This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/e99b35-8cf6-4934-a591-9930f2194a0e/1/aRUSUeQ8jMxodN7YT76VVlAnkYc.roa
File:                     aRUSUeQ8jMxodN7YT76VVlAnkYc.roa (raw, json)
Hash identifier:          kW/ZEynMRGdhc2qvAiSVXrvlJhdBKDD65FvfwCuJ9qI=
Subject key identifier:   69:15:12:51:E4:3C:8C:CC:68:74:DE:D8:4F:BE:95:56:50:27:91:87
Certificate issuer:       /CN=c41c7221ede3af5ee92e3206af2f18bd010d5dd9
Certificate serial:       019B76EB0ACAE2AE53360BE5531471A5653A
Authority key identifier: C4:1C:72:21:ED:E3:AF:5E:E9:2E:32:06:AF:2F:18:BD:01:0D:5D:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xBxyIe3jr17pLjIGry8YvQENXdk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/e99b35-8cf6-4934-a591-9930f2194a0e/1/aRUSUeQ8jMxodN7YT76VVlAnkYc.roa
Signing time:             Thu 01 Jan 2026 00:17:53 +0000
ROA not before:           Thu 01 Jan 2026 00:17:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49649
IP address blocks:        213.109.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/e99b35-8cf6-4934-a591-9930f2194a0e/1/xBxyIe3jr17pLjIGry8YvQENXdk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/e99b35-8cf6-4934-a591-9930f2194a0e/1/xBxyIe3jr17pLjIGry8YvQENXdk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xBxyIe3jr17pLjIGry8YvQENXdk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 10:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:0a:ca:e2:ae:53:36:0b:e5:53:14:71:a5:65:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c41c7221ede3af5ee92e3206af2f18bd010d5dd9
        Validity
            Not Before: Jan  1 00:17:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=69151251e43c8ccc6874ded84fbe955650279187
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:73:df:b3:19:68:89:a9:26:6f:43:1b:4c:bf:
                    6b:b3:93:a9:16:e6:d5:fd:bc:ed:08:a8:28:0f:9f:
                    c3:b7:3b:bd:10:11:12:6a:5f:cc:4f:45:fb:21:77:
                    e2:1f:33:b2:0c:bf:ad:ef:57:f7:6a:dc:36:7f:98:
                    8c:76:35:40:19:fa:5a:32:2d:9a:2a:44:94:a3:64:
                    b9:76:ac:ae:2c:f6:30:a5:26:0d:a8:66:ad:f4:73:
                    a8:74:f3:6e:1e:11:8b:54:a0:97:7d:35:60:23:25:
                    2e:01:c1:bc:f7:c6:0a:68:a4:f0:cb:47:7f:86:a0:
                    2c:9a:18:b7:5c:54:09:5d:39:d9:8b:29:f7:97:6f:
                    19:bc:f1:c3:0e:95:a4:34:b1:62:05:bc:1a:ce:eb:
                    c8:95:24:6a:0c:78:91:e5:68:42:5f:13:4f:25:01:
                    d0:e8:41:d4:9a:08:3a:75:4a:8c:da:72:f1:06:ee:
                    e4:8d:f5:54:73:8d:1e:a5:f6:3f:93:01:0f:25:6f:
                    51:b6:66:8b:6c:bd:f4:21:b3:79:b6:5e:0d:86:d7:
                    d3:ac:3e:b9:43:d5:c3:75:31:bb:de:c5:2a:a8:47:
                    a1:7b:4f:c3:be:ab:86:7d:c7:7e:74:f8:5a:7b:53:
                    49:3b:98:28:d6:ba:6f:9b:32:5c:b9:35:dc:6c:2e:
                    9e:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:15:12:51:E4:3C:8C:CC:68:74:DE:D8:4F:BE:95:56:50:27:91:87
            X509v3 Authority Key Identifier:
                keyid:C4:1C:72:21:ED:E3:AF:5E:E9:2E:32:06:AF:2F:18:BD:01:0D:5D:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xBxyIe3jr17pLjIGry8YvQENXdk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/e99b35-8cf6-4934-a591-9930f2194a0e/1/aRUSUeQ8jMxodN7YT76VVlAnkYc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/e99b35-8cf6-4934-a591-9930f2194a0e/1/xBxyIe3jr17pLjIGry8YvQENXdk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.109.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:9a:a1:f8:61:ce:89:f9:f1:5e:12:88:89:e0:f3:e3:ea:39:
         79:9e:a3:f4:c9:8b:71:42:68:03:c3:2b:b5:89:d2:0e:1f:1f:
         44:d8:90:29:3d:53:40:18:4d:4c:3e:f7:c6:b8:58:fa:b6:b9:
         73:50:4b:73:8b:b2:50:4b:a3:4a:b6:71:46:9c:c1:4b:f1:95:
         5a:e7:7b:db:a1:2d:e8:79:f5:87:e0:5b:ea:f0:ab:25:4d:59:
         54:f3:3f:e4:52:3b:7d:c2:6c:9a:70:dd:44:0b:52:84:68:40:
         e0:4d:a4:7c:ba:d7:58:9c:c6:d8:db:4c:d0:80:7b:d0:40:fc:
         5d:0c:b2:5b:5b:62:5c:b3:e7:f8:e3:e6:a6:bf:f2:47:e3:8b:
         48:1f:60:14:fd:42:00:4c:5d:61:81:fc:a3:97:c8:95:ab:eb:
         5d:60:37:04:72:c5:8f:90:0b:71:6b:cd:85:0f:ab:4d:f3:d3:
         47:88:8b:f6:6a:86:21:b0:b7:79:19:2a:f3:55:04:74:7c:bc:
         2d:25:ec:73:cb:5e:ae:20:fa:2d:e1:40:fd:07:a5:ca:63:d8:
         bd:33:86:7b:c1:1d:35:a5:c4:d9:26:0f:f9:f5:4e:66:1b:03:
         53:df:b0:78:3f:10:a1:ba:7c:8f:ec:e8:cd:87:4a:44:81:d8:
         09:77:d8:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26wrK4q5TNgvlUxRxpWU6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0MWM3MjIxZWRlM2FmNWVlOTJlMzIwNmFmMmYxOGJkMDEw
ZDVkZDkwHhcNMjYwMTAxMDAxNzUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTE1MTI1MWU0M2M4Y2NjNjg3NGRlZDg0ZmJlOTU1NjUwMjc5MTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs3Pfsxloiakmb0MbTL9rs5OpFubV
/bztCKgoD5/Dtzu9EBESal/MT0X7IXfiHzOyDL+t71f3atw2f5iMdjVAGfpaMi2a
KkSUo2S5dqyuLPYwpSYNqGat9HOodPNuHhGLVKCXfTVgIyUuAcG898YKaKTwy0d/
hqAsmhi3XFQJXTnZiyn3l28ZvPHDDpWkNLFiBbwazuvIlSRqDHiR5WhCXxNPJQHQ
6EHUmgg6dUqM2nLxBu7kjfVUc40epfY/kwEPJW9RtmaLbL30IbN5tl4NhtfTrD65
Q9XDdTG73sUqqEehe0/DvquGfcd+dPhae1NJO5go1rpvmzJcuTXcbC6eMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGkVElHkPIzMaHTe2E++lVZQJ5GHMB8GA1UdIwQY
MBaAFMQcciHt469e6S4yBq8vGL0BDV3ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEJ4eUllM2pyMTdwTGpJR3J5OFl2UUVOWGRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9lOTliMzUtOGNmNi00OTM0LWE1OTEt
OTkzMGYyMTk0YTBlLzEvYVJVU1VlUThqTXhvZE43WVQ3NlZWbEFua1ljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9lOTliMzUtOGNmNi00OTM0LWE1OTEtOTkzMGYyMTk0YTBl
LzEveEJ4eUllM2pyMTdwTGpJR3J5OFl2UUVOWGRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1W0gMA0G
CSqGSIb3DQEBCwUAA4IBAQCZmqH4Yc6J+fFeEoiJ4PPj6jl5nqP0yYtxQmgDwyu1
idIOHx9E2JApPVNAGE1MPvfGuFj6trlzUEtzi7JQS6NKtnFGnMFL8ZVa53vboS3o
efWH4Fvq8KslTVlU8z/kUjt9wmyacN1EC1KEaEDgTaR8utdYnMbY20zQgHvQQPxd
DLJbW2Jcs+f44+amv/JH44tIH2AU/UIATF1hgfyjl8iVq+tdYDcEcsWPkAtxa82F
D6tN89NHiIv2aoYhsLd5GSrzVQR0fLwtJexzy16uIPot4UD9B6XKY9i9M4Z7wR01
pcTZJg/59U5mGwNT37B4PxChunyP7OjNh0pEgdgJd9hC
-----END CERTIFICATE-----