This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/Ekl9ZAps39mDJpOJE5wsb3KHTLQ.roa
File:                     Ekl9ZAps39mDJpOJE5wsb3KHTLQ.roa (raw, json)
Hash identifier:          AILUV+bAy5BNQCock6QMXr1jIcW4CIK7KD8/fnpnc3Y=
Subject key identifier:   12:49:7D:64:0A:6C:DF:D9:83:26:93:89:13:9C:2C:6F:72:87:4C:B4
Certificate issuer:       /CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Certificate serial:       019B79EBD65191B2C2AFC836BC9BED5DC5C7
Authority key identifier: 87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/Ekl9ZAps39mDJpOJE5wsb3KHTLQ.roa
Signing time:             Thu 01 Jan 2026 14:17:37 +0000
ROA not before:           Thu 01 Jan 2026 14:17:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7155
IP address blocks:        212.16.34.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 17:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:eb:d6:51:91:b2:c2:af:c8:36:bc:9b:ed:5d:c5:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
        Validity
            Not Before: Jan  1 14:17:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=12497d640a6cdfd983269389139c2c6f72874cb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:41:89:74:7c:10:e3:ce:aa:68:38:43:38:29:
                    e0:47:ef:87:de:7f:d0:3a:1a:17:30:c5:be:5b:e4:
                    7e:77:f5:86:0a:d6:1f:9e:7b:66:12:80:06:4e:09:
                    32:fe:5b:53:de:11:58:65:ad:f3:56:89:65:c8:41:
                    fb:c1:d8:fe:b5:5f:d4:bf:3a:11:39:f5:25:20:e5:
                    f9:6f:31:fa:5e:3c:7a:87:43:53:22:6d:20:c8:40:
                    e7:ea:7b:57:cf:f4:c2:1d:5d:01:4e:03:e5:6f:57:
                    69:22:5c:e5:39:ca:e8:cc:6a:a7:77:1e:5f:9e:5c:
                    9a:b1:e3:ae:9d:c2:8f:d4:3b:0d:d0:b6:04:ee:80:
                    89:a5:cf:13:bd:71:c0:89:05:6e:c8:bb:34:d0:ea:
                    fb:7a:0a:b8:6c:03:96:13:1d:7b:11:66:21:99:5d:
                    ff:ee:72:3e:15:45:ac:5d:bf:d7:5a:24:d9:09:c0:
                    9a:42:3c:67:3b:7c:44:b1:18:c3:eb:ee:03:86:14:
                    c1:78:98:51:77:9f:23:e7:c9:74:21:68:84:5d:25:
                    8e:8a:de:da:32:a0:61:f8:e5:2c:62:99:ad:75:06:
                    8f:61:54:6d:29:f1:e1:a6:5b:10:2a:15:95:ff:18:
                    a6:b2:db:f9:0c:51:dd:5c:4d:5c:de:e4:9e:7d:19:
                    7d:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:49:7D:64:0A:6C:DF:D9:83:26:93:89:13:9C:2C:6F:72:87:4C:B4
            X509v3 Authority Key Identifier:
                keyid:87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/Ekl9ZAps39mDJpOJE5wsb3KHTLQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.16.34.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c3:b2:eb:ac:62:e9:90:c4:3e:c9:f4:36:a1:e4:5c:e2:00:41:
         60:8f:e1:63:18:6b:d6:14:4b:08:60:bf:09:80:12:ce:1f:74:
         c9:cb:21:72:19:d1:a9:b3:5a:10:b8:a4:f3:f1:b5:94:18:2f:
         2e:9b:c3:90:24:8d:9b:6e:0e:89:5a:bd:0e:82:7a:72:8a:03:
         9e:38:b0:6d:b0:27:39:4b:26:05:29:91:2d:d5:2a:7e:8d:e5:
         fc:fc:de:0e:5e:a4:4a:29:90:79:1a:e7:5e:03:89:40:7f:29:
         66:a5:fe:3a:c6:4b:cf:47:22:ca:48:23:68:c9:5a:b5:08:e2:
         f1:93:5d:59:53:68:1e:b8:cf:de:36:dc:59:ae:3b:80:f9:9a:
         6f:a4:84:02:f0:89:29:60:66:11:47:96:c5:a7:5d:9a:d4:b8:
         eb:cb:cb:7e:74:66:60:e3:e0:b5:a4:50:0d:12:44:7a:c8:80:
         e4:be:ba:c0:b1:80:75:6f:2a:c9:e2:2c:e7:a5:5c:3b:22:5c:
         e8:fd:e3:eb:b4:3f:25:5c:21:d6:99:94:15:66:a3:4e:0f:5c:
         34:83:d8:da:61:c5:9a:c3:52:dd:6e:f7:1e:62:a5:8b:8b:4d:
         7a:1e:46:92:6a:19:80:25:b6:14:d4:e2:b7:23:d8:4f:65:42:
         83:e7:a4:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt569ZRkbLCr8g2vJvtXcXHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MGM1ODlhNGYyMmE5Y2EyZmY5OWI0YzQ4ZjhiZGY0OTI4
NzE3MjUwHhcNMjYwMTAxMTQxNzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjQ5N2Q2NDBhNmNkZmQ5ODMyNjkzODkxMzljMmM2ZjcyODc0Y2I0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvEGJdHwQ486qaDhDOCngR++H3n/Q
OhoXMMW+W+R+d/WGCtYfnntmEoAGTgky/ltT3hFYZa3zVollyEH7wdj+tV/UvzoR
OfUlIOX5bzH6Xjx6h0NTIm0gyEDn6ntXz/TCHV0BTgPlb1dpIlzlOcrozGqndx5f
nlyaseOuncKP1DsN0LYE7oCJpc8TvXHAiQVuyLs00Or7egq4bAOWEx17EWYhmV3/
7nI+FUWsXb/XWiTZCcCaQjxnO3xEsRjD6+4DhhTBeJhRd58j58l0IWiEXSWOit7a
MqBh+OUsYpmtdQaPYVRtKfHhplsQKhWV/ximstv5DFHdXE1c3uSefRl9lwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBJJfWQKbN/ZgyaTiROcLG9yh0y0MB8GA1UdIwQY
MBaAFIcMWJpPIqnKL/mbTEj4vfSShxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWIt
ODQ5ZDNhNmI5YzJkLzEvRWtsOVpBcHMzOW1ESnBPSkU1d3NiM0tIVExRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWItODQ5ZDNhNmI5YzJk
LzEvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1BAiMA0G
CSqGSIb3DQEBCwUAA4IBAQDDsuusYumQxD7J9Dah5FziAEFgj+FjGGvWFEsIYL8J
gBLOH3TJyyFyGdGps1oQuKTz8bWUGC8um8OQJI2bbg6JWr0OgnpyigOeOLBtsCc5
SyYFKZEt1Sp+jeX8/N4OXqRKKZB5GudeA4lAfylmpf46xkvPRyLKSCNoyVq1COLx
k11ZU2geuM/eNtxZrjuA+ZpvpIQC8IkpYGYRR5bFp12a1Ljry8t+dGZg4+C1pFAN
EkR6yIDkvrrAsYB1byrJ4iznpVw7Ilzo/ePrtD8lXCHWmZQVZqNOD1w0g9jaYcWa
w1LdbvceYqWLi016HkaSahmAJbYU1OK3I9hPZUKD56SG
-----END CERTIFICATE-----