c4:ae:64:c3:04:6e:dd:4a:9b:dd:3e:02:31:
                    9c:4e:42:3c:d4:a6:5b:3b:5c:d6:8d:9d:10:a3:36:
                    9d:3b:6e:43:c3:91:43:da:7e:52:6a:58:ae:2d:20:
                    44:15:99:a8:84:a8:f7:a5:e3:9a:78:f8:83:32:e2:
                    68:21:57:f7:4a:10:51:70:20:06:50:a7:0e:82:93:
                    c8:92:71:a2:65:65:41:82:7a:23:3d:69:32:d5:45:
                    32:a5:3a:2c:db:f6:03:95:19:2f:fb:45:85:df:1e:
                    b4:5f:d2:8b:e5:a3:1f:3f:63:8c:a7:4b:f2:15:82:
                    8f:bc:ac:bb:76:d1:a5:83:e3:cf:a8:4b:a2:e3:38:
                    da:92:16:02:12:b2:fe:d7:a9:8f:2c:c0:0d:92:30:
                    b3:33:71:ae:32:8f:7a:fc:c0:0c:25:5a:34:a1:69:
                    0a:fe:a7:b8:7d:f9:24:b3:76:af:d2:75:ce:bd:a0:
                    fc:63:9f:9e:4a:ca:2e:6f:94:4a:55:10:57:ac:fa:
                    30:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:1F:CC:5E:00:7C:08:7B:78:A5:5A:37:86:19:33:B9:54:7C:51:E1
            X509v3 Authority Key Identifier:
                keyid:2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/8h_MXgB8CHt4pVo3hhkzuVR8UeE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.145.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:8c:f7:89:c5:3b:78:f1:8f:e8:58:34:c8:9a:2d:ca:3a:6e:
         7d:c2:ff:90:c1:77:22:23:0b:a3:87:b0:96:4e:1e:7c:57:0d:
         f9:65:71:62:ea:74:4a:7f:69:31:55:d7:bd:a8:5d:09:4e:5e:
         c3:03:67:33:c8:ec:bb:53:a7:c5:41:6c:41:55:6c:a5:fc:54:
         94:67:a3:a0:c7:d1:17:d8:d4:0f:ee:b6:15:08:00:bd:9b:9b:
         25:b6:06:8d:80:e3:79:8b:d3:96:4d:72:9d:cb:4a:ac:b8:e6:
         1e:6a:1b:a5:d6:9d:75:98:64:00:db:19:09:34:54:e9:9f:64:
         a1:82:96:cf:7c:35:c2:94:2f:40:35:7f:f3:33:d7:7c:c9:b5:
         2f:90:6f:65:bb:19:96:c9:91:72:ad:7d:95:ca:ff:72:0c:e8:
         31:99:4c:80:7e:19:41:b1:be:1c:04:de:19:3f:f4:2b:3f:62:
         74:1c:50:49:25:05:1e:c8:71:f6:2c:01:6c:0a:6d:87:75:d8:
         24:56:6d:fc:35:90:77:ce:85:dd:69:fe:43:78:60:b6:87:87:
         35:e8:09:c3:5c:e2:1c:95:a9:70:da:1d:74:c5:bc:a3:b5:95:
         28:50:1c:05:1f:cc:a5:bc:9c:e5:7b:d4:cc:6d:fa:33:b6:be:
         22:f0:b8:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZuxULNzF6gYO6AhH/JUNT95MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYTE2YWIwNjAyMDA2Nzc0MGE0YzFmYjQ3YTkxMjYyMmYx
ZDA3MjIwHhcNMjYwMTEyMDgyNjU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjFmY2M1ZTAwN2MwODdiNzhhNTVhMzc4NjE5MzNiOTU0N2M1MWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtBHOKh3X+JsSVtYfU/rhYPA7cNqk
GwZY6B5ScrjDXtKp6+kSu1uo1lIz16dYmj0nmR6UrVhhHP9PkWCY3cSuZMMEbt1K
m90+AjGcTkI81KZbO1zWjZ0QozadO25Dw5FD2n5SaliuLSBEFZmohKj3peOaePiD
MuJoIVf3ShBRcCAGUKcOgpPIknGiZWVBgnojPWky1UUypTos2/YDlRkv+0WF3x60
X9KL5aMfP2OMp0vyFYKPvKy7dtGlg+PPqEui4zjakhYCErL+16mPLMANkjCzM3Gu
Mo96/MAMJVo0oWkK/qe4ffkks3av0nXOvaD8Y5+eSsoub5RKVRBXrPowiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPIfzF4AfAh7eKVaN4YZM7lUfFHhMB8GA1UdIwQY
MBaAFC+harBgIAZ3QKTB+0epEmIvHQciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUt
ZDI0MmI2ZjNhOGExLzEvOGhfTVhnQjhDSHQ0cFZvM2hoa3p1VlI4VWVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUtZDI0MmI2ZjNhOGEx
LzEvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1ZFGMA0G
CSqGSIb3DQEBCwUAA4IBAQC/jPeJxTt48Y/oWDTImi3KOm59wv+QwXciIwujh7CW
Th58Vw35ZXFi6nRKf2kxVde9qF0JTl7DA2czyOy7U6fFQWxBVWyl/FSUZ6Ogx9EX
2NQP7rYVCAC9m5sltgaNgON5i9OWTXKdy0qsuOYeahul1p11mGQA2xkJNFTpn2Sh
gpbPfDXClC9ANX/zM9d8ybUvkG9luxmWyZFyrX2Vyv9yDOgxmUyAfhlBsb4cBN4Z
P/QrP2J0HFBJJQUeyHH2LAFsCm2HddgkVm38NZB3zoXdaf5DeGC2h4c16AnDXOIc
lalw2h10xbyjtZUoUBwFH8ylvJzle9TMbfoztr4i8Ljw
-----END CERTIFICATE-----