This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/d4ffc0-a52d-461b-9719-a914e3ce3941/1/FXnznPhn55vYjBoYQttg28E4IK0.roa
File:                     FXnznPhn55vYjBoYQttg28E4IK0.roa (raw, json)
Hash identifier:          Dl0FXZLA3s/7+Hd8tk5PaoTmm8/8008Q5/BvoslwSfQ=
Subject key identifier:   15:79:F3:9C:F8:67:E7:9B:D8:8C:1A:18:42:DB:60:DB:C1:38:20:AD
Certificate issuer:       /CN=f4e40f03979a3f4e4ad39da983b67ba7e6215c0d
Certificate serial:       019B7C802CDAE297B1BBE234FA15477EBFAF
Authority key identifier: F4:E4:0F:03:97:9A:3F:4E:4A:D3:9D:A9:83:B6:7B:A7:E6:21:5C:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9OQPA5eaP05K052pg7Z7p-YhXA0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/d4ffc0-a52d-461b-9719-a914e3ce3941/1/FXnznPhn55vYjBoYQttg28E4IK0.roa
Signing time:             Fri 02 Jan 2026 02:18:53 +0000
ROA not before:           Fri 02 Jan 2026 02:18:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     196773
IP address blocks:        217.168.96.0/24 maxlen: 24
                          217.168.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/d4ffc0-a52d-461b-9719-a914e3ce3941/1/9OQPA5eaP05K052pg7Z7p-YhXA0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/d4ffc0-a52d-461b-9719-a914e3ce3941/1/9OQPA5eaP05K052pg7Z7p-YhXA0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9OQPA5eaP05K052pg7Z7p-YhXA0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:2c:da:e2:97:b1:bb:e2:34:fa:15:47:7e:bf:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4e40f03979a3f4e4ad39da983b67ba7e6215c0d
        Validity
            Not Before: Jan  2 02:18:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1579f39cf867e79bd88c1a1842db60dbc13820ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:bc:9d:0f:06:c5:52:c1:3f:37:7a:a4:ee:95:
                    89:0b:2b:95:2c:8f:b1:a2:43:9b:80:72:74:7f:bd:
                    1b:80:eb:4f:2b:58:73:42:bb:34:2a:1f:ce:20:5f:
                    21:15:03:6b:00:be:d0:d9:48:79:55:88:de:77:58:
                    e9:18:87:64:90:07:f0:30:92:95:36:bf:37:42:b7:
                    98:62:ac:52:fc:b7:c9:c5:4a:a6:d3:eb:7a:42:47:
                    e6:79:55:b3:dc:92:a9:03:b1:c5:b1:4d:b4:01:3d:
                    f4:c1:8b:91:44:43:06:3c:4a:20:5f:ba:2e:8d:06:
                    e0:5d:c4:a8:cd:22:35:d0:b7:a5:0c:72:36:e7:f4:
                    23:5d:9e:aa:1f:25:31:b7:31:88:4c:1a:d6:35:75:
                    1a:11:f8:f4:67:a8:d5:26:04:cf:96:a4:6f:b7:12:
                    60:88:87:ea:24:b6:d6:d3:5b:13:02:d6:08:99:f1:
                    ef:91:65:29:99:5b:ee:9f:ae:d1:c5:54:59:b1:6f:
                    18:82:39:9d:d1:20:1b:2b:90:d8:cb:24:53:9d:4f:
                    25:21:dd:46:84:50:c6:75:4a:19:81:2b:ed:18:ce:
                    e6:b0:21:82:d1:79:d8:a8:e1:5a:df:17:68:ad:a2:
                    46:95:aa:70:9f:da:b6:7e:ee:48:e3:3c:6c:59:a1:
                    cb:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:79:F3:9C:F8:67:E7:9B:D8:8C:1A:18:42:DB:60:DB:C1:38:20:AD
            X509v3 Authority Key Identifier:
                keyid:F4:E4:0F:03:97:9A:3F:4E:4A:D3:9D:A9:83:B6:7B:A7:E6:21:5C:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9OQPA5eaP05K052pg7Z7p-YhXA0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/d4ffc0-a52d-461b-9719-a914e3ce3941/1/FXnznPhn55vYjBoYQttg28E4IK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/d4ffc0-a52d-461b-9719-a914e3ce3941/1/9OQPA5eaP05K052pg7Z7p-YhXA0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.168.96.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5b:75:b7:e8:13:41:e1:6e:72:25:24:1d:ec:ef:03:15:7e:6f:
         d6:df:00:f7:4c:4d:df:f4:d8:19:71:44:db:62:f5:a6:3e:5c:
         10:6c:c0:fe:90:9c:58:8e:b2:db:7f:7f:97:9f:34:98:75:e8:
         4e:1b:ea:05:7e:d6:d9:c2:2b:e3:f5:f7:5e:d1:96:e7:60:6e:
         f9:68:7f:2e:64:9e:13:b3:96:ca:af:d8:45:07:10:79:c8:45:
         33:b0:5f:ea:f1:85:b8:5a:1c:7b:c9:ac:61:7b:0a:e7:7a:60:
         a2:7a:3f:04:f5:03:f6:f3:fd:0a:04:27:69:75:27:7c:31:a4:
         57:93:2a:dd:74:4f:ee:ca:e2:ca:e1:7e:7f:3e:6a:58:38:30:
         f0:bf:d9:f4:92:fc:21:46:70:64:e7:60:85:2e:b0:c1:8a:49:
         05:4f:9a:b2:5b:c6:b1:00:83:30:b7:bb:bf:78:72:25:4a:42:
         01:f4:27:23:ab:01:54:eb:0b:8b:08:d0:0c:2a:fa:30:c6:29:
         da:48:b2:4b:f0:22:31:0a:8c:ac:46:63:a8:65:a1:5f:ec:48:
         bf:0c:40:ed:bb:55:f3:2d:cd:5c:b2:89:69:12:49:56:38:25:
         49:16:98:1c:0e:77:3c:43:f2:f0:cb:2b:d6:cf:fd:19:3f:7d:
         a1:10:d5:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gCza4pexu+I0+hVHfr+vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0ZTQwZjAzOTc5YTNmNGU0YWQzOWRhOTgzYjY3YmE3ZTYy
MTVjMGQwHhcNMjYwMTAyMDIxODUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTc5ZjM5Y2Y4NjdlNzliZDg4YzFhMTg0MmRiNjBkYmMxMzgyMGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA67ydDwbFUsE/N3qk7pWJCyuVLI+x
okObgHJ0f70bgOtPK1hzQrs0Kh/OIF8hFQNrAL7Q2Uh5VYjed1jpGIdkkAfwMJKV
Nr83QreYYqxS/LfJxUqm0+t6QkfmeVWz3JKpA7HFsU20AT30wYuRREMGPEogX7ou
jQbgXcSozSI10LelDHI25/QjXZ6qHyUxtzGITBrWNXUaEfj0Z6jVJgTPlqRvtxJg
iIfqJLbW01sTAtYImfHvkWUpmVvun67RxVRZsW8Ygjmd0SAbK5DYyyRTnU8lId1G
hFDGdUoZgSvtGM7msCGC0XnYqOFa3xdoraJGlapwn9q2fu5I4zxsWaHLFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBV585z4Z+eb2IwaGELbYNvBOCCtMB8GA1UdIwQY
MBaAFPTkDwOXmj9OStOdqYO2e6fmIVwNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOU9RUEE1ZWFQMDVLMDUycGc3WjdwLVloWEEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS9kNGZmYzAtYTUyZC00NjFiLTk3MTkt
YTkxNGUzY2UzOTQxLzEvRlhuem5QaG41NXZZakJvWVF0dGcyOEU0SUswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS9kNGZmYzAtYTUyZC00NjFiLTk3MTktYTkxNGUzY2UzOTQx
LzEvOU9RUEE1ZWFQMDVLMDUycGc3WjdwLVloWEEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB2ahgMA0G
CSqGSIb3DQEBCwUAA4IBAQBbdbfoE0HhbnIlJB3s7wMVfm/W3wD3TE3f9NgZcUTb
YvWmPlwQbMD+kJxYjrLbf3+XnzSYdehOG+oFftbZwivj9fde0ZbnYG75aH8uZJ4T
s5bKr9hFBxB5yEUzsF/q8YW4Whx7yaxhewrnemCiej8E9QP28/0KBCdpdSd8MaRX
kyrddE/uyuLK4X5/PmpYODDwv9n0kvwhRnBk52CFLrDBikkFT5qyW8axAIMwt7u/
eHIlSkIB9CcjqwFU6wuLCNAMKvowxinaSLJL8CIxCoysRmOoZaFf7Ei/DEDtu1Xz
Lc1csolpEklWOCVJFpgcDnc8Q/LwyyvWz/0ZP32hENUJ
-----END CERTIFICATE-----