This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/FK4uTd3BbqixPELy-gg8bgI25kU.roa
File:                     FK4uTd3BbqixPELy-gg8bgI25kU.roa (raw, json)
Hash identifier:          d52vFnnfw47psEs8NC80uBJWmgiuh71FATn1gK1AyU8=
Subject key identifier:   14:AE:2E:4D:DD:C1:6E:A8:B1:3C:42:F2:FA:08:3C:6E:02:36:E6:45
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       019B7B35A36A0A0235F2DE53CE2127A5F99A
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/FK4uTd3BbqixPELy-gg8bgI25kU.roa
Signing time:             Thu 01 Jan 2026 20:17:51 +0000
ROA not before:           Thu 01 Jan 2026 20:17:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216088
IP address blocks:        217.156.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:a3:6a:0a:02:35:f2:de:53:ce:21:27:a5:f9:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 20:17:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=14ae2e4dddc16ea8b13c42f2fa083c6e0236e645
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:c4:3e:a2:cd:b5:b6:79:c2:2c:84:b5:ff:60:
                    52:e1:9b:f1:62:1a:7d:c6:d3:5c:db:90:bc:23:0a:
                    55:70:4c:29:c3:09:75:ff:76:30:0d:85:eb:06:13:
                    66:31:42:ef:b0:47:4d:23:c1:94:ec:8f:45:6f:a1:
                    38:8f:bf:01:2d:1d:da:ad:23:df:2e:d4:a0:8e:90:
                    22:13:92:8b:a6:7c:5d:29:52:0a:72:e2:8b:b9:74:
                    58:49:3c:52:71:5a:6b:36:9d:00:ec:20:5e:86:48:
                    87:f3:a0:11:93:6a:6e:64:99:c2:1c:4b:31:51:e3:
                    8e:18:5b:14:fb:2f:89:08:45:2a:0e:60:94:f4:27:
                    e4:39:14:6a:4d:be:f7:1d:63:ba:41:45:cd:77:ca:
                    0e:5b:96:b0:23:4e:0a:2e:55:33:c8:4d:3b:b5:1b:
                    f6:95:71:71:eb:77:16:7a:8e:31:2b:9c:21:3f:b6:
                    ed:ee:96:91:ee:cc:0b:13:c8:16:45:b4:9f:d1:35:
                    df:a9:10:f0:b8:d1:cf:8d:fd:08:51:16:79:0b:8d:
                    ff:18:59:a2:d1:2e:c4:50:e9:c7:51:e7:2c:95:31:
                    6d:39:63:d5:e3:16:e0:36:8e:6b:09:00:fb:80:9d:
                    26:84:84:6f:f4:bd:b8:9a:f1:01:54:b0:e5:a5:2f:
                    51:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:AE:2E:4D:DD:C1:6E:A8:B1:3C:42:F2:FA:08:3C:6E:02:36:E6:45
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/FK4uTd3BbqixPELy-gg8bgI25kU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.156.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:b9:3a:ef:8e:bb:2d:c8:ad:3e:07:4d:ef:e7:9a:54:46:00:
         06:57:43:4f:23:cd:e1:30:c0:e8:0a:34:de:62:c5:2d:dd:20:
         55:b3:b0:79:c5:b0:7a:52:fd:e2:53:c8:95:4c:29:2c:bd:3a:
         0e:bf:e1:d4:a2:53:66:e8:e3:ca:cd:eb:9d:52:09:d3:20:36:
         5d:3d:15:80:13:13:db:69:a8:12:8a:5d:30:29:0b:56:88:20:
         bd:a6:68:3b:d2:5a:4c:81:83:2a:32:ea:58:f7:96:fc:cd:63:
         0a:13:5a:96:ff:fc:08:a9:4c:ff:86:3d:0c:be:8c:e6:24:ed:
         41:43:be:f3:53:b3:bd:5e:00:74:15:ea:ee:6a:dd:11:a3:6c:
         51:e8:07:19:b1:2b:a1:d0:bd:dc:3f:70:e8:79:72:6b:39:96:
         62:95:9c:37:2d:7b:52:3b:99:43:ef:68:f4:b2:f1:43:15:9b:
         5b:53:23:c5:cd:79:78:92:5a:f4:93:e2:80:c1:68:4a:b6:1d:
         da:5b:e1:43:78:1b:8c:5f:63:33:6a:46:8e:d3:59:71:34:5a:
         08:e7:25:1e:bb:19:23:a9:f7:71:9d:6c:62:e7:1f:2b:3c:89:
         36:7c:17:a3:85:8c:b0:cf:82:e3:30:13:1f:65:6d:7c:e7:f8:
         39:c5:d6:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NaNqCgI18t5TziEnpfmaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjYwMTAxMjAxNzUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGFlMmU0ZGRkYzE2ZWE4YjEzYzQyZjJmYTA4M2M2ZTAyMzZlNjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo8Q+os21tnnCLIS1/2BS4ZvxYhp9
xtNc25C8IwpVcEwpwwl1/3YwDYXrBhNmMULvsEdNI8GU7I9Fb6E4j78BLR3arSPf
LtSgjpAiE5KLpnxdKVIKcuKLuXRYSTxScVprNp0A7CBehkiH86ARk2puZJnCHEsx
UeOOGFsU+y+JCEUqDmCU9CfkORRqTb73HWO6QUXNd8oOW5awI04KLlUzyE07tRv2
lXFx63cWeo4xK5whP7bt7paR7swLE8gWRbSf0TXfqRDwuNHPjf0IURZ5C43/GFmi
0S7EUOnHUecslTFtOWPV4xbgNo5rCQD7gJ0mhIRv9L24mvEBVLDlpS9RTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBSuLk3dwW6osTxC8voIPG4CNuZFMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvRks0dVRkM0JicWl4UEVMeS1nZzhiZ0kyNWtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZwLMA0G
CSqGSIb3DQEBCwUAA4IBAQBMuTrvjrstyK0+B03v55pURgAGV0NPI83hMMDoCjTe
YsUt3SBVs7B5xbB6Uv3iU8iVTCksvToOv+HUolNm6OPKzeudUgnTIDZdPRWAExPb
aagSil0wKQtWiCC9pmg70lpMgYMqMupY95b8zWMKE1qW//wIqUz/hj0MvozmJO1B
Q77zU7O9XgB0Feruat0Ro2xR6AcZsSuh0L3cP3DoeXJrOZZilZw3LXtSO5lD72j0
svFDFZtbUyPFzXl4klr0k+KAwWhKth3aW+FDeBuMX2MzakaO01lxNFoI5yUeuxkj
qfdxnWxi5x8rPIk2fBejhYywz4LjMBMfZW185/g5xdb1
-----END CERTIFICATE-----