This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/_RlUaty7XFL7Cg1Bd_uBGGhGjOQ.roa
File:                     _RlUaty7XFL7Cg1Bd_uBGGhGjOQ.roa (raw, json)
Hash identifier:          qwy34usdJCqXP9Il0XAoY9RGd5uIHfbG7rpjrxu69io=
Subject key identifier:   FD:19:54:6A:DC:BB:5C:52:FB:0A:0D:41:77:FB:81:18:68:46:8C:E4
Certificate issuer:       /CN=d673d849b7d5047376d57e6f796f0018b70b4506
Certificate serial:       019B77C71819C520536BAA6A1DC66CDD5A5A
Authority key identifier: D6:73:D8:49:B7:D5:04:73:76:D5:7E:6F:79:6F:00:18:B7:0B:45:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1nPYSbfVBHN21X5veW8AGLcLRQY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/_RlUaty7XFL7Cg1Bd_uBGGhGjOQ.roa
Signing time:             Thu 01 Jan 2026 04:18:15 +0000
ROA not before:           Thu 01 Jan 2026 04:18:15 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209575
IP address blocks:        213.208.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/1nPYSbfVBHN21X5veW8AGLcLRQY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/1nPYSbfVBHN21X5veW8AGLcLRQY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1nPYSbfVBHN21X5veW8AGLcLRQY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:18:19:c5:20:53:6b:aa:6a:1d:c6:6c:dd:5a:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d673d849b7d5047376d57e6f796f0018b70b4506
        Validity
            Not Before: Jan  1 04:18:15 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fd19546adcbb5c52fb0a0d4177fb811868468ce4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:c2:97:a7:a3:41:27:9e:0c:2e:05:84:47:40:
                    1d:ee:6a:18:a6:d7:f1:c0:d4:6e:0d:4a:9d:fc:30:
                    e2:96:0e:88:88:91:6c:fb:51:37:5f:22:54:9f:cc:
                    0f:9d:1e:f3:22:de:dc:83:9d:b8:7d:22:88:77:ba:
                    e2:fb:bd:13:39:58:26:81:29:aa:59:9f:e2:2f:0f:
                    5a:48:a0:e9:d0:1b:d2:d4:53:a3:f1:35:82:67:2e:
                    be:7c:32:54:d4:42:9a:59:f5:1d:42:be:54:9a:4b:
                    db:6c:f2:98:90:2b:e9:fe:e5:4e:ea:e8:67:eb:03:
                    97:53:f8:88:41:3d:6a:61:6c:3c:69:28:d9:ba:b0:
                    60:2e:57:1e:85:ef:c6:b9:7b:48:09:8d:4b:23:48:
                    7d:ad:7b:a0:f6:b0:0d:ad:54:42:a8:e9:40:e5:88:
                    1d:b6:35:50:b9:2e:57:c1:54:de:2b:bc:4c:d4:af:
                    cf:64:53:a1:25:d6:b9:dc:35:e0:0b:f5:cc:04:a3:
                    03:88:ce:e1:67:1c:f8:a6:b2:7d:80:af:e9:69:b9:
                    50:41:69:77:30:67:2a:6c:cf:d7:68:39:51:59:5f:
                    58:26:38:93:19:2d:93:0c:d5:3e:c7:a1:dc:2e:0e:
                    1b:92:3b:08:9e:ab:7d:29:39:41:09:f0:3c:8b:89:
                    9b:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:19:54:6A:DC:BB:5C:52:FB:0A:0D:41:77:FB:81:18:68:46:8C:E4
            X509v3 Authority Key Identifier:
                keyid:D6:73:D8:49:B7:D5:04:73:76:D5:7E:6F:79:6F:00:18:B7:0B:45:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1nPYSbfVBHN21X5veW8AGLcLRQY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/_RlUaty7XFL7Cg1Bd_uBGGhGjOQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/1nPYSbfVBHN21X5veW8AGLcLRQY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.208.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:68:85:77:49:6c:50:fa:cf:46:93:db:5c:ea:f0:fd:8b:7d:
         46:92:1d:e8:bb:ad:ec:e6:07:98:e2:d0:89:e0:0d:0a:37:b4:
         80:18:22:9e:4c:a4:c5:83:e3:b0:dc:8f:b7:b8:56:31:24:83:
         f3:1f:96:9d:4e:83:57:35:85:52:ec:9e:3b:5f:05:65:ef:51:
         7e:8f:11:23:3e:36:e5:ed:10:c1:85:ca:5a:18:b0:c8:28:f4:
         94:90:74:59:a3:84:cc:cd:83:e5:e5:f9:19:dc:b0:ac:8e:0d:
         6b:02:be:48:90:ba:1c:58:ac:7c:6f:ab:90:8e:18:8c:a7:56:
         be:cc:1b:a2:34:8a:83:8b:b0:fd:dd:02:1c:18:c2:f1:16:92:
         1c:09:c7:92:19:9d:ce:38:96:b3:bc:b6:d6:24:d6:11:07:76:
         03:59:17:be:a6:a8:2f:6c:e6:de:41:3b:1c:56:51:f1:42:90:
         07:16:d1:91:9e:bc:af:20:93:d0:f5:50:66:8d:9a:9b:02:42:
         14:5f:e5:d5:28:d2:fe:cd:79:df:95:9f:1f:79:f9:e2:ce:e3:
         86:e8:85:26:fb:c0:6c:e0:ad:12:d0:5f:cd:cd:fb:f3:99:59:
         b5:6b:ff:93:53:66:60:1b:a1:a5:0e:f2:db:ab:3b:1c:8b:e6:
         86:13:c7:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xxgZxSBTa6pqHcZs3VpaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2NzNkODQ5YjdkNTA0NzM3NmQ1N2U2Zjc5NmYwMDE4Yjcw
YjQ1MDYwHhcNMjYwMTAxMDQxODE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDE5NTQ2YWRjYmI1YzUyZmIwYTBkNDE3N2ZiODExODY4NDY4Y2U0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxcKXp6NBJ54MLgWER0Ad7moYptfx
wNRuDUqd/DDilg6IiJFs+1E3XyJUn8wPnR7zIt7cg524fSKId7ri+70TOVgmgSmq
WZ/iLw9aSKDp0BvS1FOj8TWCZy6+fDJU1EKaWfUdQr5UmkvbbPKYkCvp/uVO6uhn
6wOXU/iIQT1qYWw8aSjZurBgLlcehe/GuXtICY1LI0h9rXug9rANrVRCqOlA5Ygd
tjVQuS5XwVTeK7xM1K/PZFOhJda53DXgC/XMBKMDiM7hZxz4prJ9gK/pablQQWl3
MGcqbM/XaDlRWV9YJjiTGS2TDNU+x6HcLg4bkjsInqt9KTlBCfA8i4mbowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP0ZVGrcu1xS+woNQXf7gRhoRozkMB8GA1UdIwQY
MBaAFNZz2Em31QRzdtV+b3lvABi3C0UGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMW5QWVNiZlZCSE4yMVg1dmVXOEFHTGNMUlFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS8yZWNlNjItMWQ4Yy00NTBjLTkxZTgt
OGVlYjc1N2NmNTQ1LzEvX1JsVWF0eTdYRkw3Q2cxQmRfdUJHR2hHak9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS8yZWNlNjItMWQ4Yy00NTBjLTkxZTgtOGVlYjc1N2NmNTQ1
LzEvMW5QWVNiZlZCSE4yMVg1dmVXOEFHTGNMUlFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1dCPMA0G
CSqGSIb3DQEBCwUAA4IBAQCzaIV3SWxQ+s9Gk9tc6vD9i31Gkh3ou63s5geY4tCJ
4A0KN7SAGCKeTKTFg+Ow3I+3uFYxJIPzH5adToNXNYVS7J47XwVl71F+jxEjPjbl
7RDBhcpaGLDIKPSUkHRZo4TMzYPl5fkZ3LCsjg1rAr5IkLocWKx8b6uQjhiMp1a+
zBuiNIqDi7D93QIcGMLxFpIcCceSGZ3OOJazvLbWJNYRB3YDWRe+pqgvbObeQTsc
VlHxQpAHFtGRnryvIJPQ9VBmjZqbAkIUX+XVKNL+zXnflZ8fefnizuOG6IUm+8Bs
4K0S0F/NzfvzmVm1a/+TU2ZgG6GlDvLbqzsci+aGE8cx
-----END CERTIFICATE-----