This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/2wKz0YJ3K-1p6HmjvLM91NeaUSk.roa
File:                     2wKz0YJ3K-1p6HmjvLM91NeaUSk.roa (raw, json)
Hash identifier:          ayfig5LL3i/poQS21ye2fQfnGn+j5o+5bJIAqxIzABM=
Subject key identifier:   DB:02:B3:D1:82:77:2B:ED:69:E8:79:A3:BC:B3:3D:D4:D7:9A:51:29
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019A98763F30433D1DFF9C4EF8AD858D42AC
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/2wKz0YJ3K-1p6HmjvLM91NeaUSk.roa
Signing time:             Tue 18 Nov 2025 19:34:37 +0000
ROA not before:           Tue 18 Nov 2025 19:34:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     40950
IP address blocks:        150.241.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Nov 2025 22:06:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:98:76:3f:30:43:3d:1d:ff:9c:4e:f8:ad:85:8d:42:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Nov 18 19:34:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=db02b3d182772bed69e879a3bcb33dd4d79a5129
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:9d:7a:76:82:6f:bd:5d:8d:de:25:11:1d:af:
                    29:8e:b1:18:69:86:58:cf:59:40:3d:b8:ed:12:36:
                    b4:f2:c7:2f:fb:30:4b:2b:6c:90:ac:4f:24:8d:93:
                    db:51:a4:11:9a:07:32:76:68:10:1b:58:02:82:22:
                    8c:a8:55:cf:e4:8e:5b:3b:88:f8:59:a1:c0:51:ae:
                    93:fa:42:ad:90:9b:b7:2e:72:66:8a:a3:80:40:0f:
                    ac:3e:07:4c:0f:18:7e:85:63:28:57:b2:a2:bf:c3:
                    ff:a4:f8:84:4c:e0:7d:c3:88:1c:7e:2f:85:cc:82:
                    5c:ce:2c:8e:2b:40:61:bf:d0:c0:5f:c8:a0:4f:5d:
                    f2:2e:5a:3d:01:2f:2a:d2:65:8a:53:56:0f:2d:1d:
                    17:4b:78:18:5e:b1:9f:8e:20:a1:74:49:de:0e:d4:
                    75:21:c9:20:af:a3:51:20:90:e3:1c:d1:82:03:3e:
                    b6:03:b8:94:74:f1:d4:03:76:83:43:0b:c3:33:84:
                    26:d9:50:d4:4f:fb:52:89:e8:ad:49:2b:43:34:3c:
                    75:2f:82:46:df:3e:16:9b:f1:e5:56:d2:82:10:cb:
                    df:67:ad:41:37:21:60:ff:86:17:a4:1a:85:08:99:
                    13:4f:7c:aa:2b:05:b3:25:ac:93:5c:93:75:1c:9c:
                    19:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:02:B3:D1:82:77:2B:ED:69:E8:79:A3:BC:B3:3D:D4:D7:9A:51:29
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/2wKz0YJ3K-1p6HmjvLM91NeaUSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.241.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:22:ce:a9:4a:cb:fa:29:d7:04:c8:30:d5:97:7f:4d:1d:c0:
         a1:fc:59:84:f2:b3:1c:4e:90:f2:8f:c9:61:60:3b:39:ba:18:
         08:d8:68:4c:cc:5f:e9:0e:1e:49:87:e5:76:8d:20:5c:e8:b9:
         41:a3:a5:f4:bd:d9:be:06:66:75:f9:23:16:2c:90:77:4c:51:
         fe:51:2b:37:63:03:66:85:37:bc:90:da:d9:84:d5:ee:fc:9e:
         01:b0:d5:d0:55:1c:76:64:a2:93:6a:e6:26:4f:8f:61:ed:ea:
         63:8f:96:a0:3f:21:9a:33:73:ca:ca:70:2d:de:37:47:0c:17:
         b9:88:04:fe:e3:e4:d8:4b:63:36:44:ef:cf:ce:8a:1e:92:c5:
         d4:42:b3:a8:ac:bd:a0:15:a0:dc:82:97:ba:05:6a:c3:a2:91:
         21:64:b0:f6:a2:fe:5b:ef:c9:16:27:15:f7:90:8a:4f:d2:dd:
         81:6d:57:f1:58:80:48:e6:eb:55:64:c2:a6:73:9e:0f:b2:d7:
         8f:bb:2a:b2:7d:0f:7a:aa:98:3b:e0:7d:4e:66:28:56:e3:ce:
         c3:c1:11:b5:9b:1b:f3:01:93:8f:6c:81:ad:bd:42:10:e7:87:
         23:2b:19:52:e9:5c:b7:e3:aa:b0:05:fb:ce:67:89:c4:e7:2b:
         14:da:e8:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZqYdj8wQz0d/5xO+K2FjUKsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUxMTE4MTkzNDM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjAyYjNkMTgyNzcyYmVkNjllODc5YTNiY2IzM2RkNGQ3OWE1MTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyJ16doJvvV2N3iURHa8pjrEYaYZY
z1lAPbjtEja08scv+zBLK2yQrE8kjZPbUaQRmgcydmgQG1gCgiKMqFXP5I5bO4j4
WaHAUa6T+kKtkJu3LnJmiqOAQA+sPgdMDxh+hWMoV7Kiv8P/pPiETOB9w4gcfi+F
zIJcziyOK0Bhv9DAX8igT13yLlo9AS8q0mWKU1YPLR0XS3gYXrGfjiChdEneDtR1
Ickgr6NRIJDjHNGCAz62A7iUdPHUA3aDQwvDM4Qm2VDUT/tSieitSStDNDx1L4JG
3z4Wm/HlVtKCEMvfZ61BNyFg/4YXpBqFCJkTT3yqKwWzJayTXJN1HJwZVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNsCs9GCdyvtaeh5o7yzPdTXmlEpMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvMndLejBZSjNLLTFwNkhtanZMTTkxTmVhVVNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAlvFXMA0G
CSqGSIb3DQEBCwUAA4IBAQA7Is6pSsv6KdcEyDDVl39NHcCh/FmE8rMcTpDyj8lh
YDs5uhgI2GhMzF/pDh5Jh+V2jSBc6LlBo6X0vdm+BmZ1+SMWLJB3TFH+USs3YwNm
hTe8kNrZhNXu/J4BsNXQVRx2ZKKTauYmT49h7epjj5agPyGaM3PKynAt3jdHDBe5
iAT+4+TYS2M2RO/PzooeksXUQrOorL2gFaDcgpe6BWrDopEhZLD2ov5b78kWJxX3
kIpP0t2BbVfxWIBI5utVZMKmc54PstePuyqyfQ96qpg74H1OZihW487DwRG1mxvz
AZOPbIGtvUIQ54cjKxlS6Vy346qwBfvOZ4nE5ysU2ujS
-----END CERTIFICATE-----