This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/fUNqCWuIckYGiVfEbuqCIkLI6d4.roa
File:                     fUNqCWuIckYGiVfEbuqCIkLI6d4.roa (raw, json)
Hash identifier:          2XlV9ynqjk3ChcE4Iw5juKC67TwbxBsySYHKnmHonQo=
Subject key identifier:   7D:43:6A:09:6B:88:72:46:06:89:57:C4:6E:EA:82:22:42:C8:E9:DE
Certificate issuer:       /CN=76a75826e991225a429ff8a1e7ffdc80466420df
Certificate serial:       019B7E37F44BAC92553F94CD1D8D7FEA3766
Authority key identifier: 76:A7:58:26:E9:91:22:5A:42:9F:F8:A1:E7:FF:DC:80:46:64:20:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/fUNqCWuIckYGiVfEbuqCIkLI6d4.roa
Signing time:             Fri 02 Jan 2026 10:19:14 +0000
ROA not before:           Fri 02 Jan 2026 10:19:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13132
IP address blocks:        153.96.251.0/24 maxlen: 24
                          153.96.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 05:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:f4:4b:ac:92:55:3f:94:cd:1d:8d:7f:ea:37:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76a75826e991225a429ff8a1e7ffdc80466420df
        Validity
            Not Before: Jan  2 10:19:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7d436a096b887246068957c46eea822242c8e9de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:0a:2b:05:94:e6:9a:d3:f2:34:2b:1a:e5:38:
                    ac:46:c5:3c:6d:ae:f5:18:b1:30:1c:1e:6b:8d:e2:
                    46:8b:91:12:48:fb:54:51:d9:09:28:0e:8e:b0:63:
                    50:42:44:c3:cf:ae:10:ea:8e:e1:6d:a5:93:1f:31:
                    5e:7d:5f:4b:65:a2:e4:69:1a:6e:15:ee:75:7f:f6:
                    df:ae:37:81:eb:3c:83:83:8f:df:da:9a:f4:af:ab:
                    7e:11:f0:e9:e4:a9:58:08:a4:5a:4d:52:99:fd:1f:
                    86:91:5d:ce:a1:04:8c:77:e9:b4:99:db:d5:dc:9c:
                    31:c8:19:ff:85:de:b8:17:91:6c:6e:7c:0d:97:af:
                    15:35:e2:40:41:87:8b:93:2e:f1:c9:1b:88:04:25:
                    1f:91:c7:90:7a:b5:12:22:b5:58:ad:7b:9f:51:4a:
                    33:0d:f2:a2:7a:70:26:e7:ba:82:93:c1:2c:5e:a4:
                    d7:91:81:7a:2f:72:c0:fc:49:2c:d1:93:df:e1:8e:
                    0c:92:fc:cf:bc:35:e1:bc:51:ab:b3:70:c7:8c:c3:
                    61:50:e4:b4:e7:10:95:b0:fb:e7:a9:50:2a:d2:8e:
                    b9:05:7f:5f:a7:09:45:11:c3:03:6d:93:84:17:34:
                    b4:d7:16:05:37:28:78:56:e2:f8:ad:71:f8:51:7a:
                    a2:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:43:6A:09:6B:88:72:46:06:89:57:C4:6E:EA:82:22:42:C8:E9:DE
            X509v3 Authority Key Identifier:
                keyid:76:A7:58:26:E9:91:22:5A:42:9F:F8:A1:E7:FF:DC:80:46:64:20:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/fUNqCWuIckYGiVfEbuqCIkLI6d4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.96.251.0-153.96.252.255

    Signature Algorithm: sha256WithRSAEncryption
         4e:6b:4f:28:4a:f2:5a:5c:ff:e1:a6:15:ce:76:0d:53:b4:77:
         d5:e7:90:08:f2:5e:d2:6e:f3:91:0c:6e:f3:ba:23:46:c4:3f:
         21:95:0b:e6:55:90:3e:ac:13:90:55:ce:db:8f:84:7e:d0:5d:
         7b:e7:ee:68:7a:0c:9a:51:d2:73:41:8b:dc:cf:c7:fd:35:b5:
         6f:f9:37:84:83:02:33:01:70:8c:30:71:ca:fb:de:5b:a1:08:
         b3:4e:27:e1:11:62:36:5e:0c:3a:12:df:52:2d:09:fb:75:bd:
         ea:7a:cb:b6:20:94:59:62:16:3c:a9:d2:1d:c5:6d:ff:51:ae:
         45:f0:98:a8:26:02:f4:1b:9b:f0:79:4d:7b:24:f8:9e:17:3c:
         89:70:8e:74:81:ee:d8:d7:fa:5f:db:b0:fe:a5:d1:56:54:e7:
         95:8b:7f:40:ef:bd:77:c3:6b:d3:5b:8d:1d:a8:be:d2:08:5e:
         26:33:7d:db:57:bd:2d:a2:fb:81:74:b6:7f:8e:aa:ac:73:d1:
         5f:24:f1:75:e7:a4:6a:00:64:ae:42:43:15:7b:d8:d3:8d:64:
         82:c1:62:55:e8:f1:31:31:5b:e6:e1:e2:e2:22:20:74:15:53:
         dd:26:c5:94:4f:c6:b5:5e:b7:a1:c9:21:da:8b:c9:a1:30:8e:
         9d:0e:58:0c
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZt+N/RLrJJVP5TNHY1/6jdmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2YTc1ODI2ZTk5MTIyNWE0MjlmZjhhMWU3ZmZkYzgwNDY2
NDIwZGYwHhcNMjYwMTAyMTAxOTE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDQzNmEwOTZiODg3MjQ2MDY4OTU3YzQ2ZWVhODIyMjQyYzhlOWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3worBZTmmtPyNCsa5TisRsU8ba71
GLEwHB5rjeJGi5ESSPtUUdkJKA6OsGNQQkTDz64Q6o7hbaWTHzFefV9LZaLkaRpu
Fe51f/bfrjeB6zyDg4/f2pr0r6t+EfDp5KlYCKRaTVKZ/R+GkV3OoQSMd+m0mdvV
3JwxyBn/hd64F5FsbnwNl68VNeJAQYeLky7xyRuIBCUfkceQerUSIrVYrXufUUoz
DfKienAm57qCk8EsXqTXkYF6L3LA/Eks0ZPf4Y4MkvzPvDXhvFGrs3DHjMNhUOS0
5xCVsPvnqVAq0o65BX9fpwlFEcMDbZOEFzS01xYFNyh4VuL4rXH4UXqiTwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFH1DaglriHJGBolXxG7qgiJCyOneMB8GA1UdIwQY
MBaAFHanWCbpkSJaQp/4oef/3IBGZCDfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHFkWUp1bVJJbHBDbl9paDVfX2NnRVprSU44LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS8xZDMzY2EtOGQxYy00OWMwLWJlOTct
YWQ4ZmJlYWE4ZGQ5LzEvZlVOcUNXdUlja1lHaVZmRWJ1cUNJa0xJNmQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS8xZDMzY2EtOGQxYy00OWMwLWJlOTctYWQ4ZmJlYWE4ZGQ5
LzEvZHFkWUp1bVJJbHBDbl9paDVfX2NnRVprSU44LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBACZYPsD
BACZYPwwDQYJKoZIhvcNAQELBQADggEBAE5rTyhK8lpc/+GmFc52DVO0d9XnkAjy
XtJu85EMbvO6I0bEPyGVC+ZVkD6sE5BVztuPhH7QXXvn7mh6DJpR0nNBi9zPx/01
tW/5N4SDAjMBcIwwccr73luhCLNOJ+ERYjZeDDoS31ItCft1vep6y7YglFliFjyp
0h3Fbf9RrkXwmKgmAvQbm/B5TXsk+J4XPIlwjnSB7tjX+l/bsP6l0VZU55WLf0Dv
vXfDa9NbjR2ovtIIXiYzfdtXvS2i+4F0tn+Oqqxz0V8k8XXnpGoAZK5CQxV72NON
ZILBYlXo8TExW+bh4uIiIHQVU90mxZRPxrVet6HJIdqLyaEwjp0OWAw=
-----END CERTIFICATE-----