This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/S1FQajS1kft6hU_BeMV3u9IsIW8.roa
File:                     S1FQajS1kft6hU_BeMV3u9IsIW8.roa (raw, json)
Hash identifier:          RDDcOpXMH140cOZNmp1V52scuPS/FaQPdluFwskDl3Q=
Subject key identifier:   4B:51:50:6A:34:B5:91:FB:7A:85:4F:C1:78:C5:77:BB:D2:2C:21:6F
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       019A92038EA2B97DF79246F3CF4572677757
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/S1FQajS1kft6hU_BeMV3u9IsIW8.roa
Signing time:             Mon 17 Nov 2025 13:31:37 +0000
ROA not before:           Mon 17 Nov 2025 13:31:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203721
IP address blocks:        217.156.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Dec 2025 11:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:92:03:8e:a2:b9:7d:f7:92:46:f3:cf:45:72:67:77:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Nov 17 13:31:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4b51506a34b591fb7a854fc178c577bbd22c216f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:81:92:64:91:61:2b:7f:c0:e5:67:a6:d5:9f:
                    d2:6d:ff:0d:5e:fa:55:9e:39:ac:78:95:c7:2e:ef:
                    cd:ba:5a:54:e6:30:42:99:c3:8e:0f:c3:b0:b1:d4:
                    2b:c8:f7:69:14:64:46:6e:d0:d2:a6:5c:ff:93:50:
                    d9:d3:27:a2:b1:d9:4d:d4:99:d9:d9:d2:03:a6:27:
                    ea:bc:06:80:a0:e5:f0:12:ff:c5:95:4e:e2:9b:e6:
                    d9:d1:58:10:4f:77:0a:34:b8:74:25:73:91:75:cd:
                    ad:f6:d6:71:66:38:5a:14:a0:5e:4b:a6:fa:2b:dc:
                    3e:2f:1f:59:cc:80:36:d2:30:2d:dc:37:98:17:bb:
                    22:fa:0e:12:78:43:ab:fa:d9:ab:b4:9a:f2:39:2f:
                    d6:29:00:90:ea:68:b2:e3:5c:bb:90:1c:ea:f7:10:
                    2a:8e:97:05:87:3a:25:ab:cb:47:b7:89:5f:e4:5e:
                    25:66:ab:2f:0e:d1:d4:eb:82:64:6d:00:47:dc:9b:
                    55:04:64:34:ae:04:3c:4e:0f:74:45:f1:36:15:4e:
                    84:47:af:f7:d3:f0:3e:e3:4f:53:7b:39:9f:1c:f3:
                    b1:7d:ad:ed:54:dd:1e:c6:98:21:9a:06:3d:2c:f3:
                    fe:16:4a:2b:2f:68:d2:c1:df:a1:a6:30:8a:f8:5b:
                    e8:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:51:50:6A:34:B5:91:FB:7A:85:4F:C1:78:C5:77:BB:D2:2C:21:6F
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/S1FQajS1kft6hU_BeMV3u9IsIW8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.156.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:ab:9e:fe:df:f9:ad:31:cf:8a:43:ff:26:f5:ec:b4:bb:bb:
         02:77:d3:03:0e:7a:95:3a:2e:b1:43:b5:d7:26:7e:b8:f2:ae:
         e3:d5:ff:7e:39:d7:1f:a5:71:3b:bc:9b:9d:fc:93:10:35:31:
         da:7f:c0:79:ff:02:34:3c:f1:42:87:1e:48:63:0b:fc:a0:b1:
         27:73:e6:20:d6:32:92:7f:19:59:1f:02:e2:5f:64:e0:96:53:
         ef:82:56:de:7e:6c:94:d2:93:e8:83:0a:66:22:6f:a4:19:75:
         14:5b:e8:61:bd:eb:40:fa:48:15:98:d9:20:d2:d8:d2:6f:a3:
         6e:4d:17:01:c9:52:d0:1d:50:62:1e:a5:bd:07:67:d6:51:79:
         0c:15:25:82:ec:14:c9:c0:90:f8:de:35:15:08:1d:18:25:7b:
         c2:b7:d3:f2:a8:6b:a6:5b:6c:60:d1:46:be:60:da:ff:9f:a1:
         5d:10:a5:25:04:a5:36:3a:90:92:a8:89:ab:62:c4:e4:07:4c:
         1f:78:f7:80:6b:9f:57:3d:e3:fe:35:85:43:df:0d:d3:92:a1:
         35:a4:ce:c6:ac:e0:0c:90:42:62:8c:bd:9b:b2:97:86:52:f2:
         cc:2b:ac:a3:ad:3a:da:b5:71:23:db:3c:08:ec:7d:01:fb:fb:
         5a:c5:7b:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZqSA46iuX33kkbzz0VyZ3dXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjUxMTE3MTMzMTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjUxNTA2YTM0YjU5MWZiN2E4NTRmYzE3OGM1NzdiYmQyMmMyMTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs4GSZJFhK3/A5Wem1Z/Sbf8NXvpV
njmseJXHLu/NulpU5jBCmcOOD8OwsdQryPdpFGRGbtDSplz/k1DZ0yeisdlN1JnZ
2dIDpifqvAaAoOXwEv/FlU7im+bZ0VgQT3cKNLh0JXORdc2t9tZxZjhaFKBeS6b6
K9w+Lx9ZzIA20jAt3DeYF7si+g4SeEOr+tmrtJryOS/WKQCQ6miy41y7kBzq9xAq
jpcFhzolq8tHt4lf5F4lZqsvDtHU64JkbQBH3JtVBGQ0rgQ8Tg90RfE2FU6ER6/3
0/A+409TezmfHPOxfa3tVN0expghmgY9LPP+FkorL2jSwd+hpjCK+FvocwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEtRUGo0tZH7eoVPwXjFd7vSLCFvMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvUzFGUWFqUzFrZnQ2aFVfQmVNVjN1OUlzSVc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZwPMA0G
CSqGSIb3DQEBCwUAA4IBAQC1q57+3/mtMc+KQ/8m9ey0u7sCd9MDDnqVOi6xQ7XX
Jn648q7j1f9+OdcfpXE7vJud/JMQNTHaf8B5/wI0PPFChx5IYwv8oLEnc+Yg1jKS
fxlZHwLiX2TgllPvglbefmyU0pPogwpmIm+kGXUUW+hhvetA+kgVmNkg0tjSb6Nu
TRcByVLQHVBiHqW9B2fWUXkMFSWC7BTJwJD43jUVCB0YJXvCt9PyqGumW2xg0Ua+
YNr/n6FdEKUlBKU2OpCSqImrYsTkB0wfePeAa59XPeP+NYVD3w3TkqE1pM7GrOAM
kEJijL2bspeGUvLMK6yjrTratXEj2zwI7H0B+/taxXvg
-----END CERTIFICATE-----