This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/698e4e-0a39-416b-affe-61819c480cbe/1/Cryli7tFA3xQzdS5-qcU49qg2iM.roa
File:                     Cryli7tFA3xQzdS5-qcU49qg2iM.roa (raw, json)
Hash identifier:          ZS2Te+uiOMALn+TaiqIM3OKXyBaszdLcDeqRDP7qYwo=
Subject key identifier:   0A:BC:A5:8B:BB:45:03:7C:50:CD:D4:B9:FA:A7:14:E3:DA:A0:DA:23
Certificate issuer:       /CN=808c3a6c5cbff0739e438d05744405b16197b15b
Certificate serial:       019B7C13644303E993FAF8BA52343C3FC266
Authority key identifier: 80:8C:3A:6C:5C:BF:F0:73:9E:43:8D:05:74:44:05:B1:61:97:B1:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gIw6bFy_8HOeQ40FdEQFsWGXsVs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/698e4e-0a39-416b-affe-61819c480cbe/1/Cryli7tFA3xQzdS5-qcU49qg2iM.roa
Signing time:             Fri 02 Jan 2026 00:20:04 +0000
ROA not before:           Fri 02 Jan 2026 00:20:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39334
IP address blocks:        213.109.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/698e4e-0a39-416b-affe-61819c480cbe/1/gIw6bFy_8HOeQ40FdEQFsWGXsVs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/698e4e-0a39-416b-affe-61819c480cbe/1/gIw6bFy_8HOeQ40FdEQFsWGXsVs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gIw6bFy_8HOeQ40FdEQFsWGXsVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:13:64:43:03:e9:93:fa:f8:ba:52:34:3c:3f:c2:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=808c3a6c5cbff0739e438d05744405b16197b15b
        Validity
            Not Before: Jan  2 00:20:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0abca58bbb45037c50cdd4b9faa714e3daa0da23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:b9:fd:51:19:59:d8:a0:3e:c8:60:4a:06:f8:
                    1e:ed:48:b7:b2:e3:7f:8a:6f:60:92:67:0b:21:b4:
                    d1:76:6c:fa:6a:77:fa:70:aa:2c:0c:c6:2f:37:48:
                    7e:41:db:58:b8:8d:83:b2:9b:a0:e3:9a:82:4a:e5:
                    ff:d8:fb:61:7e:81:63:97:0b:89:92:4f:18:5d:5b:
                    d6:0b:8d:b8:15:0b:a9:93:26:4a:01:3d:7c:63:79:
                    ee:d6:90:e5:03:74:50:f3:4f:f0:5b:06:b0:fa:27:
                    9b:91:cc:ab:18:55:00:e8:95:54:73:b5:4c:f7:55:
                    2a:d0:81:5a:8e:c1:95:10:a2:0f:e5:a8:5d:78:1f:
                    9d:3f:69:8c:ab:e9:fb:96:e6:82:bb:47:b2:4f:c7:
                    02:1f:6b:fb:70:e0:22:ff:81:ba:94:fa:12:6e:df:
                    5b:8f:01:e6:68:d4:f5:65:a5:1b:fb:2b:87:f7:fc:
                    46:ea:9d:5c:52:69:bc:db:c8:83:76:e7:9e:ca:10:
                    f1:e4:4c:3d:05:d9:f9:6e:d1:b9:ad:a6:fb:8d:e5:
                    f9:c3:e2:83:71:fc:65:36:8b:1b:41:f8:f6:49:4a:
                    19:e9:47:09:a1:3f:49:2e:cd:11:73:c8:1e:1a:83:
                    49:59:b0:eb:47:49:7f:bb:57:6f:71:44:30:2a:08:
                    5b:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:BC:A5:8B:BB:45:03:7C:50:CD:D4:B9:FA:A7:14:E3:DA:A0:DA:23
            X509v3 Authority Key Identifier:
                keyid:80:8C:3A:6C:5C:BF:F0:73:9E:43:8D:05:74:44:05:B1:61:97:B1:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gIw6bFy_8HOeQ40FdEQFsWGXsVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/698e4e-0a39-416b-affe-61819c480cbe/1/Cryli7tFA3xQzdS5-qcU49qg2iM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/698e4e-0a39-416b-affe-61819c480cbe/1/gIw6bFy_8HOeQ40FdEQFsWGXsVs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.109.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:99:eb:b0:08:0a:40:66:b8:c3:77:43:f8:4c:e2:1a:5e:13:
         78:84:6d:c3:ab:51:83:88:9a:b4:f1:25:84:b1:2a:d3:1b:47:
         9a:dd:81:d1:f4:21:1d:e8:eb:13:93:7d:24:62:aa:b1:f7:a3:
         67:bc:81:b7:8e:7d:a8:9a:25:c4:68:5a:31:81:cd:fd:75:4d:
         b6:80:87:9d:26:40:45:14:c4:54:b8:06:f6:bb:e0:55:3b:22:
         8c:69:2c:e2:6c:f5:78:9e:a6:ea:30:a3:a3:91:fe:3e:64:0c:
         ad:eb:4d:fd:8e:94:0d:fd:71:58:dc:e3:9d:64:02:55:b6:2c:
         f0:d2:d2:72:ed:ce:a9:aa:c8:01:32:54:7a:59:bf:01:15:3a:
         95:50:a0:0f:d6:55:20:3a:ea:a3:71:96:7f:6b:ab:c3:9e:96:
         0d:29:57:7a:c9:21:d1:63:a2:3d:a6:56:19:ba:a4:e7:5f:66:
         80:ad:78:3b:aa:de:dc:73:b1:8b:9f:99:9d:0a:47:e6:b7:81:
         97:b1:78:e3:cd:f9:a6:e6:43:87:5d:7e:e1:99:5f:07:e9:81:
         07:38:0f:66:11:81:a2:65:bf:86:10:b0:c2:28:70:7a:77:df:
         94:af:27:92:5c:86:40:77:17:7f:4d:7e:2a:62:85:05:75:ca:
         42:03:8e:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8E2RDA+mT+vi6UjQ8P8JmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwOGMzYTZjNWNiZmYwNzM5ZTQzOGQwNTc0NDQwNWIxNjE5
N2IxNWIwHhcNMjYwMTAyMDAyMDA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWJjYTU4YmJiNDUwMzdjNTBjZGQ0YjlmYWE3MTRlM2RhYTBkYTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj7n9URlZ2KA+yGBKBvge7Ui3suN/
im9gkmcLIbTRdmz6anf6cKosDMYvN0h+QdtYuI2Dspug45qCSuX/2PthfoFjlwuJ
kk8YXVvWC424FQupkyZKAT18Y3nu1pDlA3RQ80/wWwaw+iebkcyrGFUA6JVUc7VM
91Uq0IFajsGVEKIP5ahdeB+dP2mMq+n7luaCu0eyT8cCH2v7cOAi/4G6lPoSbt9b
jwHmaNT1ZaUb+yuH9/xG6p1cUmm828iDdueeyhDx5Ew9Bdn5btG5rab7jeX5w+KD
cfxlNosbQfj2SUoZ6UcJoT9JLs0Rc8geGoNJWbDrR0l/u1dvcUQwKghb7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAq8pYu7RQN8UM3UufqnFOPaoNojMB8GA1UdIwQY
MBaAFICMOmxcv/BznkONBXREBbFhl7FbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0l3NmJGeV84SE9lUTQwRmRFUUZzV0dYc1ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC82OThlNGUtMGEzOS00MTZiLWFmZmUt
NjE4MTljNDgwY2JlLzEvQ3J5bGk3dEZBM3hRemRTNS1xY1U0OXFnMmlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC82OThlNGUtMGEzOS00MTZiLWFmZmUtNjE4MTljNDgwY2Jl
LzEvZ0l3NmJGeV84SE9lUTQwRmRFUUZzV0dYc1ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1W1UMA0G
CSqGSIb3DQEBCwUAA4IBAQBDmeuwCApAZrjDd0P4TOIaXhN4hG3Dq1GDiJq08SWE
sSrTG0ea3YHR9CEd6OsTk30kYqqx96NnvIG3jn2omiXEaFoxgc39dU22gIedJkBF
FMRUuAb2u+BVOyKMaSzibPV4nqbqMKOjkf4+ZAyt6039jpQN/XFY3OOdZAJVtizw
0tJy7c6pqsgBMlR6Wb8BFTqVUKAP1lUgOuqjcZZ/a6vDnpYNKVd6ySHRY6I9plYZ
uqTnX2aArXg7qt7cc7GLn5mdCkfmt4GXsXjjzfmm5kOHXX7hmV8H6YEHOA9mEYGi
Zb+GELDCKHB6d9+UryeSXIZAdxd/TX4qYoUFdcpCA44N
-----END CERTIFICATE-----