This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/ScLbzHkWsWDZK8mTT2Jdm4tWqLA.roa
File:                     ScLbzHkWsWDZK8mTT2Jdm4tWqLA.roa (raw, json)
Hash identifier:          zICdPmSMYLFQy9+jJ2lOeF2L+kqy6tziz8GAuajNa/4=
Subject key identifier:   49:C2:DB:CC:79:16:B1:60:D9:2B:C9:93:4F:62:5D:9B:8B:56:A8:B0
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       019B99A03F0AC2760F9CB110A7FDF6BEF617
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/ScLbzHkWsWDZK8mTT2Jdm4tWqLA.roa
Signing time:             Wed 07 Jan 2026 18:02:54 +0000
ROA not before:           Wed 07 Jan 2026 18:02:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210557
IP address blocks:        216.173.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 Jan 2026 14:59:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:99:a0:3f:0a:c2:76:0f:9c:b1:10:a7:fd:f6:be:f6:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Jan  7 18:02:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=49c2dbcc7916b160d92bc9934f625d9b8b56a8b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:c5:e0:0f:94:30:2f:5a:0a:00:b2:00:d4:77:
                    df:d5:df:9b:03:fe:47:73:2d:1d:bc:64:1a:f3:45:
                    89:f1:69:f6:0f:a8:46:75:8c:f2:15:8d:4a:b9:ca:
                    79:13:3e:f6:88:11:e4:94:e2:26:9d:74:c4:c1:6d:
                    49:19:cc:3c:a0:a9:83:1f:89:96:47:73:15:b5:e6:
                    5c:4a:7a:b4:79:76:64:cd:5a:4e:8a:25:f4:dd:97:
                    16:9a:01:d5:64:d8:74:e0:ac:db:91:7a:ac:45:31:
                    b5:c3:88:c6:cf:98:c3:04:70:4e:91:d5:b7:94:9b:
                    e7:d4:b0:40:47:a9:c9:27:b5:3c:16:a4:52:36:a7:
                    79:80:7f:bc:35:76:92:2a:55:d7:19:11:74:86:6e:
                    c1:c5:e4:c9:7b:d6:72:ff:c2:f8:d9:06:20:e9:47:
                    0b:ee:83:49:78:a6:23:f6:a1:fb:ae:ed:4a:01:8c:
                    47:1b:b0:90:b9:3e:99:73:46:36:78:fe:c0:7a:cd:
                    2e:b4:99:e9:f2:51:f2:98:91:4c:b7:38:4c:41:c4:
                    37:84:e6:92:d7:27:61:03:99:67:b1:c1:8b:ba:ce:
                    d5:2a:f7:11:e4:58:73:ed:3c:48:0e:ee:a3:19:2d:
                    8b:11:3a:47:1c:b3:19:78:c7:81:96:89:f6:bf:d4:
                    2d:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:C2:DB:CC:79:16:B1:60:D9:2B:C9:93:4F:62:5D:9B:8B:56:A8:B0
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/ScLbzHkWsWDZK8mTT2Jdm4tWqLA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.173.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:2e:2e:45:c2:20:59:88:b3:7e:f3:a4:64:02:e2:08:a6:e5:
         03:8e:2a:83:14:b3:79:70:27:22:22:ad:f6:43:c1:85:18:47:
         49:22:12:4e:1a:ec:c8:17:4f:b6:3e:4f:fd:3a:ed:c6:f4:6f:
         96:c8:83:b7:30:a6:9f:9f:ea:94:e2:e5:d5:70:e2:04:79:48:
         0b:b4:59:80:6a:f3:5f:4a:7e:a0:95:96:d1:59:9d:fd:28:c5:
         70:e5:27:32:9d:0f:f1:29:18:64:6f:4c:21:b3:1b:46:f1:9b:
         84:87:89:2b:e8:2b:34:4f:d6:53:a0:09:14:bd:1d:bb:3b:ff:
         18:32:d4:23:57:ae:a2:70:48:0f:36:e3:fd:c5:a9:0d:e6:fe:
         95:0b:f0:c2:7a:d3:7d:11:50:86:22:60:3b:85:77:26:2d:41:
         c4:33:67:34:1c:8b:87:e3:d9:aa:5b:61:08:58:32:74:aa:67:
         9f:d9:e9:05:56:ad:27:fc:bb:25:e2:a6:cd:25:29:9a:c1:35:
         d6:5e:dd:ad:5e:c8:fe:00:b6:58:50:20:cd:ac:ef:b9:bd:ae:
         bd:2c:5d:aa:bb:c9:b6:bb:08:f1:3c:cf:f9:12:91:6c:66:45:
         d6:f0:43:7a:15:56:43:b8:1a:b2:76:e9:85:14:e2:2e:c5:76:
         40:fc:43:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZuZoD8KwnYPnLEQp/32vvYXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjYwMTA3MTgwMjU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWMyZGJjYzc5MTZiMTYwZDkyYmM5OTM0ZjYyNWQ5YjhiNTZhOGIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA38XgD5QwL1oKALIA1Hff1d+bA/5H
cy0dvGQa80WJ8Wn2D6hGdYzyFY1Kucp5Ez72iBHklOImnXTEwW1JGcw8oKmDH4mW
R3MVteZcSnq0eXZkzVpOiiX03ZcWmgHVZNh04KzbkXqsRTG1w4jGz5jDBHBOkdW3
lJvn1LBAR6nJJ7U8FqRSNqd5gH+8NXaSKlXXGRF0hm7BxeTJe9Zy/8L42QYg6UcL
7oNJeKYj9qH7ru1KAYxHG7CQuT6Zc0Y2eP7Aes0utJnp8lHymJFMtzhMQcQ3hOaS
1ydhA5lnscGLus7VKvcR5Fhz7TxIDu6jGS2LETpHHLMZeMeBlon2v9QtPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEnC28x5FrFg2SvJk09iXZuLVqiwMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvU2NMYnpIa1dzV0RaSzhtVFQySmRtNHRXcUxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2K1aMA0G
CSqGSIb3DQEBCwUAA4IBAQBHLi5FwiBZiLN+86RkAuIIpuUDjiqDFLN5cCciIq32
Q8GFGEdJIhJOGuzIF0+2Pk/9Ou3G9G+WyIO3MKafn+qU4uXVcOIEeUgLtFmAavNf
Sn6glZbRWZ39KMVw5ScynQ/xKRhkb0whsxtG8ZuEh4kr6Cs0T9ZToAkUvR27O/8Y
MtQjV66icEgPNuP9xakN5v6VC/DCetN9EVCGImA7hXcmLUHEM2c0HIuH49mqW2EI
WDJ0qmef2ekFVq0n/Lsl4qbNJSmawTXWXt2tXsj+ALZYUCDNrO+5va69LF2qu8m2
uwjxPM/5EpFsZkXW8EN6FVZDuBqydumFFOIuxXZA/EMD
-----END CERTIFICATE-----