This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/c3e419-8690-45e0-854b-7820a51ed834/1/sX-7jKd4Jkup4SzLh7V9fhcXJIY.roa
File:                     sX-7jKd4Jkup4SzLh7V9fhcXJIY.roa (raw, json)
Hash identifier:          zRqjfBS/ZWhDgqQc0xO/XDUwPIazRjKs3hCDGDdnfh8=
Subject key identifier:   B1:7F:BB:8C:A7:78:26:4B:A9:E1:2C:CB:87:B5:7D:7E:17:17:24:86
Certificate issuer:       /CN=2b936149657a62be32e0e1571827c2b2f35a0d3d
Certificate serial:       019B98F2F87B15B18D00A8850FCF4D431364
Authority key identifier: 2B:93:61:49:65:7A:62:BE:32:E0:E1:57:18:27:C2:B2:F3:5A:0D:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K5NhSWV6Yr4y4OFXGCfCsvNaDT0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/c3e419-8690-45e0-854b-7820a51ed834/1/sX-7jKd4Jkup4SzLh7V9fhcXJIY.roa
Signing time:             Wed 07 Jan 2026 14:53:38 +0000
ROA not before:           Wed 07 Jan 2026 14:53:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202161
IP address blocks:        80.247.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/c3e419-8690-45e0-854b-7820a51ed834/1/K5NhSWV6Yr4y4OFXGCfCsvNaDT0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/c3e419-8690-45e0-854b-7820a51ed834/1/K5NhSWV6Yr4y4OFXGCfCsvNaDT0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K5NhSWV6Yr4y4OFXGCfCsvNaDT0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:98:f2:f8:7b:15:b1:8d:00:a8:85:0f:cf:4d:43:13:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b936149657a62be32e0e1571827c2b2f35a0d3d
        Validity
            Not Before: Jan  7 14:53:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b17fbb8ca778264ba9e12ccb87b57d7e17172486
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:9f:7c:69:2f:73:cb:b9:f5:5d:84:b1:3f:48:
                    a6:50:79:9c:db:67:e0:25:e0:48:b3:21:fc:c7:8c:
                    34:1a:9f:1c:4e:d9:0a:e1:1d:03:a7:00:58:f0:71:
                    6a:88:d0:dd:10:81:09:90:4b:a3:4b:8f:08:55:b6:
                    05:2f:d8:ec:16:51:ba:48:89:ad:ce:91:ef:be:22:
                    3e:e0:0d:76:dc:7f:28:ed:0b:25:e7:09:bb:b1:93:
                    9b:5d:ae:8c:b3:05:fa:be:32:06:56:e3:4b:ba:fe:
                    ef:b6:61:12:40:c1:5e:64:3c:91:32:b1:44:7d:a4:
                    4b:d3:df:98:57:f5:cb:3a:f4:48:60:93:5c:be:91:
                    60:89:9d:28:24:18:fb:43:62:fe:b0:80:94:56:dd:
                    58:fd:a3:91:14:f0:b9:71:99:27:c7:70:ad:9b:6d:
                    13:a5:35:2a:d7:cc:b8:83:ab:2c:fc:8b:0f:fb:e7:
                    59:c2:df:a8:2c:b0:8a:3c:80:dd:15:85:6d:e4:8f:
                    ad:70:6d:aa:cb:23:1b:ea:91:62:3f:aa:fc:1e:e1:
                    25:96:ec:75:6e:f4:1a:7d:32:4c:46:2d:4e:e7:de:
                    55:50:68:6d:6b:da:f3:70:de:3d:59:fa:c7:19:19:
                    9f:b5:8b:e0:c9:12:aa:31:ba:ef:25:29:a3:05:c8:
                    cb:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:7F:BB:8C:A7:78:26:4B:A9:E1:2C:CB:87:B5:7D:7E:17:17:24:86
            X509v3 Authority Key Identifier:
                keyid:2B:93:61:49:65:7A:62:BE:32:E0:E1:57:18:27:C2:B2:F3:5A:0D:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K5NhSWV6Yr4y4OFXGCfCsvNaDT0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/c3e419-8690-45e0-854b-7820a51ed834/1/sX-7jKd4Jkup4SzLh7V9fhcXJIY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/c3e419-8690-45e0-854b-7820a51ed834/1/K5NhSWV6Yr4y4OFXGCfCsvNaDT0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.247.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:6e:58:3e:05:79:e3:61:14:d4:d3:87:dd:78:c6:1d:34:f5:
         bc:a1:49:f8:4b:55:53:b1:53:e6:c3:1c:e0:23:37:54:a0:f0:
         83:0b:69:39:55:b4:74:ec:aa:26:6c:f3:db:7c:e5:7f:b3:65:
         2c:81:93:f4:35:88:63:c7:39:db:0e:89:b0:1a:37:1b:e1:14:
         d8:fc:3c:39:6e:0f:99:0c:b9:21:52:77:d3:2d:74:30:6c:8b:
         7a:86:10:7b:2b:aa:be:ef:62:4e:1b:ca:27:7f:0c:39:a0:dd:
         cf:20:98:46:ad:f2:ee:65:cc:0f:07:5f:ce:fc:5a:4e:17:de:
         55:00:19:4d:b0:7e:39:5f:c6:d9:b8:ce:7a:a6:97:41:2b:f0:
         13:39:40:bf:f0:83:d4:f7:33:df:6f:ae:6a:b5:90:05:b2:d6:
         ee:dc:ac:cf:f0:18:89:e3:55:15:1d:58:ae:26:ad:9d:6d:b5:
         bc:dd:3f:e1:95:14:52:64:15:60:c2:e5:d0:84:39:0c:41:d9:
         67:7c:7c:95:fa:7b:39:ac:44:91:96:40:f1:f9:96:7c:dc:c6:
         0c:70:61:6e:58:2e:0e:10:dd:17:aa:aa:ef:bc:a2:4d:60:56:
         aa:93:6d:24:7e:29:08:e7:2a:29:41:e7:30:f5:fe:4a:d1:6d:
         99:c5:5d:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZuY8vh7FbGNAKiFD89NQxNkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiOTM2MTQ5NjU3YTYyYmUzMmUwZTE1NzE4MjdjMmIyZjM1
YTBkM2QwHhcNMjYwMTA3MTQ1MzM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTdmYmI4Y2E3NzgyNjRiYTllMTJjY2I4N2I1N2Q3ZTE3MTcyNDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsZ98aS9zy7n1XYSxP0imUHmc22fg
JeBIsyH8x4w0Gp8cTtkK4R0DpwBY8HFqiNDdEIEJkEujS48IVbYFL9jsFlG6SImt
zpHvviI+4A123H8o7Qsl5wm7sZObXa6MswX6vjIGVuNLuv7vtmESQMFeZDyRMrFE
faRL09+YV/XLOvRIYJNcvpFgiZ0oJBj7Q2L+sICUVt1Y/aORFPC5cZknx3Ctm20T
pTUq18y4g6ss/IsP++dZwt+oLLCKPIDdFYVt5I+tcG2qyyMb6pFiP6r8HuEllux1
bvQafTJMRi1O595VUGhta9rzcN49WfrHGRmftYvgyRKqMbrvJSmjBcjLEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLF/u4yneCZLqeEsy4e1fX4XFySGMB8GA1UdIwQY
MBaAFCuTYUllemK+MuDhVxgnwrLzWg09MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzVOaFNXVjZZcjR5NE9GWEdDZkNzdk5hRFQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC9jM2U0MTktODY5MC00NWUwLTg1NGIt
NzgyMGE1MWVkODM0LzEvc1gtN2pLZDRKa3VwNFN6TGg3VjlmaGNYSklZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC9jM2U0MTktODY5MC00NWUwLTg1NGItNzgyMGE1MWVkODM0
LzEvSzVOaFNXVjZZcjR5NE9GWEdDZkNzdk5hRFQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUPcxMA0G
CSqGSIb3DQEBCwUAA4IBAQB6blg+BXnjYRTU04fdeMYdNPW8oUn4S1VTsVPmwxzg
IzdUoPCDC2k5VbR07KombPPbfOV/s2UsgZP0NYhjxznbDomwGjcb4RTY/Dw5bg+Z
DLkhUnfTLXQwbIt6hhB7K6q+72JOG8onfww5oN3PIJhGrfLuZcwPB1/O/FpOF95V
ABlNsH45X8bZuM56ppdBK/ATOUC/8IPU9zPfb65qtZAFstbu3KzP8BiJ41UVHViu
Jq2dbbW83T/hlRRSZBVgwuXQhDkMQdlnfHyV+ns5rESRlkDx+ZZ83MYMcGFuWC4O
EN0XqqrvvKJNYFaqk20kfikI5yopQecw9f5K0W2ZxV2Y
-----END CERTIFICATE-----