This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/STr_X7ibHgCYQT1JgQlGopp14g8.roa
File:                     STr_X7ibHgCYQT1JgQlGopp14g8.roa (raw, json)
Hash identifier:          y24Cni2O9MPOu7XilBVsJKEMbbOZSFF4Ez3QvgN8otE=
Subject key identifier:   49:3A:FF:5F:B8:9B:1E:00:98:41:3D:49:81:09:46:A2:9A:75:E2:0F
Certificate issuer:       /CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Certificate serial:       019B79EBE6848C00A8602E733192938BC6E0
Authority key identifier: 87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/STr_X7ibHgCYQT1JgQlGopp14g8.roa
Signing time:             Thu 01 Jan 2026 14:17:41 +0000
ROA not before:           Thu 01 Jan 2026 14:17:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208082
IP address blocks:        213.33.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 17:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:eb:e6:84:8c:00:a8:60:2e:73:31:92:93:8b:c6:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
        Validity
            Not Before: Jan  1 14:17:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=493aff5fb89b1e0098413d49810946a29a75e20f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:18:8d:5c:00:56:ee:48:bc:29:64:a6:8d:27:
                    88:06:5e:78:de:89:0e:e7:86:f4:28:5a:8c:56:41:
                    44:1d:5b:15:8e:21:9c:90:32:76:7e:48:c1:e2:40:
                    24:37:8c:5a:a6:a8:ca:59:4c:a5:f2:45:a7:fb:98:
                    7f:d9:10:89:c0:ac:a4:cd:68:4d:cd:44:3e:7c:7a:
                    ca:4b:be:84:c3:b3:ed:28:a8:e2:76:fc:1c:d5:e9:
                    15:8a:f4:51:85:3d:1e:8f:49:f2:03:ec:f2:f8:a9:
                    d3:4e:3d:2a:b1:09:c3:5f:f3:1c:49:a2:72:f0:90:
                    6b:f4:9c:17:75:94:e0:7a:9c:f7:58:c1:a6:12:9a:
                    29:36:68:88:28:e3:61:24:d3:19:35:9c:6a:dc:4f:
                    64:76:3f:10:96:b1:60:54:af:e5:eb:71:f4:a2:32:
                    59:72:72:d0:31:60:bc:31:99:c7:86:1e:c4:3d:38:
                    99:26:08:ec:98:e2:16:e5:07:8f:9d:dd:8c:2f:30:
                    b8:6d:df:b1:2f:fd:65:43:9b:76:bf:83:7d:2b:87:
                    d3:59:42:bf:38:aa:1d:a5:17:e4:b4:0b:10:67:d6:
                    b0:e3:89:2a:87:b3:83:81:94:1c:98:e4:90:8b:b9:
                    80:21:9b:3d:16:9d:5f:b3:3a:c4:13:90:48:60:23:
                    64:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:3A:FF:5F:B8:9B:1E:00:98:41:3D:49:81:09:46:A2:9A:75:E2:0F
            X509v3 Authority Key Identifier:
                keyid:87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/STr_X7ibHgCYQT1JgQlGopp14g8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.33.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d6:d5:cc:00:3f:d8:40:19:17:9b:23:a9:8d:60:2c:68:7b:78:
         0a:12:87:29:69:66:d7:4f:0d:9f:55:12:17:29:13:a3:2a:e6:
         cf:b6:10:b0:88:0b:34:26:b6:10:fa:a4:13:53:98:92:14:30:
         39:c3:92:4c:2a:ab:af:da:5b:d5:0e:6a:73:4d:41:0f:3d:67:
         94:db:4d:59:e3:cd:bc:86:e2:ab:78:8e:52:d7:33:26:b6:bf:
         0a:8e:8d:61:fc:2e:8a:96:35:26:dc:76:26:63:d1:18:69:d3:
         2e:10:f5:27:fd:83:df:68:1a:5d:09:39:a0:37:56:15:5f:29:
         41:7a:55:51:d5:15:9c:b2:ce:13:06:9e:00:d1:de:88:f4:90:
         0b:6c:79:10:6a:b9:5c:14:dc:0f:2d:5a:10:d2:5a:e9:1b:34:
         a9:14:11:96:ce:59:0d:ca:d0:5b:cb:fa:9b:ed:02:56:ba:25:
         a9:99:99:06:41:16:76:18:3b:9a:7f:bd:d4:65:c6:4c:39:00:
         b1:37:90:75:6c:75:fb:02:64:06:ae:ca:c5:b9:64:ce:f4:e1:
         c0:bd:76:a2:65:d1:4b:b7:a7:71:1d:d7:6b:62:75:02:90:eb:
         b7:c9:e9:fb:3b:99:d9:ca:e7:f6:8c:49:14:8a:b1:a2:72:1d:
         ea:c8:99:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt56+aEjACoYC5zMZKTi8bgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MGM1ODlhNGYyMmE5Y2EyZmY5OWI0YzQ4ZjhiZGY0OTI4
NzE3MjUwHhcNMjYwMTAxMTQxNzQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTNhZmY1ZmI4OWIxZTAwOTg0MTNkNDk4MTA5NDZhMjlhNzVlMjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6BiNXABW7ki8KWSmjSeIBl543okO
54b0KFqMVkFEHVsVjiGckDJ2fkjB4kAkN4xapqjKWUyl8kWn+5h/2RCJwKykzWhN
zUQ+fHrKS76Ew7PtKKjidvwc1ekVivRRhT0ej0nyA+zy+KnTTj0qsQnDX/McSaJy
8JBr9JwXdZTgepz3WMGmEpopNmiIKONhJNMZNZxq3E9kdj8QlrFgVK/l63H0ojJZ
cnLQMWC8MZnHhh7EPTiZJgjsmOIW5QePnd2MLzC4bd+xL/1lQ5t2v4N9K4fTWUK/
OKodpRfktAsQZ9aw44kqh7ODgZQcmOSQi7mAIZs9Fp1fszrEE5BIYCNkjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEk6/1+4mx4AmEE9SYEJRqKadeIPMB8GA1UdIwQY
MBaAFIcMWJpPIqnKL/mbTEj4vfSShxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWIt
ODQ5ZDNhNmI5YzJkLzEvU1RyX1g3aWJIZ0NZUVQxSmdRbEdvcHAxNGc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWItODQ5ZDNhNmI5YzJk
LzEvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1SEIMA0G
CSqGSIb3DQEBCwUAA4IBAQDW1cwAP9hAGRebI6mNYCxoe3gKEocpaWbXTw2fVRIX
KROjKubPthCwiAs0JrYQ+qQTU5iSFDA5w5JMKquv2lvVDmpzTUEPPWeU201Z4828
huKreI5S1zMmtr8Kjo1h/C6KljUm3HYmY9EYadMuEPUn/YPfaBpdCTmgN1YVXylB
elVR1RWcss4TBp4A0d6I9JALbHkQarlcFNwPLVoQ0lrpGzSpFBGWzlkNytBby/qb
7QJWuiWpmZkGQRZ2GDuaf73UZcZMOQCxN5B1bHX7AmQGrsrFuWTO9OHAvXaiZdFL
t6dxHddrYnUCkOu3yen7O5nZyuf2jEkUirGich3qyJn/
-----END CERTIFICATE-----