This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/AY3FW2IB9nexvx9xT55P4qXch9w.roa
File:                     AY3FW2IB9nexvx9xT55P4qXch9w.roa (raw, json)
Hash identifier:          APNMELOEu+Yhf/JJ7/H7Cc0dJp9lEZ5EZz4w5dHfwFc=
Subject key identifier:   01:8D:C5:5B:62:01:F6:77:B1:BF:1F:71:4F:9E:4F:E2:A5:DC:87:DC
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       019B7D5AA5E77DDCC1BBF60A94A328422FE0
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/AY3FW2IB9nexvx9xT55P4qXch9w.roa
Signing time:             Fri 02 Jan 2026 06:17:31 +0000
ROA not before:           Fri 02 Jan 2026 06:17:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213852
IP address blocks:        62.60.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 07:45:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5a:a5:e7:7d:dc:c1:bb:f6:0a:94:a3:28:42:2f:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Jan  2 06:17:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=018dc55b6201f677b1bf1f714f9e4fe2a5dc87dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:d8:9f:a7:ba:d7:40:0b:fd:df:65:ae:f7:bd:
                    1b:75:87:a8:aa:16:94:6d:ad:10:d3:84:ac:03:bb:
                    d1:06:72:ef:a5:23:62:9a:f4:f0:63:11:d1:3a:53:
                    cd:64:9d:2a:3a:f7:d4:d0:9d:da:6f:cc:d4:2c:17:
                    43:e4:8b:4b:8c:d3:7f:1e:82:0c:01:4b:2b:a7:43:
                    a0:dd:2e:22:c2:17:19:a3:5e:88:d3:fb:20:a6:ac:
                    53:c4:58:04:df:01:f2:25:de:d2:f2:99:d2:da:c3:
                    b8:d3:0b:ca:8a:b1:00:98:a4:2d:2b:45:93:5c:50:
                    46:cb:92:b2:fb:e3:5e:9c:66:ca:97:8d:e7:d5:3b:
                    4c:ad:00:0a:b0:68:10:4f:3e:c5:fc:77:a8:97:16:
                    3b:63:c6:fd:e4:ff:e7:91:7d:1f:2e:2b:24:60:77:
                    95:fe:82:33:64:7c:0a:55:b8:40:e5:0a:54:71:d8:
                    11:14:74:01:6b:98:04:b0:c9:69:27:6d:c4:62:ae:
                    35:ef:86:18:61:bf:93:1d:8f:86:47:fb:01:33:e8:
                    1b:db:29:7c:84:f9:1b:d3:17:5e:b2:e9:b8:97:25:
                    e6:66:fa:21:3d:dd:87:1d:55:cc:42:1b:d3:76:b5:
                    57:cb:fd:28:51:31:45:ca:36:bb:a7:2e:b2:3e:d7:
                    17:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:8D:C5:5B:62:01:F6:77:B1:BF:1F:71:4F:9E:4F:E2:A5:DC:87:DC
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/AY3FW2IB9nexvx9xT55P4qXch9w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:2a:d6:ae:61:d1:54:87:79:9e:94:88:bc:54:fa:74:68:ad:
         69:5b:4f:e7:61:c3:2d:a7:2f:e5:d8:20:30:88:d1:e2:1b:72:
         ef:27:6b:cb:22:5c:a7:c4:2d:a2:3f:8e:54:f9:93:69:b6:2c:
         a8:01:da:5c:38:cc:77:fd:46:d0:bf:ef:d5:c3:e4:2c:bf:32:
         44:40:a0:3b:c5:86:0e:1c:ac:b6:71:96:19:65:33:2a:bf:97:
         af:f1:9a:c6:61:94:5b:d4:96:f7:f3:ad:bc:ec:7c:e8:24:1b:
         0c:f8:9a:e4:6d:62:ec:7b:c2:e6:c5:16:01:dd:4b:64:89:7f:
         96:11:ad:bf:71:7a:43:2b:a3:d4:de:a9:a8:80:0a:c3:b4:22:
         bb:a7:14:2e:17:62:46:f5:a2:6b:bd:55:b0:d1:e3:86:c0:ff:
         9b:14:62:de:54:88:71:24:db:41:1b:b0:da:3d:58:84:84:0c:
         dd:34:b5:8e:b4:d2:cd:60:f2:18:1f:30:db:76:bc:79:0b:1b:
         a2:78:81:bc:b6:b7:ec:a5:e2:93:cc:c7:70:cd:e0:b6:74:63:
         34:b3:c9:62:94:9d:fb:e4:3f:15:27:49:bb:61:4b:d5:0f:1f:
         c7:3d:71:a3:9f:b9:93:b3:e1:7f:42:8d:0b:7f:83:d7:3a:8c:
         76:0c:96:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9WqXnfdzBu/YKlKMoQi/gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjYwMTAyMDYxNzMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMThkYzU1YjYyMDFmNjc3YjFiZjFmNzE0ZjllNGZlMmE1ZGM4N2RjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm9ifp7rXQAv932Wu970bdYeoqhaU
ba0Q04SsA7vRBnLvpSNimvTwYxHROlPNZJ0qOvfU0J3ab8zULBdD5ItLjNN/HoIM
AUsrp0Og3S4iwhcZo16I0/sgpqxTxFgE3wHyJd7S8pnS2sO40wvKirEAmKQtK0WT
XFBGy5Ky++NenGbKl43n1TtMrQAKsGgQTz7F/HeolxY7Y8b95P/nkX0fLiskYHeV
/oIzZHwKVbhA5QpUcdgRFHQBa5gEsMlpJ23EYq4174YYYb+THY+GR/sBM+gb2yl8
hPkb0xdesum4lyXmZvohPd2HHVXMQhvTdrVXy/0oUTFFyja7py6yPtcXkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAGNxVtiAfZ3sb8fcU+eT+Kl3IfcMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvQVkzRlcySUI5bmV4dng5eFQ1NVA0cVhjaDl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPjzGMA0G
CSqGSIb3DQEBCwUAA4IBAQC5KtauYdFUh3melIi8VPp0aK1pW0/nYcMtpy/l2CAw
iNHiG3LvJ2vLIlynxC2iP45U+ZNptiyoAdpcOMx3/UbQv+/Vw+QsvzJEQKA7xYYO
HKy2cZYZZTMqv5ev8ZrGYZRb1Jb386287HzoJBsM+JrkbWLse8LmxRYB3UtkiX+W
Ea2/cXpDK6PU3qmogArDtCK7pxQuF2JG9aJrvVWw0eOGwP+bFGLeVIhxJNtBG7Da
PViEhAzdNLWOtNLNYPIYHzDbdrx5CxuieIG8trfspeKTzMdwzeC2dGM0s8lilJ37
5D8VJ0m7YUvVDx/HPXGjn7mTs+F/Qo0Lf4PXOox2DJaJ
-----END CERTIFICATE-----