This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/7e1989-4b1e-4f33-bd32-ac881497e0a2/1/yOU3uduoN5dP8e-jmAjD8aQwrlU.roa
File:                     yOU3uduoN5dP8e-jmAjD8aQwrlU.roa (raw, json)
Hash identifier:          O6bQWgeJySRYDkrf9DCbKR1ZNlkw4pe8n+wuoJJY0+U=
Subject key identifier:   C8:E5:37:B9:DB:A8:37:97:4F:F1:EF:A3:98:08:C3:F1:A4:30:AE:55
Certificate issuer:       /CN=1129ad014072de6617438fb1afbe41a2dbdc811c
Certificate serial:       019B76EB68C9F3388E03F554C913BDBF79AD
Authority key identifier: 11:29:AD:01:40:72:DE:66:17:43:8F:B1:AF:BE:41:A2:DB:DC:81:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ESmtAUBy3mYXQ4-xr75BotvcgRw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/7e1989-4b1e-4f33-bd32-ac881497e0a2/1/yOU3uduoN5dP8e-jmAjD8aQwrlU.roa
Signing time:             Thu 01 Jan 2026 00:18:17 +0000
ROA not before:           Thu 01 Jan 2026 00:18:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208346
IP address blocks:        217.198.186.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/7e1989-4b1e-4f33-bd32-ac881497e0a2/1/ESmtAUBy3mYXQ4-xr75BotvcgRw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/7e1989-4b1e-4f33-bd32-ac881497e0a2/1/ESmtAUBy3mYXQ4-xr75BotvcgRw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ESmtAUBy3mYXQ4-xr75BotvcgRw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 18:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:68:c9:f3:38:8e:03:f5:54:c9:13:bd:bf:79:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1129ad014072de6617438fb1afbe41a2dbdc811c
        Validity
            Not Before: Jan  1 00:18:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c8e537b9dba837974ff1efa39808c3f1a430ae55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:3f:bd:72:43:93:9d:e0:65:be:65:5e:dd:54:
                    76:34:08:41:16:30:57:b7:d3:ef:b3:4d:53:7e:40:
                    bb:f5:cd:59:4d:35:b9:92:5f:5a:03:b4:04:26:3d:
                    47:61:8b:71:3b:e9:e1:a9:23:75:b6:2e:d7:89:3d:
                    5a:df:cf:75:49:e2:48:02:41:17:c1:34:b7:cb:fd:
                    29:92:2f:25:76:01:44:b1:96:27:93:00:98:06:c1:
                    b7:f9:99:3a:e1:d7:b4:ce:fa:3a:03:47:d5:5f:00:
                    f4:a8:24:96:8a:d0:11:21:7d:2d:21:71:18:24:78:
                    8e:c7:83:d9:d0:07:96:29:94:c9:da:54:6f:75:e1:
                    40:09:f6:66:0a:06:e3:cc:d5:77:9c:be:af:5e:41:
                    a1:e9:d0:07:2a:f9:78:2d:61:7e:7c:8d:fa:0a:22:
                    48:e2:bb:ba:f8:27:0d:0f:d0:5b:ae:0e:ff:c9:8a:
                    87:5d:a3:50:10:64:d9:34:73:06:fc:fc:33:2a:65:
                    30:a2:ee:6b:5e:bd:98:16:e8:e3:d2:b4:93:91:2f:
                    c3:e3:de:99:08:56:22:7c:f4:20:aa:2c:6c:f1:4f:
                    4a:39:e9:54:bc:14:21:d2:1f:84:ec:0a:8a:e8:46:
                    02:9b:f4:b2:78:2c:4e:83:8a:cf:02:da:7a:75:76:
                    d9:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:E5:37:B9:DB:A8:37:97:4F:F1:EF:A3:98:08:C3:F1:A4:30:AE:55
            X509v3 Authority Key Identifier:
                keyid:11:29:AD:01:40:72:DE:66:17:43:8F:B1:AF:BE:41:A2:DB:DC:81:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ESmtAUBy3mYXQ4-xr75BotvcgRw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/7e1989-4b1e-4f33-bd32-ac881497e0a2/1/yOU3uduoN5dP8e-jmAjD8aQwrlU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/7e1989-4b1e-4f33-bd32-ac881497e0a2/1/ESmtAUBy3mYXQ4-xr75BotvcgRw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.198.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:51:33:aa:35:35:c3:61:a5:21:7b:8a:7c:c9:06:30:5a:d2:
         99:27:a0:ec:94:5f:d4:a8:8a:d4:52:b7:32:2e:d9:13:14:ab:
         5d:85:f8:ae:21:06:33:0a:8a:2a:5c:a5:69:b3:72:ac:2f:4b:
         59:eb:52:d9:d4:c7:ac:76:4c:21:af:4c:44:f2:f0:96:f7:19:
         cc:c1:57:4e:69:a2:ff:7c:c6:0b:7f:35:34:ad:69:f3:18:05:
         a3:83:a9:17:98:2c:7a:9e:81:25:4d:5d:f4:f7:97:63:99:5f:
         eb:d7:95:eb:77:63:05:47:0d:e9:e5:62:20:e0:6f:83:18:ae:
         fd:f0:3d:69:9e:70:ca:0c:6b:90:a7:14:e9:b8:13:70:0e:0e:
         e0:c3:37:8b:e7:da:84:ab:31:cc:00:99:53:79:be:55:ec:27:
         b7:f1:21:94:13:b4:ac:f3:c9:a9:b8:8b:ae:49:9a:5a:2d:3e:
         68:07:b0:88:f1:ec:4a:39:41:2c:70:f9:1a:c4:3e:dd:04:a3:
         ef:62:ce:58:c8:7a:1f:49:4c:8b:70:d5:d1:b1:e4:48:64:60:
         68:6e:39:1b:c0:66:da:24:7c:47:08:ee:37:de:06:32:00:db:
         76:99:9b:be:06:e1:2f:ef:8c:f6:80:24:d6:1c:f3:9b:26:0d:
         a7:e7:c2:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt262jJ8ziOA/VUyRO9v3mtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMjlhZDAxNDA3MmRlNjYxNzQzOGZiMWFmYmU0MWEyZGJk
YzgxMWMwHhcNMjYwMTAxMDAxODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGU1MzdiOWRiYTgzNzk3NGZmMWVmYTM5ODA4YzNmMWE0MzBhZTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvT+9ckOTneBlvmVe3VR2NAhBFjBX
t9Pvs01TfkC79c1ZTTW5kl9aA7QEJj1HYYtxO+nhqSN1ti7XiT1a3891SeJIAkEX
wTS3y/0pki8ldgFEsZYnkwCYBsG3+Zk64de0zvo6A0fVXwD0qCSWitARIX0tIXEY
JHiOx4PZ0AeWKZTJ2lRvdeFACfZmCgbjzNV3nL6vXkGh6dAHKvl4LWF+fI36CiJI
4ru6+CcND9Bbrg7/yYqHXaNQEGTZNHMG/PwzKmUwou5rXr2YFujj0rSTkS/D496Z
CFYifPQgqixs8U9KOelUvBQh0h+E7AqK6EYCm/SyeCxOg4rPAtp6dXbZBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMjlN7nbqDeXT/Hvo5gIw/GkMK5VMB8GA1UdIwQY
MBaAFBEprQFAct5mF0OPsa++QaLb3IEcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVNtdEFVQnkzbVlYUTQteHI3NUJvdHZjZ1J3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC83ZTE5ODktNGIxZS00ZjMzLWJkMzIt
YWM4ODE0OTdlMGEyLzEveU9VM3VkdW9ONWRQOGUtam1BakQ4YVF3cmxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC83ZTE5ODktNGIxZS00ZjMzLWJkMzItYWM4ODE0OTdlMGEy
LzEvRVNtdEFVQnkzbVlYUTQteHI3NUJvdHZjZ1J3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ca6MA0G
CSqGSIb3DQEBCwUAA4IBAQCwUTOqNTXDYaUhe4p8yQYwWtKZJ6DslF/UqIrUUrcy
LtkTFKtdhfiuIQYzCooqXKVps3KsL0tZ61LZ1Mesdkwhr0xE8vCW9xnMwVdOaaL/
fMYLfzU0rWnzGAWjg6kXmCx6noElTV3095djmV/r15Xrd2MFRw3p5WIg4G+DGK79
8D1pnnDKDGuQpxTpuBNwDg7gwzeL59qEqzHMAJlTeb5V7Ce38SGUE7Ss88mpuIuu
SZpaLT5oB7CI8exKOUEscPkaxD7dBKPvYs5YyHofSUyLcNXRseRIZGBobjkbwGba
JHxHCO433gYyANt2mZu+BuEv74z2gCTWHPObJg2n58Jv
-----END CERTIFICATE-----