This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/IlaCVZwdzo2L79FH58WbKtT4V30.roa
File:                     IlaCVZwdzo2L79FH58WbKtT4V30.roa (raw, json)
Hash identifier:          KKIIdRPRAJ3cKsdeSGy9UyhMBJlNzkzU7RcPH6+9dx8=
Subject key identifier:   22:56:82:55:9C:1D:CE:8D:8B:EF:D1:47:E7:C5:9B:2A:D4:F8:57:7D
Certificate issuer:       /CN=179301dcc7fae4f7ce01e4987a77cb82a336abff
Certificate serial:       019B7F8334A772BC5ACE6816B7D66626930E
Authority key identifier: 17:93:01:DC:C7:FA:E4:F7:CE:01:E4:98:7A:77:CB:82:A3:36:AB:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/IlaCVZwdzo2L79FH58WbKtT4V30.roa
Signing time:             Fri 02 Jan 2026 16:21:03 +0000
ROA not before:           Fri 02 Jan 2026 16:21:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25070
IP address blocks:        213.199.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:83:34:a7:72:bc:5a:ce:68:16:b7:d6:66:26:93:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=179301dcc7fae4f7ce01e4987a77cb82a336abff
        Validity
            Not Before: Jan  2 16:21:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=225682559c1dce8d8befd147e7c59b2ad4f8577d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:35:a8:57:2d:b9:2e:0f:b9:1a:30:46:77:eb:
                    c4:ff:e4:71:55:4d:45:0c:67:fd:15:48:7f:4b:d2:
                    95:96:f3:a9:fc:85:89:64:83:5b:09:10:e4:4c:0a:
                    83:fe:67:c3:80:0e:e4:cd:93:a8:06:8a:89:51:04:
                    fc:de:39:97:38:a0:71:3b:40:92:14:6d:2f:84:d1:
                    55:cf:38:97:de:54:a3:4a:85:f8:0d:86:76:d4:0d:
                    13:2e:5d:dc:39:2d:96:08:e2:38:df:d6:41:4a:50:
                    2a:e1:11:20:09:f5:94:df:47:7e:ef:18:13:86:aa:
                    ec:10:49:4c:73:55:e3:8f:3d:2e:47:6f:c9:70:1e:
                    92:5e:6b:ac:4f:af:c1:9a:77:b2:9b:36:6e:88:2c:
                    d2:15:03:ca:59:13:83:16:3e:09:e9:e3:0a:eb:55:
                    8d:d2:e5:f0:f5:52:34:bc:3a:05:86:29:97:5d:73:
                    fe:69:f5:89:94:54:02:ff:22:be:d8:a5:5c:08:e7:
                    97:e1:0f:5a:9c:dc:5a:4f:a9:38:c3:5c:bc:b8:57:
                    46:ca:7c:a8:42:3a:20:e2:ca:aa:20:fa:84:22:9a:
                    71:ea:24:1a:6d:43:5b:6d:f7:0f:dc:f3:b3:49:79:
                    14:00:38:75:8a:24:32:b3:a3:28:67:2d:09:f0:cf:
                    0c:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:56:82:55:9C:1D:CE:8D:8B:EF:D1:47:E7:C5:9B:2A:D4:F8:57:7D
            X509v3 Authority Key Identifier:
                keyid:17:93:01:DC:C7:FA:E4:F7:CE:01:E4:98:7A:77:CB:82:A3:36:AB:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/IlaCVZwdzo2L79FH58WbKtT4V30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.199.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:c1:ab:63:db:83:8b:39:8c:91:63:fc:39:e0:7f:3f:31:21:
         c0:27:6d:ec:51:b2:d7:a1:01:b5:26:cb:45:ee:54:4e:ff:c1:
         ba:4d:b4:85:0d:cb:12:18:53:31:af:88:91:4e:cd:56:95:40:
         50:ec:ad:09:1c:05:05:2a:0b:04:84:6a:d7:08:71:e7:da:24:
         3c:ab:dd:3c:e2:24:d2:c7:92:13:72:16:dc:aa:a6:0c:dd:36:
         25:1c:88:a7:7d:c7:df:bc:51:e0:6b:a3:d5:e2:f5:40:af:8c:
         76:ab:69:c5:d8:34:08:16:ac:d6:a7:a7:df:7f:18:f3:a3:bc:
         78:bc:1d:2f:9b:0f:68:2b:33:ff:c8:72:d1:26:71:37:3f:2e:
         f3:d7:b6:93:70:1c:fb:00:d8:6b:d6:7f:cb:b5:fd:84:ac:a3:
         bd:9c:2b:20:17:d2:5c:2d:fb:4e:67:a5:26:73:ae:1b:51:52:
         4e:13:8c:20:49:01:99:c2:fa:e4:97:e6:ac:d2:8a:a4:09:ad:
         c5:19:de:44:3f:bb:8f:52:2e:a3:de:5d:44:51:22:f5:44:f2:
         ab:7a:66:2d:29:35:e1:cd:2c:71:81:cd:bf:fa:86:8a:58:25:
         95:b1:4a:43:44:f5:31:c0:26:0d:e0:49:51:c3:dd:9e:06:f6:
         05:7b:67:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/gzSncrxazmgWt9ZmJpMOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3OTMwMWRjYzdmYWU0ZjdjZTAxZTQ5ODdhNzdjYjgyYTMz
NmFiZmYwHhcNMjYwMTAyMTYyMTAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjU2ODI1NTljMWRjZThkOGJlZmQxNDdlN2M1OWIyYWQ0Zjg1NzdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmzWoVy25Lg+5GjBGd+vE/+RxVU1F
DGf9FUh/S9KVlvOp/IWJZINbCRDkTAqD/mfDgA7kzZOoBoqJUQT83jmXOKBxO0CS
FG0vhNFVzziX3lSjSoX4DYZ21A0TLl3cOS2WCOI439ZBSlAq4REgCfWU30d+7xgT
hqrsEElMc1Xjjz0uR2/JcB6SXmusT6/BmneymzZuiCzSFQPKWRODFj4J6eMK61WN
0uXw9VI0vDoFhimXXXP+afWJlFQC/yK+2KVcCOeX4Q9anNxaT6k4w1y8uFdGynyo
Qjog4sqqIPqEIppx6iQabUNbbfcP3POzSXkUADh1iiQys6MoZy0J8M8MNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCJWglWcHc6Ni+/RR+fFmyrU+Fd9MB8GA1UdIwQY
MBaAFBeTAdzH+uT3zgHkmHp3y4KjNqv/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjVNQjNNZjY1UGZPQWVTWWVuZkxncU0ycV84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9lZDc5NjMtNzJlYS00YzFkLWFkZGQt
YWZmOTJjMTZkOGUzLzEvSWxhQ1Zad2R6bzJMNzlGSDU4V2JLdFQ0VjMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9lZDc5NjMtNzJlYS00YzFkLWFkZGQtYWZmOTJjMTZkOGUz
LzEvRjVNQjNNZjY1UGZPQWVTWWVuZkxncU0ycV84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1cfVMA0G
CSqGSIb3DQEBCwUAA4IBAQA9watj24OLOYyRY/w54H8/MSHAJ23sUbLXoQG1JstF
7lRO/8G6TbSFDcsSGFMxr4iRTs1WlUBQ7K0JHAUFKgsEhGrXCHHn2iQ8q9084iTS
x5ITchbcqqYM3TYlHIinfcffvFHga6PV4vVAr4x2q2nF2DQIFqzWp6fffxjzo7x4
vB0vmw9oKzP/yHLRJnE3Py7z17aTcBz7ANhr1n/Ltf2ErKO9nCsgF9JcLftOZ6Um
c64bUVJOE4wgSQGZwvrkl+as0oqkCa3FGd5EP7uPUi6j3l1EUSL1RPKremYtKTXh
zSxxgc2/+oaKWCWVsUpDRPUxwCYN4ElRw92eBvYFe2fT
-----END CERTIFICATE-----