This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/C1AzsxfZZije54_LxyKLs279IMQ.roa
File:                     C1AzsxfZZije54_LxyKLs279IMQ.roa (raw, json)
Hash identifier:          3ti2hBQZ0ElX9Vdi5PPmknYF0BgCbrI4XYeU4jiyd3Y=
Subject key identifier:   0B:50:33:B3:17:D9:66:28:DE:E7:8F:CB:C7:22:8B:B3:6E:FD:20:C4
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       019B791146E15D5F0754EDB18238B1E2F7A1
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/C1AzsxfZZije54_LxyKLs279IMQ.roa
Signing time:             Thu 01 Jan 2026 10:18:53 +0000
ROA not before:           Thu 01 Jan 2026 10:18:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61330
IP address blocks:        216.173.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 02 Jan 2026 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:11:46:e1:5d:5f:07:54:ed:b1:82:38:b1:e2:f7:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Jan  1 10:18:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0b5033b317d96628dee78fcbc7228bb36efd20c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:75:99:33:f1:63:2f:5c:b9:6a:19:c0:fc:eb:
                    dd:85:37:af:cd:d8:32:88:7b:a6:a6:6f:0d:84:63:
                    b9:93:84:bb:79:38:53:2b:55:14:d5:e5:6e:f3:6d:
                    51:94:6b:28:a2:89:ea:1f:72:e7:69:ec:b8:08:46:
                    05:21:4a:b1:f9:f2:a5:b7:ee:b4:44:f3:c8:a6:fd:
                    22:e8:9f:f4:45:5c:9c:80:3d:04:48:9c:4e:8b:a1:
                    8b:ee:23:53:26:36:a2:bc:00:0c:91:fa:72:c9:1c:
                    b7:f2:bc:b3:86:0e:02:f7:c9:33:9d:a6:6f:41:f8:
                    f8:01:2f:d8:9a:1c:b9:9d:aa:56:ae:f5:d9:e5:ed:
                    c0:0e:c7:cd:d4:ff:85:6e:da:bb:2a:86:f5:ed:88:
                    45:8b:cd:c8:09:53:c8:28:d7:d6:cf:ba:57:fb:5c:
                    9b:21:22:75:66:3b:28:65:c2:84:97:05:1b:16:1d:
                    ce:9f:e8:f7:dc:24:3a:17:3a:8c:6b:b0:92:30:73:
                    70:11:2c:94:1f:bd:04:39:b6:62:bd:db:db:9d:b9:
                    4b:a6:ce:a0:07:6e:ac:49:b4:f1:82:b1:a1:92:5d:
                    6c:d2:c4:dc:a6:f0:78:18:e8:d4:c5:75:96:a2:f7:
                    60:2f:c8:8e:3b:33:18:27:b5:66:2d:ad:f6:98:bb:
                    60:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:50:33:B3:17:D9:66:28:DE:E7:8F:CB:C7:22:8B:B3:6E:FD:20:C4
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/C1AzsxfZZije54_LxyKLs279IMQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.173.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:66:3b:d8:7f:92:e8:7c:25:b8:5c:9a:0d:58:ae:13:80:39:
         63:1f:cb:e8:87:d0:7a:cb:3f:ff:e6:3a:06:9f:87:59:39:5a:
         04:1a:2e:26:bf:ea:f0:ed:e3:ba:d8:71:c3:f9:ea:5a:8d:a4:
         08:c8:6b:7f:df:0c:c1:a2:b7:67:ad:7f:d8:0e:a6:9a:72:54:
         c2:e8:9e:01:37:fd:1a:80:73:6d:66:41:59:9e:90:98:8a:39:
         18:7e:53:de:5a:33:9f:55:59:ac:9e:a3:20:77:fe:1e:a2:6e:
         90:98:93:59:f2:5c:a6:53:ab:43:0b:f6:83:ce:d7:87:b2:f4:
         04:d4:d9:6c:b9:18:54:f0:2d:c2:fb:18:d0:4a:62:b6:ce:cf:
         b6:99:9c:f5:c9:a3:57:0a:05:7b:fc:bc:67:1d:7a:76:80:01:
         a3:e2:5b:fa:08:bf:46:27:50:1a:d4:36:2b:87:ba:11:1b:80:
         f9:54:54:27:cf:11:c8:96:d4:8e:05:d1:01:01:d6:0a:0c:f5:
         d4:7a:c2:19:df:af:fa:44:b1:aa:12:0d:6b:ae:3a:15:89:d7:
         43:c7:6f:22:52:dd:ba:60:f6:c0:ab:99:c4:85:f5:bc:9d:42:
         d6:40:e4:2b:1f:e6:9d:ee:29:81:77:6a:25:5d:9e:1d:6e:32:
         7e:43:75:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EUbhXV8HVO2xgjix4vehMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjYwMTAxMTAxODUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjUwMzNiMzE3ZDk2NjI4ZGVlNzhmY2JjNzIyOGJiMzZlZmQyMGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlXWZM/FjL1y5ahnA/OvdhTevzdgy
iHumpm8NhGO5k4S7eThTK1UU1eVu821RlGsooonqH3Lnaey4CEYFIUqx+fKlt+60
RPPIpv0i6J/0RVycgD0ESJxOi6GL7iNTJjaivAAMkfpyyRy38ryzhg4C98kznaZv
Qfj4AS/Ymhy5napWrvXZ5e3ADsfN1P+Fbtq7Kob17YhFi83ICVPIKNfWz7pX+1yb
ISJ1ZjsoZcKElwUbFh3On+j33CQ6FzqMa7CSMHNwESyUH70EObZivdvbnblLps6g
B26sSbTxgrGhkl1s0sTcpvB4GOjUxXWWovdgL8iOOzMYJ7VmLa32mLtg0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAtQM7MX2WYo3uePy8cii7Nu/SDEMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvQzFBenN4ZlpaaWplNTRfTHh5S0xzMjc5SU1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2K15MA0G
CSqGSIb3DQEBCwUAA4IBAQBwZjvYf5LofCW4XJoNWK4TgDljH8voh9B6yz//5joG
n4dZOVoEGi4mv+rw7eO62HHD+epajaQIyGt/3wzBordnrX/YDqaaclTC6J4BN/0a
gHNtZkFZnpCYijkYflPeWjOfVVmsnqMgd/4eom6QmJNZ8lymU6tDC/aDzteHsvQE
1NlsuRhU8C3C+xjQSmK2zs+2mZz1yaNXCgV7/LxnHXp2gAGj4lv6CL9GJ1Aa1DYr
h7oRG4D5VFQnzxHIltSOBdEBAdYKDPXUesIZ36/6RLGqEg1rrjoViddDx28iUt26
YPbAq5nEhfW8nULWQOQrH+ad7imBd2olXZ4dbjJ+Q3X+
-----END CERTIFICATE-----