This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/AfHN2oLEFdQUbeHu_A28sMsDBn8.roa
File:                     AfHN2oLEFdQUbeHu_A28sMsDBn8.roa (raw, json)
Hash identifier:          Dz7Tmj0/whZiBT+q9TDpPLRtFbeftp9fzKTK/SGfwFE=
Subject key identifier:   01:F1:CD:DA:82:C4:15:D4:14:6D:E1:EE:FC:0D:BC:B0:CB:03:06:7F
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019B7DCB60420C07595907A64672BE6E0F86
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/AfHN2oLEFdQUbeHu_A28sMsDBn8.roa
Signing time:             Fri 02 Jan 2026 08:20:38 +0000
ROA not before:           Fri 02 Jan 2026 08:20:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199439
IP address blocks:        151.243.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 18 Jan 2026 21:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:cb:60:42:0c:07:59:59:07:a6:46:72:be:6e:0f:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jan  2 08:20:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=01f1cdda82c415d4146de1eefc0dbcb0cb03067f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:70:40:2d:84:8e:75:72:cf:9b:c2:d5:9f:a4:
                    cc:83:4a:f4:41:42:e6:cf:16:a2:20:6b:52:32:8a:
                    de:c5:00:db:65:e7:c2:8b:42:22:38:6c:f5:96:ef:
                    3f:ca:ba:b0:4d:5e:9a:97:3c:11:03:f8:6e:31:cb:
                    6b:71:21:97:5d:48:bc:98:8d:b9:00:6d:09:df:e4:
                    13:9e:59:1e:d8:cf:b4:1c:4a:6e:a8:bb:ce:ff:dd:
                    44:07:37:42:56:c7:83:2c:36:ce:65:1b:f5:8a:2d:
                    ef:3b:d9:4f:b5:f0:c1:0c:a3:6b:e5:3f:49:97:3d:
                    2a:3b:08:5d:26:2d:fa:4f:c9:f2:ef:c6:41:3f:68:
                    52:e2:4e:2a:47:b9:67:f6:87:82:aa:34:f2:16:b0:
                    e3:da:d2:21:25:1e:d0:be:b5:c0:cb:ac:f9:76:a5:
                    ee:ee:70:89:ac:a0:44:20:9d:9d:1f:8d:91:55:d2:
                    5e:90:44:0f:fe:66:91:96:e1:65:2f:7f:b6:a9:3e:
                    7e:8d:12:52:b3:2e:e0:4b:d6:da:9d:43:17:0a:ef:
                    9d:32:49:8c:26:68:ad:46:b4:99:23:ed:4c:fd:e0:
                    b9:de:11:b5:53:0f:26:8c:ac:9b:c4:bb:bd:1b:9f:
                    27:7c:9c:18:62:0b:7d:13:b3:53:72:b4:bc:f6:ff:
                    5a:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:F1:CD:DA:82:C4:15:D4:14:6D:E1:EE:FC:0D:BC:B0:CB:03:06:7F
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/AfHN2oLEFdQUbeHu_A28sMsDBn8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:7a:b9:22:23:66:22:69:90:57:6b:85:35:af:96:27:04:07:
         d1:65:1a:0f:2a:66:4f:f1:2e:44:be:13:2a:de:ec:52:18:0e:
         6b:e0:e2:9a:cb:cf:28:1f:59:b8:51:aa:83:04:6b:f3:4c:51:
         ef:50:8e:0c:df:d3:61:b4:2c:a7:57:6a:88:a5:af:9d:e0:fc:
         09:b4:19:29:80:a9:dd:c1:0b:c2:9b:cd:40:4c:e5:70:05:ef:
         0f:a0:42:5d:3f:74:66:0a:17:fd:06:f6:a8:46:2b:21:02:5c:
         65:a8:68:8e:4a:f8:c7:47:f4:5f:c3:18:04:05:f5:2e:68:9f:
         c2:4f:65:c0:36:d7:e7:a7:24:18:70:f8:0c:d0:68:b2:38:43:
         d6:6a:0d:57:69:98:d8:5d:7e:d0:82:68:6f:82:93:43:9b:08:
         63:b2:77:ad:88:22:76:20:1c:51:58:27:50:d1:73:36:8c:99:
         b8:f3:d4:cb:51:d4:0a:33:44:fe:4e:73:d1:fc:56:44:d7:25:
         f8:83:91:70:8d:46:57:e7:09:97:f4:0a:ed:e0:12:c8:e8:10:
         25:96:5c:b1:f5:9f:d4:52:ff:a4:61:e1:d9:26:79:c3:85:bb:
         37:83:06:6a:06:9f:38:19:6b:c5:36:68:d0:a6:c8:c0:8b:0c:
         24:ff:dc:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9y2BCDAdZWQemRnK+bg+GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwMTAyMDgyMDM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWYxY2RkYTgyYzQxNWQ0MTQ2ZGUxZWVmYzBkYmNiMGNiMDMwNjdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAunBALYSOdXLPm8LVn6TMg0r0QULm
zxaiIGtSMorexQDbZefCi0IiOGz1lu8/yrqwTV6alzwRA/huMctrcSGXXUi8mI25
AG0J3+QTnlke2M+0HEpuqLvO/91EBzdCVseDLDbOZRv1ii3vO9lPtfDBDKNr5T9J
lz0qOwhdJi36T8ny78ZBP2hS4k4qR7ln9oeCqjTyFrDj2tIhJR7QvrXAy6z5dqXu
7nCJrKBEIJ2dH42RVdJekEQP/maRluFlL3+2qT5+jRJSsy7gS9banUMXCu+dMkmM
JmitRrSZI+1M/eC53hG1Uw8mjKybxLu9G58nfJwYYgt9E7NTcrS89v9a0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAHxzdqCxBXUFG3h7vwNvLDLAwZ/MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvQWZITjJvTEVGZFFVYmVIdV9BMjhzTXNEQm44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/OVMA0G
CSqGSIb3DQEBCwUAA4IBAQCaerkiI2YiaZBXa4U1r5YnBAfRZRoPKmZP8S5EvhMq
3uxSGA5r4OKay88oH1m4UaqDBGvzTFHvUI4M39NhtCynV2qIpa+d4PwJtBkpgKnd
wQvCm81ATOVwBe8PoEJdP3RmChf9BvaoRishAlxlqGiOSvjHR/RfwxgEBfUuaJ/C
T2XANtfnpyQYcPgM0GiyOEPWag1XaZjYXX7QgmhvgpNDmwhjsnetiCJ2IBxRWCdQ
0XM2jJm489TLUdQKM0T+TnPR/FZE1yX4g5FwjUZX5wmX9Art4BLI6BAlllyx9Z/U
Uv+kYeHZJnnDhbs3gwZqBp84GWvFNmjQpsjAiwwk/9xH
-----END CERTIFICATE-----