This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/2e543d-4ef7-4e85-867a-99f2004659d1/1/2e8QyLYMT4HWwfUGaImHeP_tGTY.roa
File:                     2e8QyLYMT4HWwfUGaImHeP_tGTY.roa (raw, json)
Hash identifier:          s9h03bDzb0Cy0LO5kY73K6dn/N9HUik5sgJSj+kQ3k8=
Subject key identifier:   D9:EF:10:C8:B6:0C:4F:81:D6:C1:F5:06:68:89:87:78:FF:ED:19:36
Certificate issuer:       /CN=7cdc40c3dbdf819d7413e772bd875814c7eaf55e
Certificate serial:       019B77C69A72FE0E6FF9F3DAC8E29B32789C
Authority key identifier: 7C:DC:40:C3:DB:DF:81:9D:74:13:E7:72:BD:87:58:14:C7:EA:F5:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fNxAw9vfgZ10E-dyvYdYFMfq9V4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/2e543d-4ef7-4e85-867a-99f2004659d1/1/2e8QyLYMT4HWwfUGaImHeP_tGTY.roa
Signing time:             Thu 01 Jan 2026 04:17:42 +0000
ROA not before:           Thu 01 Jan 2026 04:17:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201233
IP address blocks:        217.18.85.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/2e543d-4ef7-4e85-867a-99f2004659d1/1/fNxAw9vfgZ10E-dyvYdYFMfq9V4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/2e543d-4ef7-4e85-867a-99f2004659d1/1/fNxAw9vfgZ10E-dyvYdYFMfq9V4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fNxAw9vfgZ10E-dyvYdYFMfq9V4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:9a:72:fe:0e:6f:f9:f3:da:c8:e2:9b:32:78:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7cdc40c3dbdf819d7413e772bd875814c7eaf55e
        Validity
            Not Before: Jan  1 04:17:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d9ef10c8b60c4f81d6c1f50668898778ffed1936
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:03:21:48:c0:9f:7f:86:5b:95:bf:b0:29:20:
                    42:3f:ef:2f:1a:50:a2:52:b5:9a:43:25:a8:7f:35:
                    44:40:1d:64:d1:b3:8b:4f:2b:d8:47:78:12:9a:14:
                    4e:5d:24:90:e9:42:27:fd:35:e8:3e:0f:50:bb:4f:
                    bf:c6:eb:1e:a8:b6:45:d3:4e:ed:95:fb:b3:4c:dd:
                    8f:77:8d:7f:6f:97:76:ff:67:71:bc:06:7f:84:e2:
                    a2:11:4b:c1:67:a4:d1:04:45:08:5a:d2:40:ed:07:
                    2d:14:52:42:b4:83:87:23:dc:59:f4:2a:f5:a5:14:
                    e7:e2:7e:aa:68:cf:03:13:6f:e3:d2:c1:d2:25:98:
                    21:15:d9:d3:db:a1:38:5a:c9:72:77:d6:27:84:77:
                    57:f3:d4:a6:5b:c9:a0:8b:1f:7b:02:84:ee:c2:1e:
                    ae:f5:e5:f1:19:ab:b1:b1:30:78:3a:da:06:8b:32:
                    d0:b2:f6:78:00:8e:b8:9c:79:f8:78:e1:f4:23:b7:
                    aa:8d:a4:59:d3:5a:8f:0a:30:fb:0d:61:0c:f0:b6:
                    1d:a9:41:bd:ed:05:fa:4e:b9:5f:da:85:a0:37:63:
                    b1:a9:6a:db:1d:bd:3a:06:ed:41:45:10:48:23:62:
                    5c:bb:b5:0d:bb:4b:9b:db:c5:6b:fd:c7:82:ed:04:
                    89:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:EF:10:C8:B6:0C:4F:81:D6:C1:F5:06:68:89:87:78:FF:ED:19:36
            X509v3 Authority Key Identifier:
                keyid:7C:DC:40:C3:DB:DF:81:9D:74:13:E7:72:BD:87:58:14:C7:EA:F5:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fNxAw9vfgZ10E-dyvYdYFMfq9V4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/2e543d-4ef7-4e85-867a-99f2004659d1/1/2e8QyLYMT4HWwfUGaImHeP_tGTY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/2e543d-4ef7-4e85-867a-99f2004659d1/1/fNxAw9vfgZ10E-dyvYdYFMfq9V4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.18.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ea:d7:52:6e:ea:b5:6e:15:e8:fb:00:27:6f:59:ad:29:df:1f:
         01:08:a3:47:6c:b1:8f:64:83:d1:cc:be:92:b8:37:aa:da:62:
         2f:1f:48:d9:4a:ad:e8:68:b4:74:2c:ee:fe:36:6c:ec:68:c8:
         c8:45:51:6c:91:b5:c6:94:79:1b:9f:38:bc:f2:7f:0b:08:35:
         db:03:77:7f:33:bf:37:b2:f6:db:b6:fd:a2:ce:83:6e:4d:36:
         d5:89:35:f4:6c:bf:45:60:ec:7d:33:34:94:ae:af:09:50:e0:
         19:48:a2:2b:3a:58:f8:1e:03:ec:25:64:30:c9:ad:f0:f0:85:
         b3:9f:3d:c6:16:72:b0:44:f0:85:c6:f3:60:07:49:99:3a:63:
         1c:be:0b:09:7c:2b:7d:37:88:4c:ec:c0:e3:d7:b5:79:39:87:
         18:a0:54:af:84:86:46:c4:62:f9:af:d1:d3:f5:7f:5d:cd:ca:
         7f:4e:92:0a:86:ed:96:7a:d2:bd:2d:4d:74:62:4c:2d:70:f1:
         be:fe:8d:af:4a:57:56:c9:4a:b1:f1:75:59:59:75:92:73:99:
         db:95:77:b5:40:cf:4c:5e:2a:68:e9:54:2b:a2:d9:be:b8:d2:
         82:3e:8e:e0:76:db:73:a0:84:b7:a9:e8:fb:1c:ba:d2:45:6e:
         b8:1c:d0:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xppy/g5v+fPayOKbMnicMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjZGM0MGMzZGJkZjgxOWQ3NDEzZTc3MmJkODc1ODE0Yzdl
YWY1NWUwHhcNMjYwMTAxMDQxNzQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWVmMTBjOGI2MGM0ZjgxZDZjMWY1MDY2ODg5ODc3OGZmZWQxOTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArgMhSMCff4Zblb+wKSBCP+8vGlCi
UrWaQyWofzVEQB1k0bOLTyvYR3gSmhROXSSQ6UIn/TXoPg9Qu0+/xuseqLZF007t
lfuzTN2Pd41/b5d2/2dxvAZ/hOKiEUvBZ6TRBEUIWtJA7QctFFJCtIOHI9xZ9Cr1
pRTn4n6qaM8DE2/j0sHSJZghFdnT26E4Wslyd9YnhHdX89SmW8mgix97AoTuwh6u
9eXxGauxsTB4OtoGizLQsvZ4AI64nHn4eOH0I7eqjaRZ01qPCjD7DWEM8LYdqUG9
7QX6Trlf2oWgN2OxqWrbHb06Bu1BRRBII2Jcu7UNu0ub28Vr/ceC7QSJoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNnvEMi2DE+B1sH1BmiJh3j/7Rk2MB8GA1UdIwQY
MBaAFHzcQMPb34GddBPncr2HWBTH6vVeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZk54QXc5dmZnWjEwRS1keXZZZFlGTWZxOVY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS8yZTU0M2QtNGVmNy00ZTg1LTg2N2Et
OTlmMjAwNDY1OWQxLzEvMmU4UXlMWU1UNEhXd2ZVR2FJbUhlUF90R1RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS8yZTU0M2QtNGVmNy00ZTg1LTg2N2EtOTlmMjAwNDY1OWQx
LzEvZk54QXc5dmZnWjEwRS1keXZZZFlGTWZxOVY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2RJVMA0G
CSqGSIb3DQEBCwUAA4IBAQDq11Ju6rVuFej7ACdvWa0p3x8BCKNHbLGPZIPRzL6S
uDeq2mIvH0jZSq3oaLR0LO7+NmzsaMjIRVFskbXGlHkbnzi88n8LCDXbA3d/M783
svbbtv2izoNuTTbViTX0bL9FYOx9MzSUrq8JUOAZSKIrOlj4HgPsJWQwya3w8IWz
nz3GFnKwRPCFxvNgB0mZOmMcvgsJfCt9N4hM7MDj17V5OYcYoFSvhIZGxGL5r9HT
9X9dzcp/TpIKhu2WetK9LU10YkwtcPG+/o2vSldWyUqx8XVZWXWSc5nblXe1QM9M
Xipo6VQrotm+uNKCPo7gdttzoIS3qej7HLrSRW64HND6
-----END CERTIFICATE-----