This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/FwIct8V44lU7xFBVW8doGhSX2kE.roa
File:                     FwIct8V44lU7xFBVW8doGhSX2kE.roa (raw, json)
Hash identifier:          TDMs2winKDznQH2+VaVyCuW8vxeNh/WQLCoQ6xWWt78=
Subject key identifier:   17:02:1C:B7:C5:78:E2:55:3B:C4:50:55:5B:C7:68:1A:14:97:DA:41
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       019B7BA532CEA07F8E88CA4FA0BE2F7F9D98
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/FwIct8V44lU7xFBVW8doGhSX2kE.roa
Signing time:             Thu 01 Jan 2026 22:19:42 +0000
ROA not before:           Thu 01 Jan 2026 22:19:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34653
IP address blocks:        37.157.160.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:32:ce:a0:7f:8e:88:ca:4f:a0:be:2f:7f:9d:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 22:19:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=17021cb7c578e2553bc450555bc7681a1497da41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:7e:4c:dc:78:15:b7:67:a5:b4:d2:1f:83:d6:
                    39:6d:d8:5b:87:df:25:ff:e1:10:7d:ca:b9:70:13:
                    50:3c:72:3d:2b:ad:b4:13:72:d6:41:17:cc:34:92:
                    3e:35:98:cb:21:1f:af:06:bb:61:65:9d:9e:f6:69:
                    f3:88:f2:99:61:99:9b:cd:02:be:12:ed:bb:50:25:
                    bd:7a:e3:87:f0:60:b6:a8:8d:4f:ca:84:cc:03:42:
                    5a:96:85:75:90:47:71:ba:f8:c0:31:65:db:a1:77:
                    22:1e:c2:95:28:a3:a8:63:45:d4:9a:5c:4f:e7:cd:
                    2b:59:04:58:4b:c1:ec:8b:7d:39:13:5d:e4:a5:70:
                    e6:db:4c:4a:11:2a:9b:1e:89:97:eb:0e:e4:53:1a:
                    cd:58:3f:7e:bc:50:8d:ec:06:35:18:bf:18:53:83:
                    ee:cb:c7:2c:b2:1f:97:29:1c:35:0f:18:bd:68:37:
                    0b:03:7d:54:59:89:56:67:dd:8c:ea:fd:2a:3d:6a:
                    ac:78:64:9f:8a:d7:9a:2b:32:c9:19:37:36:9a:68:
                    c3:ce:38:03:ed:ff:de:34:eb:74:5f:07:23:f4:a7:
                    da:f1:e3:79:5e:2b:a5:06:b1:7c:72:2d:68:44:6c:
                    c3:fa:f2:7b:14:29:7c:85:a3:5f:0e:21:3a:88:62:
                    6e:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:02:1C:B7:C5:78:E2:55:3B:C4:50:55:5B:C7:68:1A:14:97:DA:41
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/FwIct8V44lU7xFBVW8doGhSX2kE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.157.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:4a:f7:9e:56:85:60:3e:1a:e5:c7:10:3b:f9:2e:ec:74:af:
         66:f6:09:64:79:03:84:47:06:fd:0c:df:06:7c:b4:28:e0:f0:
         ef:71:ce:8b:40:35:a9:d7:b8:ee:bb:56:ce:c3:65:28:8e:7d:
         6a:52:07:a6:9e:11:9f:4e:c8:ba:49:f6:8c:0a:91:38:29:48:
         38:8a:9d:8d:d4:df:39:15:ef:cb:f7:66:e4:d7:fe:28:41:98:
         80:2f:02:00:b7:45:9e:ee:de:33:6a:8e:69:33:c1:29:f6:ed:
         7a:bf:bf:d7:45:fa:af:e7:60:56:69:eb:60:d1:37:94:53:20:
         15:3b:5c:3d:77:72:85:2a:cf:a5:6d:c3:d7:04:63:c1:57:a2:
         66:65:f1:cf:9f:da:7b:35:d3:f9:dd:ef:9c:1a:ce:6a:b7:cb:
         8b:b8:40:52:aa:c9:e5:c1:03:d6:d0:7c:bb:85:88:ac:4d:2c:
         fa:f5:b3:46:14:45:c1:bd:a5:3a:9a:15:07:52:98:63:49:3a:
         08:f9:f1:3c:d0:84:d3:76:21:d3:2f:c5:38:e1:ad:ca:31:9e:
         4d:81:f0:f6:cb:9a:3d:3c:5c:bd:10:c0:a8:54:e4:dc:09:0f:
         ce:13:fe:5b:83:16:76:6d:29:a7:9b:7a:4f:d8:ec:e3:ea:a4:
         ec:eb:88:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pTLOoH+OiMpPoL4vf52YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjYwMTAxMjIxOTQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzAyMWNiN2M1NzhlMjU1M2JjNDUwNTU1YmM3NjgxYTE0OTdkYTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn35M3HgVt2eltNIfg9Y5bdhbh98l
/+EQfcq5cBNQPHI9K620E3LWQRfMNJI+NZjLIR+vBrthZZ2e9mnziPKZYZmbzQK+
Eu27UCW9euOH8GC2qI1PyoTMA0JaloV1kEdxuvjAMWXboXciHsKVKKOoY0XUmlxP
580rWQRYS8Hsi305E13kpXDm20xKESqbHomX6w7kUxrNWD9+vFCN7AY1GL8YU4Pu
y8cssh+XKRw1Dxi9aDcLA31UWYlWZ92M6v0qPWqseGSfiteaKzLJGTc2mmjDzjgD
7f/eNOt0Xwcj9Kfa8eN5XiulBrF8ci1oRGzD+vJ7FCl8haNfDiE6iGJuZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBcCHLfFeOJVO8RQVVvHaBoUl9pBMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvRndJY3Q4VjQ0bFU3eEZCVlc4ZG9HaFNYMmtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJZ2gMA0G
CSqGSIb3DQEBCwUAA4IBAQCUSveeVoVgPhrlxxA7+S7sdK9m9glkeQOERwb9DN8G
fLQo4PDvcc6LQDWp17juu1bOw2Uojn1qUgemnhGfTsi6SfaMCpE4KUg4ip2N1N85
Fe/L92bk1/4oQZiALwIAt0We7t4zao5pM8Ep9u16v7/XRfqv52BWaetg0TeUUyAV
O1w9d3KFKs+lbcPXBGPBV6JmZfHPn9p7NdP53e+cGs5qt8uLuEBSqsnlwQPW0Hy7
hYisTSz69bNGFEXBvaU6mhUHUphjSToI+fE80ITTdiHTL8U44a3KMZ5NgfD2y5o9
PFy9EMCoVOTcCQ/OE/5bgxZ2bSmnm3pP2Ozj6qTs64iM
-----END CERTIFICATE-----