This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/fzWiDXbeNLJ9JqEUr2_LAAphcxw.roa
File:                     fzWiDXbeNLJ9JqEUr2_LAAphcxw.roa (raw, json)
Hash identifier:          MN7pdOMu0NZSssuxNIUp3oYg8Z0kz03GZzmjzEWZlBE=
Subject key identifier:   7F:35:A2:0D:76:DE:34:B2:7D:26:A1:14:AF:6F:CB:00:0A:61:73:1C
Certificate issuer:       /CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
Certificate serial:       019AB62034C614F6DD25BF697A5866477B1A
Authority key identifier: 6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/fzWiDXbeNLJ9JqEUr2_LAAphcxw.roa
Signing time:             Mon 24 Nov 2025 13:49:15 +0000
ROA not before:           Mon 24 Nov 2025 13:49:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        46.233.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 02:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:b6:20:34:c6:14:f6:dd:25:bf:69:7a:58:66:47:7b:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
        Validity
            Not Before: Nov 24 13:49:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7f35a20d76de34b27d26a114af6fcb000a61731c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:f2:cf:eb:45:52:18:ae:90:e0:c6:e2:1f:43:
                    ee:e9:0c:3e:bd:c6:f0:b0:11:1f:0a:52:be:6f:a4:
                    6f:f7:95:76:a3:7e:c3:09:fd:e0:55:27:c8:50:99:
                    73:54:04:17:50:f2:15:51:74:8d:2e:c4:b9:70:e6:
                    13:70:81:1b:d7:f0:6a:f6:ee:5f:79:1b:b5:50:8d:
                    86:23:0e:98:77:20:cc:57:57:ee:64:89:16:db:df:
                    da:9b:98:5a:55:61:ad:c8:b1:a1:be:b3:ac:01:0f:
                    77:07:28:4e:ed:3a:e3:18:c0:22:56:96:c5:12:56:
                    e7:d8:b7:4d:db:ec:e0:44:34:2a:ad:eb:7d:62:25:
                    36:db:78:d3:ab:be:7d:4e:18:ec:e1:1f:79:d1:39:
                    a7:de:12:8f:9a:17:18:97:e9:81:a2:92:b5:18:c2:
                    52:bf:2a:ca:9c:b8:23:6d:df:21:83:c1:e1:e2:91:
                    14:d8:67:8e:11:43:40:30:2f:6b:67:63:34:cc:02:
                    25:ea:4a:8f:a0:6b:33:a9:4c:06:ab:c1:55:aa:9e:
                    3e:b9:27:8e:98:69:4e:52:90:32:f5:77:d5:47:81:
                    1f:48:18:5c:3c:0a:62:f9:f7:18:11:41:d2:d1:06:
                    ff:74:29:76:fe:7b:3b:ad:61:42:a0:61:57:3d:2a:
                    25:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:35:A2:0D:76:DE:34:B2:7D:26:A1:14:AF:6F:CB:00:0A:61:73:1C
            X509v3 Authority Key Identifier:
                keyid:6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/fzWiDXbeNLJ9JqEUr2_LAAphcxw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.233.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:85:a1:a2:f4:8e:e0:07:29:64:65:40:d2:31:ff:4c:56:ee:
         1f:e7:8b:5d:0b:fa:e3:ee:44:d2:6e:21:c5:5e:bf:30:5d:68:
         e9:e2:d2:00:4e:21:5a:48:a1:bd:1d:db:32:92:87:63:85:0d:
         e9:84:c0:f6:78:ba:5b:53:37:ef:9a:0d:ae:84:f1:a8:39:5d:
         44:bc:3d:3c:da:f1:f1:d9:a5:52:ea:81:ef:89:e1:6e:b1:22:
         25:e2:82:6c:da:1e:67:3c:e7:59:e2:57:32:8e:be:f3:de:24:
         b5:31:aa:1e:ba:e1:0f:23:b0:1e:ee:47:05:62:d1:e8:a4:f8:
         2b:9e:f8:ff:cb:52:da:66:4a:0a:fc:15:23:b2:48:32:bd:25:
         b7:b5:24:7a:84:0b:75:36:1b:6f:49:87:c5:ac:09:81:b0:af:
         f1:13:7e:09:95:b3:5b:6e:3a:db:5b:a9:23:7a:bf:e8:e0:eb:
         8b:a5:61:e7:14:15:65:34:92:d9:c7:48:f5:15:12:27:8d:96:
         a5:04:e6:e1:6c:b1:2c:fb:b3:84:8f:2e:e9:32:ea:a4:b8:0b:
         9f:de:24:c3:b4:bc:e2:ca:9f:70:06:61:d6:03:f4:25:2b:30:
         d5:67:f7:39:9f:1f:34:aa:c7:20:ca:7a:ad:f6:81:f9:94:2e:
         35:6c:b9:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZq2IDTGFPbdJb9pelhmR3saMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYzUwZDBkNDIwNjdiNzZhYjFhMmU4ZTUzM2ZmODQ5YjY1
ZDU2ZjUwHhcNMjUxMTI0MTM0OTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjM1YTIwZDc2ZGUzNGIyN2QyNmExMTRhZjZmY2IwMDBhNjE3MzFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnfLP60VSGK6Q4MbiH0Pu6Qw+vcbw
sBEfClK+b6Rv95V2o37DCf3gVSfIUJlzVAQXUPIVUXSNLsS5cOYTcIEb1/Bq9u5f
eRu1UI2GIw6YdyDMV1fuZIkW29/am5haVWGtyLGhvrOsAQ93ByhO7TrjGMAiVpbF
Elbn2LdN2+zgRDQqret9YiU223jTq759Thjs4R950Tmn3hKPmhcYl+mBopK1GMJS
vyrKnLgjbd8hg8Hh4pEU2GeOEUNAMC9rZ2M0zAIl6kqPoGszqUwGq8FVqp4+uSeO
mGlOUpAy9XfVR4EfSBhcPApi+fcYEUHS0Qb/dCl2/ns7rWFCoGFXPSol+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH81og123jSyfSahFK9vywAKYXMcMB8GA1UdIwQY
MBaAFG/FDQ1CBnt2qxoujlM/+Em2XVb1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDkt
M2MxNmZmODQxYWIyLzEvZnpXaURYYmVOTEo5SnFFVXIyX0xBQXBoY3h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDktM2MxNmZmODQxYWIy
LzEvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALukqMA0G
CSqGSIb3DQEBCwUAA4IBAQAIhaGi9I7gBylkZUDSMf9MVu4f54tdC/rj7kTSbiHF
Xr8wXWjp4tIATiFaSKG9HdsykodjhQ3phMD2eLpbUzfvmg2uhPGoOV1EvD082vHx
2aVS6oHvieFusSIl4oJs2h5nPOdZ4lcyjr7z3iS1MaoeuuEPI7Ae7kcFYtHopPgr
nvj/y1LaZkoK/BUjskgyvSW3tSR6hAt1NhtvSYfFrAmBsK/xE34JlbNbbjrbW6kj
er/o4OuLpWHnFBVlNJLZx0j1FRInjZalBObhbLEs+7OEjy7pMuqkuAuf3iTDtLzi
yp9wBmHWA/QlKzDVZ/c5nx80qscgynqt9oH5lC41bLlA
-----END CERTIFICATE-----