This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/fce6be-0896-4487-aa34-7a605ba40c1e/1/FyKNqjFhrFH2OIgFRDsCv8BYs9o.roa
File:                     FyKNqjFhrFH2OIgFRDsCv8BYs9o.roa (raw, json)
Hash identifier:          tiDmKjN0UYas924OKqN2XsfQo8ti7C0ROoqNaCI+wEM=
Subject key identifier:   17:22:8D:AA:31:61:AC:51:F6:38:88:05:44:3B:02:BF:C0:58:B3:DA
Certificate issuer:       /CN=613d23f2121327d917d708d8fe153382455959a8
Certificate serial:       019B791027187183223C037C0CD67470513E
Authority key identifier: 61:3D:23:F2:12:13:27:D9:17:D7:08:D8:FE:15:33:82:45:59:59:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YT0j8hITJ9kX1wjY_hUzgkVZWag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/fce6be-0896-4487-aa34-7a605ba40c1e/1/FyKNqjFhrFH2OIgFRDsCv8BYs9o.roa
Signing time:             Thu 01 Jan 2026 10:17:40 +0000
ROA not before:           Thu 01 Jan 2026 10:17:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        185.209.210.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/fce6be-0896-4487-aa34-7a605ba40c1e/1/YT0j8hITJ9kX1wjY_hUzgkVZWag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/fce6be-0896-4487-aa34-7a605ba40c1e/1/YT0j8hITJ9kX1wjY_hUzgkVZWag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YT0j8hITJ9kX1wjY_hUzgkVZWag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:27:18:71:83:22:3c:03:7c:0c:d6:74:70:51:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=613d23f2121327d917d708d8fe153382455959a8
        Validity
            Not Before: Jan  1 10:17:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=17228daa3161ac51f6388805443b02bfc058b3da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:15:8b:55:9e:82:c7:5f:a9:13:a9:d6:f6:98:
                    61:78:b5:9d:77:56:48:f3:aa:7c:b2:cf:8b:06:f3:
                    d7:43:d7:e9:6a:fe:74:50:68:f4:04:44:e2:b8:50:
                    f2:c0:3a:01:37:ca:16:e0:03:b9:66:35:3c:3e:9a:
                    44:b0:41:10:e4:7d:cd:dd:24:22:06:53:48:f5:fd:
                    23:ed:47:2a:d5:98:26:b6:aa:21:36:0d:28:95:93:
                    d7:64:a3:a6:c0:86:62:19:c9:ed:46:ca:b2:53:2c:
                    28:88:e6:2f:f7:09:29:6c:7d:0d:a1:75:d9:82:11:
                    e6:2f:b8:c2:68:3d:b9:a3:2c:45:e3:0b:69:6a:16:
                    ca:70:5b:34:ff:2a:ad:3e:60:8d:46:31:bd:7d:f9:
                    8b:62:08:b9:d7:c1:5c:ce:95:93:11:d4:f8:47:b8:
                    7e:79:09:76:a4:bb:9f:92:9c:7d:86:19:46:b5:89:
                    2b:6e:af:8c:91:13:88:4e:83:9a:7d:f7:0a:8a:f0:
                    44:05:e7:16:ad:2a:b1:f5:60:52:91:36:b8:ad:20:
                    2e:77:54:19:0d:33:4c:ae:72:b2:d9:73:c6:07:02:
                    e0:65:42:0b:33:01:c3:1e:27:05:08:7a:cb:45:e9:
                    8a:8f:06:25:ff:ed:f0:97:35:01:e8:77:f4:73:13:
                    36:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:22:8D:AA:31:61:AC:51:F6:38:88:05:44:3B:02:BF:C0:58:B3:DA
            X509v3 Authority Key Identifier:
                keyid:61:3D:23:F2:12:13:27:D9:17:D7:08:D8:FE:15:33:82:45:59:59:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YT0j8hITJ9kX1wjY_hUzgkVZWag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/fce6be-0896-4487-aa34-7a605ba40c1e/1/FyKNqjFhrFH2OIgFRDsCv8BYs9o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/fce6be-0896-4487-aa34-7a605ba40c1e/1/YT0j8hITJ9kX1wjY_hUzgkVZWag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.209.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:ea:02:4f:a3:0d:41:5a:13:d7:02:f5:8a:67:c2:d6:ac:6a:
         87:4a:d7:fc:37:23:42:61:50:d4:8e:e1:d5:8d:cb:2b:f0:1d:
         da:30:97:6a:1e:63:24:43:37:91:d9:17:af:e5:36:70:09:a8:
         f6:34:9c:6a:86:fa:bd:d8:5e:47:a4:c2:ed:22:b2:02:3b:7f:
         3e:2f:eb:b1:c3:f8:5c:8b:d7:3d:1b:5a:09:cb:18:44:12:93:
         a3:95:43:06:e2:01:5e:30:4c:3d:9f:74:76:66:fc:51:21:93:
         c8:7b:b2:b6:a6:12:b5:28:0c:8a:2e:1e:f8:3b:13:6b:3f:59:
         ce:86:25:96:75:b2:bb:3e:ea:1b:79:5a:0b:5a:96:a3:8f:60:
         d3:f9:ba:aa:31:2e:db:d0:79:c1:a6:30:06:66:35:54:76:33:
         7a:0b:24:17:2e:e9:01:73:35:ca:a1:8e:d7:7c:dd:38:94:8e:
         44:86:15:2c:44:ec:5e:84:f9:ad:29:66:8d:a9:be:94:ef:50:
         00:9a:cb:6e:20:44:9a:6a:87:ca:33:57:00:11:f4:a6:17:a5:
         aa:7f:d0:5d:24:51:ce:93:c6:60:00:45:6b:46:07:a2:b3:4d:
         40:c6:67:dd:9f:43:cb:bc:f2:93:c4:c9:b1:75:36:d0:24:cf:
         07:70:5d:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5ECcYcYMiPAN8DNZ0cFE+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxM2QyM2YyMTIxMzI3ZDkxN2Q3MDhkOGZlMTUzMzgyNDU1
OTU5YTgwHhcNMjYwMTAxMTAxNzQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzIyOGRhYTMxNjFhYzUxZjYzODg4MDU0NDNiMDJiZmMwNThiM2RhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyxWLVZ6Cx1+pE6nW9phheLWdd1ZI
86p8ss+LBvPXQ9fpav50UGj0BETiuFDywDoBN8oW4AO5ZjU8PppEsEEQ5H3N3SQi
BlNI9f0j7Ucq1ZgmtqohNg0olZPXZKOmwIZiGcntRsqyUywoiOYv9wkpbH0NoXXZ
ghHmL7jCaD25oyxF4wtpahbKcFs0/yqtPmCNRjG9ffmLYgi518FczpWTEdT4R7h+
eQl2pLufkpx9hhlGtYkrbq+MkROIToOaffcKivBEBecWrSqx9WBSkTa4rSAud1QZ
DTNMrnKy2XPGBwLgZUILMwHDHicFCHrLRemKjwYl/+3wlzUB6Hf0cxM2HwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBcijaoxYaxR9jiIBUQ7Ar/AWLPaMB8GA1UdIwQY
MBaAFGE9I/ISEyfZF9cI2P4VM4JFWVmoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVQwajhoSVRKOWtYMXdqWV9oVXpna1ZaV2FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9mY2U2YmUtMDg5Ni00NDg3LWFhMzQt
N2E2MDViYTQwYzFlLzEvRnlLTnFqRmhyRkgyT0lnRlJEc0N2OEJZczlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9mY2U2YmUtMDg5Ni00NDg3LWFhMzQtN2E2MDViYTQwYzFl
LzEvWVQwajhoSVRKOWtYMXdqWV9oVXpna1ZaV2FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudHSMA0G
CSqGSIb3DQEBCwUAA4IBAQAo6gJPow1BWhPXAvWKZ8LWrGqHStf8NyNCYVDUjuHV
jcsr8B3aMJdqHmMkQzeR2Rev5TZwCaj2NJxqhvq92F5HpMLtIrICO38+L+uxw/hc
i9c9G1oJyxhEEpOjlUMG4gFeMEw9n3R2ZvxRIZPIe7K2phK1KAyKLh74OxNrP1nO
hiWWdbK7PuobeVoLWpajj2DT+bqqMS7b0HnBpjAGZjVUdjN6CyQXLukBczXKoY7X
fN04lI5EhhUsROxehPmtKWaNqb6U71AAmstuIESaaofKM1cAEfSmF6Wqf9BdJFHO
k8ZgAEVrRgeis01Axmfdn0PLvPKTxMmxdTbQJM8HcF0D
-----END CERTIFICATE-----