This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/FxuPX7ORppOIz6sus7X1Ka2LHM4.roa
File:                     FxuPX7ORppOIz6sus7X1Ka2LHM4.roa (raw, json)
Hash identifier:          JSHhbqfLiorJyjRFGUDntBGdy6m6NQB5eSOQo4hr06w=
Subject key identifier:   17:1B:8F:5F:B3:91:A6:93:88:CF:AB:2E:B3:B5:F5:29:AD:8B:1C:CE
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       019B7C13083173BB8469F6EE8EAC96892668
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/FxuPX7ORppOIz6sus7X1Ka2LHM4.roa
Signing time:             Fri 02 Jan 2026 00:19:40 +0000
ROA not before:           Fri 02 Jan 2026 00:19:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209848
IP address blocks:        212.243.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:13:08:31:73:bb:84:69:f6:ee:8e:ac:96:89:26:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  2 00:19:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=171b8f5fb391a69388cfab2eb3b5f529ad8b1cce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:50:51:e4:30:b2:36:3c:24:03:be:46:17:25:
                    40:40:ca:b7:54:15:3d:15:d1:0d:06:eb:aa:af:e7:
                    93:6a:e6:9d:1f:15:a6:b0:2e:a2:b3:d0:34:ac:ce:
                    85:3a:40:81:c3:c9:fa:0c:84:e4:f2:ec:41:5e:24:
                    34:3e:f6:66:9b:78:ac:f9:18:74:f8:db:67:90:4f:
                    e6:56:81:14:5e:1f:4e:4d:ec:7a:bf:13:10:10:02:
                    b0:a0:99:27:a9:6c:6b:11:44:4a:83:11:0f:cd:5c:
                    1f:28:fa:a5:9c:e2:c8:a4:00:63:57:18:8a:af:7a:
                    67:fc:b3:6a:37:66:ef:40:96:16:f5:9b:f1:b7:33:
                    3a:50:06:5b:f8:dd:c3:f8:d0:95:ed:4a:1a:50:49:
                    6e:97:c6:80:72:de:a6:77:9f:71:9f:e7:ef:ae:84:
                    da:4b:ff:20:f0:b5:47:d4:88:aa:f8:4d:cb:8b:1a:
                    8a:56:61:2c:03:ab:eb:64:a7:e9:78:ea:0d:13:74:
                    a4:06:ad:a7:24:f2:f5:13:c3:b3:96:98:b1:83:ff:
                    f3:6e:46:7f:27:00:d3:ef:b0:67:40:4b:22:04:91:
                    8b:30:e2:21:64:dd:98:98:7b:73:35:bb:a5:1d:71:
                    6e:fa:29:44:da:f4:11:f7:9f:85:d1:8e:fb:1c:58:
                    41:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:1B:8F:5F:B3:91:A6:93:88:CF:AB:2E:B3:B5:F5:29:AD:8B:1C:CE
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/FxuPX7ORppOIz6sus7X1Ka2LHM4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.243.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:46:ca:ce:c8:01:8c:5b:f9:b6:68:24:a2:8e:6d:5d:42:f2:
         84:b5:98:66:ae:f5:c2:0f:20:a0:ff:f1:02:a0:e9:01:30:12:
         5b:41:b3:cb:5f:94:31:9e:8e:40:59:33:de:86:82:2f:f2:c0:
         ba:3d:1b:1c:f1:7e:29:f3:4e:42:b3:c9:ba:35:d0:f6:a1:69:
         cc:43:aa:29:d3:08:e2:a1:04:08:6b:50:c5:4a:c9:da:80:19:
         b9:00:b4:52:91:c1:e7:9c:e0:ba:fd:9d:9d:15:2f:40:6f:15:
         ae:cf:6a:a7:c7:23:60:48:98:53:c4:cc:0e:6e:ac:bc:70:8e:
         2a:a5:f2:e2:3f:f7:db:97:83:01:5f:f8:52:60:65:c2:88:45:
         52:d3:6d:96:9d:3e:dd:fd:24:e8:47:d0:44:3a:1d:ee:37:dc:
         90:c9:10:97:92:39:c5:91:ae:11:20:47:d1:1f:51:4e:54:8e:
         09:ef:86:17:51:97:85:b5:26:6a:0e:2a:d1:43:6b:ad:80:a7:
         db:d4:d0:42:68:39:00:59:e4:f0:08:05:dd:11:3e:a8:44:ff:
         65:ae:d0:e7:88:43:cd:ec:45:4a:c8:c3:25:b5:2b:b4:b9:c5:
         3b:aa:22:13:c9:39:1f:9d:13:f0:e6:5f:af:17:4d:62:99:18:
         b6:15:6e:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8Ewgxc7uEafbujqyWiSZoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjYwMTAyMDAxOTQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzFiOGY1ZmIzOTFhNjkzODhjZmFiMmViM2I1ZjUyOWFkOGIxY2NlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2FBR5DCyNjwkA75GFyVAQMq3VBU9
FdENBuuqr+eTauadHxWmsC6is9A0rM6FOkCBw8n6DITk8uxBXiQ0PvZmm3is+Rh0
+NtnkE/mVoEUXh9OTex6vxMQEAKwoJknqWxrEURKgxEPzVwfKPqlnOLIpABjVxiK
r3pn/LNqN2bvQJYW9ZvxtzM6UAZb+N3D+NCV7UoaUElul8aAct6md59xn+fvroTa
S/8g8LVH1Iiq+E3LixqKVmEsA6vrZKfpeOoNE3SkBq2nJPL1E8Ozlpixg//zbkZ/
JwDT77BnQEsiBJGLMOIhZN2YmHtzNbulHXFu+ilE2vQR95+F0Y77HFhBkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBcbj1+zkaaTiM+rLrO19SmtixzOMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvRnh1UFg3T1JwcE9JejZzdXM3WDFLYTJMSE00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1POBMA0G
CSqGSIb3DQEBCwUAA4IBAQC8RsrOyAGMW/m2aCSijm1dQvKEtZhmrvXCDyCg//EC
oOkBMBJbQbPLX5Qxno5AWTPehoIv8sC6PRsc8X4p805Cs8m6NdD2oWnMQ6op0wji
oQQIa1DFSsnagBm5ALRSkcHnnOC6/Z2dFS9AbxWuz2qnxyNgSJhTxMwObqy8cI4q
pfLiP/fbl4MBX/hSYGXCiEVS022WnT7d/SToR9BEOh3uN9yQyRCXkjnFka4RIEfR
H1FOVI4J74YXUZeFtSZqDirRQ2utgKfb1NBCaDkAWeTwCAXdET6oRP9lrtDniEPN
7EVKyMMltSu0ucU7qiITyTkfnRPw5l+vF01imRi2FW63
-----END CERTIFICATE-----