This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/sUCFmwpJav81ZSRKsG-SSJaCaxg.roa
File:                     sUCFmwpJav81ZSRKsG-SSJaCaxg.roa (raw, json)
Hash identifier:          9KxlfWrLv7YnnCH1Vf26DGRif8A8TjjKojTT9mB5Eaw=
Subject key identifier:   B1:40:85:9B:0A:49:6A:FF:35:65:24:4A:B0:6F:92:48:96:82:6B:18
Certificate issuer:       /CN=1d8626749cbf84bcf42ebb2985b86dee830e5c14
Certificate serial:       019B7A5B59EB75E3F2EE7F5F8C3ECCE3431C
Authority key identifier: 1D:86:26:74:9C:BF:84:BC:F4:2E:BB:29:85:B8:6D:EE:83:0E:5C:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HYYmdJy_hLz0Lrsphbht7oMOXBQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/sUCFmwpJav81ZSRKsG-SSJaCaxg.roa
Signing time:             Thu 01 Jan 2026 16:19:25 +0000
ROA not before:           Thu 01 Jan 2026 16:19:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211471
IP address blocks:        217.150.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/HYYmdJy_hLz0Lrsphbht7oMOXBQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/HYYmdJy_hLz0Lrsphbht7oMOXBQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HYYmdJy_hLz0Lrsphbht7oMOXBQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:59:eb:75:e3:f2:ee:7f:5f:8c:3e:cc:e3:43:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d8626749cbf84bcf42ebb2985b86dee830e5c14
        Validity
            Not Before: Jan  1 16:19:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b140859b0a496aff3565244ab06f924896826b18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:12:d7:fa:77:06:8e:96:db:de:85:1c:c7:40:
                    5a:39:60:9f:26:67:51:e2:eb:10:33:26:83:5d:99:
                    f5:3a:6b:a7:52:7c:fa:9c:10:b0:87:20:c3:55:ec:
                    84:79:3a:94:cb:50:7c:6c:70:5e:4e:cf:c8:83:22:
                    e1:89:0f:24:5f:30:4d:bb:93:cb:fc:80:c9:dc:ca:
                    d7:b4:7b:97:ac:51:63:a8:f2:54:6e:9d:10:c1:fb:
                    35:13:8a:65:9e:96:61:24:1e:d1:0e:d5:21:6c:dc:
                    a8:58:ae:1d:93:a9:06:99:5e:26:d4:6f:43:b9:f7:
                    4d:60:6a:82:d9:6b:60:95:aa:0f:f4:89:82:af:b7:
                    ea:42:b5:8c:5d:71:f8:dd:56:ed:3e:7a:b2:a6:bc:
                    60:1a:5f:0a:9f:28:a2:ab:eb:dd:cb:65:29:63:ce:
                    e9:8a:3a:4c:11:9a:0d:7e:6b:6d:96:37:98:ed:5b:
                    e9:7e:6c:20:68:80:14:4a:bd:6f:b1:a7:01:62:8b:
                    2b:f6:16:d1:51:06:c6:6c:8c:1d:d6:b9:0a:e1:81:
                    d5:32:fb:cb:97:91:ae:eb:66:69:24:43:e1:a0:ed:
                    d4:9d:7c:78:2c:e8:1d:2d:ce:84:95:b3:35:0a:e8:
                    51:3b:38:6c:51:2d:d5:cf:7e:12:21:6d:18:1b:e7:
                    5c:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:40:85:9B:0A:49:6A:FF:35:65:24:4A:B0:6F:92:48:96:82:6B:18
            X509v3 Authority Key Identifier:
                keyid:1D:86:26:74:9C:BF:84:BC:F4:2E:BB:29:85:B8:6D:EE:83:0E:5C:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HYYmdJy_hLz0Lrsphbht7oMOXBQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/sUCFmwpJav81ZSRKsG-SSJaCaxg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/HYYmdJy_hLz0Lrsphbht7oMOXBQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.150.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:05:1e:4a:23:38:3f:46:ea:13:7a:59:5c:23:0d:39:07:61:
         2b:0c:11:0a:67:82:74:90:23:e8:20:a6:fd:83:fa:8f:a2:60:
         73:92:7a:df:ab:5e:0e:96:9b:55:07:f3:78:4f:d1:0a:28:6e:
         8e:e4:be:a2:5a:4b:10:70:31:52:0a:08:ce:6f:7f:c0:ec:d9:
         35:1f:a2:f6:47:df:a3:05:8c:d6:35:b2:4f:9a:1c:95:24:6d:
         bd:38:ed:12:ff:30:65:2c:c9:b9:ef:31:31:65:2c:a5:fc:8f:
         d2:51:11:73:e7:9a:0b:b8:48:66:b3:bc:ca:a4:ae:86:b3:04:
         7c:e7:ab:b6:25:96:ce:c8:2b:7c:cc:da:5d:43:13:6f:2b:a0:
         4b:6b:a3:04:bc:58:38:a6:3b:7b:1c:6a:e7:17:e7:13:87:bd:
         a4:95:00:4b:93:5e:fa:57:af:82:1e:64:4e:11:24:f3:b5:83:
         fb:68:ce:0f:14:dd:f6:3e:aa:f2:51:9d:41:3c:36:ec:ae:24:
         5a:ff:ef:02:78:4e:54:8c:75:38:da:e1:ce:08:f1:55:9f:62:
         8d:e3:0c:77:f7:b7:47:79:9d:79:3b:a1:4b:3a:01:3c:1a:d1:
         ab:2b:87:f4:69:31:ca:53:42:15:eb:41:08:8e:ed:56:45:d4:
         0f:88:ac:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6W1nrdePy7n9fjD7M40McMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkODYyNjc0OWNiZjg0YmNmNDJlYmIyOTg1Yjg2ZGVlODMw
ZTVjMTQwHhcNMjYwMTAxMTYxOTI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTQwODU5YjBhNDk2YWZmMzU2NTI0NGFiMDZmOTI0ODk2ODI2YjE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAixLX+ncGjpbb3oUcx0BaOWCfJmdR
4usQMyaDXZn1OmunUnz6nBCwhyDDVeyEeTqUy1B8bHBeTs/IgyLhiQ8kXzBNu5PL
/IDJ3MrXtHuXrFFjqPJUbp0Qwfs1E4plnpZhJB7RDtUhbNyoWK4dk6kGmV4m1G9D
ufdNYGqC2WtglaoP9ImCr7fqQrWMXXH43VbtPnqyprxgGl8Knyiiq+vdy2UpY87p
ijpMEZoNfmttljeY7VvpfmwgaIAUSr1vsacBYosr9hbRUQbGbIwd1rkK4YHVMvvL
l5Gu62ZpJEPhoO3UnXx4LOgdLc6ElbM1CuhROzhsUS3Vz34SIW0YG+dcawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLFAhZsKSWr/NWUkSrBvkkiWgmsYMB8GA1UdIwQY
MBaAFB2GJnScv4S89C67KYW4be6DDlwUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFlZbWRKeV9oTHowTHJzcGhiaHQ3b01PWEJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny85NTFjOGUtNGE4Ni00YzhlLTk5ODYt
MGJmYmFkNDg0OWNkLzEvc1VDRm13cEphdjgxWlNSS3NHLVNTSmFDYXhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny85NTFjOGUtNGE4Ni00YzhlLTk5ODYtMGJmYmFkNDg0OWNk
LzEvSFlZbWRKeV9oTHowTHJzcGhiaHQ3b01PWEJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZbdMA0G
CSqGSIb3DQEBCwUAA4IBAQB5BR5KIzg/RuoTellcIw05B2ErDBEKZ4J0kCPoIKb9
g/qPomBzknrfq14OlptVB/N4T9EKKG6O5L6iWksQcDFSCgjOb3/A7Nk1H6L2R9+j
BYzWNbJPmhyVJG29OO0S/zBlLMm57zExZSyl/I/SURFz55oLuEhms7zKpK6GswR8
56u2JZbOyCt8zNpdQxNvK6BLa6MEvFg4pjt7HGrnF+cTh72klQBLk176V6+CHmRO
ESTztYP7aM4PFN32PqryUZ1BPDbsriRa/+8CeE5UjHU42uHOCPFVn2KN4wx397dH
eZ15O6FLOgE8GtGrK4f0aTHKU0IV60EIju1WRdQPiKx9
-----END CERTIFICATE-----