This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/11af42-d3ed-43cd-8274-742dc0c970c0/1/S3wAJAuRML5Do5HIcNyZi2_zrRU.roa
File:                     S3wAJAuRML5Do5HIcNyZi2_zrRU.roa (raw, json)
Hash identifier:          AgpqUaFG2QBQhnJTxXP4ibifKNaKINVjwUQ+PyAUUno=
Subject key identifier:   4B:7C:00:24:0B:91:30:BE:43:A3:91:C8:70:DC:99:8B:6F:F3:AD:15
Certificate issuer:       /CN=e1cadc8a421c1f22f1e2904ccfdbbcec5dbe1b11
Certificate serial:       019B7AC8A4FEF4A932CD479690F607CB6160
Authority key identifier: E1:CA:DC:8A:42:1C:1F:22:F1:E2:90:4C:CF:DB:BC:EC:5D:BE:1B:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4crcikIcHyLx4pBMz9u87F2-GxE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/11af42-d3ed-43cd-8274-742dc0c970c0/1/S3wAJAuRML5Do5HIcNyZi2_zrRU.roa
Signing time:             Thu 01 Jan 2026 18:18:48 +0000
ROA not before:           Thu 01 Jan 2026 18:18:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     24682
IP address blocks:        212.40.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/11af42-d3ed-43cd-8274-742dc0c970c0/1/4crcikIcHyLx4pBMz9u87F2-GxE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/11af42-d3ed-43cd-8274-742dc0c970c0/1/4crcikIcHyLx4pBMz9u87F2-GxE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4crcikIcHyLx4pBMz9u87F2-GxE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 10:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:a4:fe:f4:a9:32:cd:47:96:90:f6:07:cb:61:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1cadc8a421c1f22f1e2904ccfdbbcec5dbe1b11
        Validity
            Not Before: Jan  1 18:18:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4b7c00240b9130be43a391c870dc998b6ff3ad15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:f9:df:a2:ba:22:53:77:94:c8:01:1b:e8:88:
                    dd:15:df:fb:be:fe:94:5f:f9:ab:a1:8d:44:ad:23:
                    b2:43:51:58:c9:6a:5f:ce:b8:53:79:d5:1e:0a:b5:
                    e4:7a:d5:96:36:bf:82:c5:54:e8:56:3f:07:1d:63:
                    0d:1e:f7:e2:7e:7b:0b:4e:c0:7b:23:56:b7:7c:dd:
                    1f:04:4f:2e:96:91:aa:5e:32:43:a9:37:b7:9d:5e:
                    67:f9:a1:1b:d6:06:6a:dd:9b:fd:b6:3b:da:b4:48:
                    09:3a:c4:2f:1c:ee:23:47:61:1d:8e:08:2b:82:81:
                    02:fb:5b:ff:93:41:57:cb:54:b8:a3:04:ec:c4:39:
                    00:56:a8:52:87:af:d3:31:3e:c7:7a:44:0a:fb:f5:
                    54:c4:d5:63:83:0e:78:e5:be:54:1a:c8:07:96:6c:
                    4c:fe:9a:d6:84:fd:d0:11:0a:50:61:4e:96:8e:d8:
                    9c:32:da:3d:28:aa:50:60:37:d3:6d:85:4f:ac:29:
                    e2:18:39:19:f7:6a:33:9a:aa:08:56:7e:28:d0:c2:
                    44:93:fb:21:b7:ce:39:fc:23:46:89:2b:a3:bf:f7:
                    0e:bb:68:88:4c:f7:db:59:d4:d8:73:db:77:59:d6:
                    59:c4:e0:13:62:62:57:ac:dc:a8:bc:1c:d8:10:d5:
                    c2:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:7C:00:24:0B:91:30:BE:43:A3:91:C8:70:DC:99:8B:6F:F3:AD:15
            X509v3 Authority Key Identifier:
                keyid:E1:CA:DC:8A:42:1C:1F:22:F1:E2:90:4C:CF:DB:BC:EC:5D:BE:1B:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4crcikIcHyLx4pBMz9u87F2-GxE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/11af42-d3ed-43cd-8274-742dc0c970c0/1/S3wAJAuRML5Do5HIcNyZi2_zrRU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/11af42-d3ed-43cd-8274-742dc0c970c0/1/4crcikIcHyLx4pBMz9u87F2-GxE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.40.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:a0:b8:d6:6b:7e:06:c5:39:37:b3:34:e3:d0:84:20:d3:26:
         2a:f7:62:73:36:c5:c6:21:5f:0f:4b:35:6a:bb:fd:81:5a:02:
         49:5b:33:58:18:61:d1:48:1c:af:7c:c5:3d:80:a8:1a:a1:39:
         ea:4b:f7:29:27:38:b1:64:d6:85:45:7a:6f:0a:b7:12:f3:76:
         6d:42:7c:80:13:cd:b1:90:4c:02:57:2d:6b:6b:73:2b:d4:de:
         a0:ac:03:9b:93:6b:bc:39:e8:0f:b5:ba:2c:d4:69:05:19:7c:
         a2:23:ca:32:83:20:a8:40:f2:a4:19:81:6a:3d:db:d9:be:d1:
         28:49:07:63:36:37:95:6b:7b:96:94:5a:3e:7c:5b:c4:b3:8e:
         67:1e:55:f1:cd:fb:50:f5:33:41:18:40:50:5b:ad:a6:0e:b2:
         77:b0:01:cd:50:50:26:1b:8c:1e:1c:4a:4b:54:e8:b7:fc:b3:
         90:41:79:0f:ff:66:74:53:9b:d7:02:06:62:bd:ad:77:5c:fe:
         de:f9:78:ba:55:33:5a:eb:64:d9:22:7f:dc:71:17:d1:25:30:
         9c:93:ae:a4:d0:01:9f:2c:e3:30:5f:72:d8:b9:80:43:92:71:
         6a:ed:22:d2:d7:48:2c:54:e3:be:d2:3c:d1:d0:1c:09:bf:a0:
         70:82:6a:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yKT+9KkyzUeWkPYHy2FgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxY2FkYzhhNDIxYzFmMjJmMWUyOTA0Y2NmZGJiY2VjNWRi
ZTFiMTEwHhcNMjYwMTAxMTgxODQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjdjMDAyNDBiOTEzMGJlNDNhMzkxYzg3MGRjOTk4YjZmZjNhZDE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlfnforoiU3eUyAEb6IjdFd/7vv6U
X/mroY1ErSOyQ1FYyWpfzrhTedUeCrXketWWNr+CxVToVj8HHWMNHvfifnsLTsB7
I1a3fN0fBE8ulpGqXjJDqTe3nV5n+aEb1gZq3Zv9tjvatEgJOsQvHO4jR2Edjggr
goEC+1v/k0FXy1S4owTsxDkAVqhSh6/TMT7HekQK+/VUxNVjgw545b5UGsgHlmxM
/prWhP3QEQpQYU6WjticMto9KKpQYDfTbYVPrCniGDkZ92ozmqoIVn4o0MJEk/sh
t845/CNGiSujv/cOu2iITPfbWdTYc9t3WdZZxOATYmJXrNyovBzYENXCWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEt8ACQLkTC+Q6ORyHDcmYtv860VMB8GA1UdIwQY
MBaAFOHK3IpCHB8i8eKQTM/bvOxdvhsRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGNyY2lrSWNIeUx4NHBCTXo5dTg3RjItR3hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8xMWFmNDItZDNlZC00M2NkLTgyNzQt
NzQyZGMwYzk3MGMwLzEvUzN3QUpBdVJNTDVEbzVISWNOeVppMl96clJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8xMWFmNDItZDNlZC00M2NkLTgyNzQtNzQyZGMwYzk3MGMw
LzEvNGNyY2lrSWNIeUx4NHBCTXo5dTg3RjItR3hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1CgvMA0G
CSqGSIb3DQEBCwUAA4IBAQBfoLjWa34GxTk3szTj0IQg0yYq92JzNsXGIV8PSzVq
u/2BWgJJWzNYGGHRSByvfMU9gKgaoTnqS/cpJzixZNaFRXpvCrcS83ZtQnyAE82x
kEwCVy1ra3Mr1N6grAObk2u8OegPtbos1GkFGXyiI8oygyCoQPKkGYFqPdvZvtEo
SQdjNjeVa3uWlFo+fFvEs45nHlXxzftQ9TNBGEBQW62mDrJ3sAHNUFAmG4weHEpL
VOi3/LOQQXkP/2Z0U5vXAgZiva13XP7e+Xi6VTNa62TZIn/ccRfRJTCck66k0AGf
LOMwX3LYuYBDknFq7SLS10gsVOO+0jzR0BwJv6Bwgmrm
-----END CERTIFICATE-----