This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/pFHqnU5yAu8GwPCPdi8HkgDMUio.roa
File:                     pFHqnU5yAu8GwPCPdi8HkgDMUio.roa (raw, json)
Hash identifier:          OXPGqR8ys7TeOjmTuitBENGVtOHQimaZtHxsFlOsk7U=
Subject key identifier:   A4:51:EA:9D:4E:72:02:EF:06:C0:F0:8F:76:2F:07:92:00:CC:52:2A
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019B7DCB28BE14111A0CF8D41E301F15EB41
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/pFHqnU5yAu8GwPCPdi8HkgDMUio.roa
Signing time:             Fri 02 Jan 2026 08:20:24 +0000
ROA not before:           Fri 02 Jan 2026 08:20:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31898
IP address blocks:        151.244.101.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 Jan 2026 13:16:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:cb:28:be:14:11:1a:0c:f8:d4:1e:30:1f:15:eb:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jan  2 08:20:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a451ea9d4e7202ef06c0f08f762f079200cc522a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:7e:60:27:ed:5a:4c:c1:95:4c:c9:6a:33:24:
                    aa:f6:96:e6:ff:5b:1b:1e:9c:d9:88:ed:96:cc:2a:
                    57:55:de:63:f5:ad:f6:e4:7f:02:d3:82:16:11:d1:
                    2b:bb:98:a9:1f:5e:a6:91:27:a1:f3:45:da:9c:b3:
                    35:d1:27:03:74:7c:6f:33:6d:b1:a1:26:e8:71:9d:
                    50:6c:b0:8a:ff:ec:2b:72:e6:26:c9:c0:a0:00:26:
                    e4:5e:44:e7:3b:31:2e:16:11:8a:68:35:ef:99:38:
                    be:1b:8f:e0:c4:5e:0f:54:5e:f6:de:9f:b1:a1:d0:
                    bd:65:4f:74:33:a6:27:dc:5e:72:7f:d7:7f:68:a7:
                    11:66:f2:bf:e5:72:ff:49:a6:d9:c2:f3:82:54:6f:
                    1e:a6:46:78:4c:c1:99:8b:a3:27:d9:c7:94:1e:08:
                    7a:fa:d3:f9:85:c9:5e:36:a4:40:47:fc:c9:5b:d3:
                    82:87:f5:9e:85:a0:b6:de:e6:7a:65:55:97:6c:e2:
                    2e:f1:28:b1:ef:b5:2e:71:41:8f:64:d0:de:6c:03:
                    d2:fa:16:03:a4:cb:2f:5f:3d:dd:79:68:e1:f6:58:
                    19:15:8a:0a:74:a9:a4:9d:ea:ab:92:83:09:c7:17:
                    66:6e:63:4f:1c:dd:6c:83:18:e7:cc:f5:00:a0:7e:
                    5b:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:51:EA:9D:4E:72:02:EF:06:C0:F0:8F:76:2F:07:92:00:CC:52:2A
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/pFHqnU5yAu8GwPCPdi8HkgDMUio.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.244.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:fb:ff:f4:b2:70:2f:2d:e7:e6:56:a1:b7:2f:ed:63:62:4c:
         0d:5c:92:5d:ea:63:6f:01:ca:d6:d3:af:99:c6:65:23:fc:5c:
         b5:d6:87:9b:9e:64:45:96:64:11:fb:57:d0:c6:00:7e:6f:cf:
         94:1b:f6:e4:9a:19:00:57:53:a8:d3:2c:a6:ce:40:e6:1b:8b:
         d6:bc:13:f0:89:03:2c:95:52:0a:dd:af:90:1c:3e:e0:f8:b1:
         fe:3a:8e:8f:5e:c8:65:07:e8:bb:9c:67:1a:67:07:2f:31:f4:
         c9:06:25:6d:f4:2e:fc:5a:d2:e7:43:76:cf:1b:4d:fe:fa:61:
         29:5b:d4:42:2c:17:06:03:30:8b:7c:76:77:ad:5c:5b:bc:bd:
         c9:ee:23:de:7b:64:ac:98:1b:8e:cc:84:c6:43:3d:e1:49:2d:
         8f:e7:2d:2d:07:c4:a6:a9:18:11:73:4b:fe:97:6a:b9:bd:b1:
         a9:b5:d7:84:f6:aa:ce:92:df:b6:03:06:89:18:0b:bd:b1:de:
         2f:e4:e7:a0:ab:02:f8:d4:8c:6b:59:a4:b7:02:a0:d3:d1:7e:
         29:c1:02:11:27:dc:d8:13:76:8f:3f:ca:94:70:0c:c5:f5:30:
         48:55:01:35:54:2d:de:86:8f:38:50:14:64:df:fc:6a:16:b5:
         57:db:54:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yyi+FBEaDPjUHjAfFetBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwMTAyMDgyMDI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDUxZWE5ZDRlNzIwMmVmMDZjMGYwOGY3NjJmMDc5MjAwY2M1MjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzX5gJ+1aTMGVTMlqMySq9pbm/1sb
HpzZiO2WzCpXVd5j9a325H8C04IWEdEru5ipH16mkSeh80XanLM10ScDdHxvM22x
oSbocZ1QbLCK/+wrcuYmycCgACbkXkTnOzEuFhGKaDXvmTi+G4/gxF4PVF723p+x
odC9ZU90M6Yn3F5yf9d/aKcRZvK/5XL/SabZwvOCVG8epkZ4TMGZi6Mn2ceUHgh6
+tP5hcleNqRAR/zJW9OCh/WehaC23uZ6ZVWXbOIu8Six77UucUGPZNDebAPS+hYD
pMsvXz3deWjh9lgZFYoKdKmkneqrkoMJxxdmbmNPHN1sgxjnzPUAoH5bmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKRR6p1OcgLvBsDwj3YvB5IAzFIqMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvcEZIcW5VNXlBdThHd1BDUGRpOEhrZ0RNVWlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/RlMA0G
CSqGSIb3DQEBCwUAA4IBAQB2+//0snAvLefmVqG3L+1jYkwNXJJd6mNvAcrW06+Z
xmUj/Fy11oebnmRFlmQR+1fQxgB+b8+UG/bkmhkAV1Oo0yymzkDmG4vWvBPwiQMs
lVIK3a+QHD7g+LH+Oo6PXshlB+i7nGcaZwcvMfTJBiVt9C78WtLnQ3bPG03++mEp
W9RCLBcGAzCLfHZ3rVxbvL3J7iPee2SsmBuOzITGQz3hSS2P5y0tB8SmqRgRc0v+
l2q5vbGptdeE9qrOkt+2AwaJGAu9sd4v5OegqwL41IxrWaS3AqDT0X4pwQIRJ9zY
E3aPP8qUcAzF9TBIVQE1VC3eho84UBRk3/xqFrVX21QH
-----END CERTIFICATE-----