This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/3a362d-4198-4b08-bb0a-dbe41fc8399e/1/EjDCWHUKfrhUltEAV8v-8i4JB8k.roa
File:                     EjDCWHUKfrhUltEAV8v-8i4JB8k.roa (raw, json)
Hash identifier:          a/WblqLT7o9KNQHx3jn/JOaerbJckzUgXEVjku2zPOM=
Subject key identifier:   12:30:C2:58:75:0A:7E:B8:54:96:D1:00:57:CB:FE:F2:2E:09:07:C9
Certificate issuer:       /CN=33fbdbb20c2d97073c0de8b7caa75ec1eeb191b8
Certificate serial:       019B7B3685290C7AD41B1988B6600BBFC52D
Authority key identifier: 33:FB:DB:B2:0C:2D:97:07:3C:0D:E8:B7:CA:A7:5E:C1:EE:B1:91:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M_vbsgwtlwc8Dei3yqdewe6xkbg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/3a362d-4198-4b08-bb0a-dbe41fc8399e/1/EjDCWHUKfrhUltEAV8v-8i4JB8k.roa
Signing time:             Thu 01 Jan 2026 20:18:48 +0000
ROA not before:           Thu 01 Jan 2026 20:18:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        217.169.72.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/3a362d-4198-4b08-bb0a-dbe41fc8399e/1/M_vbsgwtlwc8Dei3yqdewe6xkbg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/3a362d-4198-4b08-bb0a-dbe41fc8399e/1/M_vbsgwtlwc8Dei3yqdewe6xkbg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M_vbsgwtlwc8Dei3yqdewe6xkbg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:85:29:0c:7a:d4:1b:19:88:b6:60:0b:bf:c5:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=33fbdbb20c2d97073c0de8b7caa75ec1eeb191b8
        Validity
            Not Before: Jan  1 20:18:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1230c258750a7eb85496d10057cbfef22e0907c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:d3:23:d8:7e:db:f8:ac:11:2d:b3:1e:96:e3:
                    83:b9:43:67:ab:3f:d3:95:e3:ba:bf:98:c7:9e:f9:
                    5b:0c:88:8e:f6:f8:a9:91:42:db:47:83:a4:5e:90:
                    6c:c5:ca:e4:e7:47:1e:30:c9:0b:dd:e2:15:05:73:
                    f6:1a:7d:b5:16:1e:57:2a:81:4b:15:c9:f2:27:83:
                    6c:49:8d:ef:89:49:6a:8a:eb:c6:7a:30:11:0f:71:
                    73:a0:5e:8e:a3:1c:0b:ed:23:26:90:b6:b9:4f:84:
                    07:0d:d9:19:0f:67:cd:a3:3c:e5:94:96:b2:21:ea:
                    0e:4c:91:0e:06:af:db:5a:bb:a1:1d:e1:34:85:92:
                    19:a9:90:5a:cb:0b:2a:13:df:ce:8a:a8:d2:27:ee:
                    52:39:86:1b:92:a1:4e:58:f7:70:50:8b:f1:24:6b:
                    86:eb:a4:46:2a:f3:3a:39:65:67:4c:60:24:a9:6d:
                    52:d9:66:ad:6e:27:d3:4e:93:e5:d7:8d:6f:16:12:
                    4c:6c:fd:cb:d8:c4:85:a0:4a:03:57:0c:0d:db:65:
                    83:c5:f8:38:b5:78:78:3e:91:27:a9:be:dd:53:d5:
                    66:87:a1:21:1d:bd:76:83:32:66:77:dd:49:6a:e4:
                    a8:05:ae:64:46:8d:3b:43:c7:62:9a:0e:9f:d9:7d:
                    c5:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:30:C2:58:75:0A:7E:B8:54:96:D1:00:57:CB:FE:F2:2E:09:07:C9
            X509v3 Authority Key Identifier:
                keyid:33:FB:DB:B2:0C:2D:97:07:3C:0D:E8:B7:CA:A7:5E:C1:EE:B1:91:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M_vbsgwtlwc8Dei3yqdewe6xkbg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/3a362d-4198-4b08-bb0a-dbe41fc8399e/1/EjDCWHUKfrhUltEAV8v-8i4JB8k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/3a362d-4198-4b08-bb0a-dbe41fc8399e/1/M_vbsgwtlwc8Dei3yqdewe6xkbg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.169.72.0/21

    Signature Algorithm: sha256WithRSAEncryption
         35:74:9c:3d:83:4c:ea:50:87:12:9e:9d:b3:28:18:e5:ab:b9:
         42:8f:59:49:06:db:f0:80:44:06:28:56:78:8d:72:ff:16:b0:
         1c:40:91:8d:ef:5c:d4:c0:27:e3:fe:e5:d5:0a:85:b9:13:f4:
         b9:3b:e9:84:a9:a2:fc:28:2e:82:cf:7d:9a:2c:33:11:73:36:
         fd:09:e7:e1:35:03:55:76:c4:d0:bc:83:65:9a:f4:a5:04:74:
         9f:6d:89:c9:ac:ad:56:97:3f:1e:ce:a6:60:ce:e7:7d:b8:4a:
         b7:97:ee:d1:28:20:76:b8:8b:a6:a2:a7:57:85:e1:5b:f6:e8:
         89:b2:51:66:a4:71:37:7c:45:1b:d6:6e:af:53:49:89:a3:0c:
         cb:af:e5:e7:66:20:c5:84:ac:6a:43:95:ee:15:01:61:b4:5a:
         af:ba:92:09:1f:ee:1d:6d:20:73:7b:e2:f3:dc:66:73:87:bd:
         fe:19:69:3a:62:d6:fa:71:a0:96:d4:4d:b3:82:3e:51:79:6a:
         b5:7c:85:3f:81:0e:b2:1c:6b:de:5e:33:5e:47:5b:b6:9a:c2:
         2e:1e:52:f1:0a:f7:41:f1:6e:31:09:84:bc:d2:13:4b:90:d9:
         b0:2f:aa:7b:cb:3f:c3:d8:33:f2:2b:0e:45:3c:54:a1:be:a7:
         8d:47:2c:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NoUpDHrUGxmItmALv8UtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzZmJkYmIyMGMyZDk3MDczYzBkZThiN2NhYTc1ZWMxZWVi
MTkxYjgwHhcNMjYwMTAxMjAxODQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjMwYzI1ODc1MGE3ZWI4NTQ5NmQxMDA1N2NiZmVmMjJlMDkwN2M5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsdMj2H7b+KwRLbMeluODuUNnqz/T
leO6v5jHnvlbDIiO9vipkULbR4OkXpBsxcrk50ceMMkL3eIVBXP2Gn21Fh5XKoFL
FcnyJ4NsSY3viUlqiuvGejARD3FzoF6OoxwL7SMmkLa5T4QHDdkZD2fNozzllJay
IeoOTJEOBq/bWruhHeE0hZIZqZBaywsqE9/OiqjSJ+5SOYYbkqFOWPdwUIvxJGuG
66RGKvM6OWVnTGAkqW1S2WatbifTTpPl141vFhJMbP3L2MSFoEoDVwwN22WDxfg4
tXh4PpEnqb7dU9Vmh6EhHb12gzJmd91JauSoBa5kRo07Q8dimg6f2X3FMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBIwwlh1Cn64VJbRAFfL/vIuCQfJMB8GA1UdIwQY
MBaAFDP727IMLZcHPA3ot8qnXsHusZG4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTV92YnNnd3Rsd2M4RGVpM3lxZGV3ZTZ4a2JnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi8zYTM2MmQtNDE5OC00YjA4LWJiMGEt
ZGJlNDFmYzgzOTllLzEvRWpEQ1dIVUtmcmhVbHRFQVY4di04aTRKQjhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi8zYTM2MmQtNDE5OC00YjA4LWJiMGEtZGJlNDFmYzgzOTll
LzEvTV92YnNnd3Rsd2M4RGVpM3lxZGV3ZTZ4a2JnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD2alIMA0G
CSqGSIb3DQEBCwUAA4IBAQA1dJw9g0zqUIcSnp2zKBjlq7lCj1lJBtvwgEQGKFZ4
jXL/FrAcQJGN71zUwCfj/uXVCoW5E/S5O+mEqaL8KC6Cz32aLDMRczb9CefhNQNV
dsTQvINlmvSlBHSfbYnJrK1Wlz8ezqZgzud9uEq3l+7RKCB2uIumoqdXheFb9uiJ
slFmpHE3fEUb1m6vU0mJowzLr+XnZiDFhKxqQ5XuFQFhtFqvupIJH+4dbSBze+Lz
3GZzh73+GWk6Ytb6caCW1E2zgj5ReWq1fIU/gQ6yHGveXjNeR1u2msIuHlLxCvdB
8W4xCYS80hNLkNmwL6p7yz/D2DPyKw5FPFShvqeNRyzK
-----END CERTIFICATE-----