This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cF-NETmL2tObtWSmyBQoXJnoEx8.roa
File:                     cF-NETmL2tObtWSmyBQoXJnoEx8.roa (raw, json)
Hash identifier:          A/p/4RndIub/XOYrnQVBToTK2tsLnhe4q2Yyjp+gHrA=
Subject key identifier:   70:5F:8D:11:39:8B:DA:D3:9B:B5:64:A6:C8:14:28:5C:99:E8:13:1F
Certificate issuer:       /CN=70f9b16adf2fd31988859922b4457481dd7eef40
Certificate serial:       019AD329E1225928A9B4FF90F6050445CAA3
Authority key identifier: 70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cF-NETmL2tObtWSmyBQoXJnoEx8.roa
Signing time:             Sun 30 Nov 2025 05:08:48 +0000
ROA not before:           Sun 30 Nov 2025 05:08:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44213
IP address blocks:        213.137.82.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Dec 2025 11:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:d3:29:e1:22:59:28:a9:b4:ff:90:f6:05:04:45:ca:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70f9b16adf2fd31988859922b4457481dd7eef40
        Validity
            Not Before: Nov 30 05:08:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=705f8d11398bdad39bb564a6c814285c99e8131f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:73:bb:e2:79:1d:96:8b:ce:dd:6a:12:4c:ba:
                    4f:fb:1b:4d:de:e0:a6:35:42:38:83:18:ca:3c:80:
                    f8:19:57:9f:e2:5d:a4:97:16:c6:4c:73:eb:e3:ab:
                    56:59:ac:b3:2b:83:91:88:13:41:07:c5:b3:77:fb:
                    96:ce:17:57:a5:e0:b5:8d:f7:6a:d9:ad:63:ac:8e:
                    94:ee:c3:c0:1c:00:a3:77:12:be:23:42:26:9c:52:
                    9c:2e:33:71:7c:03:9c:d1:78:07:dd:52:30:0d:5d:
                    b8:0e:24:c8:5a:18:33:06:57:a4:11:64:c6:32:62:
                    a3:f5:4c:2d:1b:3a:3f:f1:be:98:03:e0:95:60:a8:
                    54:1e:e4:58:83:71:ad:53:75:bb:34:07:64:fb:03:
                    3a:11:b6:33:86:d0:22:76:12:df:5a:fe:fc:65:b6:
                    50:84:57:b5:65:43:d7:7b:5c:0d:df:af:69:4c:96:
                    0d:ea:ad:07:e7:93:9d:cd:b6:f3:a5:00:b1:fb:c4:
                    1f:47:f7:cc:3a:8c:aa:7a:3e:b0:7c:d7:01:a7:0c:
                    05:5f:c4:d7:11:39:50:c5:b1:9e:14:b0:55:41:c5:
                    e0:92:d7:e8:bf:ae:4e:b6:5b:75:b9:21:55:91:32:
                    ee:3e:9e:f9:2e:8d:b4:aa:16:3d:0a:d5:eb:b8:9a:
                    d5:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:5F:8D:11:39:8B:DA:D3:9B:B5:64:A6:C8:14:28:5C:99:E8:13:1F
            X509v3 Authority Key Identifier:
                keyid:70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cF-NETmL2tObtWSmyBQoXJnoEx8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.137.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:d0:02:69:2e:50:c8:b3:37:a7:a2:56:1a:78:0f:cb:b0:1e:
         04:49:f4:20:c1:40:83:a3:bb:a3:a2:94:78:b0:24:74:7c:10:
         17:be:67:de:1d:15:1a:46:f5:2f:a8:34:08:34:59:ef:2e:15:
         ae:12:96:bb:17:b8:8d:81:ff:9c:2e:e4:c3:dc:bd:f3:63:50:
         a8:b2:da:63:46:e1:07:8b:5a:81:01:4b:16:6a:12:af:82:7f:
         40:5a:b6:62:39:6e:7f:b4:a5:64:04:af:5d:2b:73:1b:eb:85:
         f6:aa:99:6b:9b:27:23:b0:0a:6d:bd:9d:05:47:bb:c6:e4:fd:
         b2:b6:05:32:94:42:f5:02:32:ff:00:5c:9d:72:bf:eb:30:a5:
         bf:df:9f:b9:b1:6d:25:bc:db:d3:1a:09:1b:a5:c8:f7:6c:3c:
         73:5f:e2:27:ab:58:4c:66:68:7e:8c:25:94:5c:9f:5e:f7:bd:
         bc:9e:1d:81:2b:90:0e:cd:4c:bd:dc:55:92:c8:9f:36:35:07:
         c5:47:da:96:84:5b:1f:b4:89:30:e7:b3:d4:3f:aa:43:ff:12:
         74:71:fe:03:96:a3:4f:09:5a:97:19:2d:70:3a:83:8c:87:4f:
         10:7e:4a:67:76:53:30:fe:d1:40:f5:e5:90:fa:1d:15:9a:a0:
         09:b5:e8:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZrTKeEiWSiptP+Q9gUERcqjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZjliMTZhZGYyZmQzMTk4ODg1OTkyMmI0NDU3NDgxZGQ3
ZWVmNDAwHhcNMjUxMTMwMDUwODQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDVmOGQxMTM5OGJkYWQzOWJiNTY0YTZjODE0Mjg1Yzk5ZTgxMzFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhHO74nkdlovO3WoSTLpP+xtN3uCm
NUI4gxjKPID4GVef4l2klxbGTHPr46tWWayzK4ORiBNBB8Wzd/uWzhdXpeC1jfdq
2a1jrI6U7sPAHACjdxK+I0ImnFKcLjNxfAOc0XgH3VIwDV24DiTIWhgzBlekEWTG
MmKj9UwtGzo/8b6YA+CVYKhUHuRYg3GtU3W7NAdk+wM6EbYzhtAidhLfWv78ZbZQ
hFe1ZUPXe1wN369pTJYN6q0H55OdzbbzpQCx+8QfR/fMOoyqej6wfNcBpwwFX8TX
ETlQxbGeFLBVQcXgktfov65Otlt1uSFVkTLuPp75Lo20qhY9CtXruJrVnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHBfjRE5i9rTm7VkpsgUKFyZ6BMfMB8GA1UdIwQY
MBaAFHD5sWrfL9MZiIWZIrRFdIHdfu9AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUt
YmM2ZGI3MjQ4YWRkLzEvY0YtTkVUbUwydE9idFdTbXlCUW9YSm5vRXg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUtYmM2ZGI3MjQ4YWRk
LzEvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1YlSMA0G
CSqGSIb3DQEBCwUAA4IBAQAE0AJpLlDIszenolYaeA/LsB4ESfQgwUCDo7ujopR4
sCR0fBAXvmfeHRUaRvUvqDQINFnvLhWuEpa7F7iNgf+cLuTD3L3zY1CostpjRuEH
i1qBAUsWahKvgn9AWrZiOW5/tKVkBK9dK3Mb64X2qplrmycjsAptvZ0FR7vG5P2y
tgUylEL1AjL/AFydcr/rMKW/35+5sW0lvNvTGgkbpcj3bDxzX+Inq1hMZmh+jCWU
XJ9e9728nh2BK5AOzUy93FWSyJ82NQfFR9qWhFsftIkw57PUP6pD/xJ0cf4DlqNP
CVqXGS1wOoOMh08QfkpndlMw/tFA9eWQ+h0VmqAJtejL
-----END CERTIFICATE-----