This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/3d05e9-309d-4afe-811c-49ad9684b217/1/EmCFsRB7nHcOjmkLyyE_coUmYTQ.roa
File:                     EmCFsRB7nHcOjmkLyyE_coUmYTQ.roa (raw, json)
Hash identifier:          e0zxqy0vwJME17A6+oI5gRAMtW4kGM5NlBGOnBwJ+9k=
Subject key identifier:   12:60:85:B1:10:7B:9C:77:0E:8E:69:0B:CB:21:3F:72:85:26:61:34
Certificate issuer:       /CN=87dc1a9bffa2cf15a7d8099c8a3c317ce07db5ea
Certificate serial:       019B79ED18FFDD87E136376278838A24222E
Authority key identifier: 87:DC:1A:9B:FF:A2:CF:15:A7:D8:09:9C:8A:3C:31:7C:E0:7D:B5:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h9wam_-izxWn2AmcijwxfOB9teo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/3d05e9-309d-4afe-811c-49ad9684b217/1/EmCFsRB7nHcOjmkLyyE_coUmYTQ.roa
Signing time:             Thu 01 Jan 2026 14:19:00 +0000
ROA not before:           Thu 01 Jan 2026 14:19:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211611
IP address blocks:        217.197.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/3d05e9-309d-4afe-811c-49ad9684b217/1/h9wam_-izxWn2AmcijwxfOB9teo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/3d05e9-309d-4afe-811c-49ad9684b217/1/h9wam_-izxWn2AmcijwxfOB9teo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h9wam_-izxWn2AmcijwxfOB9teo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 02 Jan 2026 14:19:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:18:ff:dd:87:e1:36:37:62:78:83:8a:24:22:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=87dc1a9bffa2cf15a7d8099c8a3c317ce07db5ea
        Validity
            Not Before: Jan  1 14:19:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=126085b1107b9c770e8e690bcb213f7285266134
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:54:b1:a2:b4:8f:bf:58:ea:a4:5a:67:50:08:
                    de:21:34:a8:80:63:1f:08:4a:2c:ac:e0:3e:45:f1:
                    a1:f3:77:8f:82:19:58:69:5a:ed:ca:53:a5:29:04:
                    b0:00:03:e5:b0:a7:8a:44:c5:cb:3b:08:c7:c5:e7:
                    ec:a4:b2:d6:ed:57:b0:7a:3d:76:5a:3d:ff:f2:66:
                    ee:0c:64:ff:d0:00:93:5e:ba:c8:60:19:c2:36:91:
                    9e:43:8c:48:fc:49:a7:f3:18:10:16:ba:95:fb:b7:
                    2e:bf:95:e7:0c:ae:c4:29:de:1a:bd:5a:eb:e6:6d:
                    61:13:80:dd:17:66:e9:3e:9c:11:70:23:f3:79:6b:
                    e0:a0:55:d4:8f:08:ac:b4:e6:5c:3f:05:84:b9:36:
                    11:32:f3:b2:3f:57:f0:89:ec:8d:64:e6:13:9a:6f:
                    03:62:bf:c6:fc:8c:04:ca:5b:a5:0f:14:fd:75:d5:
                    11:da:9d:32:35:e2:3e:2f:bb:76:c0:1e:b0:83:22:
                    7b:3e:f9:d7:ac:65:fb:ac:03:8b:88:02:5b:20:32:
                    01:f5:04:90:42:74:a3:49:25:49:68:e7:cf:4a:6d:
                    d6:ba:c4:ba:28:4e:f0:97:a2:94:9b:da:3d:a1:2b:
                    26:67:c6:63:03:88:cd:c7:5b:82:16:1d:3b:1e:31:
                    21:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:60:85:B1:10:7B:9C:77:0E:8E:69:0B:CB:21:3F:72:85:26:61:34
            X509v3 Authority Key Identifier:
                keyid:87:DC:1A:9B:FF:A2:CF:15:A7:D8:09:9C:8A:3C:31:7C:E0:7D:B5:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h9wam_-izxWn2AmcijwxfOB9teo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/3d05e9-309d-4afe-811c-49ad9684b217/1/EmCFsRB7nHcOjmkLyyE_coUmYTQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/3d05e9-309d-4afe-811c-49ad9684b217/1/h9wam_-izxWn2AmcijwxfOB9teo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.197.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:86:12:af:72:32:fd:53:98:2b:44:d7:9f:44:3b:d9:c9:04:
         24:84:2e:df:53:16:64:7f:6e:7f:37:b6:6d:f1:13:b2:4d:f2:
         70:55:9c:05:32:18:2e:f9:7d:82:86:14:ef:f4:55:95:26:71:
         1c:a7:fd:fc:df:b4:f6:48:75:60:98:8d:0f:0a:d6:61:4a:13:
         ea:2e:4f:2e:e4:fc:fb:ed:a8:b2:88:a2:b4:d7:60:d1:d5:74:
         aa:54:75:6f:f9:41:50:37:c4:1a:55:7a:0a:93:fb:db:f8:ef:
         aa:0d:ea:03:9a:d2:98:c3:e0:7c:52:66:5c:94:c1:a1:a0:3e:
         9d:e2:bb:f5:5f:52:9d:f7:6b:3f:09:a5:26:0a:06:6b:ec:ca:
         21:17:18:65:66:65:69:90:f4:dd:73:24:3b:71:48:0a:9d:39:
         4e:44:a7:d7:92:7a:50:0a:1d:75:c4:36:d3:98:35:45:5e:d5:
         69:25:ef:cb:ac:59:1e:57:10:98:16:28:32:9c:2f:9e:79:39:
         a6:3e:b8:e9:92:7a:e9:1d:ee:75:8f:10:0d:39:50:bc:cf:c3:
         e4:df:95:c0:28:1c:4f:ad:49:33:1e:e4:95:c0:af:c3:64:bc:
         50:c5:19:c0:3a:8b:13:e7:1b:83:ca:6a:b2:18:a2:fc:cb:da:
         68:ad:07:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57Rj/3YfhNjdieIOKJCIuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3ZGMxYTliZmZhMmNmMTVhN2Q4MDk5YzhhM2MzMTdjZTA3
ZGI1ZWEwHhcNMjYwMTAxMTQxOTAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjYwODViMTEwN2I5Yzc3MGU4ZTY5MGJjYjIxM2Y3Mjg1MjY2MTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVSxorSPv1jqpFpnUAjeITSogGMf
CEosrOA+RfGh83ePghlYaVrtylOlKQSwAAPlsKeKRMXLOwjHxefspLLW7Vewej12
Wj3/8mbuDGT/0ACTXrrIYBnCNpGeQ4xI/Emn8xgQFrqV+7cuv5XnDK7EKd4avVrr
5m1hE4DdF2bpPpwRcCPzeWvgoFXUjwistOZcPwWEuTYRMvOyP1fwieyNZOYTmm8D
Yr/G/IwEylulDxT9ddUR2p0yNeI+L7t2wB6wgyJ7PvnXrGX7rAOLiAJbIDIB9QSQ
QnSjSSVJaOfPSm3WusS6KE7wl6KUm9o9oSsmZ8ZjA4jNx1uCFh07HjEhFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBJghbEQe5x3Do5pC8shP3KFJmE0MB8GA1UdIwQY
MBaAFIfcGpv/os8Vp9gJnIo8MXzgfbXqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDl3YW1fLWl6eFduMkFtY2lqd3hmT0I5dGVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8zZDA1ZTktMzA5ZC00YWZlLTgxMWMt
NDlhZDk2ODRiMjE3LzEvRW1DRnNSQjduSGNPam1rTHl5RV9jb1VtWVRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8zZDA1ZTktMzA5ZC00YWZlLTgxMWMtNDlhZDk2ODRiMjE3
LzEvaDl3YW1fLWl6eFduMkFtY2lqd3hmT0I5dGVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2cViMA0G
CSqGSIb3DQEBCwUAA4IBAQCLhhKvcjL9U5grRNefRDvZyQQkhC7fUxZkf25/N7Zt
8ROyTfJwVZwFMhgu+X2ChhTv9FWVJnEcp/3837T2SHVgmI0PCtZhShPqLk8u5Pz7
7aiyiKK012DR1XSqVHVv+UFQN8QaVXoKk/vb+O+qDeoDmtKYw+B8UmZclMGhoD6d
4rv1X1Kd92s/CaUmCgZr7MohFxhlZmVpkPTdcyQ7cUgKnTlORKfXknpQCh11xDbT
mDVFXtVpJe/LrFkeVxCYFigynC+eeTmmPrjpknrpHe51jxANOVC8z8Pk35XAKBxP
rUkzHuSVwK/DZLxQxRnAOosT5xuDymqyGKL8y9porQc4
-----END CERTIFICATE-----