This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/9cb5fb-ab65-4a2b-88dd-2ef7165b21b5/1/cjkYRf3Yh9WpwKdD5YYzfaFNvWw.roa
File:                     cjkYRf3Yh9WpwKdD5YYzfaFNvWw.roa (raw, json)
Hash identifier:          3gq9vL58U08Go4S/2DXWUX5EoB3kYBslnaNgZp37wkE=
Subject key identifier:   72:39:18:45:FD:D8:87:D5:A9:C0:A7:43:E5:86:33:7D:A1:4D:BD:6C
Certificate issuer:       /CN=9b5337bd1a7c5ee9c57a73b0a33c61219cd2a9cb
Certificate serial:       019B7BA3601E3A23D1B9177B64ED54AA6367
Authority key identifier: 9B:53:37:BD:1A:7C:5E:E9:C5:7A:73:B0:A3:3C:61:21:9C:D2:A9:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m1M3vRp8XunFenOwozxhIZzSqcs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/9cb5fb-ab65-4a2b-88dd-2ef7165b21b5/1/cjkYRf3Yh9WpwKdD5YYzfaFNvWw.roa
Signing time:             Thu 01 Jan 2026 22:17:43 +0000
ROA not before:           Thu 01 Jan 2026 22:17:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     786
IP address blocks:        149.153.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/9cb5fb-ab65-4a2b-88dd-2ef7165b21b5/1/m1M3vRp8XunFenOwozxhIZzSqcs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/9cb5fb-ab65-4a2b-88dd-2ef7165b21b5/1/m1M3vRp8XunFenOwozxhIZzSqcs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m1M3vRp8XunFenOwozxhIZzSqcs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:60:1e:3a:23:d1:b9:17:7b:64:ed:54:aa:63:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b5337bd1a7c5ee9c57a73b0a33c61219cd2a9cb
        Validity
            Not Before: Jan  1 22:17:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=72391845fdd887d5a9c0a743e586337da14dbd6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:0d:ac:8a:67:4d:77:c4:ed:4f:e7:13:6a:df:
                    76:15:3c:be:e2:b5:9e:99:83:07:c8:81:9d:5f:2e:
                    d0:36:51:be:3b:50:61:b9:20:ac:5d:42:39:76:f5:
                    c4:9d:3c:10:c4:56:f4:00:af:1a:7d:3c:e3:01:e5:
                    af:f9:03:25:14:12:69:54:4d:7a:aa:02:a8:01:ba:
                    fc:0e:e8:9b:d9:ff:0a:1e:bf:cf:d2:1c:12:cf:2f:
                    01:01:d0:2d:37:43:b8:34:af:7c:82:67:a2:de:b8:
                    7f:d9:b5:85:c1:9b:9e:3a:8b:c2:c9:3b:fd:85:ee:
                    c2:5a:2b:d2:35:3a:ea:c8:07:da:88:70:40:4f:b9:
                    8b:2f:27:52:7d:e3:c5:cf:08:2a:bd:40:d5:7f:a4:
                    93:01:86:cf:3b:0b:2f:fb:ed:b7:47:a5:b9:0b:d5:
                    f9:36:d0:e8:55:15:cd:93:7c:dc:02:d3:a9:5e:9e:
                    05:cc:b2:9e:22:2d:91:1c:73:e3:e4:5d:80:28:3f:
                    a2:7d:75:1c:86:11:62:72:7d:f0:0c:56:c5:40:e9:
                    d5:20:1b:5e:f3:35:b9:13:96:2f:dd:15:92:0d:a6:
                    7a:01:e6:4f:90:36:84:34:cc:be:12:ce:df:fc:84:
                    2b:4c:b7:91:38:34:f6:74:b8:0c:ee:36:26:80:40:
                    f4:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:39:18:45:FD:D8:87:D5:A9:C0:A7:43:E5:86:33:7D:A1:4D:BD:6C
            X509v3 Authority Key Identifier:
                keyid:9B:53:37:BD:1A:7C:5E:E9:C5:7A:73:B0:A3:3C:61:21:9C:D2:A9:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m1M3vRp8XunFenOwozxhIZzSqcs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/9cb5fb-ab65-4a2b-88dd-2ef7165b21b5/1/cjkYRf3Yh9WpwKdD5YYzfaFNvWw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/9cb5fb-ab65-4a2b-88dd-2ef7165b21b5/1/m1M3vRp8XunFenOwozxhIZzSqcs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.153.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         02:43:34:a9:d3:7b:73:ca:e5:98:45:85:4c:a9:ad:78:bb:3f:
         65:cd:43:b6:b7:1e:bd:ab:32:17:03:ab:e5:95:97:5d:38:b6:
         1c:8f:51:3f:91:e5:f5:f7:7f:5d:09:5e:67:1f:c0:38:31:63:
         70:19:e2:f2:a4:61:bf:48:53:cf:e0:66:ca:ac:7a:62:a8:1a:
         22:e0:03:fa:87:6a:1c:30:b5:85:cd:df:bd:12:ee:8d:1c:74:
         2a:8c:79:0f:89:d7:8c:34:c9:04:21:43:b7:13:1c:36:3c:03:
         26:01:a4:96:4e:d4:b6:23:76:9d:af:31:db:dd:6b:d4:00:1e:
         45:53:b5:d6:05:55:c0:11:b7:0d:ca:f3:6d:f7:6e:d5:4a:e7:
         50:b7:f6:54:1c:f3:c5:3d:14:d2:98:49:89:1b:07:99:33:f7:
         00:f8:6b:58:72:89:81:8b:e5:c5:9c:3b:56:3b:2e:9c:72:f7:
         a5:df:7b:2d:13:a4:56:07:8b:b6:15:03:ec:86:42:1b:b8:56:
         74:c3:16:d0:bc:88:c2:3d:56:44:ba:a1:31:1c:2b:33:a3:a9:
         de:9e:af:3a:ef:80:f8:96:c8:49:e4:11:b2:74:25:e0:91:d5:
         b1:46:49:90:cf:eb:1b:75:b0:9f:9c:ee:05:8a:e3:30:5a:43:
         8d:58:a7:4f
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZt7o2AeOiPRuRd7ZO1UqmNnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliNTMzN2JkMWE3YzVlZTljNTdhNzNiMGEzM2M2MTIxOWNk
MmE5Y2IwHhcNMjYwMTAxMjIxNzQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjM5MTg0NWZkZDg4N2Q1YTljMGE3NDNlNTg2MzM3ZGExNGRiZDZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAng2simdNd8TtT+cTat92FTy+4rWe
mYMHyIGdXy7QNlG+O1BhuSCsXUI5dvXEnTwQxFb0AK8afTzjAeWv+QMlFBJpVE16
qgKoAbr8Duib2f8KHr/P0hwSzy8BAdAtN0O4NK98gmei3rh/2bWFwZueOovCyTv9
he7CWivSNTrqyAfaiHBAT7mLLydSfePFzwgqvUDVf6STAYbPOwsv++23R6W5C9X5
NtDoVRXNk3zcAtOpXp4FzLKeIi2RHHPj5F2AKD+ifXUchhFicn3wDFbFQOnVIBte
8zW5E5Yv3RWSDaZ6AeZPkDaENMy+Es7f/IQrTLeRODT2dLgM7jYmgED0/QIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFHI5GEX92IfVqcCnQ+WGM32hTb1sMB8GA1UdIwQY
MBaAFJtTN70afF7pxXpzsKM8YSGc0qnLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTFNM3ZScDhYdW5GZW5Pd296eGhJWnpTcWNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS85Y2I1ZmItYWI2NS00YTJiLTg4ZGQt
MmVmNzE2NWIyMWI1LzEvY2prWVJmM1loOVdwd0tkRDVZWXpmYUZOdld3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS85Y2I1ZmItYWI2NS00YTJiLTg4ZGQtMmVmNzE2NWIyMWI1
LzEvbTFNM3ZScDhYdW5GZW5Pd296eGhJWnpTcWNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAlZkwDQYJ
KoZIhvcNAQELBQADggEBAAJDNKnTe3PK5ZhFhUyprXi7P2XNQ7a3Hr2rMhcDq+WV
l104thyPUT+R5fX3f10JXmcfwDgxY3AZ4vKkYb9IU8/gZsqsemKoGiLgA/qHahww
tYXN370S7o0cdCqMeQ+J14w0yQQhQ7cTHDY8AyYBpJZO1LYjdp2vMdvda9QAHkVT
tdYFVcARtw3K8233btVK51C39lQc88U9FNKYSYkbB5kz9wD4a1hyiYGL5cWcO1Y7
Lpxy96Xfey0TpFYHi7YVA+yGQhu4VnTDFtC8iMI9VkS6oTEcKzOjqd6erzrvgPiW
yEnkEbJ0JeCR1bFGSZDP6xt1sJ+c7gWK4zBaQ41Yp08=
-----END CERTIFICATE-----