This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/a8c318-338d-4932-8acb-e97ae5c60568/1/99vNYm11Abb46yGkbIvnhElSUKk.roa
File:                     99vNYm11Abb46yGkbIvnhElSUKk.roa (raw, json)
Hash identifier:          kaM8j0/7vV6OtesnBvSal75AKpJWv23ajsp4aKhWL4M=
Subject key identifier:   F7:DB:CD:62:6D:75:01:B6:F8:EB:21:A4:6C:8B:E7:84:49:52:50:A9
Certificate issuer:       /CN=f6516d7f28cdbe8b3f55d75372aad4d3b10be09f
Certificate serial:       019B797F0CFD96BB6EBBED51AD8064452814
Authority key identifier: F6:51:6D:7F:28:CD:BE:8B:3F:55:D7:53:72:AA:D4:D3:B1:0B:E0:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9lFtfyjNvos_VddTcqrU07EL4J8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/a8c318-338d-4932-8acb-e97ae5c60568/1/99vNYm11Abb46yGkbIvnhElSUKk.roa
Signing time:             Thu 01 Jan 2026 12:18:48 +0000
ROA not before:           Thu 01 Jan 2026 12:18:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     565
IP address blocks:        130.188.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/a8c318-338d-4932-8acb-e97ae5c60568/1/9lFtfyjNvos_VddTcqrU07EL4J8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/a8c318-338d-4932-8acb-e97ae5c60568/1/9lFtfyjNvos_VddTcqrU07EL4J8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9lFtfyjNvos_VddTcqrU07EL4J8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 Jan 2026 00:01:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7f:0c:fd:96:bb:6e:bb:ed:51:ad:80:64:45:28:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6516d7f28cdbe8b3f55d75372aad4d3b10be09f
        Validity
            Not Before: Jan  1 12:18:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f7dbcd626d7501b6f8eb21a46c8be784495250a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:df:50:01:5d:71:01:f1:54:6a:33:09:cf:3e:
                    77:de:37:a0:70:e8:ac:e2:09:ff:16:12:0f:ef:05:
                    eb:e5:06:9f:c3:fc:7e:de:f8:61:8a:21:0b:4c:82:
                    15:10:af:f3:e8:43:cd:cb:da:4e:3a:62:44:c1:c7:
                    0b:93:48:53:95:18:d8:7a:a7:db:79:a7:6f:30:8c:
                    3d:14:a9:cd:5c:d2:81:b0:30:3f:5c:19:45:89:12:
                    0c:77:91:41:30:ce:05:66:c5:e3:eb:6f:11:eb:32:
                    06:b8:a8:e4:6b:9b:1f:05:8a:cd:c0:d5:f0:53:e0:
                    82:ab:a5:fe:e8:3c:da:c9:c9:31:99:2a:6f:c6:e6:
                    17:43:28:9b:ce:56:e8:1b:2e:0f:97:25:20:4f:a3:
                    67:74:17:8b:d7:e1:2b:8b:3a:4a:23:71:b5:1a:6c:
                    ae:95:1c:a9:7f:69:63:9b:e7:d7:f6:70:5b:1e:19:
                    d0:3f:2e:c3:a8:94:55:30:06:1a:b1:7b:f8:f4:b2:
                    18:37:e3:db:37:96:3c:6f:f0:09:25:93:05:d4:46:
                    eb:fe:fa:a8:ba:e6:7d:c5:78:73:a0:27:fa:5a:e2:
                    d1:9f:f1:94:53:65:8f:b0:7d:6e:f6:fa:5b:1d:94:
                    d7:9f:04:ba:b2:ed:bc:e2:23:60:83:e4:c9:52:92:
                    04:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:DB:CD:62:6D:75:01:B6:F8:EB:21:A4:6C:8B:E7:84:49:52:50:A9
            X509v3 Authority Key Identifier:
                keyid:F6:51:6D:7F:28:CD:BE:8B:3F:55:D7:53:72:AA:D4:D3:B1:0B:E0:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9lFtfyjNvos_VddTcqrU07EL4J8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/a8c318-338d-4932-8acb-e97ae5c60568/1/99vNYm11Abb46yGkbIvnhElSUKk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/a8c318-338d-4932-8acb-e97ae5c60568/1/9lFtfyjNvos_VddTcqrU07EL4J8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.188.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         76:0c:4e:4c:51:7e:4a:85:8e:7e:be:97:9e:0e:46:93:67:4e:
         f7:24:d4:cc:a7:4f:a2:c3:60:da:f1:eb:94:ca:9c:5e:e3:a0:
         41:9f:b2:8e:ca:c4:b5:dc:c6:9a:37:76:6b:7f:cb:57:4e:51:
         1f:83:0d:15:e9:bb:7e:9e:0e:4c:44:a2:44:09:f3:18:5b:e8:
         e7:87:3e:35:02:61:19:14:2c:f1:30:56:5f:c7:2d:c1:1d:38:
         4c:a7:a5:be:33:9c:1d:26:02:01:0f:00:88:f1:f1:bb:e2:d3:
         30:c1:a1:0f:f2:ea:aa:7f:a8:1e:05:15:2d:97:8f:87:00:10:
         e3:c8:ce:fa:d3:d8:ec:df:e5:75:b6:ef:4d:17:aa:ea:b7:14:
         ba:ea:46:cb:6c:fe:04:c5:d0:98:f7:c0:73:91:d3:5a:e4:23:
         30:32:a8:51:3d:8f:9c:92:b3:5f:c8:1c:da:55:04:90:60:eb:
         fc:11:c4:a6:a4:42:54:fe:8c:aa:f3:c8:87:41:16:0f:d5:8e:
         da:41:75:00:fd:5f:91:ff:98:fd:cc:cd:0c:02:40:93:9f:a0:
         5f:a2:99:f5:6f:51:38:22:82:1a:ad:d5:23:45:bb:c0:f7:40:
         f8:f2:10:db:a7:47:7f:fa:44:4f:65:97:28:7d:19:56:e9:05:
         37:ff:ff:b4
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZt5fwz9lrtuu+1RrYBkRSgUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2NTE2ZDdmMjhjZGJlOGIzZjU1ZDc1MzcyYWFkNGQzYjEw
YmUwOWYwHhcNMjYwMTAxMTIxODQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2RiY2Q2MjZkNzUwMWI2ZjhlYjIxYTQ2YzhiZTc4NDQ5NTI1MGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0d9QAV1xAfFUajMJzz533jegcOis
4gn/FhIP7wXr5Qafw/x+3vhhiiELTIIVEK/z6EPNy9pOOmJEwccLk0hTlRjYeqfb
eadvMIw9FKnNXNKBsDA/XBlFiRIMd5FBMM4FZsXj628R6zIGuKjka5sfBYrNwNXw
U+CCq6X+6DzayckxmSpvxuYXQyibzlboGy4PlyUgT6NndBeL1+ErizpKI3G1Gmyu
lRypf2ljm+fX9nBbHhnQPy7DqJRVMAYasXv49LIYN+PbN5Y8b/AJJZMF1Ebr/vqo
uuZ9xXhzoCf6WuLRn/GUU2WPsH1u9vpbHZTXnwS6su284iNgg+TJUpIErwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFPfbzWJtdQG2+OshpGyL54RJUlCpMB8GA1UdIwQY
MBaAFPZRbX8ozb6LP1XXU3Kq1NOxC+CfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWxGdGZ5ak52b3NfVmRkVGNxclUwN0VMNEo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC9hOGMzMTgtMzM4ZC00OTMyLThhY2It
ZTk3YWU1YzYwNTY4LzEvOTl2TlltMTFBYmI0NnlHa2JJdm5oRWxTVUtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC9hOGMzMTgtMzM4ZC00OTMyLThhY2ItZTk3YWU1YzYwNTY4
LzEvOWxGdGZ5ak52b3NfVmRkVGNxclUwN0VMNEo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAgrwwDQYJ
KoZIhvcNAQELBQADggEBAHYMTkxRfkqFjn6+l54ORpNnTvck1MynT6LDYNrx65TK
nF7joEGfso7KxLXcxpo3dmt/y1dOUR+DDRXpu36eDkxEokQJ8xhb6OeHPjUCYRkU
LPEwVl/HLcEdOEynpb4znB0mAgEPAIjx8bvi0zDBoQ/y6qp/qB4FFS2Xj4cAEOPI
zvrT2Ozf5XW2700Xquq3FLrqRsts/gTF0Jj3wHOR01rkIzAyqFE9j5ySs1/IHNpV
BJBg6/wRxKakQlT+jKrzyIdBFg/VjtpBdQD9X5H/mP3MzQwCQJOfoF+imfVvUTgi
ghqt1SNFu8D3QPjyENunR3/6RE9llyh9GVbpBTf//7Q=
-----END CERTIFICATE-----