This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/FLorRPAWaRrROBEZP-v8CSxAyFY.roa
File:                     FLorRPAWaRrROBEZP-v8CSxAyFY.roa (raw, json)
Hash identifier:          Ka3+bRGptSHmpWNQBKxJGZUCf1FEY2qlzU2tkCsKfws=
Subject key identifier:   14:BA:2B:44:F0:16:69:1A:D1:38:11:19:3F:EB:FC:09:2C:40:C8:56
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       019B7F82B1998431E40D8A3B5B1A3FC045AC
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/FLorRPAWaRrROBEZP-v8CSxAyFY.roa
Signing time:             Fri 02 Jan 2026 16:20:30 +0000
ROA not before:           Fri 02 Jan 2026 16:20:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7106
IP address blocks:        193.221.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 07:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:82:b1:99:84:31:e4:0d:8a:3b:5b:1a:3f:c0:45:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  2 16:20:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=14ba2b44f016691ad13811193febfc092c40c856
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:43:f1:de:62:8c:3a:c6:ad:bd:fc:f0:9e:0a:
                    72:6a:66:fc:a6:7e:b7:d1:bf:eb:3a:7c:47:84:fa:
                    74:f0:d3:01:6d:07:75:5f:81:c5:34:04:fa:0b:bb:
                    47:00:b7:70:ef:71:f2:78:a8:3d:2e:2e:71:0f:e8:
                    b6:a6:6d:bf:eb:1a:a1:03:e2:cb:16:67:b4:8c:a9:
                    ea:04:ed:59:42:a2:d1:d5:1c:e0:af:6e:44:73:05:
                    6f:da:96:b5:e7:e6:9e:93:b0:95:53:92:40:da:d1:
                    2c:e6:2b:b4:24:15:1c:06:1f:9f:67:36:bb:b7:ea:
                    1b:e6:91:19:ef:d1:b1:e0:d6:af:c7:4e:af:16:71:
                    aa:a2:ce:4a:63:7b:4d:05:9f:0a:e2:33:1c:16:66:
                    25:92:6a:be:01:45:4e:3f:f8:d2:67:ce:02:f8:9a:
                    dc:6d:3e:02:94:8b:a2:d6:d6:02:f8:ee:86:a7:ba:
                    b2:be:f4:f9:e6:25:10:50:7d:72:cb:04:ff:f6:fe:
                    e7:0c:e1:8b:1f:c1:b5:a7:75:80:53:56:d6:35:0c:
                    fd:7b:36:9e:c4:4c:49:1d:40:2c:4b:ec:4b:1e:f9:
                    59:46:73:75:f5:6a:c3:e2:79:41:d8:de:11:84:7f:
                    5d:f2:00:e7:ae:94:ce:5e:f1:6a:f5:ee:1b:cd:c3:
                    ac:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:BA:2B:44:F0:16:69:1A:D1:38:11:19:3F:EB:FC:09:2C:40:C8:56
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/FLorRPAWaRrROBEZP-v8CSxAyFY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.221.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:6c:6f:51:fd:3d:d8:f8:87:ec:e0:66:50:e0:0e:a4:cb:e1:
         26:63:83:d6:71:3b:b4:05:d7:81:8f:66:dc:4c:21:68:41:68:
         29:6c:80:4b:ad:db:be:1f:c4:29:1d:de:ba:1c:de:93:84:c9:
         21:3f:62:7d:eb:f8:55:4c:e9:78:29:ac:98:7e:f2:fd:57:e5:
         07:0e:36:fb:aa:13:d3:0d:27:6b:17:0c:21:6c:ad:8e:bb:06:
         30:46:29:ed:06:41:58:4d:28:53:14:51:ba:6b:f5:50:a4:85:
         2d:8f:64:bb:11:eb:24:f7:30:b4:61:17:c8:e2:ab:b8:4b:3e:
         a9:b9:55:0b:af:0d:44:19:04:98:cb:ab:a5:b4:bd:90:22:a1:
         c1:86:a2:6d:9e:d4:df:a5:57:4d:99:b5:22:3c:a7:cf:d0:b8:
         aa:62:e1:ac:58:e1:e5:43:5b:56:7a:f9:2b:cd:cd:ec:82:bb:
         5a:05:3e:cd:4b:ec:b6:c0:cf:1c:07:65:bb:75:f8:90:0b:53:
         ee:c1:ba:7c:ec:94:13:03:ed:32:e9:f8:3e:8f:dd:78:7e:ca:
         88:3b:5e:1e:a6:84:13:53:7a:d4:19:41:12:4d:46:a7:7b:4d:
         9a:27:ba:ea:8a:bd:a0:d3:21:1f:1f:0e:f2:db:e7:e6:fb:31:
         96:a9:83:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/grGZhDHkDYo7Wxo/wEWsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjYwMTAyMTYyMDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGJhMmI0NGYwMTY2OTFhZDEzODExMTkzZmViZmMwOTJjNDBjODU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoUPx3mKMOsatvfzwngpyamb8pn63
0b/rOnxHhPp08NMBbQd1X4HFNAT6C7tHALdw73HyeKg9Li5xD+i2pm2/6xqhA+LL
Fme0jKnqBO1ZQqLR1Rzgr25EcwVv2pa15+aek7CVU5JA2tEs5iu0JBUcBh+fZza7
t+ob5pEZ79Gx4Navx06vFnGqos5KY3tNBZ8K4jMcFmYlkmq+AUVOP/jSZ84C+Jrc
bT4ClIui1tYC+O6Gp7qyvvT55iUQUH1yywT/9v7nDOGLH8G1p3WAU1bWNQz9ezae
xExJHUAsS+xLHvlZRnN19WrD4nlB2N4RhH9d8gDnrpTOXvFq9e4bzcOs0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBS6K0TwFmka0TgRGT/r/AksQMhWMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvRkxvclJQQVdhUnJST0JFWlAtdjhDU3hBeUZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwd3DMA0G
CSqGSIb3DQEBCwUAA4IBAQBbbG9R/T3Y+Ifs4GZQ4A6ky+EmY4PWcTu0BdeBj2bc
TCFoQWgpbIBLrdu+H8QpHd66HN6ThMkhP2J96/hVTOl4KayYfvL9V+UHDjb7qhPT
DSdrFwwhbK2OuwYwRintBkFYTShTFFG6a/VQpIUtj2S7Eesk9zC0YRfI4qu4Sz6p
uVULrw1EGQSYy6ultL2QIqHBhqJtntTfpVdNmbUiPKfP0LiqYuGsWOHlQ1tWevkr
zc3sgrtaBT7NS+y2wM8cB2W7dfiQC1Puwbp87JQTA+0y6fg+j914fsqIO14epoQT
U3rUGUESTUane02aJ7rqir2g0yEfHw7y2+fm+zGWqYOk
-----END CERTIFICATE-----