This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/rDWaSHtZGK_wAave1oUt5myqQIQ.roa
File:                     rDWaSHtZGK_wAave1oUt5myqQIQ.roa (raw, json)
Hash identifier:          6ORofU6kZ7mUvksV5r8YHqJNeWo5IFLQOTxYk+MlcYc=
Subject key identifier:   AC:35:9A:48:7B:59:18:AF:F0:01:AB:DE:D6:85:2D:E6:6C:AA:40:84
Certificate issuer:       /CN=42f8ab2ba24879e45c445486fceb21af46656d5a
Certificate serial:       019B2206CD1AF55D8ED437D4470DFDDE2C46
Authority key identifier: 42:F8:AB:2B:A2:48:79:E4:5C:44:54:86:FC:EB:21:AF:46:65:6D:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/rDWaSHtZGK_wAave1oUt5myqQIQ.roa
Signing time:             Mon 15 Dec 2025 12:40:29 +0000
ROA not before:           Mon 15 Dec 2025 12:40:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205886
IP address blocks:        217.147.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Dec 2025 06:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:22:06:cd:1a:f5:5d:8e:d4:37:d4:47:0d:fd:de:2c:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42f8ab2ba24879e45c445486fceb21af46656d5a
        Validity
            Not Before: Dec 15 12:40:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ac359a487b5918aff001abded6852de66caa4084
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:fc:5a:9d:f3:1b:9b:f2:92:4a:18:fb:f0:fa:
                    53:87:a2:7c:88:5f:71:e7:d9:ad:ce:60:62:03:46:
                    4b:d4:a1:b3:d7:3e:2c:1b:37:85:52:4f:3f:fb:81:
                    91:2c:a3:83:b0:4d:10:60:f8:47:90:2e:eb:e6:58:
                    6d:29:43:ff:d0:5c:ea:0e:4f:b2:02:94:6e:29:c7:
                    fc:fd:03:03:80:3c:fc:9c:e9:39:11:f3:d2:1b:d6:
                    ff:ab:08:2b:48:e4:6e:06:9c:4e:aa:f8:ca:b6:7a:
                    2e:e2:b9:d0:64:46:26:23:ba:5a:75:c3:6e:c1:a0:
                    3f:81:98:4c:c4:7f:55:f0:2b:5e:08:a5:0a:c7:3d:
                    e5:8b:61:e1:4d:53:8f:5a:89:1f:48:71:0b:e8:b8:
                    60:ef:9c:87:b6:02:0e:2c:45:09:06:6c:c2:76:00:
                    4a:be:9d:5d:97:1f:6b:24:cf:7f:6e:fb:54:5f:87:
                    ea:26:e3:73:26:4f:22:32:8a:25:97:37:d1:66:08:
                    f3:d4:0d:cc:38:e9:c4:c1:1d:e2:1f:fa:71:19:5d:
                    a5:bc:d0:ae:63:1a:f6:73:43:b1:7d:a9:65:3a:28:
                    f7:95:cc:fd:b1:69:e5:a5:92:6a:12:ea:1e:75:b4:
                    4d:e6:0c:68:08:c6:5b:a3:b0:29:dc:2d:eb:ae:14:
                    e0:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:35:9A:48:7B:59:18:AF:F0:01:AB:DE:D6:85:2D:E6:6C:AA:40:84
            X509v3 Authority Key Identifier:
                keyid:42:F8:AB:2B:A2:48:79:E4:5C:44:54:86:FC:EB:21:AF:46:65:6D:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/rDWaSHtZGK_wAave1oUt5myqQIQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.147.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:55:7e:bc:30:00:6a:87:57:1c:0b:ea:fa:97:ad:fc:31:98:
         7f:04:76:d5:d9:1b:fc:49:05:f0:9b:99:4a:99:bf:8f:41:3f:
         c0:7c:7e:2e:f9:1d:b1:fc:55:eb:54:bd:38:ae:91:b0:c4:c9:
         22:90:42:c8:a9:fd:10:31:86:57:63:56:f5:28:42:3d:a3:00:
         2e:c1:cd:87:95:c2:fd:4b:ae:22:54:52:f3:50:0b:dd:b0:34:
         3b:21:a7:5c:b7:18:44:ea:84:b4:83:2c:f6:9b:96:f9:af:32:
         27:77:63:f1:fb:b8:34:9f:b9:ae:40:58:49:6d:8c:23:31:d1:
         25:d3:aa:0a:cc:a3:b3:48:8d:57:a8:4f:c0:fa:74:6c:7e:6c:
         1d:b6:98:08:59:2c:69:fd:c6:03:ae:54:c4:0b:88:10:6a:f0:
         15:78:d1:bf:c9:91:df:33:ac:cc:fa:0b:ce:66:6f:bf:b9:a9:
         95:73:1d:a6:09:7a:63:3c:5f:6f:a4:0d:ba:f1:98:b0:f2:fc:
         55:b3:e3:00:c3:1d:fe:7c:c0:73:41:69:ef:86:55:81:c0:c3:
         f9:69:3d:7c:22:f2:b0:40:4a:94:2e:c7:30:64:61:ce:73:73:
         ee:e4:77:c1:57:04:43:90:cf:7a:21:13:2b:9f:40:14:97:93:
         4e:f7:29:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZsiBs0a9V2O1DfURw393ixGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyZjhhYjJiYTI0ODc5ZTQ1YzQ0NTQ4NmZjZWIyMWFmNDY2
NTZkNWEwHhcNMjUxMjE1MTI0MDI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzM1OWE0ODdiNTkxOGFmZjAwMWFiZGVkNjg1MmRlNjZjYWE0MDg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArPxanfMbm/KSShj78PpTh6J8iF9x
59mtzmBiA0ZL1KGz1z4sGzeFUk8/+4GRLKODsE0QYPhHkC7r5lhtKUP/0FzqDk+y
ApRuKcf8/QMDgDz8nOk5EfPSG9b/qwgrSORuBpxOqvjKtnou4rnQZEYmI7padcNu
waA/gZhMxH9V8CteCKUKxz3li2HhTVOPWokfSHEL6Lhg75yHtgIOLEUJBmzCdgBK
vp1dlx9rJM9/bvtUX4fqJuNzJk8iMoollzfRZgjz1A3MOOnEwR3iH/pxGV2lvNCu
Yxr2c0OxfallOij3lcz9sWnlpZJqEuoedbRN5gxoCMZbo7Ap3C3rrhTghQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKw1mkh7WRiv8AGr3taFLeZsqkCEMB8GA1UdIwQY
MBaAFEL4qyuiSHnkXERUhvzrIa9GZW1aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXZpcks2SkllZVJjUkZTR19Pc2hyMFpsYlZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9jMTdjNWQtNzU0My00NDBmLTg3OGYt
MTc2OWZlZjZiZTk2LzEvckRXYVNIdFpHS193QWF2ZTFvVXQ1bXlxUUlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9jMTdjNWQtNzU0My00NDBmLTg3OGYtMTc2OWZlZjZiZTk2
LzEvUXZpcks2SkllZVJjUkZTR19Pc2hyMFpsYlZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZOnMA0G
CSqGSIb3DQEBCwUAA4IBAQCXVX68MABqh1ccC+r6l638MZh/BHbV2Rv8SQXwm5lK
mb+PQT/AfH4u+R2x/FXrVL04rpGwxMkikELIqf0QMYZXY1b1KEI9owAuwc2HlcL9
S64iVFLzUAvdsDQ7IadctxhE6oS0gyz2m5b5rzInd2Px+7g0n7muQFhJbYwjMdEl
06oKzKOzSI1XqE/A+nRsfmwdtpgIWSxp/cYDrlTEC4gQavAVeNG/yZHfM6zM+gvO
Zm+/uamVcx2mCXpjPF9vpA268Ziw8vxVs+MAwx3+fMBzQWnvhlWBwMP5aT18IvKw
QEqULscwZGHOc3Pu5HfBVwRDkM96IRMrn0AUl5NO9ynO
-----END CERTIFICATE-----