This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/rHox31JJeW5MdgpCCToHTqmYYNM.roa
File:                     rHox31JJeW5MdgpCCToHTqmYYNM.roa (raw, json)
Hash identifier:          7XbIGXCgivymMmNBL/1CXBpnoZQjK2wsD6N9v8MCxtI=
Subject key identifier:   AC:7A:31:DF:52:49:79:6E:4C:76:0A:42:09:3A:07:4E:A9:98:60:D3
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019B7F84BCA9E5F88EE7CF4964B396C68B6E
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/rHox31JJeW5MdgpCCToHTqmYYNM.roa
Signing time:             Fri 02 Jan 2026 16:22:43 +0000
ROA not before:           Fri 02 Jan 2026 16:22:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214078
IP address blocks:        217.60.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 06 Jan 2026 11:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:bc:a9:e5:f8:8e:e7:cf:49:64:b3:96:c6:8b:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 16:22:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ac7a31df5249796e4c760a42093a074ea99860d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:e2:47:02:f4:c5:39:5a:7c:de:ba:33:ab:68:
                    d1:cd:4e:18:72:19:d3:dc:05:8c:62:b5:a0:5a:92:
                    d2:02:b1:42:97:57:48:b7:10:71:ae:43:ae:09:d3:
                    ed:eb:de:bd:1e:bb:6d:b2:a4:92:f7:65:e4:61:e1:
                    bc:9c:47:47:de:0f:7f:af:95:c5:ca:de:77:47:ef:
                    79:a2:98:23:62:3a:2e:81:cb:6d:60:cd:81:0b:1a:
                    86:1d:ca:db:72:ef:0d:bd:da:75:5a:08:d7:9a:42:
                    3f:c3:e2:d9:da:79:a0:d6:66:84:1c:1a:f6:e8:6c:
                    57:b9:c8:46:c3:50:03:41:92:6b:eb:11:76:c5:00:
                    e9:74:a3:f9:42:9a:77:2b:0b:0a:b9:2e:13:44:af:
                    30:b6:57:ed:c2:23:49:a2:eb:29:96:7c:68:5d:12:
                    85:1e:80:04:d9:19:29:93:7c:f4:c4:14:3f:15:34:
                    80:32:12:af:5f:16:fa:86:28:68:32:3f:11:a7:96:
                    8b:e9:1a:a3:18:06:49:5b:16:86:61:2b:53:ca:76:
                    e0:9f:e1:02:ba:cb:b4:48:98:68:41:b4:84:eb:0f:
                    c2:63:5a:d9:d8:e0:e2:ac:79:9f:cd:e9:c9:b8:a8:
                    d5:d8:47:81:8e:8b:74:90:c3:9d:3e:21:cd:aa:a4:
                    7c:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:7A:31:DF:52:49:79:6E:4C:76:0A:42:09:3A:07:4E:A9:98:60:D3
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/rHox31JJeW5MdgpCCToHTqmYYNM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.60.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:b1:27:1b:41:a1:3d:51:0e:57:dc:9d:7f:9b:47:35:19:20:
         db:6e:de:3b:f4:44:67:f4:a0:0c:71:6e:c0:6f:d2:5f:69:72:
         8b:e5:a7:21:56:ed:b2:65:14:fd:61:fc:2b:4f:b8:c1:0a:e8:
         05:a6:01:a6:74:5f:56:8e:d7:eb:6b:68:d2:d1:1e:f4:69:c4:
         12:13:f9:f0:4a:9a:ed:49:e4:91:f3:2e:be:5f:c8:1d:ae:10:
         ce:4f:62:0b:41:0b:ae:d1:f1:7f:be:10:a1:5d:97:77:6c:c8:
         fd:71:c7:3d:44:dc:e0:50:17:ab:8a:ec:bd:fa:61:52:b7:ab:
         40:ac:0b:75:b9:be:9c:86:bb:df:db:32:67:f8:25:11:78:3e:
         f1:94:64:c6:b0:dd:a9:da:2f:b2:4e:7d:f4:32:9f:a1:87:7a:
         c9:5e:d7:a9:4c:5c:08:e5:67:f9:35:f3:61:59:0e:c2:aa:2e:
         ee:eb:af:6c:57:69:93:de:38:62:56:78:04:85:29:c7:cb:c2:
         8b:28:dc:09:f4:54:f1:d8:6b:63:e9:71:c2:4a:f8:91:7e:96:
         bc:44:50:86:d0:09:c2:2d:c2:b8:4f:65:9c:1f:3b:9d:99:89:
         fa:71:9e:3e:66:62:90:f4:a5:e5:9c:70:61:cf:76:be:16:54:
         65:96:dc:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hLyp5fiO589JZLOWxotuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMTAyMTYyMjQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzdhMzFkZjUyNDk3OTZlNGM3NjBhNDIwOTNhMDc0ZWE5OTg2MGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyuJHAvTFOVp83rozq2jRzU4YchnT
3AWMYrWgWpLSArFCl1dItxBxrkOuCdPt6969HrttsqSS92XkYeG8nEdH3g9/r5XF
yt53R+95opgjYjougcttYM2BCxqGHcrbcu8Nvdp1WgjXmkI/w+LZ2nmg1maEHBr2
6GxXuchGw1ADQZJr6xF2xQDpdKP5Qpp3KwsKuS4TRK8wtlftwiNJousplnxoXRKF
HoAE2Rkpk3z0xBQ/FTSAMhKvXxb6hihoMj8Rp5aL6RqjGAZJWxaGYStTynbgn+EC
usu0SJhoQbSE6w/CY1rZ2ODirHmfzenJuKjV2EeBjot0kMOdPiHNqqR8DQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKx6Md9SSXluTHYKQgk6B06pmGDTMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvckhveDMxSkplVzVNZGdwQ0NUb0hUcW1ZWU5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2Tz3MA0G
CSqGSIb3DQEBCwUAA4IBAQCjsScbQaE9UQ5X3J1/m0c1GSDbbt479ERn9KAMcW7A
b9JfaXKL5achVu2yZRT9YfwrT7jBCugFpgGmdF9Wjtfra2jS0R70acQSE/nwSprt
SeSR8y6+X8gdrhDOT2ILQQuu0fF/vhChXZd3bMj9ccc9RNzgUBeriuy9+mFSt6tA
rAt1ub6chrvf2zJn+CUReD7xlGTGsN2p2i+yTn30Mp+hh3rJXtepTFwI5Wf5NfNh
WQ7Cqi7u669sV2mT3jhiVngEhSnHy8KLKNwJ9FTx2Gtj6XHCSviRfpa8RFCG0AnC
LcK4T2WcHzudmYn6cZ4+ZmKQ9KXlnHBhz3a+FlRlltxs
-----END CERTIFICATE-----