This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/cDmtGoePQR9FGmODatrZEjLHJoI.roa
File:                     cDmtGoePQR9FGmODatrZEjLHJoI.roa (raw, json)
Hash identifier:          uwni/ztoNsFB+1B7eH9eqjPDbvr9srY6+Bap7krG2+w=
Subject key identifier:   70:39:AD:1A:87:8F:41:1F:45:1A:63:83:6A:DA:D9:12:32:C7:26:82
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019B79EC6156CF1259E6FACB336AF7B9BE2C
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/cDmtGoePQR9FGmODatrZEjLHJoI.roa
Signing time:             Thu 01 Jan 2026 14:18:13 +0000
ROA not before:           Thu 01 Jan 2026 14:18:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     24768
IP address blocks:        150.241.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:61:56:cf:12:59:e6:fa:cb:33:6a:f7:b9:be:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jan  1 14:18:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7039ad1a878f411f451a63836adad91232c72682
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:28:bb:d1:6a:de:7a:91:d2:8c:0e:f1:45:b4:
                    07:8e:f3:90:35:f4:20:6e:4d:c7:7d:d2:94:5f:db:
                    de:8c:8a:bc:5a:41:bf:93:3e:4d:77:d9:3e:56:52:
                    b5:53:b2:a1:7f:d5:db:f6:78:1b:3d:81:16:29:ee:
                    db:b0:2a:d6:c1:61:8f:55:62:6f:3a:b7:35:d6:91:
                    bb:6f:dc:3e:57:fd:8a:59:17:60:4f:d1:b1:66:3e:
                    9c:9c:94:68:18:4f:d7:fb:2c:8a:7c:ae:2f:da:05:
                    70:1f:4b:3b:0a:67:55:57:98:ed:b1:f1:05:b1:2e:
                    ef:bb:8e:89:f8:0e:80:e9:fd:94:33:7c:ec:1b:d5:
                    80:44:bf:b2:13:e1:7e:83:84:f9:18:2b:5c:10:68:
                    e0:f0:ba:c4:a2:56:01:d8:c2:1d:1f:4e:55:ec:05:
                    ad:9f:2e:1b:b4:75:15:3a:74:fe:fe:13:1e:dc:13:
                    9b:db:0c:3d:59:5d:d7:95:26:c1:b9:f9:be:10:88:
                    57:da:24:71:af:bc:8c:15:c7:3f:2a:2b:2d:5b:e4:
                    13:31:97:6f:d7:b3:d7:8d:b2:b4:a6:4d:7e:5f:51:
                    5f:fb:e3:68:55:c3:b4:c1:5d:36:6d:19:64:63:ea:
                    76:55:e0:f0:14:ab:63:d1:60:e5:7b:fe:38:ef:73:
                    93:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:39:AD:1A:87:8F:41:1F:45:1A:63:83:6A:DA:D9:12:32:C7:26:82
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/cDmtGoePQR9FGmODatrZEjLHJoI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.241.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:c0:9c:75:82:05:e3:53:5e:fd:0d:7a:f8:d8:c9:9c:67:e9:
         b9:72:c4:2a:cb:70:ed:54:70:d9:c3:17:b0:67:ef:a6:15:7d:
         f1:14:32:0b:db:9f:3d:ca:84:90:4b:2b:b3:be:fd:e0:35:a1:
         44:ac:c5:eb:46:74:c1:5f:14:de:18:64:39:91:ad:25:7f:84:
         a1:a2:03:9f:55:e9:3e:b9:ef:65:19:de:21:c7:45:a9:34:69:
         19:0f:79:a4:17:1e:ee:14:b1:e4:c6:33:77:80:13:74:66:6a:
         ab:9b:2f:c7:b0:56:39:a2:83:24:4f:f7:66:5e:dc:96:c5:90:
         8a:3d:91:b6:a5:fd:fb:aa:ab:e3:3a:4c:ac:9a:06:73:97:e0:
         0d:ee:c9:a3:1a:39:b9:74:f2:8b:30:0c:29:42:9c:8d:c3:c7:
         c1:64:69:12:1c:77:39:af:67:b8:28:fe:c8:1e:4a:18:c2:6a:
         fe:62:07:59:21:d2:b3:33:b9:31:3c:97:ea:05:34:6d:6e:66:
         b9:af:9c:8b:df:c6:cc:ad:4f:56:ce:20:24:73:62:fa:02:63:
         29:8b:32:ac:15:fb:fb:bd:8f:20:7b:fa:2d:b9:ef:6b:08:e0:
         6e:97:68:df:46:b0:2e:85:a6:eb:ad:b3:24:b1:0d:4f:9a:92:
         6e:bc:db:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57GFWzxJZ5vrLM2r3ub4sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMTAxMTQxODEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDM5YWQxYTg3OGY0MTFmNDUxYTYzODM2YWRhZDkxMjMyYzcyNjgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtii70WreepHSjA7xRbQHjvOQNfQg
bk3HfdKUX9vejIq8WkG/kz5Nd9k+VlK1U7Khf9Xb9ngbPYEWKe7bsCrWwWGPVWJv
Orc11pG7b9w+V/2KWRdgT9GxZj6cnJRoGE/X+yyKfK4v2gVwH0s7CmdVV5jtsfEF
sS7vu46J+A6A6f2UM3zsG9WARL+yE+F+g4T5GCtcEGjg8LrEolYB2MIdH05V7AWt
ny4btHUVOnT+/hMe3BOb2ww9WV3XlSbBufm+EIhX2iRxr7yMFcc/KistW+QTMZdv
17PXjbK0pk1+X1Ff++NoVcO0wV02bRlkY+p2VeDwFKtj0WDle/4473OTSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHA5rRqHj0EfRRpjg2ra2RIyxyaCMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvY0RtdEdvZVBRUjlGR21PRGF0clpFakxISm9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAlvFUMA0G
CSqGSIb3DQEBCwUAA4IBAQCzwJx1ggXjU179DXr42MmcZ+m5csQqy3DtVHDZwxew
Z++mFX3xFDIL2589yoSQSyuzvv3gNaFErMXrRnTBXxTeGGQ5ka0lf4ShogOfVek+
ue9lGd4hx0WpNGkZD3mkFx7uFLHkxjN3gBN0Zmqrmy/HsFY5ooMkT/dmXtyWxZCK
PZG2pf37qqvjOkysmgZzl+AN7smjGjm5dPKLMAwpQpyNw8fBZGkSHHc5r2e4KP7I
HkoYwmr+YgdZIdKzM7kxPJfqBTRtbma5r5yL38bMrU9WziAkc2L6AmMpizKsFfv7
vY8ge/otue9rCOBul2jfRrAuhabrrbMksQ1PmpJuvNus
-----END CERTIFICATE-----