This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/cc2039-2451-405e-b06d-ac183a9adeb1/1/FStRWITrx7mXYLP1GLGN2-na9w0.roa
File:                     FStRWITrx7mXYLP1GLGN2-na9w0.roa (raw, json)
Hash identifier:          9Kguvpi0MkdObkp26nsq/5tht75+Q0yDWXnyUXnDBmI=
Subject key identifier:   15:2B:51:58:84:EB:C7:B9:97:60:B3:F5:18:B1:8D:DB:E9:DA:F7:0D
Certificate issuer:       /CN=bb02aa9fa45fc97bdb2e6dc8fc0a7f0371c84de9
Certificate serial:       019B7AC8552C966E921A955487114F3C8C35
Authority key identifier: BB:02:AA:9F:A4:5F:C9:7B:DB:2E:6D:C8:FC:0A:7F:03:71:C8:4D:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uwKqn6RfyXvbLm3I_Ap_A3HITek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/cc2039-2451-405e-b06d-ac183a9adeb1/1/FStRWITrx7mXYLP1GLGN2-na9w0.roa
Signing time:             Thu 01 Jan 2026 18:18:27 +0000
ROA not before:           Thu 01 Jan 2026 18:18:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50904
IP address blocks:        91.216.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/cc2039-2451-405e-b06d-ac183a9adeb1/1/uwKqn6RfyXvbLm3I_Ap_A3HITek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/cc2039-2451-405e-b06d-ac183a9adeb1/1/uwKqn6RfyXvbLm3I_Ap_A3HITek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uwKqn6RfyXvbLm3I_Ap_A3HITek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:55:2c:96:6e:92:1a:95:54:87:11:4f:3c:8c:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb02aa9fa45fc97bdb2e6dc8fc0a7f0371c84de9
        Validity
            Not Before: Jan  1 18:18:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=152b515884ebc7b99760b3f518b18ddbe9daf70d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:22:8d:06:47:3e:be:1b:27:08:0f:9f:52:bc:
                    59:c2:7c:c2:76:c2:0f:53:72:8f:ca:f2:f2:a5:cc:
                    ec:ac:6f:7c:b8:a6:63:36:96:1b:1b:94:c1:e8:10:
                    03:27:68:f0:07:19:c6:0f:4a:32:53:ae:07:99:fd:
                    72:2b:15:67:0c:74:2e:2e:aa:31:c0:2c:8c:39:d0:
                    9e:d2:df:f8:9f:76:58:61:ad:ed:b6:a2:b2:d7:88:
                    b2:9d:22:13:30:17:11:a7:71:9b:4b:ff:55:53:46:
                    68:4e:55:4e:a6:4e:00:b7:cf:eb:5e:96:6d:56:b9:
                    ca:2e:eb:47:e7:39:df:8b:3f:ab:e6:20:80:ac:57:
                    89:b0:d8:ea:c8:ce:b8:5f:1e:a9:e5:32:57:eb:73:
                    63:33:2b:3e:34:1c:27:60:f1:96:a6:1d:a1:b8:2b:
                    27:e6:7a:3f:a5:86:84:af:a0:22:2a:b5:2f:41:0b:
                    7a:f0:fd:8b:fb:14:a4:3a:20:23:ba:d0:df:ea:49:
                    90:f6:1a:ae:ec:e6:fd:e8:ee:2e:76:14:a0:93:25:
                    5f:3d:11:4e:cc:3c:b7:b5:f6:cc:2f:15:96:88:15:
                    e4:52:83:a3:c8:9a:b7:67:9d:ac:fd:dd:af:c1:cc:
                    34:74:c3:35:b1:f4:5e:5a:35:e4:e0:70:76:6d:d3:
                    3e:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:2B:51:58:84:EB:C7:B9:97:60:B3:F5:18:B1:8D:DB:E9:DA:F7:0D
            X509v3 Authority Key Identifier:
                keyid:BB:02:AA:9F:A4:5F:C9:7B:DB:2E:6D:C8:FC:0A:7F:03:71:C8:4D:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uwKqn6RfyXvbLm3I_Ap_A3HITek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/cc2039-2451-405e-b06d-ac183a9adeb1/1/FStRWITrx7mXYLP1GLGN2-na9w0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/cc2039-2451-405e-b06d-ac183a9adeb1/1/uwKqn6RfyXvbLm3I_Ap_A3HITek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:d3:77:cb:a2:cd:fd:42:d7:c2:6e:7a:89:35:57:6d:c8:2f:
         57:c8:27:11:f6:ae:69:2e:d1:95:b0:2e:89:2e:9d:17:8b:57:
         12:58:ec:68:c4:5c:76:c6:ee:66:58:28:74:81:53:1b:e7:a0:
         43:ba:06:28:20:f9:f2:25:6a:a4:2a:2f:18:8e:1d:0a:e1:de:
         8f:a3:ed:e2:69:7f:ba:89:df:d8:27:89:5a:58:7f:b8:cc:7e:
         e0:7c:17:78:60:40:bf:4a:05:64:5f:34:3d:14:6a:12:41:e2:
         11:52:1c:68:c6:44:b1:3c:55:ff:6c:54:c9:1d:7a:26:8a:7f:
         a8:66:0d:1b:73:9a:12:4e:22:78:3c:0d:01:31:91:d0:47:a3:
         6c:f8:10:5a:02:3f:a6:2a:7b:75:b5:7d:17:37:15:41:38:c2:
         0b:d1:d6:bc:fe:8b:d2:f7:7a:a6:4e:e3:8e:30:0a:30:b5:df:
         ad:91:c9:81:7b:07:4d:20:f9:cf:2e:c4:a6:3f:09:89:a6:c9:
         90:6c:90:ec:17:c2:c4:ac:4c:90:d7:69:d8:93:9f:41:1d:d1:
         01:75:3a:ab:1c:66:ea:bf:3f:6d:53:7e:6b:84:5b:eb:39:8f:
         2b:26:6e:ca:dc:e9:9f:88:f7:cf:98:3e:e7:5c:e9:28:67:c6:
         d1:a1:8a:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yFUslm6SGpVUhxFPPIw1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiMDJhYTlmYTQ1ZmM5N2JkYjJlNmRjOGZjMGE3ZjAzNzFj
ODRkZTkwHhcNMjYwMTAxMTgxODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTJiNTE1ODg0ZWJjN2I5OTc2MGIzZjUxOGIxOGRkYmU5ZGFmNzBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3CKNBkc+vhsnCA+fUrxZwnzCdsIP
U3KPyvLypczsrG98uKZjNpYbG5TB6BADJ2jwBxnGD0oyU64Hmf1yKxVnDHQuLqox
wCyMOdCe0t/4n3ZYYa3ttqKy14iynSITMBcRp3GbS/9VU0ZoTlVOpk4At8/rXpZt
VrnKLutH5znfiz+r5iCArFeJsNjqyM64Xx6p5TJX63NjMys+NBwnYPGWph2huCsn
5no/pYaEr6AiKrUvQQt68P2L+xSkOiAjutDf6kmQ9hqu7Ob96O4udhSgkyVfPRFO
zDy3tfbMLxWWiBXkUoOjyJq3Z52s/d2vwcw0dMM1sfReWjXk4HB2bdM++wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBUrUViE68e5l2Cz9Rixjdvp2vcNMB8GA1UdIwQY
MBaAFLsCqp+kX8l72y5tyPwKfwNxyE3pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXdLcW42UmZ5WHZiTG0zSV9BcF9BM0hJVGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9jYzIwMzktMjQ1MS00MDVlLWIwNmQt
YWMxODNhOWFkZWIxLzEvRlN0UldJVHJ4N21YWUxQMUdMR04yLW5hOXcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9jYzIwMzktMjQ1MS00MDVlLWIwNmQtYWMxODNhOWFkZWIx
LzEvdXdLcW42UmZ5WHZiTG0zSV9BcF9BM0hJVGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9gYMA0G
CSqGSIb3DQEBCwUAA4IBAQAO03fLos39QtfCbnqJNVdtyC9XyCcR9q5pLtGVsC6J
Lp0Xi1cSWOxoxFx2xu5mWCh0gVMb56BDugYoIPnyJWqkKi8Yjh0K4d6Po+3iaX+6
id/YJ4laWH+4zH7gfBd4YEC/SgVkXzQ9FGoSQeIRUhxoxkSxPFX/bFTJHXomin+o
Zg0bc5oSTiJ4PA0BMZHQR6Ns+BBaAj+mKnt1tX0XNxVBOMIL0da8/ovS93qmTuOO
MAowtd+tkcmBewdNIPnPLsSmPwmJpsmQbJDsF8LErEyQ12nYk59BHdEBdTqrHGbq
vz9tU35rhFvrOY8rJm7K3OmfiPfPmD7nXOkoZ8bRoYr5
-----END CERTIFICATE-----