This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/P04c2XI7haz3hk-2m450FkvGSnc.roa
File:                     P04c2XI7haz3hk-2m450FkvGSnc.roa (raw, json)
Hash identifier:          W8LRKUa+YkfgYOrhMdVeOmBagmmgYiWsuAayUbkv7hc=
Subject key identifier:   3F:4E:1C:D9:72:3B:85:AC:F7:86:4F:B6:9B:8E:74:16:4B:C6:4A:77
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019BF44131DA0BA18FEDEFD0F21DF65C499F
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/P04c2XI7haz3hk-2m450FkvGSnc.roa
Signing time:             Sun 25 Jan 2026 08:24:31 +0000
ROA not before:           Sun 25 Jan 2026 08:24:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207567
IP address blocks:        217.60.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 09:22:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:f4:41:31:da:0b:a1:8f:ed:ef:d0:f2:1d:f6:5c:49:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan 25 08:24:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3f4e1cd9723b85acf7864fb69b8e74164bc64a77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:8e:63:de:42:4a:bb:5c:a7:1e:a7:90:f6:77:
                    fc:58:c6:18:f7:c2:af:a5:b1:d0:2f:88:a6:14:a9:
                    1e:55:e2:29:8f:7a:94:c3:19:a4:34:97:9b:13:3d:
                    96:a5:66:09:55:3d:a4:60:6c:21:0c:54:71:af:71:
                    6a:15:2a:5c:e3:30:47:b3:04:df:89:65:4e:c9:fc:
                    c6:11:fc:f3:b9:95:ed:3e:bd:fe:17:6b:36:a1:f8:
                    de:cd:63:47:14:3d:bf:b9:b0:5e:ee:91:7b:b0:ec:
                    51:1b:df:55:0c:30:bc:4c:f8:38:d4:d0:76:3d:81:
                    a5:aa:97:c8:63:6d:7e:1c:ac:5b:52:03:10:d6:ed:
                    bf:94:22:ff:9c:f1:44:b9:0c:53:f2:44:3e:9e:c5:
                    85:dd:25:d0:34:14:fe:69:43:c2:46:1d:ca:09:31:
                    6a:24:42:6e:9f:38:fa:18:ad:36:78:b4:88:85:bc:
                    b2:8a:51:58:30:08:7b:88:f7:6b:53:bf:fd:30:30:
                    99:4b:ed:38:12:06:5c:ee:d8:f5:a5:34:4c:ee:21:
                    2a:62:f1:70:5e:63:9c:da:bf:11:dd:e8:77:70:d9:
                    6f:08:ce:ab:bd:f3:8d:e5:30:ac:f0:8f:07:0c:91:
                    e8:a7:f4:08:17:8d:c4:ee:cc:4b:3b:25:33:05:20:
                    77:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:4E:1C:D9:72:3B:85:AC:F7:86:4F:B6:9B:8E:74:16:4B:C6:4A:77
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/P04c2XI7haz3hk-2m450FkvGSnc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.60.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:37:b8:c3:df:68:4d:28:df:98:60:00:c2:8c:56:e0:26:8d:
         67:a9:92:3d:3e:cb:64:68:88:bf:2f:e4:99:ab:42:75:f6:6c:
         79:16:3c:00:59:6d:1c:ae:26:75:d0:24:26:57:a5:59:ef:aa:
         66:d4:8b:5f:a0:dd:58:25:40:65:c2:fd:f5:7c:9f:eb:1a:b9:
         d7:d2:0c:e4:d4:58:f2:3f:f4:70:2d:08:58:c6:f8:70:e0:a3:
         25:e1:e3:fc:89:c3:19:f7:67:80:dc:51:8b:04:14:5e:92:6b:
         07:5d:4a:85:b1:0e:42:68:8e:46:7d:1c:cd:d0:57:95:6e:1a:
         bf:50:35:8c:dd:48:50:d1:82:9b:2f:2d:3c:e0:0d:07:ad:75:
         53:db:1d:55:71:1e:7f:ae:11:78:21:5e:eb:bc:25:cf:50:4b:
         a6:c2:d5:73:c1:65:6b:1b:1f:86:f2:14:45:72:14:19:1b:bc:
         b9:02:b0:64:4f:74:6a:9e:28:36:3b:3b:c9:ea:7f:e8:c0:cb:
         71:cf:a7:e6:31:07:ff:d0:55:fc:ef:be:5d:48:7e:cf:5d:74:
         d1:8b:62:85:6b:a2:23:d4:c6:37:66:97:51:da:e1:0d:95:66:
         c6:2a:fe:2d:d8:b0:2d:97:2b:a7:38:49:ec:8b:6e:17:b2:d5:
         c8:cb:85:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZv0QTHaC6GP7e/Q8h32XEmfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMTI1MDgyNDMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjRlMWNkOTcyM2I4NWFjZjc4NjRmYjY5YjhlNzQxNjRiYzY0YTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhY5j3kJKu1ynHqeQ9nf8WMYY98Kv
pbHQL4imFKkeVeIpj3qUwxmkNJebEz2WpWYJVT2kYGwhDFRxr3FqFSpc4zBHswTf
iWVOyfzGEfzzuZXtPr3+F2s2ofjezWNHFD2/ubBe7pF7sOxRG99VDDC8TPg41NB2
PYGlqpfIY21+HKxbUgMQ1u2/lCL/nPFEuQxT8kQ+nsWF3SXQNBT+aUPCRh3KCTFq
JEJunzj6GK02eLSIhbyyilFYMAh7iPdrU7/9MDCZS+04EgZc7tj1pTRM7iEqYvFw
XmOc2r8R3eh3cNlvCM6rvfON5TCs8I8HDJHop/QIF43E7sxLOyUzBSB3TwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD9OHNlyO4Ws94ZPtpuOdBZLxkp3MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvUDA0YzJYSTdoYXozaGstMm00NTBGa3ZHU25jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2TztMA0G
CSqGSIb3DQEBCwUAA4IBAQCTN7jD32hNKN+YYADCjFbgJo1nqZI9PstkaIi/L+SZ
q0J19mx5FjwAWW0criZ10CQmV6VZ76pm1ItfoN1YJUBlwv31fJ/rGrnX0gzk1Fjy
P/RwLQhYxvhw4KMl4eP8icMZ92eA3FGLBBRekmsHXUqFsQ5CaI5GfRzN0FeVbhq/
UDWM3UhQ0YKbLy084A0HrXVT2x1VcR5/rhF4IV7rvCXPUEumwtVzwWVrGx+G8hRF
chQZG7y5ArBkT3Rqnig2OzvJ6n/owMtxz6fmMQf/0FX8775dSH7PXXTRi2KFa6Ij
1MY3ZpdR2uENlWbGKv4t2LAtlyunOEnsi24XstXIy4UJ
-----END CERTIFICATE-----