This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/cSift9GRKQZFjztsn9mx2Hixyko.roa
File:                     cSift9GRKQZFjztsn9mx2Hixyko.roa (raw, json)
Hash identifier:          Qs+1TXmOmfryKXT0nIw8Jz5jCez/QRfmL8zFgWeJnAs=
Subject key identifier:   71:28:9F:B7:D1:91:29:06:45:8F:3B:6C:9F:D9:B1:D8:78:B1:CA:4A
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019BBD5AC0101FA563B54F5E195C28D03276
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/cSift9GRKQZFjztsn9mx2Hixyko.roa
Signing time:             Wed 14 Jan 2026 16:33:19 +0000
ROA not before:           Wed 14 Jan 2026 16:33:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     399471
IP address blocks:        212.192.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 13:02:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:bd:5a:c0:10:1f:a5:63:b5:4f:5e:19:5c:28:d0:32:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan 14 16:33:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=71289fb7d1912906458f3b6c9fd9b1d878b1ca4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:bd:d4:09:2c:4e:49:45:9d:29:61:ef:be:f5:
                    be:64:0f:5c:56:4a:2a:1c:f5:4e:ef:e4:a0:d4:b9:
                    77:3b:02:91:51:bb:1c:27:f9:7d:1c:d8:0d:a7:dd:
                    7e:87:53:dc:b8:92:31:46:9f:e3:65:a0:33:a5:cb:
                    00:41:2f:87:d7:e2:8b:34:27:11:64:ad:ed:03:11:
                    23:15:75:92:6b:b4:4b:6e:17:32:4d:f6:48:22:c0:
                    7c:91:bb:9a:52:27:1f:d4:8f:5b:50:b5:5e:76:f1:
                    2e:7d:c2:8e:58:d4:05:ba:30:d5:59:81:4e:e6:b5:
                    c7:71:61:d1:73:81:9b:98:15:0d:3b:ca:e4:c6:5c:
                    f1:a5:7d:ef:c6:35:92:d7:bd:a4:55:2a:84:de:30:
                    ee:41:9f:64:47:13:1e:e0:c5:9a:b6:a2:37:52:72:
                    68:15:01:61:c9:60:f6:ec:79:f9:4b:c0:5c:b5:b3:
                    77:3e:14:cd:5e:ca:94:1d:9f:12:a1:ed:70:dc:3f:
                    29:e1:3c:66:cd:70:63:42:99:bb:00:ec:b4:da:cf:
                    8f:d6:70:b9:c6:b9:65:3c:52:4b:be:09:1a:fc:2c:
                    d9:2f:b5:73:0a:a8:6c:2d:c6:d9:cd:31:06:68:26:
                    29:a5:40:a3:42:c9:81:a2:16:cf:85:35:43:f6:26:
                    14:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:28:9F:B7:D1:91:29:06:45:8F:3B:6C:9F:D9:B1:D8:78:B1:CA:4A
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/cSift9GRKQZFjztsn9mx2Hixyko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.192.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:bd:e9:b3:b7:41:91:d1:05:e1:b5:15:98:d6:f1:0b:d7:c7:
         63:73:0c:d6:11:3d:f3:28:e7:3a:3d:3a:ca:31:b4:3b:33:69:
         70:2b:17:0b:52:92:eb:6f:4e:17:2b:76:95:d4:68:37:dc:57:
         56:79:27:11:fc:3a:ed:ac:ae:c3:75:ef:f1:c8:64:e7:de:63:
         3f:ed:ac:72:a1:a7:b7:eb:a8:dc:2f:6f:d4:5e:eb:61:9d:4a:
         93:f0:c5:c1:ef:13:70:16:7a:a3:72:56:9d:de:89:56:c7:87:
         8f:4d:d3:fd:2f:89:32:1c:78:60:52:ff:42:b7:78:a4:c0:d3:
         8f:6e:56:fc:e2:c7:c4:0b:1e:67:4f:54:a4:56:24:2c:9e:bb:
         6f:30:0d:c4:c5:1f:23:50:d9:4a:00:dc:36:e5:4f:48:45:e6:
         a2:59:87:7d:c9:76:1a:3a:72:f1:80:c3:f5:73:68:5d:d4:57:
         2e:f1:c7:f3:ed:b9:7d:ce:99:94:b0:ad:2d:4f:48:38:9b:cd:
         a7:a1:93:24:27:dc:fd:40:bf:6b:22:d7:18:e6:f4:e7:7f:74:
         29:25:6d:24:c4:1a:50:1a:5b:50:1f:d8:03:1e:82:e5:75:0e:
         ef:89:77:ab:3b:aa:27:fd:ee:e0:82:74:0f:bf:f9:70:51:63:
         17:17:23:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZu9WsAQH6VjtU9eGVwo0DJ2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjYwMTE0MTYzMzE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTI4OWZiN2QxOTEyOTA2NDU4ZjNiNmM5ZmQ5YjFkODc4YjFjYTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4b3UCSxOSUWdKWHvvvW+ZA9cVkoq
HPVO7+Sg1Ll3OwKRUbscJ/l9HNgNp91+h1PcuJIxRp/jZaAzpcsAQS+H1+KLNCcR
ZK3tAxEjFXWSa7RLbhcyTfZIIsB8kbuaUicf1I9bULVedvEufcKOWNQFujDVWYFO
5rXHcWHRc4GbmBUNO8rkxlzxpX3vxjWS172kVSqE3jDuQZ9kRxMe4MWatqI3UnJo
FQFhyWD27Hn5S8BctbN3PhTNXsqUHZ8Soe1w3D8p4TxmzXBjQpm7AOy02s+P1nC5
xrllPFJLvgka/CzZL7VzCqhsLcbZzTEGaCYppUCjQsmBohbPhTVD9iYU3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHEon7fRkSkGRY87bJ/Zsdh4scpKMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvY1NpZnQ5R1JLUVpGanp0c245bXgySGl4eWtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1MD1MA0G
CSqGSIb3DQEBCwUAA4IBAQAvvemzt0GR0QXhtRWY1vEL18djcwzWET3zKOc6PTrK
MbQ7M2lwKxcLUpLrb04XK3aV1Gg33FdWeScR/DrtrK7Dde/xyGTn3mM/7axyoae3
66jcL2/UXuthnUqT8MXB7xNwFnqjclad3olWx4ePTdP9L4kyHHhgUv9Ct3ikwNOP
blb84sfECx5nT1SkViQsnrtvMA3ExR8jUNlKANw25U9IReaiWYd9yXYaOnLxgMP1
c2hd1Fcu8cfz7bl9zpmUsK0tT0g4m82noZMkJ9z9QL9rItcY5vTnf3QpJW0kxBpQ
GltQH9gDHoLldQ7viXerO6on/e7ggnQPv/lwUWMXFyMz
-----END CERTIFICATE-----