This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/cSTi1Lxehq5jDWakpB6HYzAw5R0.roa
File:                     cSTi1Lxehq5jDWakpB6HYzAw5R0.roa (raw, json)
Hash identifier:          wqKpE+uRvges7Z2ELy3oIP2gt4HmPD2pP3WgFoILY2s=
Subject key identifier:   71:24:E2:D4:BC:5E:86:AE:63:0D:66:A4:A4:1E:87:63:30:30:E5:1D
Certificate issuer:       /CN=3919f2ad91584baff0467447bac8fb978d1f9dd3
Certificate serial:       019B78A36974464AF7A90F51F5AEBB5F752A
Authority key identifier: 39:19:F2:AD:91:58:4B:AF:F0:46:74:47:BA:C8:FB:97:8D:1F:9D:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ORnyrZFYS6_wRnRHusj7l40fndM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/cSTi1Lxehq5jDWakpB6HYzAw5R0.roa
Signing time:             Thu 01 Jan 2026 08:18:53 +0000
ROA not before:           Thu 01 Jan 2026 08:18:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     24667
IP address blocks:        213.161.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/ORnyrZFYS6_wRnRHusj7l40fndM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/ORnyrZFYS6_wRnRHusj7l40fndM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ORnyrZFYS6_wRnRHusj7l40fndM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:69:74:46:4a:f7:a9:0f:51:f5:ae:bb:5f:75:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3919f2ad91584baff0467447bac8fb978d1f9dd3
        Validity
            Not Before: Jan  1 08:18:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7124e2d4bc5e86ae630d66a4a41e87633030e51d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:b3:78:79:48:9c:76:34:6f:65:78:a4:06:bf:
                    8f:e2:48:07:00:c7:d1:b4:ac:62:49:e0:6d:4a:c9:
                    ba:85:2f:ef:15:b7:87:49:14:85:6e:04:69:34:e3:
                    46:8e:72:e7:c8:ec:7a:50:33:8a:83:36:1a:66:55:
                    b3:46:8d:6d:7a:5c:38:d6:81:c2:92:bd:9a:b8:79:
                    0a:55:37:2b:da:e1:cd:e9:29:c1:a1:ac:83:c8:7b:
                    16:6a:71:21:04:09:3e:05:20:29:4f:06:fb:db:94:
                    a8:ba:5e:07:48:9a:48:e4:83:e5:22:d7:32:7d:b5:
                    c9:f4:00:2e:c3:6f:88:fd:16:a1:ff:73:42:c7:12:
                    e8:6b:5d:1a:ef:ef:15:9d:5e:43:68:52:62:81:0a:
                    25:99:41:17:26:7c:22:a3:ac:f0:0d:2c:d0:85:3a:
                    3e:05:a1:71:2f:99:ba:45:9a:cd:07:83:f1:e5:7f:
                    fb:41:0e:55:39:cf:88:59:d9:8c:eb:b4:dd:1c:af:
                    cd:33:53:e5:99:fd:68:db:28:1b:81:5a:0a:d3:0a:
                    ea:a1:8e:8c:a9:d4:52:ea:97:78:2b:cf:14:db:d9:
                    af:2a:c4:81:cc:eb:14:cc:94:13:16:78:03:e3:3f:
                    c9:6a:1c:f4:2c:97:44:45:8f:f1:92:b4:f7:91:17:
                    71:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:24:E2:D4:BC:5E:86:AE:63:0D:66:A4:A4:1E:87:63:30:30:E5:1D
            X509v3 Authority Key Identifier:
                keyid:39:19:F2:AD:91:58:4B:AF:F0:46:74:47:BA:C8:FB:97:8D:1F:9D:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ORnyrZFYS6_wRnRHusj7l40fndM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/cSTi1Lxehq5jDWakpB6HYzAw5R0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/ORnyrZFYS6_wRnRHusj7l40fndM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.161.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:5c:79:44:8c:27:ef:79:f7:20:91:26:32:0a:a7:ae:89:8f:
         c8:99:b0:22:cd:42:f4:3e:16:26:3f:97:be:a5:83:16:e6:cd:
         26:d5:f0:09:c8:5e:5a:e6:84:ef:1c:1f:6a:f0:75:8f:48:58:
         4c:c1:0a:86:ec:d9:9f:ce:4e:5e:dd:23:83:dd:5f:05:02:1f:
         62:ce:1b:20:a9:c7:dd:84:0d:21:75:e5:9f:ca:5e:ef:7b:a7:
         b1:8d:12:27:8f:dc:3a:b2:e6:c1:f1:ac:bc:ed:27:e9:86:1c:
         86:24:90:ce:11:95:c7:93:12:9c:d1:b7:ff:16:46:7d:54:15:
         fc:84:47:41:a4:69:cc:54:c4:bb:23:50:32:0c:81:b2:0e:a3:
         36:b1:7d:53:89:70:5a:29:8a:5e:30:b2:cf:90:7b:4b:8b:f8:
         d0:09:a8:a4:a0:45:a8:9d:05:b6:37:d8:c7:86:13:46:94:cd:
         51:95:93:d0:81:a5:ac:74:54:de:16:f1:e1:19:3e:8e:d6:32:
         f5:a5:ab:a8:b9:51:0a:56:3f:d6:59:ab:4b:f8:9f:50:49:d6:
         7e:90:88:47:dc:ff:cd:29:fb:6e:65:86:9f:3e:e9:16:85:11:
         2a:92:e1:2f:50:29:f9:0b:e7:9e:18:61:a6:3f:c6:58:48:12:
         45:38:45:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4o2l0Rkr3qQ9R9a67X3UqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MTlmMmFkOTE1ODRiYWZmMDQ2NzQ0N2JhYzhmYjk3OGQx
ZjlkZDMwHhcNMjYwMTAxMDgxODUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTI0ZTJkNGJjNWU4NmFlNjMwZDY2YTRhNDFlODc2MzMwMzBlNTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1bN4eUicdjRvZXikBr+P4kgHAMfR
tKxiSeBtSsm6hS/vFbeHSRSFbgRpNONGjnLnyOx6UDOKgzYaZlWzRo1telw41oHC
kr2auHkKVTcr2uHN6SnBoayDyHsWanEhBAk+BSApTwb725Soul4HSJpI5IPlItcy
fbXJ9AAuw2+I/Rah/3NCxxLoa10a7+8VnV5DaFJigQolmUEXJnwio6zwDSzQhTo+
BaFxL5m6RZrNB4Px5X/7QQ5VOc+IWdmM67TdHK/NM1Plmf1o2ygbgVoK0wrqoY6M
qdRS6pd4K88U29mvKsSBzOsUzJQTFngD4z/Jahz0LJdERY/xkrT3kRdxPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHEk4tS8XoauYw1mpKQeh2MwMOUdMB8GA1UdIwQY
MBaAFDkZ8q2RWEuv8EZ0R7rI+5eNH53TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1JueXJaRllTNl93Um5SSHVzajdsNDBmbmRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS85MTE4ZTItYWU3NC00YzI0LWE3NzUt
MzJhYTY3MzFjMjkxLzEvY1NUaTFMeGVocTVqRFdha3BCNkhZekF3NVIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS85MTE4ZTItYWU3NC00YzI0LWE3NzUtMzJhYTY3MzFjMjkx
LzEvT1JueXJaRllTNl93Um5SSHVzajdsNDBmbmRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1aGTMA0G
CSqGSIb3DQEBCwUAA4IBAQCZXHlEjCfvefcgkSYyCqeuiY/ImbAizUL0PhYmP5e+
pYMW5s0m1fAJyF5a5oTvHB9q8HWPSFhMwQqG7Nmfzk5e3SOD3V8FAh9izhsgqcfd
hA0hdeWfyl7ve6exjRInj9w6subB8ay87SfphhyGJJDOEZXHkxKc0bf/FkZ9VBX8
hEdBpGnMVMS7I1AyDIGyDqM2sX1TiXBaKYpeMLLPkHtLi/jQCaikoEWonQW2N9jH
hhNGlM1RlZPQgaWsdFTeFvHhGT6O1jL1pauouVEKVj/WWatL+J9QSdZ+kIhH3P/N
KftuZYafPukWhREqkuEvUCn5C+eeGGGmP8ZYSBJFOEUw
-----END CERTIFICATE-----