This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/sfOxzLZiwEG7r5SeUCMuTrf1tvI.roa
File:                     sfOxzLZiwEG7r5SeUCMuTrf1tvI.roa (raw, json)
Hash identifier:          ZUuD5UEFtBeOCS9rptJ0iK7dObQgDw9xm9i0pDpXHUA=
Subject key identifier:   B1:F3:B1:CC:B6:62:C0:41:BB:AF:94:9E:50:23:2E:4E:B7:F5:B6:F2
Certificate issuer:       /CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
Certificate serial:       019B7E38990DF04C4C6115D1EB16EED4DF54
Authority key identifier: 1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/sfOxzLZiwEG7r5SeUCMuTrf1tvI.roa
Signing time:             Fri 02 Jan 2026 10:19:56 +0000
ROA not before:           Fri 02 Jan 2026 10:19:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     59769
IP address blocks:        84.207.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Feb 2026 03:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:99:0d:f0:4c:4c:61:15:d1:eb:16:ee:d4:df:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
        Validity
            Not Before: Jan  2 10:19:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b1f3b1ccb662c041bbaf949e50232e4eb7f5b6f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:bf:ef:ed:41:24:ca:07:0c:3a:52:7c:95:43:
                    64:da:6c:a5:6a:65:47:d7:07:f0:ec:41:5b:4e:cc:
                    21:e5:28:15:c6:9f:b5:2d:48:fc:66:b7:5b:f9:be:
                    9c:2d:d3:58:f7:9d:db:01:44:86:d4:20:33:8c:3a:
                    c6:ab:de:34:9e:3d:e0:ca:a0:39:1c:62:95:da:02:
                    18:12:26:6d:8b:6c:e0:7d:65:3e:86:19:40:c4:96:
                    c6:4f:66:6a:0b:af:b7:b0:22:f3:55:e0:49:eb:b0:
                    9b:c2:da:a4:58:c0:4c:c1:5f:49:30:bb:58:76:5c:
                    dc:58:b7:6b:5e:9b:c0:0b:d6:33:b7:cb:4c:67:a3:
                    dd:66:ed:d1:c9:b1:74:d9:38:a1:da:bc:59:34:d4:
                    1f:04:d5:bd:f1:17:31:73:88:89:aa:3c:8b:e5:2a:
                    2e:a5:0e:e3:e4:f4:33:92:d3:91:5d:25:fe:c1:34:
                    22:5d:09:7e:b2:8e:61:1d:2c:07:77:03:17:e4:2d:
                    c0:8e:56:8c:b7:8d:c2:cd:26:5d:14:b3:02:2b:94:
                    68:de:2f:9c:b6:cd:a2:bf:45:d1:53:72:5c:7b:a7:
                    5d:63:f3:ac:5e:77:b8:d9:bb:dc:ad:a9:34:ff:f7:
                    50:50:6e:3e:a5:f2:86:5b:6c:f3:6e:97:3c:c7:ee:
                    db:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:F3:B1:CC:B6:62:C0:41:BB:AF:94:9E:50:23:2E:4E:B7:F5:B6:F2
            X509v3 Authority Key Identifier:
                keyid:1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/sfOxzLZiwEG7r5SeUCMuTrf1tvI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.207.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:8c:ae:e1:e3:dd:c5:ac:a6:2e:92:e2:21:de:44:35:e2:37:
         32:a5:86:8c:38:f8:fb:87:bb:1d:bf:48:e0:8e:bd:a6:9d:5e:
         b9:91:3a:a2:1f:ca:c0:82:8b:cd:1b:46:17:be:9d:20:82:82:
         2e:95:7d:cf:45:7b:ee:a4:34:96:d0:6d:34:a9:9a:83:69:ef:
         54:7b:b2:64:35:2c:67:83:46:8c:6d:76:c1:23:9a:e5:22:a4:
         f0:e9:6d:bb:9f:98:ac:af:d9:86:8b:e1:39:90:2c:f5:75:81:
         e5:46:a5:c6:b0:16:00:45:39:6b:a8:1b:a0:79:32:08:f5:ac:
         1c:00:08:ac:35:5c:d3:c4:33:e3:43:58:7a:aa:b3:5e:9e:c2:
         a5:43:96:53:1e:be:5c:21:89:31:75:9e:ce:69:52:2d:73:b9:
         1c:a4:f2:64:01:3f:6b:3b:fe:ae:c4:14:d1:c1:d4:69:c3:1e:
         23:3a:43:dc:07:71:2c:b1:57:84:6a:85:38:41:1a:b0:48:2c:
         f0:a9:93:4c:18:fa:a3:aa:e8:d3:de:3b:7a:89:08:45:07:ba:
         c9:ac:ab:b8:b9:c2:d3:b7:0b:94:40:6c:9f:aa:75:0e:8a:b4:
         33:db:fb:0f:0f:64:9d:4d:08:cd:23:ba:29:ca:46:d0:ce:f4:
         9f:8b:12:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OJkN8ExMYRXR6xbu1N9UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmZTkwZmRlOTc4NGE5MWQ5M2E3YTJhZjU5ZDRkMDQzZjEx
NzFmYmEwHhcNMjYwMTAyMTAxOTU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWYzYjFjY2I2NjJjMDQxYmJhZjk0OWU1MDIzMmU0ZWI3ZjViNmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArb/v7UEkygcMOlJ8lUNk2mylamVH
1wfw7EFbTswh5SgVxp+1LUj8Zrdb+b6cLdNY953bAUSG1CAzjDrGq940nj3gyqA5
HGKV2gIYEiZti2zgfWU+hhlAxJbGT2ZqC6+3sCLzVeBJ67CbwtqkWMBMwV9JMLtY
dlzcWLdrXpvAC9Yzt8tMZ6PdZu3RybF02Tih2rxZNNQfBNW98Rcxc4iJqjyL5Sou
pQ7j5PQzktORXSX+wTQiXQl+so5hHSwHdwMX5C3AjlaMt43CzSZdFLMCK5Ro3i+c
ts2iv0XRU3Jce6ddY/OsXne42bvcrak0//dQUG4+pfKGW2zzbpc8x+7bkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLHzscy2YsBBu6+UnlAjLk639bbyMB8GA1UdIwQY
MBaAFB/pD96XhKkdk6eir1nU0EPxFx+6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQt
MjM3NzJlN2Y5MmUzLzEvc2ZPeHpMWml3RUc3cjVTZVVDTXVUcmYxdHZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQtMjM3NzJlN2Y5MmUz
LzEvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVM/yMA0G
CSqGSIb3DQEBCwUAA4IBAQBGjK7h493FrKYukuIh3kQ14jcypYaMOPj7h7sdv0jg
jr2mnV65kTqiH8rAgovNG0YXvp0ggoIulX3PRXvupDSW0G00qZqDae9Ue7JkNSxn
g0aMbXbBI5rlIqTw6W27n5isr9mGi+E5kCz1dYHlRqXGsBYARTlrqBugeTII9awc
AAisNVzTxDPjQ1h6qrNensKlQ5ZTHr5cIYkxdZ7OaVItc7kcpPJkAT9rO/6uxBTR
wdRpwx4jOkPcB3EssVeEaoU4QRqwSCzwqZNMGPqjqujT3jt6iQhFB7rJrKu4ucLT
twuUQGyfqnUOirQz2/sPD2SdTQjNI7opykbQzvSfixId
-----END CERTIFICATE-----