This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/I7rB8y-nvID2ZAggR1E49R-Q21w.roa
File:                     I7rB8y-nvID2ZAggR1E49R-Q21w.roa (raw, json)
Hash identifier:          Z6f+pGF7g+YvhcL7f4ehLobTQDzIK0x0plzAYufBAPA=
Subject key identifier:   23:BA:C1:F3:2F:A7:BC:80:F6:64:08:20:47:51:38:F5:1F:90:DB:5C
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       019B7B359A0988998E0B9656BA0C9206A90B
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/I7rB8y-nvID2ZAggR1E49R-Q21w.roa
Signing time:             Thu 01 Jan 2026 20:17:48 +0000
ROA not before:           Thu 01 Jan 2026 20:17:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213679
IP address blocks:        217.156.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:9a:09:88:99:8e:0b:96:56:ba:0c:92:06:a9:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 20:17:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=23bac1f32fa7bc80f6640820475138f51f90db5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:1c:3e:66:79:bc:e1:81:46:94:d7:e5:7c:3b:
                    e4:f6:9e:17:4f:5d:18:56:d8:6c:33:f0:97:af:a4:
                    0e:ac:32:dd:39:fc:c2:6e:78:1e:e4:9b:63:e0:fa:
                    a0:b9:0a:1e:9f:85:20:17:21:7f:f2:a7:6d:0b:a0:
                    dc:c7:93:95:03:6e:36:a2:46:23:c6:b0:6e:4f:a4:
                    5a:63:01:55:b0:34:92:fb:1e:14:67:8c:a0:1c:ea:
                    8d:c1:70:94:6c:4a:c0:29:66:b4:e8:82:1d:00:68:
                    4e:6a:fc:5c:f0:bb:93:a4:c5:0c:d2:4c:13:8e:a7:
                    a6:c7:1b:f1:85:8d:4b:26:77:dd:2c:a3:41:e7:db:
                    de:93:d4:46:5b:2e:cb:bc:e8:e0:5d:de:46:a0:af:
                    2f:f5:23:df:89:1b:5d:34:29:66:f7:23:1f:2e:ba:
                    6f:7c:07:b0:93:91:d6:d3:e2:d2:87:e3:81:93:c8:
                    fc:5d:53:60:c4:78:c1:a2:8a:38:8d:b2:e5:62:56:
                    69:09:f8:cf:4e:6e:c4:3d:ff:70:18:d4:a8:79:8b:
                    4f:a3:da:8b:d4:a1:79:3c:2b:31:8a:da:da:ac:c0:
                    46:56:80:5e:54:ee:0d:94:2e:91:0d:c1:9b:e6:d1:
                    cf:45:65:38:ec:43:3d:6b:b1:bd:b3:94:45:94:98:
                    ca:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:BA:C1:F3:2F:A7:BC:80:F6:64:08:20:47:51:38:F5:1F:90:DB:5C
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/I7rB8y-nvID2ZAggR1E49R-Q21w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.156.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:dd:5a:2d:d9:a5:4b:5d:72:95:04:31:5f:33:a8:ea:b5:ed:
         a2:ae:e4:be:33:49:8b:5b:96:ec:99:d7:44:bf:0a:e4:58:1d:
         e4:4b:ab:6d:a9:c8:4d:50:02:dc:70:cf:5b:70:c3:e3:22:e0:
         8e:f0:62:63:27:41:a9:e1:2b:ff:05:3e:e9:71:bf:83:3b:97:
         1c:e1:39:cf:15:d1:c7:50:73:0a:82:92:bc:c2:b5:71:18:4e:
         1a:2e:26:69:cb:fe:e9:5b:a6:9c:62:91:ab:3b:1e:e8:9d:ea:
         76:6e:aa:51:3e:fe:99:12:bf:23:5f:ba:fd:4e:ef:4a:1a:36:
         6c:1d:32:cf:05:1a:5a:50:16:4d:ca:05:fa:c2:c2:94:3a:c7:
         d2:60:8d:f3:65:7a:6f:7c:60:ea:07:4a:5f:a0:2a:07:9e:0c:
         2b:5a:7d:22:4b:32:c9:7e:46:56:d4:8b:a1:1b:d2:35:db:3e:
         7c:fc:f1:8a:c9:96:9c:ac:f1:07:61:3c:07:ca:f3:a9:53:06:
         8d:05:9d:d6:db:fe:0c:eb:79:80:9f:3c:92:08:e3:26:d7:fa:
         80:be:da:66:d5:60:90:70:07:27:06:ab:cc:18:5b:df:dc:90:
         94:2c:8f:7c:90:7f:6b:78:5e:fe:e0:0b:2d:50:a8:b8:64:5f:
         4e:5b:8d:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NZoJiJmOC5ZWugySBqkLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjYwMTAxMjAxNzQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2JhYzFmMzJmYTdiYzgwZjY2NDA4MjA0NzUxMzhmNTFmOTBkYjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzRw+Znm84YFGlNflfDvk9p4XT10Y
VthsM/CXr6QOrDLdOfzCbnge5Jtj4PqguQoen4UgFyF/8qdtC6Dcx5OVA242okYj
xrBuT6RaYwFVsDSS+x4UZ4ygHOqNwXCUbErAKWa06IIdAGhOavxc8LuTpMUM0kwT
jqemxxvxhY1LJnfdLKNB59vek9RGWy7LvOjgXd5GoK8v9SPfiRtdNClm9yMfLrpv
fAewk5HW0+LSh+OBk8j8XVNgxHjBooo4jbLlYlZpCfjPTm7EPf9wGNSoeYtPo9qL
1KF5PCsxitrarMBGVoBeVO4NlC6RDcGb5tHPRWU47EM9a7G9s5RFlJjKhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCO6wfMvp7yA9mQIIEdROPUfkNtcMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvSTdyQjh5LW52SUQyWkFnZ1IxRTQ5Ui1RMjF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2Zx9MA0G
CSqGSIb3DQEBCwUAA4IBAQA33Vot2aVLXXKVBDFfM6jqte2iruS+M0mLW5bsmddE
vwrkWB3kS6ttqchNUALccM9bcMPjIuCO8GJjJ0Gp4Sv/BT7pcb+DO5cc4TnPFdHH
UHMKgpK8wrVxGE4aLiZpy/7pW6acYpGrOx7onep2bqpRPv6ZEr8jX7r9Tu9KGjZs
HTLPBRpaUBZNygX6wsKUOsfSYI3zZXpvfGDqB0pfoCoHngwrWn0iSzLJfkZW1Iuh
G9I12z58/PGKyZacrPEHYTwHyvOpUwaNBZ3W2/4M63mAnzySCOMm1/qAvtpm1WCQ
cAcnBqvMGFvf3JCULI98kH9reF7+4AstUKi4ZF9OW40m
-----END CERTIFICATE-----