This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/SuFOhz-E0a-EW1K_FDFNTN2f8Tg.roa
File:                     SuFOhz-E0a-EW1K_FDFNTN2f8Tg.roa (raw, json)
Hash identifier:          bVF3TFggrbJih8L4X+mvTaI2TRi/Z+DmRzvd6/1ccas=
Subject key identifier:   4A:E1:4E:87:3F:84:D1:AF:84:5B:52:BF:14:31:4D:4C:DD:9F:F1:38
Certificate issuer:       /CN=42f8ab2ba24879e45c445486fceb21af46656d5a
Certificate serial:       019BE101CE07CD0A83529B109CCB920C9A9C
Authority key identifier: 42:F8:AB:2B:A2:48:79:E4:5C:44:54:86:FC:EB:21:AF:46:65:6D:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/SuFOhz-E0a-EW1K_FDFNTN2f8Tg.roa
Signing time:             Wed 21 Jan 2026 14:42:30 +0000
ROA not before:           Wed 21 Jan 2026 14:42:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214025
IP address blocks:        217.147.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 06:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:e1:01:ce:07:cd:0a:83:52:9b:10:9c:cb:92:0c:9a:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42f8ab2ba24879e45c445486fceb21af46656d5a
        Validity
            Not Before: Jan 21 14:42:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4ae14e873f84d1af845b52bf14314d4cdd9ff138
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:4e:95:d1:67:49:00:96:d8:10:4c:1b:6d:d8:
                    60:36:f3:65:fd:ea:69:14:54:fc:94:38:43:67:2a:
                    ea:23:74:ff:f2:44:82:b2:f9:1b:2f:76:06:bb:4f:
                    02:c9:df:a7:e2:20:11:c8:be:d0:a9:dc:27:e8:db:
                    05:7b:2c:2d:fb:11:d6:6e:20:63:3f:4a:43:ef:f4:
                    b0:04:0d:ad:b9:e8:69:95:e1:7e:be:32:93:a4:1d:
                    e1:fc:bd:fc:e8:b1:d5:a2:d0:6a:cb:4b:ff:a5:0a:
                    e9:e1:0c:b8:fa:8b:94:b9:e5:55:de:80:85:87:3f:
                    bd:f0:c5:79:1f:e8:71:3c:78:30:89:2a:c0:93:65:
                    d8:24:dd:b9:17:ca:99:65:78:dd:a6:70:52:10:3f:
                    b2:b0:a1:58:a3:27:87:39:59:4b:d6:46:ce:0f:69:
                    c3:13:5f:78:47:6a:f5:a9:6a:7e:ed:56:e0:ff:2c:
                    d1:8e:fb:e4:fe:88:62:94:31:0b:fd:a6:99:03:06:
                    e4:d8:5c:0b:24:c1:c1:61:25:b7:e9:3d:f1:11:8c:
                    b0:ce:85:8f:ec:33:7c:4e:7e:c6:c8:6d:78:40:1e:
                    1d:e5:e8:ce:55:e1:a5:cc:02:e8:43:7a:19:ce:80:
                    ef:4b:b7:d4:85:58:99:a1:0e:55:71:51:c4:86:ec:
                    25:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:E1:4E:87:3F:84:D1:AF:84:5B:52:BF:14:31:4D:4C:DD:9F:F1:38
            X509v3 Authority Key Identifier:
                keyid:42:F8:AB:2B:A2:48:79:E4:5C:44:54:86:FC:EB:21:AF:46:65:6D:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/SuFOhz-E0a-EW1K_FDFNTN2f8Tg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.147.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:31:22:84:7f:64:a4:1a:f8:dc:b3:80:41:8a:a9:70:32:e7:
         e8:b9:84:05:bd:36:58:c8:c2:82:6e:57:50:81:a0:d2:af:a6:
         95:39:af:a8:2d:c8:92:79:be:4b:a1:89:e6:48:c9:54:a7:90:
         c1:40:25:2e:0e:d7:09:eb:40:07:ea:4c:3b:13:fd:09:18:ff:
         74:07:b9:b6:e7:e0:ff:36:d3:2f:4a:a1:26:d9:1b:1c:7d:f3:
         f6:e6:c8:ca:83:0b:fc:9f:35:9c:0f:1a:5d:df:c8:68:8a:70:
         a7:0b:be:ca:77:20:6e:13:bc:80:0b:d4:04:e2:f2:a7:8c:22:
         5f:99:c6:58:c4:1f:fc:2e:54:61:4d:df:9b:41:ff:3f:5e:6d:
         bf:7c:0c:9c:85:ca:be:8d:6d:e6:d6:0c:30:88:5c:f8:43:47:
         84:93:7e:1e:23:ff:d9:73:e7:f4:34:51:7c:24:09:07:83:68:
         75:03:4c:d3:24:72:b7:c8:3e:db:f3:2e:62:0c:e6:f3:43:a5:
         02:5f:ad:8e:4d:b6:01:93:8b:42:5d:6c:49:82:4c:6c:87:05:
         4d:da:18:3d:7b:9c:b1:35:ea:4d:23:74:ae:4b:60:67:c5:7a:
         ff:80:ca:8a:49:70:e9:bf:fb:bc:76:c7:b0:84:71:ca:f8:63:
         82:a0:3d:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZvhAc4HzQqDUpsQnMuSDJqcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyZjhhYjJiYTI0ODc5ZTQ1YzQ0NTQ4NmZjZWIyMWFmNDY2
NTZkNWEwHhcNMjYwMTIxMTQ0MjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWUxNGU4NzNmODRkMWFmODQ1YjUyYmYxNDMxNGQ0Y2RkOWZmMTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyE6V0WdJAJbYEEwbbdhgNvNl/epp
FFT8lDhDZyrqI3T/8kSCsvkbL3YGu08Cyd+n4iARyL7Qqdwn6NsFeywt+xHWbiBj
P0pD7/SwBA2tuehpleF+vjKTpB3h/L386LHVotBqy0v/pQrp4Qy4+ouUueVV3oCF
hz+98MV5H+hxPHgwiSrAk2XYJN25F8qZZXjdpnBSED+ysKFYoyeHOVlL1kbOD2nD
E194R2r1qWp+7Vbg/yzRjvvk/ohilDEL/aaZAwbk2FwLJMHBYSW36T3xEYywzoWP
7DN8Tn7GyG14QB4d5ejOVeGlzALoQ3oZzoDvS7fUhViZoQ5VcVHEhuwlUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFErhToc/hNGvhFtSvxQxTUzdn/E4MB8GA1UdIwQY
MBaAFEL4qyuiSHnkXERUhvzrIa9GZW1aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXZpcks2SkllZVJjUkZTR19Pc2hyMFpsYlZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9jMTdjNWQtNzU0My00NDBmLTg3OGYt
MTc2OWZlZjZiZTk2LzEvU3VGT2h6LUUwYS1FVzFLX0ZERk5UTjJmOFRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9jMTdjNWQtNzU0My00NDBmLTg3OGYtMTc2OWZlZjZiZTk2
LzEvUXZpcks2SkllZVJjUkZTR19Pc2hyMFpsYlZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZOnMA0G
CSqGSIb3DQEBCwUAA4IBAQCJMSKEf2SkGvjcs4BBiqlwMufouYQFvTZYyMKCbldQ
gaDSr6aVOa+oLciSeb5LoYnmSMlUp5DBQCUuDtcJ60AH6kw7E/0JGP90B7m25+D/
NtMvSqEm2RscffP25sjKgwv8nzWcDxpd38hoinCnC77KdyBuE7yAC9QE4vKnjCJf
mcZYxB/8LlRhTd+bQf8/Xm2/fAychcq+jW3m1gwwiFz4Q0eEk34eI//Zc+f0NFF8
JAkHg2h1A0zTJHK3yD7b8y5iDObzQ6UCX62OTbYBk4tCXWxJgkxshwVN2hg9e5yx
NepNI3SuS2BnxXr/gMqKSXDpv/u8dsewhHHK+GOCoD3E
-----END CERTIFICATE-----