This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/IAsSuLfPFpBj32Y13IehzhXVpQA.roa
File:                     IAsSuLfPFpBj32Y13IehzhXVpQA.roa (raw, json)
Hash identifier:          3Oweej61FZG8mKJG+RGWXbqjk3knSjlvfpdbWwz/s4g=
Subject key identifier:   20:0B:12:B8:B7:CF:16:90:63:DF:66:35:DC:87:A1:CE:15:D5:A5:00
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019AC4208737145FDA6197E58D05B6958A02
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/IAsSuLfPFpBj32Y13IehzhXVpQA.roa
Signing time:             Thu 27 Nov 2025 07:04:17 +0000
ROA not before:           Thu 27 Nov 2025 07:04:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205536
IP address blocks:        217.60.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 12:34:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:c4:20:87:37:14:5f:da:61:97:e5:8d:05:b6:95:8a:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Nov 27 07:04:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=200b12b8b7cf169063df6635dc87a1ce15d5a500
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:4a:82:7d:7c:b5:1c:ae:e0:dd:dc:f3:75:d4:
                    76:73:a4:a1:84:34:a4:5d:42:02:9c:89:cb:16:75:
                    e3:25:63:62:78:30:4e:aa:02:e9:d9:02:33:2b:2b:
                    92:93:ee:15:34:9d:51:78:e3:bb:da:0f:ce:b9:ad:
                    86:9d:da:fd:25:2c:f1:ca:80:fd:95:09:fd:c3:f6:
                    89:0f:55:99:0b:df:bf:30:a5:e5:23:bf:88:73:a0:
                    12:08:56:2b:27:3f:ff:dc:17:97:1b:45:2b:da:e0:
                    64:5b:ae:45:5d:7a:75:02:cc:ea:3c:92:33:70:d3:
                    05:a9:5a:36:d3:3b:b0:ac:e6:31:54:9e:36:c0:e9:
                    5b:ba:d5:12:8a:b5:50:8e:f9:80:c4:66:49:1b:6b:
                    c4:f1:89:1a:e8:74:ba:ed:80:38:a4:50:a7:ab:5c:
                    3c:4d:4d:2b:bc:4e:6b:a2:e1:39:9e:6d:3d:81:94:
                    9b:7a:df:ae:f5:37:2f:5d:9d:25:d3:78:21:4b:ba:
                    5f:cd:fc:75:a9:3c:ec:85:b4:e6:aa:be:f0:31:57:
                    9d:9d:51:1a:35:22:88:54:b7:93:c3:51:f8:14:fc:
                    e2:b5:22:6e:80:60:29:5e:7c:f2:50:ff:ff:f5:94:
                    c9:99:b1:92:56:27:0e:ff:41:9a:6e:88:eb:57:03:
                    1d:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:0B:12:B8:B7:CF:16:90:63:DF:66:35:DC:87:A1:CE:15:D5:A5:00
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/IAsSuLfPFpBj32Y13IehzhXVpQA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.60.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:60:7a:6e:c5:95:6a:80:28:46:5f:b2:f4:7b:e2:d3:aa:5a:
         95:a2:26:88:21:a6:77:a2:77:6f:70:00:96:18:d4:d9:d3:2e:
         b0:c5:52:93:42:2c:ad:f3:34:0e:c9:22:86:91:6b:5c:55:4a:
         ab:22:b7:45:84:d2:af:dd:8b:af:da:c6:ca:29:0c:fa:88:4d:
         72:10:cf:35:6c:24:3d:b2:dc:33:1c:24:54:4a:ec:35:33:0a:
         1a:5f:5b:43:81:3b:dc:d6:78:70:69:c4:f3:29:60:0b:93:95:
         a3:2d:cf:81:d2:00:06:4a:a1:4f:6a:df:5e:5b:39:76:0d:32:
         cb:48:bc:cc:0b:8e:1f:f0:23:52:70:cb:96:cb:a4:49:9c:ab:
         c8:3a:f4:f0:49:dc:74:ce:6f:db:d7:7f:17:b6:80:7d:ac:94:
         44:35:59:42:ff:00:21:94:c4:d2:35:5c:18:10:29:e5:e4:13:
         6e:f9:e4:70:45:e3:83:e8:45:69:9e:c2:f0:ca:5f:e0:70:20:
         d9:da:d4:ad:2e:b4:fd:54:82:c5:4b:b6:d5:5a:1f:18:eb:25:
         60:a3:30:fc:36:22:df:c3:e1:d3:30:1c:26:33:17:27:ed:3a:
         9e:61:50:94:1f:15:40:56:da:fd:7a:a1:53:95:6a:3e:64:5e:
         39:4f:f6:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZrEIIc3FF/aYZfljQW2lYoCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUxMTI3MDcwNDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDBiMTJiOGI3Y2YxNjkwNjNkZjY2MzVkYzg3YTFjZTE1ZDVhNTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0qCfXy1HK7g3dzzddR2c6ShhDSk
XUICnInLFnXjJWNieDBOqgLp2QIzKyuSk+4VNJ1ReOO72g/Oua2Gndr9JSzxyoD9
lQn9w/aJD1WZC9+/MKXlI7+Ic6ASCFYrJz//3BeXG0Ur2uBkW65FXXp1AszqPJIz
cNMFqVo20zuwrOYxVJ42wOlbutUSirVQjvmAxGZJG2vE8Yka6HS67YA4pFCnq1w8
TU0rvE5rouE5nm09gZSbet+u9TcvXZ0l03ghS7pfzfx1qTzshbTmqr7wMVednVEa
NSKIVLeTw1H4FPzitSJugGApXnzyUP//9ZTJmbGSVicO/0GabojrVwMdkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCALEri3zxaQY99mNdyHoc4V1aUAMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvSUFzU3VMZlBGcEJqMzJZMTNJZWh6aFhWcFFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2TzwMA0G
CSqGSIb3DQEBCwUAA4IBAQAtYHpuxZVqgChGX7L0e+LTqlqVoiaIIaZ3ondvcACW
GNTZ0y6wxVKTQiyt8zQOySKGkWtcVUqrIrdFhNKv3Yuv2sbKKQz6iE1yEM81bCQ9
stwzHCRUSuw1MwoaX1tDgTvc1nhwacTzKWALk5WjLc+B0gAGSqFPat9eWzl2DTLL
SLzMC44f8CNScMuWy6RJnKvIOvTwSdx0zm/b138XtoB9rJRENVlC/wAhlMTSNVwY
ECnl5BNu+eRwReOD6EVpnsLwyl/gcCDZ2tStLrT9VILFS7bVWh8Y6yVgozD8NiLf
w+HTMBwmMxcn7TqeYVCUHxVAVtr9eqFTlWo+ZF45T/b/
-----END CERTIFICATE-----