This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/23Ksdmesqt4r9pFq88Ry7wURSYs.roa
File:                     23Ksdmesqt4r9pFq88Ry7wURSYs.roa (raw, json)
Hash identifier:          1pkthufb3IANOLwI1vTEitNpAdzGfEhU2OEKG5L6yPI=
Subject key identifier:   DB:72:AC:76:67:AC:AA:DE:2B:F6:91:6A:F3:C4:72:EF:05:11:49:8B
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       019B7F1377D7A698F439E672FE52241B8FA0
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/23Ksdmesqt4r9pFq88Ry7wURSYs.roa
Signing time:             Fri 02 Jan 2026 14:19:00 +0000
ROA not before:           Fri 02 Jan 2026 14:19:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     136744
IP address blocks:        213.209.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 23:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:13:77:d7:a6:98:f4:39:e6:72:fe:52:24:1b:8f:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Jan  2 14:19:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=db72ac7667acaade2bf6916af3c472ef0511498b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:d8:1a:01:c3:b3:3d:65:aa:8c:47:39:d7:41:
                    87:df:8d:9a:80:dd:0a:98:86:63:77:94:92:76:84:
                    f4:81:d1:3c:27:24:9c:f4:38:74:48:b9:18:39:53:
                    49:33:5b:20:a2:0c:68:6a:df:54:5c:ae:5e:e3:76:
                    7e:be:99:34:8d:40:a5:53:d5:4f:70:50:18:04:d1:
                    0c:6c:be:fc:13:90:5c:29:92:ac:68:d7:17:b9:aa:
                    46:b8:d6:40:79:57:c1:a8:b3:20:36:07:42:ed:36:
                    af:48:56:aa:f4:36:4d:70:cd:0b:2b:92:aa:5a:38:
                    84:2f:36:9d:22:69:40:9d:d7:c2:b0:cc:30:88:28:
                    4d:19:68:81:a8:17:c7:78:b3:01:84:ab:b0:4b:78:
                    f4:1d:97:94:18:b7:23:d8:bc:c1:8d:df:5a:6c:0d:
                    41:5d:1a:66:3b:98:f4:b2:e1:e9:bf:90:ee:a0:e8:
                    1a:c3:5b:2f:5d:6c:29:66:d2:cd:01:18:fd:a0:6c:
                    96:a7:42:09:0a:48:5f:e4:fe:6d:a2:e3:d7:d4:80:
                    48:f1:99:c9:15:e1:b1:da:f6:49:af:91:dd:dc:ce:
                    4b:cc:51:e4:b0:f2:4b:98:a1:4a:f8:6e:53:f1:20:
                    e1:cf:54:f1:e7:ee:19:18:d0:dc:d5:4e:3d:f7:a2:
                    a9:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:72:AC:76:67:AC:AA:DE:2B:F6:91:6A:F3:C4:72:EF:05:11:49:8B
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/23Ksdmesqt4r9pFq88Ry7wURSYs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.209.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:4f:f8:b2:6b:33:a4:fe:8c:d4:46:a4:fd:58:e1:b0:59:eb:
         f1:3c:a7:4f:79:46:d7:55:57:2c:cc:ab:35:f6:57:c2:cb:29:
         81:70:36:61:17:44:7a:50:f9:d8:d2:fd:7a:cf:0f:20:e7:21:
         52:29:18:78:6f:f8:98:59:e3:7d:a8:4b:32:56:42:b6:51:38:
         c2:a7:39:4a:f8:f4:2e:fc:c1:5c:c1:fd:2c:66:25:7f:df:e8:
         58:b1:39:a0:6c:11:18:e7:88:b2:a3:57:b3:62:e4:c9:fa:02:
         0c:d1:fa:3f:30:af:39:26:af:24:0e:15:89:da:12:e1:c0:03:
         e6:3f:ed:2d:b6:0f:f1:38:4f:56:bd:16:cd:0e:7c:3d:76:1f:
         6e:b6:6b:f1:5b:3c:11:96:e8:87:90:af:07:17:e5:bc:5e:46:
         b0:75:ef:4b:91:10:b3:1f:d2:ef:82:34:7b:cd:f5:6b:56:18:
         9b:41:ea:99:53:6a:c1:e6:57:de:04:4a:ec:46:b9:fe:78:b6:
         80:d8:79:f9:4e:23:4b:b4:a4:c9:33:3d:27:0f:ba:d1:72:44:
         d7:58:1c:49:4f:0b:39:c7:05:1d:79:76:36:7f:01:b6:a4:ae:
         2c:be:30:3f:65:57:d0:2b:14:b3:f5:e3:d1:c4:fa:1d:28:37:
         d9:c6:40:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/E3fXppj0OeZy/lIkG4+gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjYwMTAyMTQxOTAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjcyYWM3NjY3YWNhYWRlMmJmNjkxNmFmM2M0NzJlZjA1MTE0OThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvdgaAcOzPWWqjEc510GH342agN0K
mIZjd5SSdoT0gdE8JySc9Dh0SLkYOVNJM1sgogxoat9UXK5e43Z+vpk0jUClU9VP
cFAYBNEMbL78E5BcKZKsaNcXuapGuNZAeVfBqLMgNgdC7TavSFaq9DZNcM0LK5Kq
WjiELzadImlAndfCsMwwiChNGWiBqBfHeLMBhKuwS3j0HZeUGLcj2LzBjd9abA1B
XRpmO5j0suHpv5DuoOgaw1svXWwpZtLNARj9oGyWp0IJCkhf5P5touPX1IBI8ZnJ
FeGx2vZJr5Hd3M5LzFHksPJLmKFK+G5T8SDhz1Tx5+4ZGNDc1U4996KpCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNtyrHZnrKreK/aRavPEcu8FEUmLMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvMjNLc2RtZXNxdDRyOXBGcTg4Unk3d1VSU1lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1dGXMA0G
CSqGSIb3DQEBCwUAA4IBAQBfT/iyazOk/ozURqT9WOGwWevxPKdPeUbXVVcszKs1
9lfCyymBcDZhF0R6UPnY0v16zw8g5yFSKRh4b/iYWeN9qEsyVkK2UTjCpzlK+PQu
/MFcwf0sZiV/3+hYsTmgbBEY54iyo1ezYuTJ+gIM0fo/MK85Jq8kDhWJ2hLhwAPm
P+0ttg/xOE9WvRbNDnw9dh9utmvxWzwRluiHkK8HF+W8Xkawde9LkRCzH9LvgjR7
zfVrVhibQeqZU2rB5lfeBErsRrn+eLaA2Hn5TiNLtKTJMz0nD7rRckTXWBxJTws5
xwUdeXY2fwG2pK4svjA/ZVfQKxSz9ePRxPodKDfZxkB2
-----END CERTIFICATE-----