This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/ikeEMYtPaYAfqpRbhyf5AeQ_MJU.roa
File:                     ikeEMYtPaYAfqpRbhyf5AeQ_MJU.roa (raw, json)
Hash identifier:          5LG6Zb9lg09oFa96djZhgFwltebQNy4PiTPU5LACoB8=
Subject key identifier:   8A:47:84:31:8B:4F:69:80:1F:AA:94:5B:87:27:F9:01:E4:3F:30:95
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019A539940013B40757EA1FE05769E113EAA
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/ikeEMYtPaYAfqpRbhyf5AeQ_MJU.roa
Signing time:             Wed 05 Nov 2025 10:39:03 +0000
ROA not before:           Wed 05 Nov 2025 10:39:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     150249
IP address blocks:        151.242.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Dec 2025 05:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:53:99:40:01:3b:40:75:7e:a1:fe:05:76:9e:11:3e:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Nov  5 10:39:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8a4784318b4f69801faa945b8727f901e43f3095
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:d0:4b:e2:ef:98:65:7f:a2:5a:9d:c3:1b:c1:
                    6e:dc:2b:c8:7e:c5:d5:c4:c3:da:6e:fa:78:c5:35:
                    67:ff:a7:75:dd:4a:d7:19:52:dd:84:86:10:de:76:
                    fd:8c:2f:2d:50:a2:64:1c:1d:e5:de:6d:21:ba:8d:
                    7c:f2:10:0a:0e:b4:41:fa:80:43:1a:6b:21:f1:47:
                    4c:02:ee:9f:6a:31:52:d6:91:62:9a:b9:3f:c2:4d:
                    d5:34:b2:42:e5:79:70:ef:ff:80:3c:ca:27:da:08:
                    a6:a5:06:fe:29:17:4b:bd:1c:43:b2:bd:89:ab:ec:
                    62:6c:f5:bf:91:89:63:39:8b:47:74:0c:41:37:73:
                    b7:32:0c:89:3b:08:8c:ea:55:2b:d1:1e:fe:a5:a6:
                    40:79:c2:be:ab:c9:53:a2:d9:57:23:9e:9c:0e:54:
                    f4:27:49:5b:77:ff:98:b9:8e:32:b2:fc:08:d6:9e:
                    59:8e:09:7b:94:1e:08:87:dd:02:c5:7a:a0:0f:b7:
                    04:83:19:e2:12:03:6d:5c:17:ae:26:c7:ec:a9:cb:
                    fa:c3:f7:48:5d:f2:53:6f:cf:50:c0:2d:31:0e:d8:
                    1a:02:cb:16:ff:ac:b4:e8:c7:90:e1:cf:dd:66:91:
                    8a:81:5e:d5:ae:b9:c8:55:90:c8:26:a7:f2:9f:17:
                    f0:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:47:84:31:8B:4F:69:80:1F:AA:94:5B:87:27:F9:01:E4:3F:30:95
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/ikeEMYtPaYAfqpRbhyf5AeQ_MJU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:64:1d:ad:0b:26:31:d8:75:a1:2f:84:0b:e0:70:53:65:01:
         8a:65:22:1e:8f:27:07:19:04:c8:e5:c3:a6:12:82:67:3a:8b:
         74:b4:b3:a9:eb:0f:04:88:8f:86:05:09:2a:12:d3:1e:e8:43:
         17:2b:bd:0b:4b:aa:ec:35:2a:1e:c4:08:d7:c2:d8:01:b3:e6:
         b2:94:15:18:4b:1e:52:77:73:3d:8f:8f:52:37:64:48:15:d6:
         34:70:16:17:86:79:d1:41:47:0d:db:14:c7:d9:59:96:2d:69:
         03:57:dc:9e:2d:1c:5d:ec:d1:1b:68:95:2f:4c:ba:cf:fa:3e:
         58:10:3b:f6:c0:96:9a:44:8f:a4:55:ed:5a:ef:8f:28:11:ae:
         72:4f:43:d0:e5:a2:85:3e:a7:4d:63:f8:51:bf:ab:97:71:08:
         36:a4:98:5c:ae:e1:6e:a7:f2:6a:ca:86:27:58:3e:fa:67:a3:
         1f:17:26:c0:57:44:56:b9:aa:ac:55:81:dc:1b:99:e1:b0:27:
         15:1c:05:30:85:ec:b8:70:ea:e0:12:ad:dd:c7:0d:a3:48:6e:
         5f:e0:8d:0e:e4:c0:b4:d9:24:45:be:5e:c1:8b:9d:97:03:c9:
         41:ec:3e:31:57:7a:08:d5:f6:fc:4f:bb:aa:99:dc:8f:d8:9e:
         c1:8a:89:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpTmUABO0B1fqH+BXaeET6qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUxMTA1MTAzOTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTQ3ODQzMThiNGY2OTgwMWZhYTk0NWI4NzI3ZjkwMWU0M2YzMDk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9NBL4u+YZX+iWp3DG8Fu3CvIfsXV
xMPabvp4xTVn/6d13UrXGVLdhIYQ3nb9jC8tUKJkHB3l3m0huo188hAKDrRB+oBD
Gmsh8UdMAu6fajFS1pFimrk/wk3VNLJC5Xlw7/+APMon2gimpQb+KRdLvRxDsr2J
q+xibPW/kYljOYtHdAxBN3O3MgyJOwiM6lUr0R7+paZAecK+q8lTotlXI56cDlT0
J0lbd/+YuY4ysvwI1p5Zjgl7lB4Ih90CxXqgD7cEgxniEgNtXBeuJsfsqcv6w/dI
XfJTb89QwC0xDtgaAssW/6y06MeQ4c/dZpGKgV7VrrnIVZDIJqfynxfwqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIpHhDGLT2mAH6qUW4cn+QHkPzCVMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvaWtlRU1ZdFBhWUFmcXBSYmh5ZjVBZVFfTUpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/KFMA0G
CSqGSIb3DQEBCwUAA4IBAQAxZB2tCyYx2HWhL4QL4HBTZQGKZSIejycHGQTI5cOm
EoJnOot0tLOp6w8EiI+GBQkqEtMe6EMXK70LS6rsNSoexAjXwtgBs+aylBUYSx5S
d3M9j49SN2RIFdY0cBYXhnnRQUcN2xTH2VmWLWkDV9yeLRxd7NEbaJUvTLrP+j5Y
EDv2wJaaRI+kVe1a748oEa5yT0PQ5aKFPqdNY/hRv6uXcQg2pJhcruFup/JqyoYn
WD76Z6MfFybAV0RWuaqsVYHcG5nhsCcVHAUwhey4cOrgEq3dxw2jSG5f4I0O5MC0
2SRFvl7Bi52XA8lB7D4xV3oI1fb8T7uqmdyP2J7Bionk
-----END CERTIFICATE-----