This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/ab0df1-df4c-4872-98c5-864fe3bbdefd/1/BnRZ0tQMHSFHvwxC0tXZ-PUsMHQ.roa
File:                     BnRZ0tQMHSFHvwxC0tXZ-PUsMHQ.roa (raw, json)
Hash identifier:          TAh5QaQuqgpbIowIM8hALI3Mw0s8maTCBaFr1b1SU9Q=
Subject key identifier:   06:74:59:D2:D4:0C:1D:21:47:BF:0C:42:D2:D5:D9:F8:F5:2C:30:74
Certificate issuer:       /CN=9acb289959a2ec4f8a2841915442ccbd34424938
Certificate serial:       019B7A5AD9C08AE768A0E905EEC5AB7B848A
Authority key identifier: 9A:CB:28:99:59:A2:EC:4F:8A:28:41:91:54:42:CC:BD:34:42:49:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mssomVmi7E-KKEGRVELMvTRCSTg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/ab0df1-df4c-4872-98c5-864fe3bbdefd/1/BnRZ0tQMHSFHvwxC0tXZ-PUsMHQ.roa
Signing time:             Thu 01 Jan 2026 16:18:52 +0000
ROA not before:           Thu 01 Jan 2026 16:18:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     786
IP address blocks:        148.88.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/ab0df1-df4c-4872-98c5-864fe3bbdefd/1/mssomVmi7E-KKEGRVELMvTRCSTg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/ab0df1-df4c-4872-98c5-864fe3bbdefd/1/mssomVmi7E-KKEGRVELMvTRCSTg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mssomVmi7E-KKEGRVELMvTRCSTg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:d9:c0:8a:e7:68:a0:e9:05:ee:c5:ab:7b:84:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9acb289959a2ec4f8a2841915442ccbd34424938
        Validity
            Not Before: Jan  1 16:18:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=067459d2d40c1d2147bf0c42d2d5d9f8f52c3074
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:25:32:d0:e4:c3:a6:fc:6c:8c:f4:9f:40:1d:
                    eb:6f:c8:a6:6d:32:71:c9:00:3e:90:1b:6f:f1:48:
                    14:74:dd:e6:a0:26:27:61:65:7d:e8:e8:f2:af:94:
                    b4:e4:d1:53:f8:84:74:ef:27:f0:d0:57:b3:d1:ee:
                    c5:37:4b:7e:07:bd:6a:f1:cb:4e:22:c1:27:21:89:
                    84:8c:56:a8:7b:f4:e0:87:e4:3b:e8:3f:aa:a7:24:
                    93:03:b4:0d:b2:1d:6b:6f:df:c7:cf:71:8a:70:6f:
                    d5:74:1e:86:6e:e6:01:ed:d9:6d:71:d5:7a:d3:b0:
                    ee:40:30:94:0e:30:99:f5:76:f4:e4:1d:47:c1:bb:
                    81:45:76:2b:af:79:54:d4:ba:89:48:9f:a6:80:67:
                    d0:b9:03:24:b1:a1:ed:38:67:ac:a6:36:22:79:6f:
                    80:96:da:02:dc:67:d2:79:94:1b:11:c2:a2:80:3b:
                    a3:68:54:ce:ec:87:5d:bf:b9:aa:0f:00:d9:27:d7:
                    1d:94:d5:7f:2b:9f:7e:92:e6:e5:0b:76:68:9c:86:
                    5c:9c:77:b4:69:b8:47:b4:ee:19:46:61:fd:e5:ca:
                    95:11:5a:7c:36:c0:06:5c:ac:5d:e9:34:dd:cd:ec:
                    c1:8f:84:d0:60:12:6a:7c:15:a1:ca:9b:64:af:97:
                    ba:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:74:59:D2:D4:0C:1D:21:47:BF:0C:42:D2:D5:D9:F8:F5:2C:30:74
            X509v3 Authority Key Identifier:
                keyid:9A:CB:28:99:59:A2:EC:4F:8A:28:41:91:54:42:CC:BD:34:42:49:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mssomVmi7E-KKEGRVELMvTRCSTg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/ab0df1-df4c-4872-98c5-864fe3bbdefd/1/BnRZ0tQMHSFHvwxC0tXZ-PUsMHQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/ab0df1-df4c-4872-98c5-864fe3bbdefd/1/mssomVmi7E-KKEGRVELMvTRCSTg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  148.88.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         47:e5:86:b4:48:55:40:73:b5:dd:a1:65:eb:ae:c8:8e:fc:48:
         4a:c6:9f:bc:ed:f1:28:93:91:b7:99:40:b9:1c:6c:c4:ab:81:
         f7:90:53:8e:78:0a:1f:57:d7:c0:0e:a7:16:3d:e6:75:ae:41:
         9b:66:c2:ed:e7:1a:fc:00:eb:c6:5b:d4:a7:3f:4c:df:36:a3:
         de:27:34:4f:24:ed:eb:5d:dd:b6:50:ba:52:f7:3f:bc:77:36:
         6c:13:67:51:c6:65:cb:63:eb:41:1e:e7:72:d1:33:9c:a6:75:
         fc:35:a9:3b:da:46:46:38:59:6f:4c:28:77:e0:f2:dc:85:dd:
         ec:aa:4e:aa:40:62:9f:46:64:f0:60:c0:b0:53:62:07:9a:53:
         f1:e4:38:34:e7:bb:da:a5:93:c4:43:f6:f6:39:01:0a:db:b0:
         bd:87:7e:09:5c:6f:be:8a:97:fa:ec:89:e2:3d:24:42:7b:30:
         7e:0f:ad:41:37:9d:3d:c1:f2:8a:99:1c:7a:b4:c7:81:fb:8b:
         fe:6f:6a:5b:af:11:b2:56:bb:f6:fa:c5:75:34:aa:64:11:d2:
         c3:e8:4a:af:f9:00:b6:e9:40:55:b9:21:59:0e:e5:e9:31:d7:
         a1:af:70:b2:b1:71:1a:d8:b3:85:fe:56:a2:82:dc:c7:1e:f6:
         6e:24:29:8b
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZt6WtnAiudooOkF7sWre4SKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhY2IyODk5NTlhMmVjNGY4YTI4NDE5MTU0NDJjY2JkMzQ0
MjQ5MzgwHhcNMjYwMTAxMTYxODUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjc0NTlkMmQ0MGMxZDIxNDdiZjBjNDJkMmQ1ZDlmOGY1MmMzMDc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7iUy0OTDpvxsjPSfQB3rb8imbTJx
yQA+kBtv8UgUdN3moCYnYWV96Ojyr5S05NFT+IR07yfw0Fez0e7FN0t+B71q8ctO
IsEnIYmEjFaoe/Tgh+Q76D+qpySTA7QNsh1rb9/Hz3GKcG/VdB6GbuYB7dltcdV6
07DuQDCUDjCZ9Xb05B1HwbuBRXYrr3lU1LqJSJ+mgGfQuQMksaHtOGespjYieW+A
ltoC3GfSeZQbEcKigDujaFTO7Iddv7mqDwDZJ9cdlNV/K59+kublC3ZonIZcnHe0
abhHtO4ZRmH95cqVEVp8NsAGXKxd6TTdzezBj4TQYBJqfBWhyptkr5e6HQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFAZ0WdLUDB0hR78MQtLV2fj1LDB0MB8GA1UdIwQY
MBaAFJrLKJlZouxPiihBkVRCzL00Qkk4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXNzb21WbWk3RS1LS0VHUlZFTE12VFJDU1RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9hYjBkZjEtZGY0Yy00ODcyLTk4YzUt
ODY0ZmUzYmJkZWZkLzEvQm5SWjB0UU1IU0ZIdnd4QzB0WFotUFVzTUhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9hYjBkZjEtZGY0Yy00ODcyLTk4YzUtODY0ZmUzYmJkZWZk
LzEvbXNzb21WbWk3RS1LS0VHUlZFTE12VFJDU1RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAlFgwDQYJ
KoZIhvcNAQELBQADggEBAEflhrRIVUBztd2hZeuuyI78SErGn7zt8SiTkbeZQLkc
bMSrgfeQU454Ch9X18AOpxY95nWuQZtmwu3nGvwA68Zb1Kc/TN82o94nNE8k7etd
3bZQulL3P7x3NmwTZ1HGZctj60Ee53LRM5ymdfw1qTvaRkY4WW9MKHfg8tyF3eyq
TqpAYp9GZPBgwLBTYgeaU/HkODTnu9qlk8RD9vY5AQrbsL2Hfglcb76Kl/rsieI9
JEJ7MH4PrUE3nT3B8oqZHHq0x4H7i/5valuvEbJWu/b6xXU0qmQR0sPoSq/5ALbp
QFW5IVkO5ekx16GvcLKxcRrYs4X+VqKC3Mce9m4kKYs=
-----END CERTIFICATE-----