This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/050533-a57e-4a8b-bf0d-cee3b492902e/1/ydGFE-vOjkRoY9XDm0d0hrrNVz0.roa
File:                     ydGFE-vOjkRoY9XDm0d0hrrNVz0.roa (raw, json)
Hash identifier:          ip0u+uChx3w8r1t9QF+aKgGRt/jAva0+561xQaWYRlc=
Subject key identifier:   C9:D1:85:13:EB:CE:8E:44:68:63:D5:C3:9B:47:74:86:BA:CD:57:3D
Certificate issuer:       /CN=87e965e78831a88ba8fa419432a9d7bac9db38a3
Certificate serial:       019B7A5AD3F53CB087D044CC22B657A86CC1
Authority key identifier: 87:E9:65:E7:88:31:A8:8B:A8:FA:41:94:32:A9:D7:BA:C9:DB:38:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h-ll54gxqIuo-kGUMqnXusnbOKM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/050533-a57e-4a8b-bf0d-cee3b492902e/1/ydGFE-vOjkRoY9XDm0d0hrrNVz0.roa
Signing time:             Thu 01 Jan 2026 16:18:51 +0000
ROA not before:           Thu 01 Jan 2026 16:18:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215557
IP address blocks:        217.13.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/050533-a57e-4a8b-bf0d-cee3b492902e/1/h-ll54gxqIuo-kGUMqnXusnbOKM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/050533-a57e-4a8b-bf0d-cee3b492902e/1/h-ll54gxqIuo-kGUMqnXusnbOKM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h-ll54gxqIuo-kGUMqnXusnbOKM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:d3:f5:3c:b0:87:d0:44:cc:22:b6:57:a8:6c:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=87e965e78831a88ba8fa419432a9d7bac9db38a3
        Validity
            Not Before: Jan  1 16:18:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c9d18513ebce8e446863d5c39b477486bacd573d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:ed:1e:b9:4d:73:10:15:2c:c6:89:9d:f7:d7:
                    82:68:39:b0:81:05:c3:70:98:5c:1f:98:52:76:66:
                    cd:f9:e9:ae:9d:ba:94:80:13:ae:86:d1:02:f4:7a:
                    2c:5a:71:e0:ad:fc:8c:1e:89:b5:85:9e:0b:ca:a5:
                    ee:a4:a7:4a:0f:ba:55:9e:5c:94:f6:3d:65:9f:0d:
                    51:88:99:ea:e5:83:3a:4d:4c:eb:38:cb:3f:77:68:
                    04:f7:2e:a1:ee:b6:d2:c6:12:af:ad:8b:48:f1:82:
                    5c:08:b2:08:84:3e:c4:4f:65:a9:1c:88:74:7e:35:
                    3f:36:cd:89:57:fd:f6:69:b6:fb:63:5d:18:7d:4b:
                    86:be:f9:1c:9a:93:03:bc:a2:02:a9:61:84:58:ca:
                    ce:77:2d:2c:31:89:bc:cd:c1:3a:44:cd:16:c0:90:
                    3b:13:f3:e3:63:22:e6:31:97:ba:3c:f3:12:c5:60:
                    cd:9c:07:bd:56:13:e4:4f:d4:7e:7b:78:6d:16:a5:
                    83:6f:34:34:46:07:e6:3d:7e:5c:5c:de:d4:1e:fa:
                    b6:7f:5e:40:7c:fa:53:b9:f1:82:7a:9d:51:86:fb:
                    b2:10:04:7d:f4:f0:88:85:df:27:72:fd:5b:14:a9:
                    98:f4:18:c4:ae:37:be:b1:85:1c:e6:09:00:f9:8e:
                    0b:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:D1:85:13:EB:CE:8E:44:68:63:D5:C3:9B:47:74:86:BA:CD:57:3D
            X509v3 Authority Key Identifier:
                keyid:87:E9:65:E7:88:31:A8:8B:A8:FA:41:94:32:A9:D7:BA:C9:DB:38:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h-ll54gxqIuo-kGUMqnXusnbOKM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/050533-a57e-4a8b-bf0d-cee3b492902e/1/ydGFE-vOjkRoY9XDm0d0hrrNVz0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/050533-a57e-4a8b-bf0d-cee3b492902e/1/h-ll54gxqIuo-kGUMqnXusnbOKM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.13.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:52:55:c1:ed:6e:78:0c:24:22:18:77:b9:41:85:db:cb:20:
         2e:fd:a8:dc:76:b0:d0:70:1f:23:17:de:00:63:4d:29:fc:4d:
         1f:7a:97:cf:d2:19:d8:94:cd:f8:75:5d:80:88:e1:85:a3:d4:
         1b:58:16:fd:7b:0f:9e:dc:33:0c:84:71:9e:f5:36:06:b4:b3:
         ad:26:ef:d0:03:a0:af:a3:f9:3f:9d:fc:17:f9:02:d4:1f:f6:
         08:64:73:4c:96:83:a8:38:5b:ec:3a:79:9d:df:f6:76:d9:39:
         25:e7:3e:29:6a:bc:95:99:ec:72:d5:04:23:ed:8d:bb:84:6a:
         65:50:af:56:85:4a:90:bf:9a:c9:56:ad:52:60:17:f5:33:c7:
         74:89:76:df:cb:68:55:5b:65:2c:23:e5:fb:ec:b8:c9:0e:ee:
         46:f8:1a:fe:79:5a:b6:bb:c6:2c:c4:a5:05:ac:b8:14:03:9e:
         22:f8:54:44:b4:36:70:0b:d1:1c:08:bc:ae:c7:07:e1:1c:a5:
         f6:a8:9e:23:ba:de:c8:9c:6b:28:5d:f6:fe:de:4b:95:42:f3:
         7a:d3:3b:b0:69:0b:26:85:31:03:98:3e:33:bf:49:57:b0:2a:
         fc:ae:57:85:a8:30:b5:89:89:da:c0:f5:bd:95:c2:cc:a7:48:
         30:6f:c4:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WtP1PLCH0ETMIrZXqGzBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3ZTk2NWU3ODgzMWE4OGJhOGZhNDE5NDMyYTlkN2JhYzlk
YjM4YTMwHhcNMjYwMTAxMTYxODUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWQxODUxM2ViY2U4ZTQ0Njg2M2Q1YzM5YjQ3NzQ4NmJhY2Q1NzNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAve0euU1zEBUsxomd99eCaDmwgQXD
cJhcH5hSdmbN+emunbqUgBOuhtEC9HosWnHgrfyMHom1hZ4LyqXupKdKD7pVnlyU
9j1lnw1RiJnq5YM6TUzrOMs/d2gE9y6h7rbSxhKvrYtI8YJcCLIIhD7ET2WpHIh0
fjU/Ns2JV/32abb7Y10YfUuGvvkcmpMDvKICqWGEWMrOdy0sMYm8zcE6RM0WwJA7
E/PjYyLmMZe6PPMSxWDNnAe9VhPkT9R+e3htFqWDbzQ0RgfmPX5cXN7UHvq2f15A
fPpTufGCep1RhvuyEAR99PCIhd8ncv1bFKmY9BjErje+sYUc5gkA+Y4LEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMnRhRPrzo5EaGPVw5tHdIa6zVc9MB8GA1UdIwQY
MBaAFIfpZeeIMaiLqPpBlDKp17rJ2zijMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaC1sbDU0Z3hxSXVvLWtHVU1xblh1c25iT0tNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy8wNTA1MzMtYTU3ZS00YThiLWJmMGQt
Y2VlM2I0OTI5MDJlLzEveWRHRkUtdk9qa1JvWTlYRG0wZDBocnJOVnowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy8wNTA1MzMtYTU3ZS00YThiLWJmMGQtY2VlM2I0OTI5MDJl
LzEvaC1sbDU0Z3hxSXVvLWtHVU1xblh1c25iT0tNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2Q1iMA0G
CSqGSIb3DQEBCwUAA4IBAQCXUlXB7W54DCQiGHe5QYXbyyAu/ajcdrDQcB8jF94A
Y00p/E0fepfP0hnYlM34dV2AiOGFo9QbWBb9ew+e3DMMhHGe9TYGtLOtJu/QA6Cv
o/k/nfwX+QLUH/YIZHNMloOoOFvsOnmd3/Z22Tkl5z4paryVmexy1QQj7Y27hGpl
UK9WhUqQv5rJVq1SYBf1M8d0iXbfy2hVW2UsI+X77LjJDu5G+Br+eVq2u8YsxKUF
rLgUA54i+FREtDZwC9EcCLyuxwfhHKX2qJ4jut7InGsoXfb+3kuVQvN60zuwaQsm
hTEDmD4zv0lXsCr8rleFqDC1iYnawPW9lcLMp0gwb8Qp
-----END CERTIFICATE-----