This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/aDqWfD8qVv5mTmy_YKlw0knE910.roa
File:                     aDqWfD8qVv5mTmy_YKlw0knE910.roa (raw, json)
Hash identifier:          Nt6HJPyyJEcO8XZlWiN2Qky5erL1hvtr6Hh2B65imCI=
Subject key identifier:   68:3A:96:7C:3F:2A:56:FE:66:4E:6C:BF:60:A9:70:D2:49:C4:F7:5D
Certificate issuer:       /CN=4cf8ffc088591e4f243baafa21b4298bfb366026
Certificate serial:       019B7C11F6D4F80CD153CA434E477BF46F7A
Authority key identifier: 4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/aDqWfD8qVv5mTmy_YKlw0knE910.roa
Signing time:             Fri 02 Jan 2026 00:18:30 +0000
ROA not before:           Fri 02 Jan 2026 00:18:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     27447
IP address blocks:        217.111.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 10:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:11:f6:d4:f8:0c:d1:53:ca:43:4e:47:7b:f4:6f:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cf8ffc088591e4f243baafa21b4298bfb366026
        Validity
            Not Before: Jan  2 00:18:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=683a967c3f2a56fe664e6cbf60a970d249c4f75d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:93:a6:13:ac:65:6a:d3:b3:30:28:cd:16:ad:
                    82:41:72:c1:27:ea:e6:2d:ee:ab:16:b3:85:0c:a7:
                    d6:32:93:b2:18:f3:05:9d:ff:75:58:2c:80:14:95:
                    52:34:59:79:30:66:c4:45:cd:1d:af:3e:89:75:b3:
                    f0:6c:91:5e:ea:5b:44:0e:dd:af:52:4d:12:07:b9:
                    d8:3f:50:5b:67:b0:f0:57:e3:89:56:b4:91:c1:c2:
                    ad:b5:a5:c4:f0:b7:39:ad:30:3a:d0:df:88:1f:55:
                    b0:8c:78:42:18:b8:77:8e:5e:c2:35:96:8b:a2:d0:
                    66:c1:f2:b7:14:5f:23:9c:f7:d3:c4:e5:4b:47:0a:
                    ce:90:0d:21:c6:96:e3:40:95:76:38:91:ca:61:54:
                    e1:ba:70:58:12:34:28:21:c2:93:80:09:d3:ca:c7:
                    5b:80:0e:1e:6b:23:69:b2:bd:f3:d2:78:38:c9:a0:
                    eb:a5:39:fa:97:92:70:0d:35:6e:2d:47:f5:2b:89:
                    4e:03:3a:90:97:31:e4:7b:ef:55:b0:a9:91:88:28:
                    52:8d:19:68:b6:56:b1:04:1f:5c:f3:ca:2e:45:b3:
                    6c:8e:e2:03:a2:9e:6e:f0:47:12:d7:87:e1:70:11:
                    db:92:a7:25:ae:40:26:74:08:be:e3:3a:f5:e3:71:
                    1d:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:3A:96:7C:3F:2A:56:FE:66:4E:6C:BF:60:A9:70:D2:49:C4:F7:5D
            X509v3 Authority Key Identifier:
                keyid:4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/aDqWfD8qVv5mTmy_YKlw0knE910.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.111.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:3f:42:b5:48:f9:71:b4:42:d7:56:ae:5e:f7:1c:da:97:ce:
         55:5f:a0:b8:81:c3:4a:a1:2d:56:00:83:f1:a6:f8:be:d3:bd:
         22:6a:89:24:3f:a0:42:bc:63:eb:97:8b:6a:bd:07:ef:5c:71:
         4a:e4:98:af:78:7a:81:85:22:b7:eb:ef:ad:ca:a1:f6:8a:08:
         d5:df:39:96:a1:84:af:19:a1:7c:f1:1e:4b:43:72:22:59:48:
         e7:2f:fc:37:cf:7a:7a:81:b2:fd:8f:d5:a2:00:2f:d3:84:db:
         43:ff:b7:47:ae:0b:7b:3f:2f:dc:3f:1b:92:3c:e3:04:29:af:
         45:c5:26:f8:fe:ac:70:e4:8d:42:3a:50:80:b4:8b:27:c4:1a:
         34:3c:1d:84:3d:c1:5a:c4:f1:50:6c:fd:29:d6:c0:50:77:eb:
         8f:e8:d6:57:f7:cb:94:9f:7f:17:f5:b7:82:ac:95:f9:65:3d:
         3e:15:59:d7:cd:8b:ba:76:da:a1:f5:42:9e:38:11:5a:c5:34:
         f2:d7:45:18:7a:01:31:ed:fa:09:46:7a:5b:1b:a7:70:24:cb:
         35:1d:21:82:91:81:ec:be:91:df:53:59:1e:03:8e:f6:39:01:
         72:b6:c2:a9:e8:14:c0:7b:fb:5b:a2:f8:88:9f:b7:3a:3e:d8:
         b9:d7:88:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EfbU+AzRU8pDTkd79G96MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZjhmZmMwODg1OTFlNGYyNDNiYWFmYTIxYjQyOThiZmIz
NjYwMjYwHhcNMjYwMTAyMDAxODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODNhOTY3YzNmMmE1NmZlNjY0ZTZjYmY2MGE5NzBkMjQ5YzRmNzVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt5OmE6xlatOzMCjNFq2CQXLBJ+rm
Le6rFrOFDKfWMpOyGPMFnf91WCyAFJVSNFl5MGbERc0drz6JdbPwbJFe6ltEDt2v
Uk0SB7nYP1BbZ7DwV+OJVrSRwcKttaXE8Lc5rTA60N+IH1WwjHhCGLh3jl7CNZaL
otBmwfK3FF8jnPfTxOVLRwrOkA0hxpbjQJV2OJHKYVThunBYEjQoIcKTgAnTysdb
gA4eayNpsr3z0ng4yaDrpTn6l5JwDTVuLUf1K4lOAzqQlzHke+9VsKmRiChSjRlo
tlaxBB9c88ouRbNsjuIDop5u8EcS14fhcBHbkqclrkAmdAi+4zr143EdDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGg6lnw/Klb+Zk5sv2CpcNJJxPddMB8GA1UdIwQY
MBaAFEz4/8CIWR5PJDuq+iG0KYv7NmAmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMt
YjNiNzhiMGI2NmVhLzEvYURxV2ZEOHFWdjVtVG15X1lLbHcwa25FOTEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMtYjNiNzhiMGI2NmVh
LzEvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2W/GMA0G
CSqGSIb3DQEBCwUAA4IBAQCsP0K1SPlxtELXVq5e9xzal85VX6C4gcNKoS1WAIPx
pvi+070iaokkP6BCvGPrl4tqvQfvXHFK5JiveHqBhSK36++tyqH2igjV3zmWoYSv
GaF88R5LQ3IiWUjnL/w3z3p6gbL9j9WiAC/ThNtD/7dHrgt7Py/cPxuSPOMEKa9F
xSb4/qxw5I1COlCAtIsnxBo0PB2EPcFaxPFQbP0p1sBQd+uP6NZX98uUn38X9beC
rJX5ZT0+FVnXzYu6dtqh9UKeOBFaxTTy10UYegEx7foJRnpbG6dwJMs1HSGCkYHs
vpHfU1keA472OQFytsKp6BTAe/tboviIn7c6Pti514hB
-----END CERTIFICATE-----