This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/zI5C9mfneRZXzcAl6HQ4bK2hAS4.roa
File:                     zI5C9mfneRZXzcAl6HQ4bK2hAS4.roa (raw, json)
Hash identifier:          jkBE+1m4R7+LvNcEB/81M9OQvsMUrKW4l6ShLFWd8Y4=
Subject key identifier:   CC:8E:42:F6:67:E7:79:16:57:CD:C0:25:E8:74:38:6C:AD:A1:01:2E
Certificate issuer:       /CN=f0dd81a833d9b043c7ffd635a5987f536971180d
Certificate serial:       019B7AC82C554ED8FFDE3ACAD75B0249B699
Authority key identifier: F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/zI5C9mfneRZXzcAl6HQ4bK2hAS4.roa
Signing time:             Thu 01 Jan 2026 18:18:17 +0000
ROA not before:           Thu 01 Jan 2026 18:18:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198622
IP address blocks:        213.252.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:2c:55:4e:d8:ff:de:3a:ca:d7:5b:02:49:b6:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0dd81a833d9b043c7ffd635a5987f536971180d
        Validity
            Not Before: Jan  1 18:18:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cc8e42f667e7791657cdc025e874386cada1012e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:88:95:b6:65:96:80:1c:9f:fb:99:63:cb:43:
                    0f:c1:80:cd:f2:d0:82:5b:35:3c:65:4b:b8:70:15:
                    c0:08:bf:23:52:2b:cd:18:9f:c2:5e:af:77:e7:d0:
                    ce:c1:e1:50:0f:3f:9e:27:b8:2d:61:22:b3:85:0b:
                    0d:8b:ec:7f:7e:32:6a:27:80:40:2c:1d:28:5e:9f:
                    52:2d:ba:96:67:3c:b0:62:e4:31:1f:65:b4:18:5b:
                    52:0e:ba:62:9d:f4:4a:4e:65:e2:40:7b:65:eb:d1:
                    bf:d0:18:52:70:4e:4d:70:90:89:5e:da:76:d7:3a:
                    b8:8e:3a:59:74:37:81:9d:46:2b:7a:27:dc:4a:5f:
                    a8:b3:bd:1d:93:0e:23:e9:88:a5:3c:00:40:89:d4:
                    27:20:2c:1d:2e:c0:cf:b8:8c:3b:bf:5d:b7:cf:e9:
                    54:8e:ea:39:02:15:7e:d6:aa:c7:ac:38:d8:94:1f:
                    d1:1a:2f:3c:09:c3:b0:d8:f7:f2:6b:fa:01:eb:fd:
                    b0:0f:38:c5:c2:51:ba:51:b7:7b:2d:5f:6a:8f:90:
                    fd:8b:05:0a:82:71:a0:8d:22:3d:d7:e5:46:fc:a7:
                    48:c2:19:3d:91:c1:ac:99:62:ca:5d:a6:ef:af:ac:
                    57:fc:87:41:0c:ad:7d:04:63:d5:21:98:72:34:b8:
                    f3:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:8E:42:F6:67:E7:79:16:57:CD:C0:25:E8:74:38:6C:AD:A1:01:2E
            X509v3 Authority Key Identifier:
                keyid:F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/zI5C9mfneRZXzcAl6HQ4bK2hAS4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.252.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:8b:21:32:15:6c:6c:e6:92:a1:77:1d:44:b4:27:ff:b7:12:
         60:c8:49:55:9f:fc:ef:b8:d5:98:f5:d2:ac:52:da:e4:cc:82:
         94:30:33:64:e0:5d:fe:1b:0b:c7:29:a4:da:39:0b:cb:89:ea:
         28:d0:18:3a:37:11:85:8a:2f:b5:e9:c7:c3:ad:73:b5:58:c1:
         ed:7a:73:32:88:9d:69:5f:aa:f5:b6:51:7a:ab:25:45:f3:e3:
         34:74:89:b0:ba:8c:de:ce:f9:a5:38:42:88:b0:d2:8b:ed:fa:
         ba:5c:63:32:fa:07:85:89:99:32:98:1c:cb:1d:31:0a:b5:26:
         28:b1:64:fe:82:0a:de:19:16:90:aa:0f:2c:7e:34:b3:b2:0f:
         91:ba:e1:1f:7b:cd:fc:bc:65:13:36:76:86:b1:4e:74:28:f1:
         d3:a4:94:fc:89:a2:1d:15:f3:d7:3b:3a:f2:5a:50:77:a9:5b:
         c3:e3:4f:70:60:41:c0:2a:80:94:57:ac:e6:b9:70:ca:f1:89:
         61:ce:f9:64:e6:46:ea:2f:3f:38:e5:20:5d:e6:19:e3:0e:60:
         c9:8a:c9:b6:8f:48:66:a9:6b:0f:00:c1:37:96:eb:4d:bf:ba:
         fb:cd:f7:d6:09:82:75:b2:77:52:df:5c:21:34:7b:46:8c:ad:
         12:7c:2f:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yCxVTtj/3jrK11sCSbaZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZGQ4MWE4MzNkOWIwNDNjN2ZmZDYzNWE1OTg3ZjUzNjk3
MTE4MGQwHhcNMjYwMTAxMTgxODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzhlNDJmNjY3ZTc3OTE2NTdjZGMwMjVlODc0Mzg2Y2FkYTEwMTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA84iVtmWWgByf+5ljy0MPwYDN8tCC
WzU8ZUu4cBXACL8jUivNGJ/CXq9359DOweFQDz+eJ7gtYSKzhQsNi+x/fjJqJ4BA
LB0oXp9SLbqWZzywYuQxH2W0GFtSDrpinfRKTmXiQHtl69G/0BhScE5NcJCJXtp2
1zq4jjpZdDeBnUYreifcSl+os70dkw4j6YilPABAidQnICwdLsDPuIw7v123z+lU
juo5AhV+1qrHrDjYlB/RGi88CcOw2Pfya/oB6/2wDzjFwlG6Ubd7LV9qj5D9iwUK
gnGgjSI91+VG/KdIwhk9kcGsmWLKXabvr6xX/IdBDK19BGPVIZhyNLjzkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMyOQvZn53kWV83AJeh0OGytoQEuMB8GA1UdIwQY
MBaAFPDdgagz2bBDx//WNaWYf1NpcRgNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUt
MDQ2ODA0MjQ4NmRjLzEvekk1QzltZm5lUlpYemNBbDZIUTRiSzJoQVM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUtMDQ2ODA0MjQ4NmRj
LzEvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1fz/MA0G
CSqGSIb3DQEBCwUAA4IBAQAEiyEyFWxs5pKhdx1EtCf/txJgyElVn/zvuNWY9dKs
UtrkzIKUMDNk4F3+GwvHKaTaOQvLieoo0Bg6NxGFii+16cfDrXO1WMHtenMyiJ1p
X6r1tlF6qyVF8+M0dImwuozezvmlOEKIsNKL7fq6XGMy+geFiZkymBzLHTEKtSYo
sWT+ggreGRaQqg8sfjSzsg+RuuEfe838vGUTNnaGsU50KPHTpJT8iaIdFfPXOzry
WlB3qVvD409wYEHAKoCUV6zmuXDK8Ylhzvlk5kbqLz845SBd5hnjDmDJism2j0hm
qWsPAME3lutNv7r7zffWCYJ1sndS31whNHtGjK0SfC8C
-----END CERTIFICATE-----