This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/dab420-0de3-4321-9c09-6b5f68522a7d/1/6B2lYvT2dR81hzkQQELDn_duJcs.roa
File:                     6B2lYvT2dR81hzkQQELDn_duJcs.roa (raw, json)
Hash identifier:          iYcBuEVmeXmfUIJkWbTRCIrfpwO2+UiKD6lHoQfEoI8=
Subject key identifier:   E8:1D:A5:62:F4:F6:75:1F:35:87:39:10:40:42:C3:9F:F7:6E:25:CB
Certificate issuer:       /CN=a7ee182d9c43a5ce7068dfd9ba7aa8ed90e5e0ba
Certificate serial:       019B77C671B0C9FDA12FF7B72429004424CF
Authority key identifier: A7:EE:18:2D:9C:43:A5:CE:70:68:DF:D9:BA:7A:A8:ED:90:E5:E0:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p-4YLZxDpc5waN_Zunqo7ZDl4Lo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/dab420-0de3-4321-9c09-6b5f68522a7d/1/6B2lYvT2dR81hzkQQELDn_duJcs.roa
Signing time:             Thu 01 Jan 2026 04:17:32 +0000
ROA not before:           Thu 01 Jan 2026 04:17:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     196975
IP address blocks:        217.9.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/dab420-0de3-4321-9c09-6b5f68522a7d/1/p-4YLZxDpc5waN_Zunqo7ZDl4Lo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/dab420-0de3-4321-9c09-6b5f68522a7d/1/p-4YLZxDpc5waN_Zunqo7ZDl4Lo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p-4YLZxDpc5waN_Zunqo7ZDl4Lo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 12:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:71:b0:c9:fd:a1:2f:f7:b7:24:29:00:44:24:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7ee182d9c43a5ce7068dfd9ba7aa8ed90e5e0ba
        Validity
            Not Before: Jan  1 04:17:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e81da562f4f6751f358739104042c39ff76e25cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:a4:1e:e4:ca:05:70:89:a5:06:c8:3a:2e:23:
                    6d:3d:b0:ce:ef:5a:a1:5a:9c:dc:da:af:5e:54:a8:
                    ed:30:77:01:b3:94:13:ad:19:58:5c:60:e7:64:6d:
                    8f:e7:a9:50:84:98:27:22:93:72:53:e1:ed:ce:59:
                    9c:09:d4:8c:ed:28:5a:fc:ba:a8:ba:f5:38:6e:d4:
                    46:3f:95:1d:c5:f6:a4:50:1d:4e:7b:71:bd:d1:6d:
                    fc:6b:d4:74:6c:0b:33:85:8f:56:22:91:3e:eb:bc:
                    c1:62:28:f7:55:60:cc:64:59:db:e7:60:d9:d1:b9:
                    e3:ab:12:d1:44:d5:50:1e:94:cd:61:77:c9:3d:03:
                    7a:d3:75:29:7e:e1:b5:5f:a1:88:30:21:cc:83:f3:
                    76:b0:c0:e4:dd:14:6f:55:c7:ed:f4:6b:02:c1:b5:
                    4a:9f:1a:11:cc:5e:30:80:bf:98:44:5b:75:87:8e:
                    a5:b3:89:fb:91:16:95:e7:c8:b7:47:d5:75:75:3e:
                    1a:da:63:dc:ae:78:b1:ae:4e:12:c5:59:f2:11:8c:
                    77:d8:d0:81:5a:3c:7f:2f:ff:30:a9:ca:35:67:00:
                    2d:2e:9f:c0:1b:8a:65:49:64:d2:46:91:54:73:9b:
                    7c:2e:ad:dd:62:bb:7f:de:0c:ac:c0:f0:a5:c9:82:
                    11:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:1D:A5:62:F4:F6:75:1F:35:87:39:10:40:42:C3:9F:F7:6E:25:CB
            X509v3 Authority Key Identifier:
                keyid:A7:EE:18:2D:9C:43:A5:CE:70:68:DF:D9:BA:7A:A8:ED:90:E5:E0:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p-4YLZxDpc5waN_Zunqo7ZDl4Lo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/dab420-0de3-4321-9c09-6b5f68522a7d/1/6B2lYvT2dR81hzkQQELDn_duJcs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/dab420-0de3-4321-9c09-6b5f68522a7d/1/p-4YLZxDpc5waN_Zunqo7ZDl4Lo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.9.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:28:97:a2:ca:39:59:96:0a:7e:7e:1b:d7:81:ca:0c:18:56:
         fc:ae:2c:0a:5f:d0:d5:78:1f:ed:c8:85:5e:1f:87:4a:91:7a:
         87:b9:3a:1b:c1:91:9b:47:ff:c9:e1:83:8d:ac:a4:be:df:ff:
         4c:79:1b:e8:3c:2f:13:12:0c:ee:4a:73:d3:31:f9:7e:ca:b5:
         fb:a0:fd:3c:84:52:1e:2d:5d:7e:41:15:51:47:15:38:fa:2b:
         8c:98:4a:3f:c7:34:dc:9e:cb:1c:fd:c1:4b:e3:08:cb:e7:76:
         34:59:d4:2a:3c:e1:78:c1:c6:2c:55:dd:4e:93:40:ec:bd:1e:
         2b:f0:4f:32:0b:95:d8:2b:cd:c3:67:81:2c:44:65:15:70:42:
         c5:f8:e5:d6:96:c1:21:6c:3d:05:b0:63:06:e3:94:6d:5b:ee:
         cb:34:dd:ce:73:d6:ad:9b:23:7a:a0:f7:99:15:97:6d:e7:aa:
         8f:e7:80:38:72:87:ff:45:85:18:e4:ba:ba:d7:04:61:17:99:
         20:ec:7e:bf:51:40:e1:b5:c4:82:c3:f8:e8:38:de:ab:e3:40:
         c0:59:26:73:ea:81:85:52:43:e6:4f:97:85:21:84:01:03:c8:
         11:ba:bc:2f:37:a1:b9:14:50:52:04:b9:50:65:20:d8:1c:01:
         a4:32:54:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xnGwyf2hL/e3JCkARCTPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3ZWUxODJkOWM0M2E1Y2U3MDY4ZGZkOWJhN2FhOGVkOTBl
NWUwYmEwHhcNMjYwMTAxMDQxNzMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODFkYTU2MmY0ZjY3NTFmMzU4NzM5MTA0MDQyYzM5ZmY3NmUyNWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA46Qe5MoFcImlBsg6LiNtPbDO71qh
Wpzc2q9eVKjtMHcBs5QTrRlYXGDnZG2P56lQhJgnIpNyU+HtzlmcCdSM7Sha/Lqo
uvU4btRGP5UdxfakUB1Oe3G90W38a9R0bAszhY9WIpE+67zBYij3VWDMZFnb52DZ
0bnjqxLRRNVQHpTNYXfJPQN603UpfuG1X6GIMCHMg/N2sMDk3RRvVcft9GsCwbVK
nxoRzF4wgL+YRFt1h46ls4n7kRaV58i3R9V1dT4a2mPcrnixrk4SxVnyEYx32NCB
Wjx/L/8wqco1ZwAtLp/AG4plSWTSRpFUc5t8Lq3dYrt/3gyswPClyYIRewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOgdpWL09nUfNYc5EEBCw5/3biXLMB8GA1UdIwQY
MBaAFKfuGC2cQ6XOcGjf2bp6qO2Q5eC6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcC00WUxaeERwYzV3YU5fWnVucW83WkRsNExvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9kYWI0MjAtMGRlMy00MzIxLTljMDkt
NmI1ZjY4NTIyYTdkLzEvNkIybFl2VDJkUjgxaHprUVFFTERuX2R1SmNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9kYWI0MjAtMGRlMy00MzIxLTljMDktNmI1ZjY4NTIyYTdk
LzEvcC00WUxaeERwYzV3YU5fWnVucW83WkRsNExvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2QkDMA0G
CSqGSIb3DQEBCwUAA4IBAQAkKJeiyjlZlgp+fhvXgcoMGFb8riwKX9DVeB/tyIVe
H4dKkXqHuTobwZGbR//J4YONrKS+3/9MeRvoPC8TEgzuSnPTMfl+yrX7oP08hFIe
LV1+QRVRRxU4+iuMmEo/xzTcnssc/cFL4wjL53Y0WdQqPOF4wcYsVd1Ok0DsvR4r
8E8yC5XYK83DZ4EsRGUVcELF+OXWlsEhbD0FsGMG45RtW+7LNN3Oc9atmyN6oPeZ
FZdt56qP54A4cof/RYUY5Lq61wRhF5kg7H6/UUDhtcSCw/joON6r40DAWSZz6oGF
UkPmT5eFIYQBA8gRurwvN6G5FFBSBLlQZSDYHAGkMlRw
-----END CERTIFICATE-----