This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/f55757-5965-4270-beab-a0d6dbfac6eb/1/ry7mAo1iVDE-vQJVtpiChZag52A.roa
File:                     ry7mAo1iVDE-vQJVtpiChZag52A.roa (raw, json)
Hash identifier:          /gsQ2B1v3KhCgm7kkq8lHyOWScapaf0eIQ7WAnTVr3Q=
Subject key identifier:   AF:2E:E6:02:8D:62:54:31:3E:BD:02:55:B6:98:82:85:96:A0:E7:60
Certificate issuer:       /CN=3f3bf511774b6e1d706bb2727b3d3125775a912f
Certificate serial:       019B7AC83D4EB25C7AC9011E6D5218579170
Authority key identifier: 3F:3B:F5:11:77:4B:6E:1D:70:6B:B2:72:7B:3D:31:25:77:5A:91:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Pzv1EXdLbh1wa7Jyez0xJXdakS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/f55757-5965-4270-beab-a0d6dbfac6eb/1/ry7mAo1iVDE-vQJVtpiChZag52A.roa
Signing time:             Thu 01 Jan 2026 18:18:21 +0000
ROA not before:           Thu 01 Jan 2026 18:18:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     28939
IP address blocks:        217.140.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/f55757-5965-4270-beab-a0d6dbfac6eb/1/Pzv1EXdLbh1wa7Jyez0xJXdakS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/f55757-5965-4270-beab-a0d6dbfac6eb/1/Pzv1EXdLbh1wa7Jyez0xJXdakS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Pzv1EXdLbh1wa7Jyez0xJXdakS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:3d:4e:b2:5c:7a:c9:01:1e:6d:52:18:57:91:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f3bf511774b6e1d706bb2727b3d3125775a912f
        Validity
            Not Before: Jan  1 18:18:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=af2ee6028d6254313ebd0255b698828596a0e760
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:70:1a:6f:4e:0b:13:75:87:d4:b9:3a:cd:09:
                    08:e5:2c:ed:7c:5d:7b:b6:ec:d1:3a:72:06:aa:30:
                    bc:43:50:d2:83:b3:33:d0:5f:e5:d3:5f:22:ea:a7:
                    b9:e4:a4:5b:da:2f:3b:52:f4:76:04:fb:40:e2:9c:
                    e5:b0:54:03:a1:c8:56:98:79:1b:ce:89:b2:c6:47:
                    0f:3d:18:9f:d8:e1:72:f0:24:30:6f:c4:b4:51:21:
                    be:90:5d:f2:41:63:4f:fb:1c:19:02:46:2a:e8:ab:
                    cd:e8:83:d4:e6:07:a6:be:e8:ec:dd:c8:0e:b0:15:
                    e1:10:39:17:ad:c5:10:41:da:95:c6:03:f0:41:6a:
                    4d:c3:58:38:0b:9a:55:c6:c5:c8:e4:20:ff:d0:6b:
                    bf:b9:83:55:80:97:95:ad:d5:34:74:14:d1:c2:ed:
                    9f:d0:ca:2b:28:85:74:18:86:a7:a1:38:77:25:c1:
                    c5:f3:c0:81:aa:98:fa:35:6c:a5:a5:5c:36:fd:83:
                    a7:7e:38:f0:4d:30:91:e7:32:1f:a5:78:91:57:2e:
                    30:1f:dc:9a:1a:90:b3:b8:5f:f5:df:e4:c0:61:c8:
                    c3:9d:42:81:18:e3:cd:77:67:69:b8:7d:3c:b2:2f:
                    25:12:ee:da:43:91:18:77:f7:a0:78:cb:20:d3:0a:
                    03:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:2E:E6:02:8D:62:54:31:3E:BD:02:55:B6:98:82:85:96:A0:E7:60
            X509v3 Authority Key Identifier:
                keyid:3F:3B:F5:11:77:4B:6E:1D:70:6B:B2:72:7B:3D:31:25:77:5A:91:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pzv1EXdLbh1wa7Jyez0xJXdakS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/f55757-5965-4270-beab-a0d6dbfac6eb/1/ry7mAo1iVDE-vQJVtpiChZag52A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/f55757-5965-4270-beab-a0d6dbfac6eb/1/Pzv1EXdLbh1wa7Jyez0xJXdakS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.140.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:08:a9:3e:b2:15:40:86:fe:95:b7:81:30:cb:59:75:f2:cf:
         96:1f:2e:2f:88:25:58:39:72:68:0b:9e:a2:9b:c1:37:c3:82:
         fb:da:4b:5e:37:50:71:bd:68:07:ea:f3:01:ae:3f:e6:29:a1:
         96:5e:43:25:cd:eb:58:65:53:eb:80:08:8a:1e:51:2a:b4:7d:
         4d:3e:80:12:87:2c:c1:9d:df:85:da:bb:6f:80:01:22:34:80:
         6f:0f:55:4f:e1:2c:1e:2e:3d:16:46:a1:35:64:11:e7:03:31:
         a3:2a:b1:a2:7a:39:7c:50:e6:88:df:0c:9b:80:d1:cc:53:89:
         11:0e:2b:72:92:05:df:8f:15:d9:8d:99:1c:c0:f0:11:52:56:
         b0:7c:ed:d8:df:d1:6d:18:ec:7b:f6:b1:7a:51:f2:0d:b9:3d:
         ee:e3:bb:02:7e:1c:62:cf:87:c9:2a:e9:9d:7c:77:f5:69:00:
         46:a8:b4:8d:81:1d:65:95:6d:0e:f7:eb:3b:ff:6b:1a:f4:6d:
         93:be:68:c2:de:97:47:1b:ab:21:fd:ff:a2:59:8b:ed:05:42:
         4e:66:32:71:1e:c6:9e:44:de:72:ce:f8:03:2d:12:f0:90:d4:
         08:15:4b:05:4d:2c:05:7e:48:6c:ef:0f:9f:40:3e:4f:24:eb:
         bb:d3:0c:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yD1Oslx6yQEebVIYV5FwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmM2JmNTExNzc0YjZlMWQ3MDZiYjI3MjdiM2QzMTI1Nzc1
YTkxMmYwHhcNMjYwMTAxMTgxODIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjJlZTYwMjhkNjI1NDMxM2ViZDAyNTViNjk4ODI4NTk2YTBlNzYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxXAab04LE3WH1Lk6zQkI5SztfF17
tuzROnIGqjC8Q1DSg7Mz0F/l018i6qe55KRb2i87UvR2BPtA4pzlsFQDochWmHkb
zomyxkcPPRif2OFy8CQwb8S0USG+kF3yQWNP+xwZAkYq6KvN6IPU5gemvujs3cgO
sBXhEDkXrcUQQdqVxgPwQWpNw1g4C5pVxsXI5CD/0Gu/uYNVgJeVrdU0dBTRwu2f
0MorKIV0GIanoTh3JcHF88CBqpj6NWylpVw2/YOnfjjwTTCR5zIfpXiRVy4wH9ya
GpCzuF/13+TAYcjDnUKBGOPNd2dpuH08si8lEu7aQ5EYd/egeMsg0woD+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK8u5gKNYlQxPr0CVbaYgoWWoOdgMB8GA1UdIwQY
MBaAFD879RF3S24dcGuycns9MSV3WpEvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHp2MUVYZExiaDF3YTdKeWV6MHhKWGRha1M4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9mNTU3NTctNTk2NS00MjcwLWJlYWIt
YTBkNmRiZmFjNmViLzEvcnk3bUFvMWlWREUtdlFKVnRwaUNoWmFnNTJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9mNTU3NTctNTk2NS00MjcwLWJlYWItYTBkNmRiZmFjNmVi
LzEvUHp2MUVYZExiaDF3YTdKeWV6MHhKWGRha1M4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2YxsMA0G
CSqGSIb3DQEBCwUAA4IBAQAdCKk+shVAhv6Vt4Ewy1l18s+WHy4viCVYOXJoC56i
m8E3w4L72kteN1BxvWgH6vMBrj/mKaGWXkMlzetYZVPrgAiKHlEqtH1NPoAShyzB
nd+F2rtvgAEiNIBvD1VP4SweLj0WRqE1ZBHnAzGjKrGiejl8UOaI3wybgNHMU4kR
DitykgXfjxXZjZkcwPARUlawfO3Y39FtGOx79rF6UfINuT3u47sCfhxiz4fJKumd
fHf1aQBGqLSNgR1llW0O9+s7/2sa9G2TvmjC3pdHG6sh/f+iWYvtBUJOZjJxHsae
RN5yzvgDLRLwkNQIFUsFTSwFfkhs7w+fQD5PJOu70wx6
-----END CERTIFICATE-----