This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/2e543d-4ef7-4e85-867a-99f2004659d1/1/Y28Wd-rLHaf4YfijKKoceP6pCO4.roa
File:                     Y28Wd-rLHaf4YfijKKoceP6pCO4.roa (raw, json)
Hash identifier:          T4TEmypQSq/p5gS6mPa8ZhWCLwbTNsBlfya0BmZTPbQ=
Subject key identifier:   63:6F:16:77:EA:CB:1D:A7:F8:61:F8:A3:28:AA:1C:78:FE:A9:08:EE
Certificate issuer:       /CN=7cdc40c3dbdf819d7413e772bd875814c7eaf55e
Certificate serial:       019B77C69A113F44B8108A64C103C2814B8F
Authority key identifier: 7C:DC:40:C3:DB:DF:81:9D:74:13:E7:72:BD:87:58:14:C7:EA:F5:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fNxAw9vfgZ10E-dyvYdYFMfq9V4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/2e543d-4ef7-4e85-867a-99f2004659d1/1/Y28Wd-rLHaf4YfijKKoceP6pCO4.roa
Signing time:             Thu 01 Jan 2026 04:17:42 +0000
ROA not before:           Thu 01 Jan 2026 04:17:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44547
IP address blocks:        217.18.85.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/2e543d-4ef7-4e85-867a-99f2004659d1/1/fNxAw9vfgZ10E-dyvYdYFMfq9V4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/2e543d-4ef7-4e85-867a-99f2004659d1/1/fNxAw9vfgZ10E-dyvYdYFMfq9V4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fNxAw9vfgZ10E-dyvYdYFMfq9V4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:9a:11:3f:44:b8:10:8a:64:c1:03:c2:81:4b:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7cdc40c3dbdf819d7413e772bd875814c7eaf55e
        Validity
            Not Before: Jan  1 04:17:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=636f1677eacb1da7f861f8a328aa1c78fea908ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:47:d6:24:7c:98:2c:ba:4b:cc:66:2f:13:7f:
                    2e:a7:38:2f:20:a2:42:b2:b5:33:1c:78:54:08:39:
                    01:b7:ba:85:7d:6d:37:cd:f5:a6:2e:e1:f9:a5:46:
                    08:7d:5c:a2:2e:4b:d2:1a:f5:4b:fb:ca:1c:08:52:
                    72:f4:9c:26:67:62:75:85:ad:f7:62:a6:e2:40:da:
                    5d:3a:13:55:67:c0:6a:96:4e:e1:23:86:41:ca:c7:
                    85:c6:56:cc:33:a1:ea:18:26:c5:c0:94:17:3e:8c:
                    f9:ca:76:34:68:4e:04:3d:52:b4:80:97:6d:21:26:
                    b5:71:cf:e1:f1:ba:f5:b5:1d:f3:b4:54:1c:38:e5:
                    0d:51:6b:6b:f9:00:23:1f:9e:58:cd:1b:48:a7:40:
                    2d:9d:92:0c:15:78:48:38:65:60:bb:71:1f:53:cb:
                    1a:83:31:b3:52:dd:04:71:0e:f4:11:c7:af:e2:84:
                    03:f4:55:3d:2b:52:03:d9:80:36:85:54:44:c2:dd:
                    13:57:31:12:19:c8:52:02:23:b0:99:99:fb:d1:4e:
                    55:46:97:c9:af:48:fd:b3:a7:45:5b:ae:f4:c2:cf:
                    75:9a:53:ee:70:8f:db:43:16:4a:f6:28:a7:cd:19:
                    f5:01:0c:da:ca:0c:91:4e:b4:4f:34:13:44:87:9e:
                    b5:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:6F:16:77:EA:CB:1D:A7:F8:61:F8:A3:28:AA:1C:78:FE:A9:08:EE
            X509v3 Authority Key Identifier:
                keyid:7C:DC:40:C3:DB:DF:81:9D:74:13:E7:72:BD:87:58:14:C7:EA:F5:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fNxAw9vfgZ10E-dyvYdYFMfq9V4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/2e543d-4ef7-4e85-867a-99f2004659d1/1/Y28Wd-rLHaf4YfijKKoceP6pCO4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/2e543d-4ef7-4e85-867a-99f2004659d1/1/fNxAw9vfgZ10E-dyvYdYFMfq9V4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.18.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:68:f0:57:09:d0:68:13:13:74:1e:79:2d:8d:ea:b0:0c:15:
         2f:ef:e9:32:e5:f2:cf:63:b4:80:d8:f6:42:87:b1:38:15:0e:
         4f:3a:f0:de:e1:f1:3d:3d:98:52:02:15:3b:6a:c8:64:37:d2:
         74:33:e1:8e:23:b1:a1:a0:81:ac:57:c4:82:23:f3:c4:86:35:
         4f:d1:fd:34:a3:98:5f:e0:f8:26:50:5d:53:8f:2f:4a:08:7e:
         ee:a7:00:9c:08:02:1c:d9:de:9a:ae:96:b2:14:83:5c:f3:ac:
         6a:ab:bc:e2:19:1c:91:15:bb:72:43:37:ae:03:5b:bd:1d:c6:
         39:9d:ed:81:02:67:1b:0c:2b:42:11:9f:41:71:3e:0d:cd:38:
         34:4b:5d:9c:47:04:52:b4:2f:8b:a1:31:da:b4:d4:f9:98:78:
         84:0c:24:3a:3c:09:51:c3:46:03:b1:51:56:ac:e2:00:2a:b5:
         09:ad:d8:6f:1b:7b:e3:d1:93:5a:6b:ae:e9:63:76:54:d6:10:
         43:7e:dc:89:a8:4b:1b:0f:74:37:5c:57:d4:68:15:54:21:a8:
         74:1b:2c:f7:cd:e8:73:94:06:ce:3c:de:49:20:5d:6c:55:f2:
         24:fd:97:e8:4e:44:47:10:f9:d3:64:e0:18:30:22:00:fe:44:
         29:34:80:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xpoRP0S4EIpkwQPCgUuPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjZGM0MGMzZGJkZjgxOWQ3NDEzZTc3MmJkODc1ODE0Yzdl
YWY1NWUwHhcNMjYwMTAxMDQxNzQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzZmMTY3N2VhY2IxZGE3Zjg2MWY4YTMyOGFhMWM3OGZlYTkwOGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6kfWJHyYLLpLzGYvE38upzgvIKJC
srUzHHhUCDkBt7qFfW03zfWmLuH5pUYIfVyiLkvSGvVL+8ocCFJy9JwmZ2J1ha33
YqbiQNpdOhNVZ8Bqlk7hI4ZByseFxlbMM6HqGCbFwJQXPoz5ynY0aE4EPVK0gJdt
ISa1cc/h8br1tR3ztFQcOOUNUWtr+QAjH55YzRtIp0AtnZIMFXhIOGVgu3EfU8sa
gzGzUt0EcQ70Ecev4oQD9FU9K1ID2YA2hVREwt0TVzESGchSAiOwmZn70U5VRpfJ
r0j9s6dFW670ws91mlPucI/bQxZK9iinzRn1AQzaygyRTrRPNBNEh561DQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGNvFnfqyx2n+GH4oyiqHHj+qQjuMB8GA1UdIwQY
MBaAFHzcQMPb34GddBPncr2HWBTH6vVeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZk54QXc5dmZnWjEwRS1keXZZZFlGTWZxOVY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS8yZTU0M2QtNGVmNy00ZTg1LTg2N2Et
OTlmMjAwNDY1OWQxLzEvWTI4V2QtckxIYWY0WWZpaktLb2NlUDZwQ080LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS8yZTU0M2QtNGVmNy00ZTg1LTg2N2EtOTlmMjAwNDY1OWQx
LzEvZk54QXc5dmZnWjEwRS1keXZZZFlGTWZxOVY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2RJVMA0G
CSqGSIb3DQEBCwUAA4IBAQBaaPBXCdBoExN0HnktjeqwDBUv7+ky5fLPY7SA2PZC
h7E4FQ5POvDe4fE9PZhSAhU7ashkN9J0M+GOI7GhoIGsV8SCI/PEhjVP0f00o5hf
4PgmUF1Tjy9KCH7upwCcCAIc2d6arpayFINc86xqq7ziGRyRFbtyQzeuA1u9HcY5
ne2BAmcbDCtCEZ9BcT4NzTg0S12cRwRStC+LoTHatNT5mHiEDCQ6PAlRw0YDsVFW
rOIAKrUJrdhvG3vj0ZNaa67pY3ZU1hBDftyJqEsbD3Q3XFfUaBVUIah0Gyz3zehz
lAbOPN5JIF1sVfIk/ZfoTkRHEPnTZOAYMCIA/kQpNIAX
-----END CERTIFICATE-----