This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/F9ptmhFRKM_6FVfNisudgBAGWS4.roa
File:                     F9ptmhFRKM_6FVfNisudgBAGWS4.roa (raw, json)
Hash identifier:          d7zM61XXfq12gKotkFKa6Eui7hLn3eJKdpx9VEf7iSo=
Subject key identifier:   17:DA:6D:9A:11:51:28:CF:FA:15:57:CD:8A:CB:9D:80:10:06:59:2E
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       019B7D5D02D69BDC76808AF6F3C2FC52F48D
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/F9ptmhFRKM_6FVfNisudgBAGWS4.roa
Signing time:             Fri 02 Jan 2026 06:20:06 +0000
ROA not before:           Fri 02 Jan 2026 06:20:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60869
IP address blocks:        217.153.163.128/25 maxlen: 25
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 12:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5d:02:d6:9b:dc:76:80:8a:f6:f3:c2:fc:52:f4:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Jan  2 06:20:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=17da6d9a115128cffa1557cd8acb9d801006592e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:53:f5:dc:41:72:15:1e:b8:f8:dd:6f:16:20:
                    a8:2e:48:81:2d:72:6b:3d:53:40:d0:ac:88:0c:4a:
                    93:c8:20:98:69:86:49:62:04:86:e7:3b:40:49:d4:
                    8b:3b:81:e2:81:b7:84:ae:80:00:a0:9f:a8:6a:fd:
                    8d:9a:cd:31:23:2a:66:31:16:0a:a1:d6:06:d2:66:
                    19:65:6a:19:31:0a:fc:5c:65:6f:f5:63:9c:00:f2:
                    a4:37:82:78:50:bb:88:08:95:61:ad:d5:75:61:10:
                    79:87:5f:8e:93:eb:ca:98:6e:73:7b:4c:16:b5:06:
                    14:bc:7e:a3:6e:d8:1c:3a:f8:54:7c:99:43:6d:61:
                    4d:6a:5e:00:9c:da:de:39:51:91:ee:05:97:c7:cc:
                    5f:93:eb:fa:1e:9c:c2:09:f9:0e:8d:c6:a1:cd:9d:
                    03:5a:dc:70:5f:ac:e6:93:e9:93:48:ed:5a:81:15:
                    34:0c:f5:6c:98:10:06:f3:75:65:62:fe:f7:d6:d9:
                    e7:c1:d6:36:fd:c9:da:5e:0e:77:04:2b:3b:0e:57:
                    f6:af:b9:43:ab:fb:e5:47:21:e2:69:51:ae:9e:c4:
                    7c:3c:f8:77:59:42:1b:86:33:ce:7d:7c:88:28:c2:
                    b6:63:fa:fa:34:1d:d4:a1:2f:80:71:0b:57:6a:45:
                    55:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:DA:6D:9A:11:51:28:CF:FA:15:57:CD:8A:CB:9D:80:10:06:59:2E
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/F9ptmhFRKM_6FVfNisudgBAGWS4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.153.163.128/25

    Signature Algorithm: sha256WithRSAEncryption
         7f:6d:f9:8f:ac:0b:24:88:00:11:d4:84:b1:31:82:37:98:c7:
         a9:69:5b:39:55:d5:69:37:e2:59:de:c9:48:39:49:6f:ae:40:
         e1:63:8d:f1:52:b9:78:3e:86:c2:af:fc:61:03:00:fb:37:fd:
         4d:65:12:e2:9d:72:f7:f3:0e:69:52:0c:fa:af:f3:18:68:7a:
         15:1b:b9:b5:78:df:21:37:ca:4b:0d:da:5a:27:43:af:2b:3d:
         82:d7:38:e9:84:6d:35:5f:d0:b7:21:3a:e2:88:f5:6e:76:8f:
         8b:cb:3b:d6:ce:1d:aa:64:f7:65:5c:0d:fc:c0:d1:27:21:8a:
         48:01:e3:aa:e9:92:6e:3b:25:c1:15:1f:91:fc:48:85:e0:f5:
         d8:ed:7e:ac:b4:38:61:ce:6d:62:46:a7:71:1c:b2:3c:72:f6:
         b5:c2:33:51:dc:3a:a2:32:09:ab:fd:3e:6a:c9:e4:85:a3:54:
         ce:50:f5:16:4e:7a:87:5e:23:5f:87:72:60:ed:2e:65:09:51:
         d7:ac:8c:f1:a2:96:a2:24:c8:65:4b:7a:e6:9b:ae:2a:bc:fd:
         09:9a:c5:b3:83:7d:0c:0c:2c:32:6f:f5:6e:4b:6c:78:75:48:
         41:ab:64:38:8a:7c:19:a6:3f:aa:61:69:ba:fc:c0:14:28:09:
         24:6c:0c:f6
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt9XQLWm9x2gIr288L8UvSNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjYwMTAyMDYyMDA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2RhNmQ5YTExNTEyOGNmZmExNTU3Y2Q4YWNiOWQ4MDEwMDY1OTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjlP13EFyFR64+N1vFiCoLkiBLXJr
PVNA0KyIDEqTyCCYaYZJYgSG5ztASdSLO4HigbeEroAAoJ+oav2Nms0xIypmMRYK
odYG0mYZZWoZMQr8XGVv9WOcAPKkN4J4ULuICJVhrdV1YRB5h1+Ok+vKmG5ze0wW
tQYUvH6jbtgcOvhUfJlDbWFNal4AnNreOVGR7gWXx8xfk+v6HpzCCfkOjcahzZ0D
WtxwX6zmk+mTSO1agRU0DPVsmBAG83VlYv731tnnwdY2/cnaXg53BCs7Dlf2r7lD
q/vlRyHiaVGunsR8PPh3WUIbhjPOfXyIKMK2Y/r6NB3UoS+AcQtXakVVHQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBfabZoRUSjP+hVXzYrLnYAQBlkuMB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEvRjlwdG1oRlJLTV82RlZmTmlzdWRnQkFHV1M0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUH2ZmjgDAN
BgkqhkiG9w0BAQsFAAOCAQEAf235j6wLJIgAEdSEsTGCN5jHqWlbOVXVaTfiWd7J
SDlJb65A4WON8VK5eD6Gwq/8YQMA+zf9TWUS4p1y9/MOaVIM+q/zGGh6FRu5tXjf
ITfKSw3aWidDrys9gtc46YRtNV/QtyE64oj1bnaPi8s71s4dqmT3ZVwN/MDRJyGK
SAHjqumSbjslwRUfkfxIheD12O1+rLQ4Yc5tYkancRyyPHL2tcIzUdw6ojIJq/0+
asnkhaNUzlD1Fk56h14jX4dyYO0uZQlR16yM8aKWoiTIZUt65puuKrz9CZrFs4N9
DAwsMm/1bktseHVIQatkOIp8GaY/qmFpuvzAFCgJJGwM9g==
-----END CERTIFICATE-----