This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/AfMvrEDnTcFFDLOUdWMz3jma8d0.roa
File:                     AfMvrEDnTcFFDLOUdWMz3jma8d0.roa (raw, json)
Hash identifier:          SDQ7Tp7ELdte7F4bKxQgqx+8inKCEfh+crKhqI4w3Dc=
Subject key identifier:   01:F3:2F:AC:40:E7:4D:C1:45:0C:B3:94:75:63:33:DE:39:9A:F1:DD
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       019B7D5B2671311590617D1FB29C2CFF2EA3
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/AfMvrEDnTcFFDLOUdWMz3jma8d0.roa
Signing time:             Fri 02 Jan 2026 06:18:04 +0000
ROA not before:           Fri 02 Jan 2026 06:18:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211772
IP address blocks:        217.174.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 24 Jan 2026 10:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5b:26:71:31:15:90:61:7d:1f:b2:9c:2c:ff:2e:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jan  2 06:18:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=01f32fac40e74dc1450cb394756333de399af1dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:40:c6:4b:d1:24:7b:ea:ec:d1:8a:c9:be:d8:
                    6e:bc:e5:04:ae:8c:8b:f3:55:c6:c0:5e:8d:37:ec:
                    18:be:ab:26:d2:43:87:9d:e0:3e:91:76:96:40:38:
                    b4:4c:22:0b:79:4e:1f:5a:99:e6:5c:a9:91:48:77:
                    f0:12:43:f5:52:ff:16:44:b6:a8:ec:ff:69:66:59:
                    00:43:ce:a1:fd:e8:2d:06:48:64:21:80:19:0c:91:
                    57:76:89:08:cc:32:da:93:cf:de:14:4f:b5:09:e2:
                    8a:be:76:22:ca:54:68:99:09:97:36:d1:d2:09:d5:
                    d9:ef:1c:4b:a5:96:62:f9:54:df:9e:c4:a6:93:70:
                    4f:ca:3f:11:80:6b:86:95:01:92:25:b7:21:1d:6e:
                    0d:37:90:fe:d8:4d:60:b5:1c:59:3e:e5:57:c2:15:
                    dc:3f:a8:ae:2c:7f:88:57:7f:0e:cf:aa:d1:d3:77:
                    79:6c:7e:f3:cd:ba:8a:61:88:b8:3a:72:7f:e5:51:
                    36:b2:ce:cf:5d:20:0e:37:df:e9:ce:80:00:8e:9c:
                    65:db:49:2d:f9:0b:b1:4f:4c:13:83:d4:10:4c:ef:
                    d4:8c:87:7c:1f:11:1d:c3:92:cf:b2:f5:e0:d6:12:
                    c5:27:60:76:b5:b7:6a:24:f4:e9:0e:b2:b7:20:b8:
                    fa:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:F3:2F:AC:40:E7:4D:C1:45:0C:B3:94:75:63:33:DE:39:9A:F1:DD
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/AfMvrEDnTcFFDLOUdWMz3jma8d0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.174.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:fd:8f:78:a9:13:21:86:d8:dd:9a:98:08:07:54:86:7c:b7:
         26:50:56:82:7c:16:b3:c6:b6:2d:54:2a:e6:89:cd:54:f4:49:
         bd:b4:c1:ac:57:2a:d4:21:ec:d3:43:9b:64:51:60:54:86:23:
         8d:8d:29:83:6b:57:0d:af:5a:52:7c:e2:a5:2e:14:8c:b4:79:
         8c:2a:69:16:e5:2e:48:d7:19:ab:19:72:3b:05:17:83:9d:5b:
         a8:7b:4d:6c:b7:60:50:96:07:2b:b3:fa:46:9f:43:21:2c:6c:
         7f:87:ab:02:61:30:3a:49:0e:6b:96:45:36:dc:e0:6c:d7:15:
         50:ca:de:ac:46:a7:3e:82:78:07:33:ba:3c:a2:be:72:c8:21:
         f1:f8:4a:10:12:f6:8c:76:ba:91:df:6d:6a:e9:fc:77:1b:60:
         3a:8e:16:8e:e7:99:91:7b:8c:b2:7b:79:1a:66:5e:7e:b5:43:
         79:2b:09:cd:d3:e6:5a:b4:ca:12:53:50:58:9a:8b:9d:e2:fb:
         50:a9:d0:8c:bf:88:0d:c8:eb:75:97:83:40:c2:36:b2:6b:4a:
         44:63:c5:86:b8:7c:45:99:2f:32:2b:17:91:4e:71:cf:57:6d:
         f7:44:67:a1:52:9f:0f:25:fc:1b:ae:3d:b3:27:69:5e:19:73:
         60:b2:18:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9WyZxMRWQYX0fspws/y6jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjYwMTAyMDYxODA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWYzMmZhYzQwZTc0ZGMxNDUwY2IzOTQ3NTYzMzNkZTM5OWFmMWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA00DGS9Eke+rs0YrJvthuvOUEroyL
81XGwF6NN+wYvqsm0kOHneA+kXaWQDi0TCILeU4fWpnmXKmRSHfwEkP1Uv8WRLao
7P9pZlkAQ86h/egtBkhkIYAZDJFXdokIzDLak8/eFE+1CeKKvnYiylRomQmXNtHS
CdXZ7xxLpZZi+VTfnsSmk3BPyj8RgGuGlQGSJbchHW4NN5D+2E1gtRxZPuVXwhXc
P6iuLH+IV38Oz6rR03d5bH7zzbqKYYi4OnJ/5VE2ss7PXSAON9/pzoAAjpxl20kt
+QuxT0wTg9QQTO/UjId8HxEdw5LPsvXg1hLFJ2B2tbdqJPTpDrK3ILj67wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAHzL6xA503BRQyzlHVjM945mvHdMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvQWZNdnJFRG5UY0ZGRExPVWRXTXozam1hOGQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2a6RMA0G
CSqGSIb3DQEBCwUAA4IBAQCJ/Y94qRMhhtjdmpgIB1SGfLcmUFaCfBazxrYtVCrm
ic1U9Em9tMGsVyrUIezTQ5tkUWBUhiONjSmDa1cNr1pSfOKlLhSMtHmMKmkW5S5I
1xmrGXI7BReDnVuoe01st2BQlgcrs/pGn0MhLGx/h6sCYTA6SQ5rlkU23OBs1xVQ
yt6sRqc+gngHM7o8or5yyCHx+EoQEvaMdrqR321q6fx3G2A6jhaO55mRe4yye3ka
Zl5+tUN5KwnN0+ZatMoSU1BYmoud4vtQqdCMv4gNyOt1l4NAwjaya0pEY8WGuHxF
mS8yKxeRTnHPV233RGehUp8PJfwbrj2zJ2leGXNgshhP
-----END CERTIFICATE-----