This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/ITzuAvKdIXPDBIiVscqXVZBGUeQ.roa
File:                     ITzuAvKdIXPDBIiVscqXVZBGUeQ.roa (raw, json)
Hash identifier:          aEon/SjDi4pfvqWRQiLFKd+LMLJidVxpf8MwxecTmQ4=
Subject key identifier:   21:3C:EE:02:F2:9D:21:73:C3:04:88:95:B1:CA:97:55:90:46:51:E4
Certificate issuer:       /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial:       019B7F8469899703855E7336021EBBE5D4C6
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/ITzuAvKdIXPDBIiVscqXVZBGUeQ.roa
Signing time:             Fri 02 Jan 2026 16:22:22 +0000
ROA not before:           Fri 02 Jan 2026 16:22:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60250
IP address blocks:        213.74.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:69:89:97:03:85:5e:73:36:02:1e:bb:e5:d4:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
        Validity
            Not Before: Jan  2 16:22:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=213cee02f29d2173c3048895b1ca9755904651e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:10:40:47:6c:90:c7:05:fd:58:09:db:b0:77:
                    3a:b5:d4:34:95:72:c1:ad:05:44:c7:5a:67:5e:27:
                    8c:13:62:de:24:14:cc:d9:fc:83:ae:13:6c:88:e3:
                    69:d0:ef:d0:19:bb:8e:a2:23:c1:a6:9e:63:fa:9a:
                    42:60:04:b5:43:39:9a:35:76:2c:ce:39:6c:1e:78:
                    69:9e:3e:07:09:69:82:74:66:ce:3b:23:7d:11:b4:
                    e2:1d:a0:dd:1a:ad:2a:e0:36:c9:23:58:ca:5c:a5:
                    b0:ae:bc:a4:ee:b5:01:bc:5a:25:4c:7a:24:a3:68:
                    08:4a:db:5d:92:5c:45:bc:76:a0:84:c6:89:93:e3:
                    8a:7c:24:0f:05:8c:b4:3e:39:29:2c:77:80:cf:e7:
                    ad:e2:d1:dd:3b:26:25:0f:41:b9:bc:b7:c7:c9:30:
                    f6:01:4b:73:44:97:d6:a2:51:1f:c6:fa:71:29:b3:
                    18:43:09:f5:3b:e3:25:1a:8d:6e:39:60:c3:e0:1c:
                    70:c5:86:c3:de:5f:0a:7d:99:3f:a6:5e:9f:79:d4:
                    4d:ad:fb:dc:84:2e:be:ef:7e:63:04:95:27:d3:5c:
                    ce:00:36:c7:ef:05:bd:06:88:19:1b:23:d3:7b:52:
                    eb:16:40:7e:d9:28:44:20:9e:e7:13:d9:7f:47:8c:
                    4d:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:3C:EE:02:F2:9D:21:73:C3:04:88:95:B1:CA:97:55:90:46:51:E4
            X509v3 Authority Key Identifier:
                keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/ITzuAvKdIXPDBIiVscqXVZBGUeQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.74.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:f3:b8:d6:dc:db:70:05:50:23:4a:2f:7c:eb:6f:ab:76:00:
         89:b9:85:51:fd:a2:37:d6:45:2d:eb:62:5b:7b:9b:51:c1:ce:
         00:c0:bf:ec:fa:64:55:9a:21:6c:df:ea:50:18:a2:c8:3e:a2:
         a8:83:95:bf:a7:55:95:1c:0e:fa:71:56:b5:5d:10:e8:58:19:
         52:bc:04:da:c7:0a:e7:fd:18:d5:1f:8c:5f:72:ae:36:ba:e2:
         64:56:c6:ee:a7:09:a3:50:6b:70:7a:ff:40:9c:ad:f5:ee:9e:
         a2:b3:4a:ae:5c:00:8a:1d:22:00:99:29:3e:60:f5:c8:72:62:
         31:55:c7:68:a2:51:87:60:30:da:ce:8b:aa:19:1e:89:2b:79:
         eb:54:87:44:cf:ac:9e:4e:8b:a9:a5:1b:c3:3f:ec:ec:42:e9:
         5a:f8:10:f3:0b:f2:24:34:10:1e:4f:1f:54:c0:35:61:96:8c:
         47:ec:ca:cc:db:34:16:69:ec:2b:12:d2:46:ad:20:1d:f3:f7:
         c2:91:a3:05:ae:9f:61:fe:aa:92:a0:ab:ee:28:b0:b6:34:01:
         00:f5:4e:08:4b:19:f8:9b:fa:99:0c:c5:f2:64:94:ed:54:39:
         0b:89:05:cf:b8:32:87:69:0f:ad:31:37:21:e1:72:0c:b9:8c:
         78:c9:ba:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hGmJlwOFXnM2Ah675dTGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjYwMTAyMTYyMjIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTNjZWUwMmYyOWQyMTczYzMwNDg4OTViMWNhOTc1NTkwNDY1MWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAthBAR2yQxwX9WAnbsHc6tdQ0lXLB
rQVEx1pnXieME2LeJBTM2fyDrhNsiONp0O/QGbuOoiPBpp5j+ppCYAS1QzmaNXYs
zjlsHnhpnj4HCWmCdGbOOyN9EbTiHaDdGq0q4DbJI1jKXKWwrryk7rUBvFolTHok
o2gISttdklxFvHaghMaJk+OKfCQPBYy0PjkpLHeAz+et4tHdOyYlD0G5vLfHyTD2
AUtzRJfWolEfxvpxKbMYQwn1O+MlGo1uOWDD4BxwxYbD3l8KfZk/pl6fedRNrfvc
hC6+735jBJUn01zOADbH7wW9BogZGyPTe1LrFkB+2ShEIJ7nE9l/R4xNUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCE87gLynSFzwwSIlbHKl1WQRlHkMB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvSVR6dUF2S2RJWFBEQklpVnNjcVhWWkJHVWVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1UooMA0G
CSqGSIb3DQEBCwUAA4IBAQAI87jW3NtwBVAjSi9862+rdgCJuYVR/aI31kUt62Jb
e5tRwc4AwL/s+mRVmiFs3+pQGKLIPqKog5W/p1WVHA76cVa1XRDoWBlSvATaxwrn
/RjVH4xfcq42uuJkVsbupwmjUGtwev9AnK317p6is0quXACKHSIAmSk+YPXIcmIx
VcdoolGHYDDazouqGR6JK3nrVIdEz6yeTouppRvDP+zsQula+BDzC/IkNBAeTx9U
wDVhloxH7MrM2zQWaewrEtJGrSAd8/fCkaMFrp9h/qqSoKvuKLC2NAEA9U4ISxn4
m/qZDMXyZJTtVDkLiQXPuDKHaQ+tMTch4XIMuYx4yboE
-----END CERTIFICATE-----