This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/8cJlsHm0dVDV2ACL1UhTAh_wZXg.roa
File:                     8cJlsHm0dVDV2ACL1UhTAh_wZXg.roa (raw, json)
Hash identifier:          LnF2FnCPrAFRzWaaVfy6M3SOCgPNybkqYgz2G8nzbvw=
Subject key identifier:   F1:C2:65:B0:79:B4:75:50:D5:D8:00:8B:D5:48:53:02:1F:F0:65:78
Certificate issuer:       /CN=3fedd85c1eccb5ff4ba930117a7329099c0ff2eb
Certificate serial:       019B76EB8D117D08F10C4B0365EA52DA9A4F
Authority key identifier: 3F:ED:D8:5C:1E:CC:B5:FF:4B:A9:30:11:7A:73:29:09:9C:0F:F2:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-3YXB7Mtf9LqTARenMpCZwP8us.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/8cJlsHm0dVDV2ACL1UhTAh_wZXg.roa
Signing time:             Thu 01 Jan 2026 00:18:27 +0000
ROA not before:           Thu 01 Jan 2026 00:18:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51606
IP address blocks:        217.22.116.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/P-3YXB7Mtf9LqTARenMpCZwP8us.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/P-3YXB7Mtf9LqTARenMpCZwP8us.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-3YXB7Mtf9LqTARenMpCZwP8us.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 18:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:8d:11:7d:08:f1:0c:4b:03:65:ea:52:da:9a:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fedd85c1eccb5ff4ba930117a7329099c0ff2eb
        Validity
            Not Before: Jan  1 00:18:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f1c265b079b47550d5d8008bd54853021ff06578
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:7b:e0:fd:0b:dc:b7:c5:90:35:ab:16:39:40:
                    d9:1a:e2:34:62:3b:f1:09:b5:e7:4c:0b:fc:9e:17:
                    df:de:af:3a:5f:8d:12:02:a6:d0:e9:f9:78:f3:d6:
                    73:14:86:1d:89:1c:34:85:32:4f:63:07:e1:3d:3a:
                    3c:df:aa:53:2c:5f:37:f4:ae:0b:aa:78:c8:62:56:
                    12:ab:96:da:c2:d7:a4:13:15:d6:c3:22:4d:c7:8c:
                    eb:13:fa:44:f5:55:59:20:e6:e2:09:fe:4b:75:7a:
                    fe:d9:dd:ec:7d:2e:c5:a3:ba:12:55:6a:13:64:19:
                    5a:44:e8:d5:fb:ae:e6:ff:2e:1b:b6:51:69:6c:91:
                    21:58:76:63:bf:c6:29:67:c1:20:09:87:aa:51:e1:
                    f2:09:b8:1c:2a:f8:04:65:00:20:db:22:f2:d1:4f:
                    a9:0b:e3:85:91:12:af:17:7c:ef:ac:0c:dc:59:a5:
                    ea:d8:fb:16:27:cb:27:f2:d8:f6:c8:dd:92:f6:d2:
                    58:36:27:95:7d:d2:7b:55:ca:6c:6d:12:a1:39:10:
                    ac:03:15:17:6b:f9:5c:24:22:c8:67:9b:8e:22:70:
                    3f:85:19:5f:f4:78:dc:9b:de:f6:3f:8c:ff:57:60:
                    66:46:b3:6d:fa:10:17:f4:ce:38:f0:2a:91:ca:ca:
                    19:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:C2:65:B0:79:B4:75:50:D5:D8:00:8B:D5:48:53:02:1F:F0:65:78
            X509v3 Authority Key Identifier:
                keyid:3F:ED:D8:5C:1E:CC:B5:FF:4B:A9:30:11:7A:73:29:09:9C:0F:F2:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-3YXB7Mtf9LqTARenMpCZwP8us.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/8cJlsHm0dVDV2ACL1UhTAh_wZXg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/P-3YXB7Mtf9LqTARenMpCZwP8us.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.22.116.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2b:03:9a:a9:86:90:5c:38:36:3c:f1:c9:a1:08:93:4f:f0:31:
         cf:e7:07:4c:27:ae:a7:15:cd:9a:16:9d:33:45:62:0c:4b:1c:
         7d:a8:5b:7d:4b:84:41:db:93:f2:64:5b:8c:98:21:f6:de:f4:
         e3:c7:3d:24:3e:9e:31:69:eb:62:a2:3b:c9:59:51:f3:64:a2:
         aa:9c:47:0b:bb:02:93:e0:bf:d1:0b:ea:bf:9e:d7:37:09:b2:
         3e:c2:28:6b:ee:de:bf:bd:dd:33:c4:be:e0:d4:ce:0b:fd:16:
         1b:a3:88:38:67:06:6b:cc:50:f1:58:4f:81:d7:66:4b:b8:c0:
         47:7d:3b:85:ee:18:e5:fe:5e:13:82:ce:1c:e6:fc:76:0b:0d:
         aa:f8:e3:f3:32:36:16:5d:dd:64:6b:cd:8f:d1:66:df:59:5a:
         47:a3:6f:98:da:1c:30:05:02:89:bb:98:94:29:91:02:08:0c:
         0d:0d:11:e8:35:bc:1d:4a:09:af:e1:69:0a:1e:b3:1f:bf:c9:
         49:b8:93:b3:4b:2e:b9:f7:67:1d:15:81:8a:83:95:25:7a:8c:
         e6:e6:b2:56:d9:cb:4b:71:22:a9:0b:6a:58:f5:9f:45:d3:97:
         22:1b:6d:5f:f6:ff:a6:3a:b5:50:09:d2:4f:76:84:66:c4:9a:
         8d:52:10:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt2640RfQjxDEsDZepS2ppPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZWRkODVjMWVjY2I1ZmY0YmE5MzAxMTdhNzMyOTA5OWMw
ZmYyZWIwHhcNMjYwMTAxMDAxODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWMyNjViMDc5YjQ3NTUwZDVkODAwOGJkNTQ4NTMwMjFmZjA2NTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn3vg/Qvct8WQNasWOUDZGuI0Yjvx
CbXnTAv8nhff3q86X40SAqbQ6fl489ZzFIYdiRw0hTJPYwfhPTo836pTLF839K4L
qnjIYlYSq5bawtekExXWwyJNx4zrE/pE9VVZIObiCf5LdXr+2d3sfS7Fo7oSVWoT
ZBlaROjV+67m/y4btlFpbJEhWHZjv8YpZ8EgCYeqUeHyCbgcKvgEZQAg2yLy0U+p
C+OFkRKvF3zvrAzcWaXq2PsWJ8sn8tj2yN2S9tJYNieVfdJ7VcpsbRKhORCsAxUX
a/lcJCLIZ5uOInA/hRlf9Hjcm972P4z/V2BmRrNt+hAX9M448CqRysoZawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPHCZbB5tHVQ1dgAi9VIUwIf8GV4MB8GA1UdIwQY
MBaAFD/t2FwezLX/S6kwEXpzKQmcD/LrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUC0zWVhCN010ZjlMcVRBUmVuTXBDWndQOHVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC80MWMzMjEtMzQ3ZS00YzNlLWFmZmQt
ZTJiNTI3NzI4ZTk2LzEvOGNKbHNIbTBkVkRWMkFDTDFVaFRBaF93WlhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC80MWMzMjEtMzQ3ZS00YzNlLWFmZmQtZTJiNTI3NzI4ZTk2
LzEvUC0zWVhCN010ZjlMcVRBUmVuTXBDWndQOHVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB2RZ0MA0G
CSqGSIb3DQEBCwUAA4IBAQArA5qphpBcODY88cmhCJNP8DHP5wdMJ66nFc2aFp0z
RWIMSxx9qFt9S4RB25PyZFuMmCH23vTjxz0kPp4xaetiojvJWVHzZKKqnEcLuwKT
4L/RC+q/ntc3CbI+wihr7t6/vd0zxL7g1M4L/RYbo4g4ZwZrzFDxWE+B12ZLuMBH
fTuF7hjl/l4Tgs4c5vx2Cw2q+OPzMjYWXd1ka82P0WbfWVpHo2+Y2hwwBQKJu5iU
KZECCAwNDRHoNbwdSgmv4WkKHrMfv8lJuJOzSy6592cdFYGKg5Uleozm5rJW2ctL
cSKpC2pY9Z9F05ciG21f9v+mOrVQCdJPdoRmxJqNUhCm
-----END CERTIFICATE-----