This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/I291JWnUtrZOcXtXSe5KCLL5hzU.roa
File:                     I291JWnUtrZOcXtXSe5KCLL5hzU.roa (raw, json)
Hash identifier:          vBwJRbTV8KqW87vbgevjO2hjXE05OgBV0dbNbm+gc+E=
Subject key identifier:   23:6F:75:25:69:D4:B6:B6:4E:71:7B:57:49:EE:4A:08:B2:F9:87:35
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019B7A5ACDEA836071FD58D956320C231DFA
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/I291JWnUtrZOcXtXSe5KCLL5hzU.roa
Signing time:             Thu 01 Jan 2026 16:18:49 +0000
ROA not before:           Thu 01 Jan 2026 16:18:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213407
IP address blocks:        213.218.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 00:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:cd:ea:83:60:71:fd:58:d9:56:32:0c:23:1d:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 16:18:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=236f752569d4b6b64e717b5749ee4a08b2f98735
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:2f:99:86:3f:9c:ef:62:f7:38:3f:7b:b6:e5:
                    87:a0:55:02:f7:d6:fe:db:0b:a9:af:f6:e3:43:ac:
                    e5:11:fb:d1:5b:57:f6:a0:5f:f4:84:bf:fe:42:2b:
                    b2:59:18:b1:b1:16:16:27:e9:11:74:ef:5c:57:2a:
                    a6:75:01:b7:22:7d:f7:34:b8:ff:84:3b:a3:03:a4:
                    34:d2:77:ed:96:5d:d4:66:c1:f6:24:5b:b7:66:44:
                    b0:37:8a:37:55:a5:73:99:76:cf:30:59:c5:28:b7:
                    ae:7e:ac:f4:69:30:76:87:8a:66:de:49:ee:99:9b:
                    cf:88:10:67:65:c9:8d:07:d0:23:d6:98:2e:af:8a:
                    2a:c1:de:25:da:71:f6:00:fe:26:6c:46:c9:21:61:
                    72:c3:ed:b6:27:74:29:58:f3:a8:cd:37:40:8c:5c:
                    b3:1a:56:43:7a:9f:fc:cf:95:b1:00:04:7e:fc:8c:
                    db:88:69:0e:28:05:62:67:a1:2f:1f:e7:cd:e0:52:
                    2a:31:20:1e:8f:53:97:cd:78:33:00:b9:c8:b4:94:
                    29:44:c8:d8:66:39:d3:65:80:07:f7:4e:8b:18:02:
                    a9:08:ee:9b:1c:e3:d0:0c:fd:82:ec:da:e5:62:41:
                    54:37:25:59:df:c6:d8:79:ff:98:2c:cf:64:f0:c9:
                    32:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:6F:75:25:69:D4:B6:B6:4E:71:7B:57:49:EE:4A:08:B2:F9:87:35
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/I291JWnUtrZOcXtXSe5KCLL5hzU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.218.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:8b:8e:74:1d:9e:53:73:21:6d:55:3c:26:86:87:08:8e:3c:
         54:83:27:58:a3:68:c9:54:59:c7:6c:8f:05:bf:5b:be:62:ba:
         6a:61:c3:fa:5a:25:9c:00:55:41:26:cd:95:bb:e8:82:77:34:
         db:c4:aa:f8:8c:bd:3c:70:82:a1:47:1a:af:6b:32:fc:c8:db:
         cc:db:b3:4b:9f:d8:d8:ca:05:74:1b:f4:32:c3:e1:91:a5:3d:
         ad:1e:1b:54:9f:32:ca:19:5f:50:e1:de:2f:9b:3e:e6:5c:e3:
         fc:61:09:28:bf:03:56:65:2c:7f:bd:ec:34:7f:54:d2:b2:a9:
         41:a5:ee:b5:ed:64:40:fd:0c:61:2c:f1:2b:b4:c8:9d:39:7f:
         35:db:9b:3a:f7:ea:6e:ed:de:8b:40:89:72:67:59:ad:58:c9:
         1c:3a:18:c3:8a:94:8b:a3:07:e3:46:de:48:3d:a8:e9:2a:4e:
         ba:59:b4:64:e9:0a:46:6d:82:b1:ef:03:4f:45:b0:68:34:39:
         c8:7a:03:8f:27:d7:61:0f:a3:f1:d2:2b:45:98:f2:a5:ba:e3:
         9d:12:dc:fa:64:bc:2a:ba:7b:eb:fb:c9:da:40:2e:9d:3f:86:
         8c:0a:47:fd:ce:eb:5a:41:65:0c:50:30:2b:29:cb:33:15:c6:
         65:97:52:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6Ws3qg2Bx/VjZVjIMIx36MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwMTAxMTYxODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzZmNzUyNTY5ZDRiNmI2NGU3MTdiNTc0OWVlNGEwOGIyZjk4NzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoy+Zhj+c72L3OD97tuWHoFUC99b+
2wupr/bjQ6zlEfvRW1f2oF/0hL/+QiuyWRixsRYWJ+kRdO9cVyqmdQG3In33NLj/
hDujA6Q00nftll3UZsH2JFu3ZkSwN4o3VaVzmXbPMFnFKLeufqz0aTB2h4pm3knu
mZvPiBBnZcmNB9Aj1pgur4oqwd4l2nH2AP4mbEbJIWFyw+22J3QpWPOozTdAjFyz
GlZDep/8z5WxAAR+/IzbiGkOKAViZ6EvH+fN4FIqMSAej1OXzXgzALnItJQpRMjY
ZjnTZYAH906LGAKpCO6bHOPQDP2C7NrlYkFUNyVZ38bYef+YLM9k8MkydwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCNvdSVp1La2TnF7V0nuSgiy+Yc1MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSTI5MUpXblV0clpPY1h0WFNlNUtDTEw1aHpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1dr7MA0G
CSqGSIb3DQEBCwUAA4IBAQA8i450HZ5TcyFtVTwmhocIjjxUgydYo2jJVFnHbI8F
v1u+YrpqYcP6WiWcAFVBJs2Vu+iCdzTbxKr4jL08cIKhRxqvazL8yNvM27NLn9jY
ygV0G/Qyw+GRpT2tHhtUnzLKGV9Q4d4vmz7mXOP8YQkovwNWZSx/vew0f1TSsqlB
pe617WRA/QxhLPErtMidOX8125s69+pu7d6LQIlyZ1mtWMkcOhjDipSLowfjRt5I
PajpKk66WbRk6QpGbYKx7wNPRbBoNDnIegOPJ9dhD6Px0itFmPKluuOdEtz6ZLwq
unvr+8naQC6dP4aMCkf9zutaQWUMUDArKcszFcZll1J9
-----END CERTIFICATE-----