This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/2451b7-9091-4a27-ab91-348f9ffbd883/1/z_9II5WYBoTBGZ5pgFe4r6CevAw.roa
File:                     z_9II5WYBoTBGZ5pgFe4r6CevAw.roa (raw, json)
Hash identifier:          b3pynxd2lAP3NtJ8uzmF53kEH7MeotRATSOpsRAWQMA=
Subject key identifier:   CF:FF:48:23:95:98:06:84:C1:19:9E:69:80:57:B8:AF:A0:9E:BC:0C
Certificate issuer:       /CN=a1b0477f9d09a2c74f4c459e80b729afeeb312d4
Certificate serial:       019B76EAD4D5AB87BB2CEDB3919DC59B485E
Authority key identifier: A1:B0:47:7F:9D:09:A2:C7:4F:4C:45:9E:80:B7:29:AF:EE:B3:12:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/obBHf50JosdPTEWegLcpr-6zEtQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/2451b7-9091-4a27-ab91-348f9ffbd883/1/z_9II5WYBoTBGZ5pgFe4r6CevAw.roa
Signing time:             Thu 01 Jan 2026 00:17:39 +0000
ROA not before:           Thu 01 Jan 2026 00:17:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205257
IP address blocks:        178.17.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/2451b7-9091-4a27-ab91-348f9ffbd883/1/obBHf50JosdPTEWegLcpr-6zEtQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/2451b7-9091-4a27-ab91-348f9ffbd883/1/obBHf50JosdPTEWegLcpr-6zEtQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/obBHf50JosdPTEWegLcpr-6zEtQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:d4:d5:ab:87:bb:2c:ed:b3:91:9d:c5:9b:48:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1b0477f9d09a2c74f4c459e80b729afeeb312d4
        Validity
            Not Before: Jan  1 00:17:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cfff482395980684c1199e698057b8afa09ebc0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:0b:96:55:10:78:28:48:85:66:09:8a:52:93:
                    a9:27:ac:35:ad:67:7b:38:05:02:c9:12:89:0c:c3:
                    c4:8c:cd:fb:5c:ce:54:93:85:2f:59:1b:7d:4f:ab:
                    dc:e6:ee:f2:d8:55:81:32:e4:c5:94:bc:ee:f8:ab:
                    88:a8:25:f5:73:43:fc:2f:39:26:d7:93:4f:a1:6f:
                    f0:a3:15:1a:d7:a3:6b:2a:37:73:de:e0:ff:8d:8a:
                    c1:ce:8e:ae:5e:5b:b3:45:46:37:e7:30:e0:74:51:
                    42:d3:c2:9d:0a:63:04:20:86:73:c3:ae:42:b4:1a:
                    d7:fa:cf:d4:26:3f:7a:84:88:58:68:09:60:e7:96:
                    af:6d:07:ff:9f:61:23:fd:5f:03:fd:33:e2:14:2d:
                    ae:b8:f8:69:33:17:80:1f:6e:7b:60:cd:7e:63:2f:
                    57:56:e3:c2:f7:e3:2c:90:fe:16:c6:f8:7e:4c:45:
                    f0:74:57:e2:3b:1a:22:3b:ec:87:d1:71:45:e8:a2:
                    c7:92:5d:73:36:40:03:2b:3e:d5:c2:06:fd:b7:eb:
                    05:61:db:76:18:09:f2:58:e4:6d:9c:c0:e5:36:e5:
                    b0:61:dc:6e:fb:bc:4d:4d:a2:30:89:3f:4d:41:b1:
                    77:df:dd:ff:1c:83:07:6d:08:86:67:96:94:0c:35:
                    bd:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:FF:48:23:95:98:06:84:C1:19:9E:69:80:57:B8:AF:A0:9E:BC:0C
            X509v3 Authority Key Identifier:
                keyid:A1:B0:47:7F:9D:09:A2:C7:4F:4C:45:9E:80:B7:29:AF:EE:B3:12:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/obBHf50JosdPTEWegLcpr-6zEtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/2451b7-9091-4a27-ab91-348f9ffbd883/1/z_9II5WYBoTBGZ5pgFe4r6CevAw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/2451b7-9091-4a27-ab91-348f9ffbd883/1/obBHf50JosdPTEWegLcpr-6zEtQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.17.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:07:23:3d:60:ea:0f:0e:7d:24:4a:ff:24:f9:99:25:db:f9:
         82:e2:20:c1:bb:93:ec:bf:ce:2b:53:af:b3:63:85:a5:38:6a:
         78:7b:05:31:f9:ee:57:9f:92:65:97:2f:17:0b:56:28:b1:19:
         84:35:9c:8c:7a:01:7c:fb:85:c2:03:9d:71:71:70:2d:63:fe:
         aa:c2:95:b6:c2:35:91:5b:f3:b5:90:10:9f:ca:3c:b2:5f:ad:
         3c:4a:98:54:f9:ad:2e:7b:37:f2:ed:dc:94:3b:74:e9:bc:8e:
         05:78:9e:f0:5d:a3:40:4f:37:4a:19:4a:81:b6:08:74:1a:62:
         21:8e:33:fd:7e:c1:bb:6f:b9:90:ac:d9:d1:f7:0e:ae:be:d1:
         5a:d6:c6:9c:21:83:f7:ff:04:a0:86:29:66:be:c8:07:b1:a3:
         c7:c0:51:5a:3e:87:80:ef:ce:30:c6:a0:c0:c0:cf:0f:51:5b:
         80:6c:fa:fe:a0:58:9d:8c:a7:df:61:13:50:23:27:1b:8b:a4:
         c1:1a:8c:40:a3:36:08:11:c7:ff:65:ce:cb:19:f4:b1:3d:36:
         34:c1:d7:4f:20:a8:eb:ec:77:ca:ad:8f:f4:02:0c:8c:70:7b:
         db:5f:7d:78:d1:55:fb:d5:07:c6:da:8e:33:7d:df:ca:f2:a4:
         62:e8:2b:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26tTVq4e7LO2zkZ3Fm0heMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExYjA0NzdmOWQwOWEyYzc0ZjRjNDU5ZTgwYjcyOWFmZWVi
MzEyZDQwHhcNMjYwMTAxMDAxNzM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmZmNDgyMzk1OTgwNjg0YzExOTllNjk4MDU3YjhhZmEwOWViYzBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQuWVRB4KEiFZgmKUpOpJ6w1rWd7
OAUCyRKJDMPEjM37XM5Uk4UvWRt9T6vc5u7y2FWBMuTFlLzu+KuIqCX1c0P8Lzkm
15NPoW/woxUa16NrKjdz3uD/jYrBzo6uXluzRUY35zDgdFFC08KdCmMEIIZzw65C
tBrX+s/UJj96hIhYaAlg55avbQf/n2Ej/V8D/TPiFC2uuPhpMxeAH257YM1+Yy9X
VuPC9+MskP4Wxvh+TEXwdFfiOxoiO+yH0XFF6KLHkl1zNkADKz7Vwgb9t+sFYdt2
GAnyWORtnMDlNuWwYdxu+7xNTaIwiT9NQbF3393/HIMHbQiGZ5aUDDW9nwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM//SCOVmAaEwRmeaYBXuK+gnrwMMB8GA1UdIwQY
MBaAFKGwR3+dCaLHT0xFnoC3Ka/usxLUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2JCSGY1MEpvc2RQVEVXZWdMY3ByLTZ6RXRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi8yNDUxYjctOTA5MS00YTI3LWFiOTEt
MzQ4ZjlmZmJkODgzLzEvel85SUk1V1lCb1RCR1o1cGdGZTRyNkNldkF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi8yNDUxYjctOTA5MS00YTI3LWFiOTEtMzQ4ZjlmZmJkODgz
LzEvb2JCSGY1MEpvc2RQVEVXZWdMY3ByLTZ6RXRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAshHZMA0G
CSqGSIb3DQEBCwUAA4IBAQB7ByM9YOoPDn0kSv8k+Zkl2/mC4iDBu5Psv84rU6+z
Y4WlOGp4ewUx+e5Xn5Jlly8XC1YosRmENZyMegF8+4XCA51xcXAtY/6qwpW2wjWR
W/O1kBCfyjyyX608SphU+a0uezfy7dyUO3TpvI4FeJ7wXaNATzdKGUqBtgh0GmIh
jjP9fsG7b7mQrNnR9w6uvtFa1sacIYP3/wSghilmvsgHsaPHwFFaPoeA784wxqDA
wM8PUVuAbPr+oFidjKffYRNQIycbi6TBGoxAozYIEcf/Zc7LGfSxPTY0wddPIKjr
7HfKrY/0AgyMcHvbX3140VX71QfG2o4zfd/K8qRi6Cuw
-----END CERTIFICATE-----