This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/IQvdujgainvo4C34zkOLdjKY5vg.roa
File:                     IQvdujgainvo4C34zkOLdjKY5vg.roa (raw, json)
Hash identifier:          w17Fv3nrN5mdxpMpocz8vqnCEddTCZeK1yywJC7rkAQ=
Subject key identifier:   21:0B:DD:BA:38:1A:8A:7B:E8:E0:2D:F8:CE:43:8B:76:32:98:E6:F8
Certificate issuer:       /CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
Certificate serial:       019B79ED4E6D74734130A3A626FE3C7B878C
Authority key identifier: BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/IQvdujgainvo4C34zkOLdjKY5vg.roa
Signing time:             Thu 01 Jan 2026 14:19:13 +0000
ROA not before:           Thu 01 Jan 2026 14:19:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51017
IP address blocks:        213.21.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 03:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:4e:6d:74:73:41:30:a3:a6:26:fe:3c:7b:87:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
        Validity
            Not Before: Jan  1 14:19:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=210bddba381a8a7be8e02df8ce438b763298e6f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:5e:b8:7f:ff:bb:2d:15:cd:0e:8b:dd:00:d0:
                    b0:83:a6:de:bc:5a:aa:19:62:20:2e:95:e8:28:5a:
                    d6:de:96:38:2f:ca:f1:31:0b:a2:3c:34:68:92:38:
                    9c:41:c8:d5:e8:04:2e:31:e3:98:d0:9a:58:b6:91:
                    64:24:c3:74:45:7d:15:92:84:8c:17:53:e1:ae:88:
                    e1:79:b1:04:7f:16:c7:8b:7a:c9:25:17:13:eb:55:
                    6e:f0:11:01:ca:08:b7:4c:f7:81:7f:3d:76:16:8d:
                    aa:fe:1b:9b:3c:22:22:43:24:84:59:71:30:bd:56:
                    a2:5b:dd:42:3a:ef:12:35:e1:ac:18:b6:eb:04:07:
                    e7:42:28:ff:f1:e1:70:cf:08:bb:3e:56:1a:cc:aa:
                    44:1d:9e:af:23:48:80:2b:0b:dd:1f:a1:36:dd:fb:
                    6c:e3:0a:a7:80:9d:0b:d8:a6:15:14:82:b9:17:34:
                    d1:8d:04:9b:80:ae:b1:8e:c9:f9:5d:13:95:55:60:
                    6f:73:41:ce:09:06:bf:af:e0:65:74:c9:3b:c8:34:
                    d5:32:8d:9e:43:03:d6:20:71:2a:cf:26:8d:be:21:
                    28:ee:14:0a:81:c9:11:ba:fb:ca:6e:39:71:83:22:
                    7d:0f:e0:70:92:2f:95:c8:52:f0:27:9b:5b:3c:2b:
                    b0:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:0B:DD:BA:38:1A:8A:7B:E8:E0:2D:F8:CE:43:8B:76:32:98:E6:F8
            X509v3 Authority Key Identifier:
                keyid:BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/IQvdujgainvo4C34zkOLdjKY5vg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.21.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:21:eb:87:bd:c2:bc:d7:a8:35:82:cd:4f:e0:e7:63:b6:5d:
         84:1d:ff:58:ee:4e:90:53:bf:f9:62:27:bb:e3:35:7d:b6:fd:
         75:72:72:7a:bc:7d:c4:82:a0:2b:36:41:08:58:ba:ab:5f:19:
         a8:90:e5:18:45:a4:52:b2:3c:10:7f:e8:53:17:7e:2c:b8:4c:
         1d:c6:cd:62:40:25:72:56:da:07:0d:da:aa:9b:37:a4:2a:a1:
         f1:34:88:59:58:6f:bd:b1:a0:aa:33:cb:12:ab:4d:8f:03:60:
         b9:44:53:02:9e:35:41:56:68:af:ba:f3:f9:bf:84:4b:86:87:
         bd:e0:37:e3:4a:75:e3:9c:58:74:1c:04:d9:a5:3e:41:64:70:
         a9:54:6c:f6:79:f1:b4:77:18:f3:6e:29:08:3b:e6:e5:1b:c5:
         dc:9c:84:f4:8b:01:56:f3:ba:22:e9:da:0b:1a:37:b6:fa:1d:
         1f:85:9e:b1:f6:c3:c7:56:4b:f5:c0:f0:0a:cd:3e:aa:97:c1:
         82:c8:cd:cc:17:d8:f9:a1:52:07:e8:02:a7:1c:a9:a1:e4:7f:
         2a:fc:40:0d:79:59:b4:ae:31:0f:d5:21:df:2a:2a:6e:31:58:
         c0:d9:02:0f:12:45:2e:12:16:9c:e8:6d:c5:18:c4:68:9d:df:
         3a:ba:42:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57U5tdHNBMKOmJv48e4eMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjZmRmZTZkY2E4YWM3YmZhMWE5NDUwZWY5OWZkMzE1ZWQw
MmFjZDkwHhcNMjYwMTAxMTQxOTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTBiZGRiYTM4MWE4YTdiZThlMDJkZjhjZTQzOGI3NjMyOThlNmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo164f/+7LRXNDovdANCwg6bevFqq
GWIgLpXoKFrW3pY4L8rxMQuiPDRokjicQcjV6AQuMeOY0JpYtpFkJMN0RX0VkoSM
F1PhrojhebEEfxbHi3rJJRcT61Vu8BEBygi3TPeBfz12Fo2q/hubPCIiQySEWXEw
vVaiW91COu8SNeGsGLbrBAfnQij/8eFwzwi7PlYazKpEHZ6vI0iAKwvdH6E23fts
4wqngJ0L2KYVFIK5FzTRjQSbgK6xjsn5XROVVWBvc0HOCQa/r+BldMk7yDTVMo2e
QwPWIHEqzyaNviEo7hQKgckRuvvKbjlxgyJ9D+Bwki+VyFLwJ5tbPCuwvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCEL3bo4Gop76OAt+M5Di3YymOb4MB8GA1UdIwQY
MBaAFLz9/m3Kise/oalFDvmf0xXtAqzZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmIt
MWFmMjQ2NWE4ZWVjLzEvSVF2ZHVqZ2FpbnZvNEMzNHprT0xkaktZNXZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmItMWFmMjQ2NWE4ZWVj
LzEvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1RXcMA0G
CSqGSIb3DQEBCwUAA4IBAQCLIeuHvcK816g1gs1P4Odjtl2EHf9Y7k6QU7/5Yie7
4zV9tv11cnJ6vH3EgqArNkEIWLqrXxmokOUYRaRSsjwQf+hTF34suEwdxs1iQCVy
VtoHDdqqmzekKqHxNIhZWG+9saCqM8sSq02PA2C5RFMCnjVBVmivuvP5v4RLhoe9
4DfjSnXjnFh0HATZpT5BZHCpVGz2efG0dxjzbikIO+blG8XcnIT0iwFW87oi6doL
Gje2+h0fhZ6x9sPHVkv1wPAKzT6ql8GCyM3MF9j5oVIH6AKnHKmh5H8q/EANeVm0
rjEP1SHfKipuMVjA2QIPEkUuEhac6G3FGMRond86ukLv
-----END CERTIFICATE-----