This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/08a9c8-4be3-4682-af82-2a1cce7d2c65/1/LOrPhrxzmthFtrBc_3p4iGaGz3I.roa
File:                     LOrPhrxzmthFtrBc_3p4iGaGz3I.roa (raw, json)
Hash identifier:          Jh9crPRRbXnyNqoxl2RVNueTjVhGBqJWJmOwAJP93xk=
Subject key identifier:   2C:EA:CF:86:BC:73:9A:D8:45:B6:B0:5C:FF:7A:78:88:66:86:CF:72
Certificate issuer:       /CN=fa1b2478dfe0f33a278b13f42dd319601d6378a8
Certificate serial:       019B228D62BD9B3588D96E20E78A416335DB
Authority key identifier: FA:1B:24:78:DF:E0:F3:3A:27:8B:13:F4:2D:D3:19:60:1D:63:78:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-hskeN_g8zonixP0LdMZYB1jeKg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/08a9c8-4be3-4682-af82-2a1cce7d2c65/1/LOrPhrxzmthFtrBc_3p4iGaGz3I.roa
Signing time:             Mon 15 Dec 2025 15:07:29 +0000
ROA not before:           Mon 15 Dec 2025 15:07:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34373
IP address blocks:        87.239.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/08a9c8-4be3-4682-af82-2a1cce7d2c65/1/1-hskeN_g8zonixP0LdMZYB1jeKg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/08a9c8-4be3-4682-af82-2a1cce7d2c65/1/1-hskeN_g8zonixP0LdMZYB1jeKg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-hskeN_g8zonixP0LdMZYB1jeKg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Dec 2025 22:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:22:8d:62:bd:9b:35:88:d9:6e:20:e7:8a:41:63:35:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fa1b2478dfe0f33a278b13f42dd319601d6378a8
        Validity
            Not Before: Dec 15 15:07:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2ceacf86bc739ad845b6b05cff7a78886686cf72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:6d:63:4e:2d:3f:b3:b8:95:96:84:12:db:c2:
                    fd:88:11:b2:2a:fc:90:e9:68:bf:d0:9d:78:e2:b4:
                    5b:7f:31:a5:5e:77:33:a9:35:31:b2:bd:92:51:38:
                    ff:6c:57:78:e0:7d:25:cc:7b:11:62:be:b3:39:b8:
                    f2:da:a6:79:77:18:f7:52:eb:36:5f:8c:a9:81:eb:
                    14:cb:d5:0f:56:2c:26:6b:6d:f1:d1:90:3e:3e:06:
                    95:ba:dc:31:dc:51:55:68:b3:0d:97:1b:3f:f0:f9:
                    97:30:73:51:80:dd:e9:b6:91:f7:ac:6d:5e:ec:72:
                    c0:7f:75:99:50:ed:73:45:5f:5c:ba:54:b6:3b:d2:
                    fb:bf:63:63:9b:dc:9c:b1:34:42:7e:31:a7:85:e5:
                    1f:a3:52:ae:f5:fc:70:64:de:6e:55:a0:b6:01:51:
                    82:10:25:0d:b4:c3:78:51:b8:fa:f3:06:2d:96:04:
                    cc:b6:25:9a:ce:85:de:a4:e3:be:b8:fa:b1:7d:b0:
                    4b:25:ec:57:e0:5d:77:f0:66:80:05:ad:84:48:41:
                    5c:97:f4:a7:b6:17:20:d1:f7:b3:ba:47:f3:e8:79:
                    cc:9d:ff:cd:27:ca:0d:fa:e3:33:75:4a:af:43:fd:
                    40:d6:02:8d:0a:4f:3b:08:c2:45:1a:13:2a:77:da:
                    98:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:EA:CF:86:BC:73:9A:D8:45:B6:B0:5C:FF:7A:78:88:66:86:CF:72
            X509v3 Authority Key Identifier:
                keyid:FA:1B:24:78:DF:E0:F3:3A:27:8B:13:F4:2D:D3:19:60:1D:63:78:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-hskeN_g8zonixP0LdMZYB1jeKg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/08a9c8-4be3-4682-af82-2a1cce7d2c65/1/LOrPhrxzmthFtrBc_3p4iGaGz3I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/08a9c8-4be3-4682-af82-2a1cce7d2c65/1/1-hskeN_g8zonixP0LdMZYB1jeKg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.239.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:06:9f:b5:73:51:20:c3:08:73:53:a8:c3:ed:d6:91:70:82:
         87:27:97:66:82:cd:fc:a1:17:b7:ac:c7:76:c8:b4:d2:26:36:
         d0:4b:a1:40:ec:f7:10:ae:f9:65:01:bd:f4:ca:c7:a0:50:52:
         87:4e:73:67:11:e1:d6:f1:0c:af:aa:96:d3:22:9a:f2:73:83:
         b1:d3:25:f0:88:d5:29:5a:d4:34:65:2e:25:02:08:f8:d6:cb:
         c5:ff:62:91:7c:f2:80:f6:70:a0:0c:ee:d9:da:ed:1b:65:41:
         34:f9:22:1b:83:1f:db:d5:69:3b:f4:0f:79:c8:6e:58:ba:94:
         e6:c0:f8:f1:92:f6:c5:57:a8:91:73:f0:a7:b9:78:3a:bb:2c:
         29:c0:be:8e:9b:8f:e1:82:62:cb:f6:45:33:5e:18:87:e7:c4:
         6c:96:f9:fe:fe:e7:1a:62:6f:ab:71:0b:19:41:7c:07:51:e4:
         e8:d7:61:2c:55:e5:3e:75:8f:dd:4d:d1:f0:c3:58:f6:9e:99:
         44:c0:f2:75:15:ea:30:b8:e4:d8:ff:a3:dc:db:b1:d9:96:10:
         77:11:a8:ef:b4:a0:57:20:1b:c5:57:7f:bf:f9:d6:93:df:42:
         51:80:88:08:59:35:84:94:09:0b:45:27:52:2c:4f:a9:cc:09:
         1b:8e:ac:67
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZsijWK9mzWI2W4g54pBYzXbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhMWIyNDc4ZGZlMGYzM2EyNzhiMTNmNDJkZDMxOTYwMWQ2
Mzc4YTgwHhcNMjUxMjE1MTUwNzI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2VhY2Y4NmJjNzM5YWQ4NDViNmIwNWNmZjdhNzg4ODY2ODZjZjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl21jTi0/s7iVloQS28L9iBGyKvyQ
6Wi/0J144rRbfzGlXnczqTUxsr2SUTj/bFd44H0lzHsRYr6zObjy2qZ5dxj3Uus2
X4ypgesUy9UPViwma23x0ZA+PgaVutwx3FFVaLMNlxs/8PmXMHNRgN3ptpH3rG1e
7HLAf3WZUO1zRV9culS2O9L7v2Njm9ycsTRCfjGnheUfo1Ku9fxwZN5uVaC2AVGC
ECUNtMN4Ubj68wYtlgTMtiWazoXepOO+uPqxfbBLJexX4F138GaABa2ESEFcl/Sn
thcg0fezukfz6HnMnf/NJ8oN+uMzdUqvQ/1A1gKNCk87CMJFGhMqd9qYKwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFCzqz4a8c5rYRbawXP96eIhmhs9yMB8GA1UdIwQY
MBaAFPobJHjf4PM6J4sT9C3TGWAdY3ioMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1oc2tlTl9nOHpvbml4UDBMZE1aWUIxamVLZy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWYvMDhhOWM4LTRiZTMtNDY4Mi1hZjgy
LTJhMWNjZTdkMmM2NS8xL0xPclBocnh6bXRoRnRyQmNfM3A0aUdhR3ozSS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYWYvMDhhOWM4LTRiZTMtNDY4Mi1hZjgyLTJhMWNjZTdkMmM2
NS8xLzEtaHNrZU5fZzh6b25peFAwTGRNWllCMWplS2cuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABX7w8w
DQYJKoZIhvcNAQELBQADggEBAIgGn7VzUSDDCHNTqMPt1pFwgocnl2aCzfyhF7es
x3bItNImNtBLoUDs9xCu+WUBvfTKx6BQUodOc2cR4dbxDK+qltMimvJzg7HTJfCI
1Sla1DRlLiUCCPjWy8X/YpF88oD2cKAM7tna7RtlQTT5IhuDH9vVaTv0D3nIbli6
lObA+PGS9sVXqJFz8Ke5eDq7LCnAvo6bj+GCYsv2RTNeGIfnxGyW+f7+5xpib6tx
CxlBfAdR5OjXYSxV5T51j91N0fDDWPaemUTA8nUV6jC45Nj/o9zbsdmWEHcRqO+0
oFcgG8VXf7/51pPfQlGAiAhZNYSUCQtFJ1IsT6nMCRuOrGc=
-----END CERTIFICATE-----