This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/d9a010-d5f7-4661-8d32-dd06111f3f96/1/F_pPHJDcrHyVOVWzvhakia7DJiQ.roa
File:                     F_pPHJDcrHyVOVWzvhakia7DJiQ.roa (raw, json)
Hash identifier:          tFJBSOLCH7tZWWFthieckptanNdtDSMnw7UCYwe6+Kk=
Subject key identifier:   17:FA:4F:1C:90:DC:AC:7C:95:39:55:B3:BE:16:A4:89:AE:C3:26:24
Certificate issuer:       /CN=f521e174f84f7165961d41b68ea7262e28337d69
Certificate serial:       019B7EA6AD0059302AC9886E490F6F3506E6
Authority key identifier: F5:21:E1:74:F8:4F:71:65:96:1D:41:B6:8E:A7:26:2E:28:33:7D:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9SHhdPhPcWWWHUG2jqcmLigzfWk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/d9a010-d5f7-4661-8d32-dd06111f3f96/1/F_pPHJDcrHyVOVWzvhakia7DJiQ.roa
Signing time:             Fri 02 Jan 2026 12:20:11 +0000
ROA not before:           Fri 02 Jan 2026 12:20:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        185.246.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/d9a010-d5f7-4661-8d32-dd06111f3f96/1/9SHhdPhPcWWWHUG2jqcmLigzfWk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/d9a010-d5f7-4661-8d32-dd06111f3f96/1/9SHhdPhPcWWWHUG2jqcmLigzfWk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9SHhdPhPcWWWHUG2jqcmLigzfWk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 Jan 2026 13:16:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:ad:00:59:30:2a:c9:88:6e:49:0f:6f:35:06:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f521e174f84f7165961d41b68ea7262e28337d69
        Validity
            Not Before: Jan  2 12:20:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=17fa4f1c90dcac7c953955b3be16a489aec32624
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:69:b5:89:14:ce:18:a7:fa:00:94:d7:cc:42:
                    c1:7a:05:0d:aa:3c:24:84:20:bd:5c:e9:f1:d2:43:
                    e9:bd:63:1b:fc:fa:cc:ff:73:c8:22:cf:47:47:4d:
                    33:be:5a:a9:e0:eb:6f:95:26:89:8c:60:f1:e0:94:
                    e4:73:6f:a7:2d:d8:65:c8:0c:a5:c5:a7:51:48:42:
                    c7:7b:be:64:09:78:09:40:60:71:33:3d:cf:24:ff:
                    74:53:49:c1:d3:5e:f5:cd:02:6d:02:c0:d0:a4:65:
                    1a:b4:59:b0:df:78:8d:b6:47:0f:9e:67:86:20:78:
                    88:f4:86:69:07:6f:e2:54:d0:cc:8d:cc:60:26:79:
                    8b:89:ea:56:dc:00:8e:af:7b:1d:40:d8:84:7f:5d:
                    36:e4:c1:10:47:95:2f:f4:39:e9:d8:e1:0f:db:44:
                    56:a4:d2:bf:d6:b5:4a:75:ce:49:b4:98:e8:af:ef:
                    9a:b5:4f:c5:29:93:f9:a1:03:18:4f:91:3e:fc:c3:
                    48:ce:45:f4:c4:9c:19:35:58:3d:29:b9:6c:90:e1:
                    44:82:11:15:ec:56:c4:a9:75:9e:11:3c:c8:eb:e3:
                    7b:a5:f8:ba:07:07:60:cb:7a:77:ad:3a:37:d7:07:
                    a9:a5:20:14:7c:1d:00:43:7b:66:1a:67:87:b5:5f:
                    d4:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:FA:4F:1C:90:DC:AC:7C:95:39:55:B3:BE:16:A4:89:AE:C3:26:24
            X509v3 Authority Key Identifier:
                keyid:F5:21:E1:74:F8:4F:71:65:96:1D:41:B6:8E:A7:26:2E:28:33:7D:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9SHhdPhPcWWWHUG2jqcmLigzfWk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/d9a010-d5f7-4661-8d32-dd06111f3f96/1/F_pPHJDcrHyVOVWzvhakia7DJiQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/d9a010-d5f7-4661-8d32-dd06111f3f96/1/9SHhdPhPcWWWHUG2jqcmLigzfWk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.246.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:9a:88:28:16:a7:f6:c7:0d:3e:29:c9:f4:ff:73:8e:45:0f:
         ad:8b:45:f2:84:29:ae:9d:de:e0:b9:40:57:57:f2:d0:29:d9:
         9e:28:40:ef:3f:fc:d3:66:f2:74:51:31:84:cb:f0:59:8a:eb:
         02:ef:a6:b8:24:be:4a:c6:78:89:e9:83:4b:14:08:48:94:16:
         0f:85:5c:b9:b3:bb:38:3c:ce:13:85:a0:0f:3c:34:c6:3f:ca:
         75:c1:a8:61:c7:a0:4f:f4:72:0e:47:63:07:94:9a:7f:94:d8:
         70:c4:8f:4f:7a:43:1a:38:13:f7:92:e1:d2:35:60:71:db:cb:
         8f:0e:9f:01:ce:39:e3:29:aa:fa:99:f2:82:13:46:4c:68:dd:
         15:fc:8c:b6:ad:47:33:8e:ed:24:a4:13:5c:00:39:da:73:75:
         d8:df:68:cb:0d:0e:ef:8b:4d:ba:47:13:38:1a:ed:30:d4:42:
         aa:d9:4b:ec:38:d6:46:b6:0c:36:5a:9d:48:87:d4:ef:26:8e:
         73:f0:c0:93:ce:1a:5a:74:0c:1a:d4:a6:76:e2:f6:6a:ab:4a:
         d0:e3:77:4e:51:cf:86:bb:cd:98:25:98:2a:2c:b1:d0:ba:32:
         33:33:44:30:54:97:56:53:19:70:22:40:8a:58:38:f9:a2:4a:
         30:4a:cc:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pq0AWTAqyYhuSQ9vNQbmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1MjFlMTc0Zjg0ZjcxNjU5NjFkNDFiNjhlYTcyNjJlMjgz
MzdkNjkwHhcNMjYwMTAyMTIyMDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2ZhNGYxYzkwZGNhYzdjOTUzOTU1YjNiZTE2YTQ4OWFlYzMyNjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtWm1iRTOGKf6AJTXzELBegUNqjwk
hCC9XOnx0kPpvWMb/PrM/3PIIs9HR00zvlqp4OtvlSaJjGDx4JTkc2+nLdhlyAyl
xadRSELHe75kCXgJQGBxMz3PJP90U0nB0171zQJtAsDQpGUatFmw33iNtkcPnmeG
IHiI9IZpB2/iVNDMjcxgJnmLiepW3ACOr3sdQNiEf1025MEQR5Uv9Dnp2OEP20RW
pNK/1rVKdc5JtJjor++atU/FKZP5oQMYT5E+/MNIzkX0xJwZNVg9KblskOFEghEV
7FbEqXWeETzI6+N7pfi6Bwdgy3p3rTo31weppSAUfB0AQ3tmGmeHtV/UCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBf6TxyQ3Kx8lTlVs74WpImuwyYkMB8GA1UdIwQY
MBaAFPUh4XT4T3Fllh1Bto6nJi4oM31pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVNIaGRQaFBjV1dXSFVHMmpxY21MaWd6ZldrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9kOWEwMTAtZDVmNy00NjYxLThkMzIt
ZGQwNjExMWYzZjk2LzEvRl9wUEhKRGNySHlWT1ZXenZoYWtpYTdESmlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9kOWEwMTAtZDVmNy00NjYxLThkMzItZGQwNjExMWYzZjk2
LzEvOVNIaGRQaFBjV1dXSFVHMmpxY21MaWd6ZldrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufYrMA0G
CSqGSIb3DQEBCwUAA4IBAQB3mogoFqf2xw0+Kcn0/3OORQ+ti0XyhCmund7guUBX
V/LQKdmeKEDvP/zTZvJ0UTGEy/BZiusC76a4JL5KxniJ6YNLFAhIlBYPhVy5s7s4
PM4ThaAPPDTGP8p1wahhx6BP9HIOR2MHlJp/lNhwxI9PekMaOBP3kuHSNWBx28uP
Dp8BzjnjKar6mfKCE0ZMaN0V/Iy2rUczju0kpBNcADnac3XY32jLDQ7vi026RxM4
Gu0w1EKq2UvsONZGtgw2Wp1Ih9TvJo5z8MCTzhpadAwa1KZ24vZqq0rQ43dOUc+G
u82YJZgqLLHQujIzM0QwVJdWUxlwIkCKWDj5okowSsxZ
-----END CERTIFICATE-----