This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/SnOKGw0nptLHAZFrTKooq1F6qbg.roa
File:                     SnOKGw0nptLHAZFrTKooq1F6qbg.roa (raw, json)
Hash identifier:          FBxvVsJwAoWPoNCciGoRN36HxI3NjSXsokWPlQeHLYs=
Subject key identifier:   4A:73:8A:1B:0D:27:A6:D2:C7:01:91:6B:4C:AA:28:AB:51:7A:A9:B8
Certificate issuer:       /CN=17067977efd14bc89fb0daba03bb0f600fbb0184
Certificate serial:       019B79ED0E60AFF80197DBB52895A8CB954D
Authority key identifier: 17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/SnOKGw0nptLHAZFrTKooq1F6qbg.roa
Signing time:             Thu 01 Jan 2026 14:18:57 +0000
ROA not before:           Thu 01 Jan 2026 14:18:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205886
IP address blocks:        86.110.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 10:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:0e:60:af:f8:01:97:db:b5:28:95:a8:cb:95:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17067977efd14bc89fb0daba03bb0f600fbb0184
        Validity
            Not Before: Jan  1 14:18:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4a738a1b0d27a6d2c701916b4caa28ab517aa9b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:77:c5:59:04:c3:d9:f3:15:fb:da:3a:0c:f3:
                    bb:30:09:7d:a0:e6:5f:2b:b2:3e:37:91:8d:ec:79:
                    64:0f:50:40:30:18:22:48:67:12:21:18:bc:69:1a:
                    37:01:82:0e:dd:89:0e:d9:a0:a8:29:6b:13:f8:c3:
                    8d:21:2f:b9:82:9c:bf:15:c4:d8:d8:a1:80:f9:de:
                    4a:1a:82:ca:b0:55:0d:4f:7b:79:eb:af:f6:9d:1e:
                    66:5d:3f:a2:8c:32:33:3e:db:ad:fc:c1:ca:67:17:
                    b1:93:3c:aa:a0:36:04:d2:1e:9f:84:7a:d5:7d:d0:
                    a4:82:35:5c:85:b9:90:c2:0f:f2:35:f6:e6:e2:a0:
                    a3:c9:74:f9:02:bd:ab:53:98:f2:2f:67:2d:d9:62:
                    5c:4a:ee:3e:9f:f8:c4:d8:16:aa:d2:6f:4a:05:8d:
                    27:f2:31:75:9c:41:e6:ea:94:1f:10:ab:10:7b:d6:
                    db:d9:b8:e2:0c:57:fb:04:76:e1:44:5e:51:63:2c:
                    a6:03:e4:1e:e2:28:0d:b5:c8:13:07:c6:c0:c5:d5:
                    d5:09:24:ab:9c:83:89:d7:8f:88:84:b1:c6:a4:a8:
                    3c:55:88:bd:95:18:57:f0:b8:b4:ec:02:41:60:a4:
                    5c:c3:33:86:96:9f:5d:9f:04:da:37:3f:d1:57:65:
                    25:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:73:8A:1B:0D:27:A6:D2:C7:01:91:6B:4C:AA:28:AB:51:7A:A9:B8
            X509v3 Authority Key Identifier:
                keyid:17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/SnOKGw0nptLHAZFrTKooq1F6qbg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.110.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:28:e8:82:2b:2c:f4:2e:25:d8:50:61:4e:68:ee:c7:c0:99:
         12:e2:41:0d:ce:e3:41:8b:34:a8:5c:b1:ec:36:89:77:39:33:
         8a:e1:5e:ce:89:12:d1:97:17:3b:35:f7:d2:2d:e6:a5:ff:42:
         59:d8:62:6d:3a:e7:30:b0:b3:2b:a6:52:10:eb:a3:36:c9:8d:
         5f:a0:e8:e8:0c:b4:eb:85:d7:c8:f9:80:e3:5b:db:81:f4:ef:
         be:e6:62:1f:85:29:a6:96:0c:18:8b:bd:ec:fa:95:fe:d2:74:
         dd:38:b2:f7:d9:4c:c2:35:42:cc:eb:43:9d:1b:01:5a:db:48:
         74:d2:4b:c3:88:b6:15:1f:d7:cc:ec:f1:16:52:55:85:10:5b:
         06:24:35:d7:dc:b4:1e:35:35:8b:06:82:c0:56:31:9a:9a:ed:
         53:92:e8:2f:e5:9c:38:ab:86:f9:21:a3:2d:00:31:55:0d:59:
         c9:68:5f:81:7b:a5:61:fe:5d:f3:99:89:af:11:26:43:b7:27:
         f8:5b:6a:eb:67:af:73:04:c9:64:d4:c4:0e:a3:73:54:4f:c0:
         40:0c:69:ca:e3:4f:42:19:b9:01:d6:8f:4d:30:42:42:23:96:
         8e:c2:95:7c:0e:46:03:b1:0a:36:70:80:41:c5:93:4a:51:22:
         1e:eb:13:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57Q5gr/gBl9u1KJWoy5VNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MDY3OTc3ZWZkMTRiYzg5ZmIwZGFiYTAzYmIwZjYwMGZi
YjAxODQwHhcNMjYwMTAxMTQxODU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTczOGExYjBkMjdhNmQyYzcwMTkxNmI0Y2FhMjhhYjUxN2FhOWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3fFWQTD2fMV+9o6DPO7MAl9oOZf
K7I+N5GN7HlkD1BAMBgiSGcSIRi8aRo3AYIO3YkO2aCoKWsT+MONIS+5gpy/FcTY
2KGA+d5KGoLKsFUNT3t566/2nR5mXT+ijDIzPtut/MHKZxexkzyqoDYE0h6fhHrV
fdCkgjVchbmQwg/yNfbm4qCjyXT5Ar2rU5jyL2ct2WJcSu4+n/jE2Baq0m9KBY0n
8jF1nEHm6pQfEKsQe9bb2bjiDFf7BHbhRF5RYyymA+Qe4igNtcgTB8bAxdXVCSSr
nIOJ14+IhLHGpKg8VYi9lRhX8Li07AJBYKRcwzOGlp9dnwTaNz/RV2Ul+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEpzihsNJ6bSxwGRa0yqKKtReqm4MB8GA1UdIwQY
MBaAFBcGeXfv0UvIn7DaugO7D2APuwGEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUt
ZDFhNzc3MmRiMDc2LzEvU25PS0d3MG5wdExIQVpGclRLb29xMUY2cWJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUtZDFhNzc3MmRiMDc2
LzEvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVm4/MA0G
CSqGSIb3DQEBCwUAA4IBAQBTKOiCKyz0LiXYUGFOaO7HwJkS4kENzuNBizSoXLHs
Nol3OTOK4V7OiRLRlxc7NffSLeal/0JZ2GJtOucwsLMrplIQ66M2yY1foOjoDLTr
hdfI+YDjW9uB9O++5mIfhSmmlgwYi73s+pX+0nTdOLL32UzCNULM60OdGwFa20h0
0kvDiLYVH9fM7PEWUlWFEFsGJDXX3LQeNTWLBoLAVjGamu1Tkugv5Zw4q4b5IaMt
ADFVDVnJaF+Be6Vh/l3zmYmvESZDtyf4W2rrZ69zBMlk1MQOo3NUT8BADGnK409C
GbkB1o9NMEJCI5aOwpV8DkYDsQo2cIBBxZNKUSIe6xOT
-----END CERTIFICATE-----