This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/SqxxI_dW7VoXQ6Wsbu4gYuHLKbg.roa
File:                     SqxxI_dW7VoXQ6Wsbu4gYuHLKbg.roa (raw, json)
Hash identifier:          +8pbYt2MfvPwt6WNNJtM/Um8REMm7g+4Rk+906fuiuE=
Subject key identifier:   4A:AC:71:23:F7:56:ED:5A:17:43:A5:AC:6E:EE:20:62:E1:CB:29:B8
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       019B7C80072FFDE50656FDDD33DB03A187B5
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/SqxxI_dW7VoXQ6Wsbu4gYuHLKbg.roa
Signing time:             Fri 02 Jan 2026 02:18:43 +0000
ROA not before:           Fri 02 Jan 2026 02:18:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8723
IP address blocks:        193.251.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 23 Jan 2026 16:20:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:07:2f:fd:e5:06:56:fd:dd:33:db:03:a1:87:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jan  2 02:18:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4aac7123f756ed5a1743a5ac6eee2062e1cb29b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:fe:65:ec:8a:ae:e3:d5:91:91:77:29:3c:aa:
                    78:85:2d:a7:c7:47:30:fe:88:7a:67:1e:65:3a:b7:
                    95:6d:ce:97:d8:63:94:53:cf:84:87:46:75:27:36:
                    c2:25:2e:b8:25:e7:5a:12:01:78:6d:29:42:56:e0:
                    fd:23:d8:53:9e:de:38:38:79:f5:5a:01:88:86:d0:
                    02:e7:b4:61:b1:1f:61:5a:da:ea:78:a1:87:ad:df:
                    b1:d4:65:69:a1:bb:45:b7:53:b1:5b:d2:b1:54:74:
                    32:7d:d6:93:5d:38:2a:c1:86:17:ea:c8:91:a2:c2:
                    02:d0:f6:86:ce:28:09:90:80:ec:c8:8b:d4:10:b2:
                    42:b3:d2:7e:2a:76:91:66:39:84:16:1e:d3:09:2e:
                    c0:d3:8d:de:01:7c:b1:40:87:dc:94:44:9d:c7:23:
                    c3:59:d5:7e:2c:31:80:3d:c3:46:e4:51:94:8c:a4:
                    dc:e0:ee:b3:cd:fb:c8:11:e8:b1:ae:f0:2d:d6:5b:
                    a2:ac:cd:9c:e8:7a:d3:6e:af:40:7a:e7:35:f5:ed:
                    0a:f0:10:da:25:c5:4d:4e:0c:a1:a0:bc:9b:2d:68:
                    db:c8:b0:fa:d8:7d:60:4f:58:61:a8:ef:92:37:76:
                    1f:25:e4:bb:3b:1a:fd:63:37:97:0f:2f:06:99:7c:
                    e1:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:AC:71:23:F7:56:ED:5A:17:43:A5:AC:6E:EE:20:62:E1:CB:29:B8
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/SqxxI_dW7VoXQ6Wsbu4gYuHLKbg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.251.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:91:0f:cc:47:02:47:19:5c:77:bd:35:28:0e:dd:dd:96:fa:
         8c:b1:9e:ff:cb:73:96:9a:c7:2b:b3:5d:3a:b3:b3:26:2b:bb:
         6b:1c:58:ce:01:d0:72:37:0b:ee:d7:28:6b:db:c2:67:8f:ac:
         5f:2e:b6:ad:3e:a6:c1:8a:d1:9d:12:74:b2:35:fc:9d:94:3c:
         aa:4f:dc:2b:06:0f:5d:d9:27:db:e4:54:e0:9f:02:21:4a:4f:
         34:81:ca:26:15:4f:9f:f5:95:5c:8c:12:85:64:d5:49:cf:55:
         c4:54:c6:ed:76:24:c1:d4:70:20:52:92:bd:30:4f:6c:20:ad:
         93:26:6d:81:84:e4:25:42:82:0b:9f:fb:49:17:63:8f:95:36:
         95:e6:e4:94:4b:17:8c:3c:97:99:7d:7b:59:7e:bc:42:dd:cc:
         86:13:7f:cf:d7:0f:f0:4a:67:55:e6:84:2e:53:51:92:96:52:
         ce:83:6f:e4:67:7d:69:09:59:4e:12:eb:7d:e2:b6:c3:8c:45:
         99:1c:c7:b5:9a:5b:f4:47:a0:a8:e6:12:66:71:a4:d3:16:ba:
         9b:38:24:05:18:af:cc:2e:c8:41:a6:09:d9:ae:57:91:21:3a:
         c6:f3:c5:54:b4:00:b6:f3:56:10:6a:fe:ea:26:86:e5:5f:f9:
         a2:28:0b:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gAcv/eUGVv3dM9sDoYe1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjYwMTAyMDIxODQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWFjNzEyM2Y3NTZlZDVhMTc0M2E1YWM2ZWVlMjA2MmUxY2IyOWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy/5l7Iqu49WRkXcpPKp4hS2nx0cw
/oh6Zx5lOreVbc6X2GOUU8+Eh0Z1JzbCJS64JedaEgF4bSlCVuD9I9hTnt44OHn1
WgGIhtAC57RhsR9hWtrqeKGHrd+x1GVpobtFt1OxW9KxVHQyfdaTXTgqwYYX6siR
osIC0PaGzigJkIDsyIvUELJCs9J+KnaRZjmEFh7TCS7A043eAXyxQIfclESdxyPD
WdV+LDGAPcNG5FGUjKTc4O6zzfvIEeixrvAt1luirM2c6HrTbq9Aeuc19e0K8BDa
JcVNTgyhoLybLWjbyLD62H1gT1hhqO+SN3YfJeS7Oxr9YzeXDy8GmXzhpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEqscSP3Vu1aF0OlrG7uIGLhyym4MB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvU3F4eElfZFc3Vm9YUTZXc2J1NGdZdUhMS2JnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwfvZMA0G
CSqGSIb3DQEBCwUAA4IBAQAGkQ/MRwJHGVx3vTUoDt3dlvqMsZ7/y3OWmscrs106
s7MmK7trHFjOAdByNwvu1yhr28Jnj6xfLratPqbBitGdEnSyNfydlDyqT9wrBg9d
2Sfb5FTgnwIhSk80gcomFU+f9ZVcjBKFZNVJz1XEVMbtdiTB1HAgUpK9ME9sIK2T
Jm2BhOQlQoILn/tJF2OPlTaV5uSUSxeMPJeZfXtZfrxC3cyGE3/P1w/wSmdV5oQu
U1GSllLOg2/kZ31pCVlOEut94rbDjEWZHMe1mlv0R6Co5hJmcaTTFrqbOCQFGK/M
LshBpgnZrleRITrG88VUtAC281YQav7qJoblX/miKAtq
-----END CERTIFICATE-----