This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/emRrp9WNoGwNWTE42KjaGBodz9Q.roa
File:                     emRrp9WNoGwNWTE42KjaGBodz9Q.roa (raw, json)
Hash identifier:          /m0KM5Ha3jFihjS9wP96Kp6B9UK3CcGPoMjG9EV+eYY=
Subject key identifier:   7A:64:6B:A7:D5:8D:A0:6C:0D:59:31:38:D8:A8:DA:18:1A:1D:CF:D4
Certificate issuer:       /CN=54cbda78b1d1b613df565ff99700b6aee940de3f
Certificate serial:       019B797F4810132AF1949301EC08561B3A0A
Authority key identifier: 54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/emRrp9WNoGwNWTE42KjaGBodz9Q.roa
Signing time:             Thu 01 Jan 2026 12:19:03 +0000
ROA not before:           Thu 01 Jan 2026 12:19:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200456
IP address blocks:        213.238.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7f:48:10:13:2a:f1:94:93:01:ec:08:56:1b:3a:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54cbda78b1d1b613df565ff99700b6aee940de3f
        Validity
            Not Before: Jan  1 12:19:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7a646ba7d58da06c0d593138d8a8da181a1dcfd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:c6:a3:6b:36:a7:3f:1a:0f:a6:e6:c6:f8:31:
                    da:63:83:a4:04:27:a7:44:00:f1:ae:70:62:f7:e0:
                    49:74:e5:33:da:92:a7:bf:e9:14:b8:55:2d:f7:61:
                    f5:4d:49:57:ae:ae:e6:c0:df:77:1f:a3:ff:dd:16:
                    83:21:d6:3c:af:25:a5:64:f5:c7:ed:03:79:cf:8c:
                    ce:5f:19:a2:7f:1b:e4:c2:19:90:58:ef:4f:58:3c:
                    80:fa:4b:57:bf:a4:21:89:a6:d7:57:12:23:b2:b4:
                    1b:21:ba:c6:75:ed:57:1a:e6:8e:0e:21:27:ab:d8:
                    ef:70:45:d4:45:85:36:64:4f:b7:13:f2:74:af:f6:
                    14:40:dc:5d:d0:83:25:62:ff:ce:30:e7:4c:cc:7e:
                    0d:6f:db:9f:05:e0:35:4b:57:47:34:f0:6c:86:0a:
                    3f:46:6f:3b:1a:72:8e:e3:9a:b6:64:50:8d:4a:88:
                    6f:e9:a3:56:5e:32:70:f8:d3:66:a7:43:ef:2a:11:
                    94:9b:4f:0f:c0:d0:e5:37:62:ad:43:77:40:5a:3a:
                    6f:77:1f:ba:6b:2b:63:b8:26:ba:bb:bf:81:a9:7d:
                    54:53:79:f2:66:c3:fe:0d:71:b4:e9:08:9f:75:40:
                    0b:f8:cc:3f:b7:04:f4:a6:87:24:ad:60:fe:02:bc:
                    76:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:64:6B:A7:D5:8D:A0:6C:0D:59:31:38:D8:A8:DA:18:1A:1D:CF:D4
            X509v3 Authority Key Identifier:
                keyid:54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/emRrp9WNoGwNWTE42KjaGBodz9Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.238.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:26:b1:9c:ae:e2:c4:83:db:e7:95:33:86:c2:1f:40:48:03:
         49:f0:d6:68:24:ef:ac:c9:99:cf:c9:a3:7c:46:75:25:12:65:
         40:df:21:4a:b1:7d:80:6d:86:ea:c2:bf:18:fa:7d:c8:99:8d:
         06:2c:74:e7:49:8f:24:57:f0:ed:ff:8e:e0:0c:59:65:ba:a6:
         74:9e:43:fb:ef:39:c2:20:96:6b:cd:15:1d:d3:c2:e6:bf:70:
         c8:95:47:a7:f9:9d:c7:d0:c7:c6:fb:9c:77:81:83:4b:79:8d:
         78:c7:0e:c8:b9:13:b1:96:a1:a6:68:da:a3:61:96:37:05:46:
         7e:f8:02:c3:ed:ec:fe:c5:91:1e:c9:20:61:5f:b7:7d:6a:84:
         64:43:1e:2a:c5:88:c3:3c:4b:3d:eb:b6:1c:66:a9:87:2b:2b:
         6c:86:c0:38:29:28:ae:2a:3d:90:c0:38:c2:ff:5d:48:41:e1:
         59:72:a3:30:b5:62:b5:1f:dc:cf:c2:22:6f:96:41:83:b2:53:
         3c:f0:32:85:63:0e:cd:cc:84:b9:ae:35:52:ca:a5:6f:95:9e:
         e8:f6:81:31:c4:8f:27:5d:61:d3:da:d7:18:be:00:dd:8a:0f:
         a7:d4:a2:f4:2e:58:14:f9:3b:de:93:10:83:10:3b:3f:f9:ff:
         60:6c:d0:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5f0gQEyrxlJMB7AhWGzoKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Y2JkYTc4YjFkMWI2MTNkZjU2NWZmOTk3MDBiNmFlZTk0
MGRlM2YwHhcNMjYwMTAxMTIxOTAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTY0NmJhN2Q1OGRhMDZjMGQ1OTMxMzhkOGE4ZGExODFhMWRjZmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApcajazanPxoPpubG+DHaY4OkBCen
RADxrnBi9+BJdOUz2pKnv+kUuFUt92H1TUlXrq7mwN93H6P/3RaDIdY8ryWlZPXH
7QN5z4zOXxmifxvkwhmQWO9PWDyA+ktXv6QhiabXVxIjsrQbIbrGde1XGuaODiEn
q9jvcEXURYU2ZE+3E/J0r/YUQNxd0IMlYv/OMOdMzH4Nb9ufBeA1S1dHNPBshgo/
Rm87GnKO45q2ZFCNSohv6aNWXjJw+NNmp0PvKhGUm08PwNDlN2KtQ3dAWjpvdx+6
aytjuCa6u7+BqX1UU3nyZsP+DXG06QifdUAL+Mw/twT0pockrWD+Arx2PQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHpka6fVjaBsDVkxONio2hgaHc/UMB8GA1UdIwQY
MBaAFFTL2nix0bYT31Zf+ZcAtq7pQN4/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYt
Y2QzMTYxNWQwMWE5LzEvZW1ScnA5V05vR3dOV1RFNDJLamFHQm9kejlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYtY2QzMTYxNWQwMWE5
LzEvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1e6rMA0G
CSqGSIb3DQEBCwUAA4IBAQADJrGcruLEg9vnlTOGwh9ASANJ8NZoJO+syZnPyaN8
RnUlEmVA3yFKsX2AbYbqwr8Y+n3ImY0GLHTnSY8kV/Dt/47gDFlluqZ0nkP77znC
IJZrzRUd08Lmv3DIlUen+Z3H0MfG+5x3gYNLeY14xw7IuROxlqGmaNqjYZY3BUZ+
+ALD7ez+xZEeySBhX7d9aoRkQx4qxYjDPEs967YcZqmHKytshsA4KSiuKj2QwDjC
/11IQeFZcqMwtWK1H9zPwiJvlkGDslM88DKFYw7NzIS5rjVSyqVvlZ7o9oExxI8n
XWHT2tcYvgDdig+n1KL0LlgU+TvekxCDEDs/+f9gbNBx
-----END CERTIFICATE-----