This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/FR0TMzudRUII0Fa6Jf04w_3WI20.roa
File:                     FR0TMzudRUII0Fa6Jf04w_3WI20.roa (raw, json)
Hash identifier:          AJPhPEVbqaILZMRzPtnEJF9G4HZjyUJiNfN1jrcINf4=
Subject key identifier:   15:1D:13:33:3B:9D:45:42:08:D0:56:BA:25:FD:38:C3:FD:D6:23:6D
Certificate issuer:       /CN=ab54fe831b6a719f42e6c8486fd03b550be761fb
Certificate serial:       019B797E2A26BC9618823BDD85110543363A
Authority key identifier: AB:54:FE:83:1B:6A:71:9F:42:E6:C8:48:6F:D0:3B:55:0B:E7:61:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q1T-gxtqcZ9C5shIb9A7VQvnYfs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/FR0TMzudRUII0Fa6Jf04w_3WI20.roa
Signing time:             Thu 01 Jan 2026 12:17:50 +0000
ROA not before:           Thu 01 Jan 2026 12:17:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201735
IP address blocks:        213.162.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/q1T-gxtqcZ9C5shIb9A7VQvnYfs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/q1T-gxtqcZ9C5shIb9A7VQvnYfs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q1T-gxtqcZ9C5shIb9A7VQvnYfs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:2a:26:bc:96:18:82:3b:dd:85:11:05:43:36:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab54fe831b6a719f42e6c8486fd03b550be761fb
        Validity
            Not Before: Jan  1 12:17:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=151d13333b9d454208d056ba25fd38c3fdd6236d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:e8:92:ee:25:f8:5d:86:f6:a5:99:b9:35:70:
                    61:a0:a4:d6:53:3b:6f:06:2e:45:e0:70:9a:fc:da:
                    fe:05:df:e8:eb:4a:03:d1:aa:97:64:a9:c3:fe:bb:
                    1b:bc:f8:63:62:a8:e3:35:ba:83:d6:cd:1f:0f:ca:
                    f7:f9:6f:8e:50:0c:20:ba:b2:3e:4d:9a:08:5b:fd:
                    eb:7e:e9:a2:16:4e:14:50:aa:90:f0:01:db:29:86:
                    4f:73:9c:d7:9f:92:74:01:d6:97:a8:0b:33:c6:c6:
                    dd:fe:61:0b:6c:26:70:3e:cc:1c:6f:33:4c:00:0a:
                    54:f1:15:8d:28:a8:6b:ae:61:3e:3f:69:f8:d3:6c:
                    07:1a:2f:10:2a:2e:ab:ab:6e:fc:ae:88:54:82:64:
                    16:7d:6a:b5:77:45:00:41:d4:9f:83:78:39:71:c5:
                    ac:7d:fb:2d:3d:a1:89:89:f5:5b:d8:4e:1a:8f:c4:
                    f7:17:67:5a:a9:c5:87:73:c2:1c:49:c9:cb:63:cf:
                    aa:b9:e9:d6:4a:84:16:78:68:1d:df:08:8c:52:c6:
                    98:50:45:42:87:19:c2:ed:ee:58:91:25:b6:65:20:
                    85:39:8b:37:2c:1e:15:c7:fd:a6:62:cb:ae:da:5a:
                    29:eb:fa:cf:5e:0b:25:e4:bd:3a:a1:d7:0c:d6:e6:
                    58:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:1D:13:33:3B:9D:45:42:08:D0:56:BA:25:FD:38:C3:FD:D6:23:6D
            X509v3 Authority Key Identifier:
                keyid:AB:54:FE:83:1B:6A:71:9F:42:E6:C8:48:6F:D0:3B:55:0B:E7:61:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q1T-gxtqcZ9C5shIb9A7VQvnYfs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/FR0TMzudRUII0Fa6Jf04w_3WI20.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/q1T-gxtqcZ9C5shIb9A7VQvnYfs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.162.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:da:88:16:1a:6b:70:b7:4b:06:6d:22:36:87:ab:69:85:76:
         1d:b7:15:e3:f5:92:cf:e8:53:1f:90:81:c6:8c:a3:56:d7:1b:
         99:a0:79:6f:6a:e0:e5:27:84:a5:24:71:22:81:27:e9:de:9f:
         eb:4e:19:31:8e:48:c3:3b:2c:5e:e4:90:1a:b7:4e:89:03:34:
         eb:71:5d:1e:01:1e:7b:15:1b:65:2a:91:3a:cd:00:3b:64:24:
         d0:92:21:df:a2:2b:70:ef:97:b2:c5:91:ea:35:b0:67:56:1b:
         fa:cc:51:86:45:53:81:a2:e1:8f:cc:03:bc:9e:7b:d2:08:2f:
         90:7a:bf:64:b9:7a:93:9f:70:0b:c9:f3:17:19:5a:ec:fc:91:
         00:de:d7:d3:9b:bf:97:16:6c:0c:37:fc:b7:fe:67:0c:61:7b:
         bc:4d:1e:ff:ca:a4:e2:59:71:10:43:c6:c4:57:c3:31:e3:06:
         f9:36:26:82:b9:1d:09:cb:11:4e:cc:e4:0d:4d:28:8e:1d:8a:
         5a:cf:b8:4f:25:b0:26:55:e8:ef:b9:38:01:6b:39:25:a9:5e:
         53:8b:0d:f0:80:25:d2:a2:bd:e7:ec:03:91:4e:1f:c6:ce:a7:
         ba:c7:e2:47:7a:72:0f:cd:a3:65:a0:ea:00:86:c5:ff:b3:9b:
         e1:1b:62:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fiomvJYYgjvdhREFQzY6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNTRmZTgzMWI2YTcxOWY0MmU2Yzg0ODZmZDAzYjU1MGJl
NzYxZmIwHhcNMjYwMTAxMTIxNzUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTFkMTMzMzNiOWQ0NTQyMDhkMDU2YmEyNWZkMzhjM2ZkZDYyMzZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiuiS7iX4XYb2pZm5NXBhoKTWUztv
Bi5F4HCa/Nr+Bd/o60oD0aqXZKnD/rsbvPhjYqjjNbqD1s0fD8r3+W+OUAwgurI+
TZoIW/3rfumiFk4UUKqQ8AHbKYZPc5zXn5J0AdaXqAszxsbd/mELbCZwPswcbzNM
AApU8RWNKKhrrmE+P2n402wHGi8QKi6rq278rohUgmQWfWq1d0UAQdSfg3g5ccWs
ffstPaGJifVb2E4aj8T3F2daqcWHc8IcScnLY8+quenWSoQWeGgd3wiMUsaYUEVC
hxnC7e5YkSW2ZSCFOYs3LB4Vx/2mYsuu2lop6/rPXgsl5L06odcM1uZY3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBUdEzM7nUVCCNBWuiX9OMP91iNtMB8GA1UdIwQY
MBaAFKtU/oMbanGfQubISG/QO1UL52H7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTFULWd4dHFjWjlDNXNoSWI5QTdWUXZuWWZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS81ZWFhYTctMzEwNy00MjY4LWFhZDYt
NmZkOTc4OTIwNWJhLzEvRlIwVE16dWRSVUlJMEZhNkpmMDR3XzNXSTIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS81ZWFhYTctMzEwNy00MjY4LWFhZDYtNmZkOTc4OTIwNWJh
LzEvcTFULWd4dHFjWjlDNXNoSWI5QTdWUXZuWWZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1aLcMA0G
CSqGSIb3DQEBCwUAA4IBAQCX2ogWGmtwt0sGbSI2h6tphXYdtxXj9ZLP6FMfkIHG
jKNW1xuZoHlvauDlJ4SlJHEigSfp3p/rThkxjkjDOyxe5JAat06JAzTrcV0eAR57
FRtlKpE6zQA7ZCTQkiHfoitw75eyxZHqNbBnVhv6zFGGRVOBouGPzAO8nnvSCC+Q
er9kuXqTn3ALyfMXGVrs/JEA3tfTm7+XFmwMN/y3/mcMYXu8TR7/yqTiWXEQQ8bE
V8Mx4wb5NiaCuR0JyxFOzOQNTSiOHYpaz7hPJbAmVejvuTgBazklqV5Tiw3wgCXS
or3n7AORTh/Gzqe6x+JHenIPzaNloOoAhsX/s5vhG2LS
-----END CERTIFICATE-----