This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/0IrKb4Ocom_z-8cWO6ogho_9Ejs.roa
File:                     0IrKb4Ocom_z-8cWO6ogho_9Ejs.roa (raw, json)
Hash identifier:          tjdt9PHspdzPY29Lxc8zvyVdheALBUo0bapCnScWepo=
Subject key identifier:   D0:8A:CA:6F:83:9C:A2:6F:F3:FB:C7:16:3B:AA:20:86:8F:FD:12:3B
Certificate issuer:       /CN=4ca66f3c0f25774e696d2a46723277eb961128c3
Certificate serial:       019B7E390A6331CDE7A5D2FCB70F4C21BAF4
Authority key identifier: 4C:A6:6F:3C:0F:25:77:4E:69:6D:2A:46:72:32:77:EB:96:11:28:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TKZvPA8ld05pbSpGcjJ365YRKMM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/0IrKb4Ocom_z-8cWO6ogho_9Ejs.roa
Signing time:             Fri 02 Jan 2026 10:20:25 +0000
ROA not before:           Fri 02 Jan 2026 10:20:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     150179
IP address blocks:        176.65.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/TKZvPA8ld05pbSpGcjJ365YRKMM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/TKZvPA8ld05pbSpGcjJ365YRKMM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TKZvPA8ld05pbSpGcjJ365YRKMM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:0a:63:31:cd:e7:a5:d2:fc:b7:0f:4c:21:ba:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ca66f3c0f25774e696d2a46723277eb961128c3
        Validity
            Not Before: Jan  2 10:20:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d08aca6f839ca26ff3fbc7163baa20868ffd123b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:55:05:4c:49:ad:3b:6e:85:ef:e5:74:b7:4d:
                    4e:af:09:c2:34:1b:9c:a0:c3:fb:34:08:48:03:36:
                    02:9d:7d:7c:9c:83:61:9b:5f:c9:be:10:e7:82:f7:
                    ce:1b:84:a4:c0:b8:1a:62:30:7d:70:80:c3:02:ab:
                    d5:45:e2:fd:0a:1b:31:46:fd:a1:2d:c9:3f:37:31:
                    77:fc:b9:1c:3e:bb:9e:4a:50:c4:07:89:5c:52:78:
                    ff:4c:7d:38:d3:3c:00:89:d2:5d:9f:c5:60:fa:94:
                    e5:e1:4c:4c:6f:c8:5b:f7:1c:e1:8e:7b:1d:cc:e8:
                    81:22:80:b9:74:28:24:46:6a:12:4b:3c:2e:c0:49:
                    71:88:8b:5d:aa:90:f7:d7:14:9b:87:eb:ad:de:fb:
                    66:68:59:9a:8d:aa:6b:cd:48:2d:2f:92:e1:c5:28:
                    bf:21:2a:19:e7:94:34:1d:e3:2e:f3:f3:7b:9d:e7:
                    38:d5:5d:8d:10:50:c7:86:59:92:51:bd:d9:9b:6f:
                    3f:cd:09:00:cd:79:2a:07:d7:ec:a9:e8:90:0b:7a:
                    e5:76:f7:5d:55:0c:c6:1d:e8:1c:a9:81:66:9e:bf:
                    15:99:0a:a4:36:f4:71:08:68:28:70:2e:a2:0e:bf:
                    a1:40:9e:9f:b6:6c:42:c1:04:76:91:a7:f7:9a:e1:
                    c5:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:8A:CA:6F:83:9C:A2:6F:F3:FB:C7:16:3B:AA:20:86:8F:FD:12:3B
            X509v3 Authority Key Identifier:
                keyid:4C:A6:6F:3C:0F:25:77:4E:69:6D:2A:46:72:32:77:EB:96:11:28:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TKZvPA8ld05pbSpGcjJ365YRKMM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/0IrKb4Ocom_z-8cWO6ogho_9Ejs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/TKZvPA8ld05pbSpGcjJ365YRKMM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.65.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:d1:a1:54:24:02:75:9d:8c:97:70:a0:a2:e1:49:e9:c0:e2:
         0a:4a:b3:00:5a:04:93:34:43:bb:7e:a8:59:a0:a2:33:c2:02:
         86:4b:48:8c:f6:62:db:08:d5:7c:c8:52:1e:4a:0a:bf:a4:62:
         88:84:de:25:5b:6a:a7:3e:56:f4:b0:e7:c5:69:96:71:ee:f6:
         2f:41:e6:ef:94:49:b6:0d:02:34:62:d8:51:04:b3:a6:0a:0c:
         34:fb:b9:a8:04:a9:33:70:58:b5:ac:b6:06:9a:0a:2a:f7:4c:
         55:53:bf:41:75:98:bf:ee:3a:67:6e:26:f3:92:1f:64:ee:b8:
         91:e8:7e:64:3d:2e:c2:fc:1b:98:5d:58:c0:5f:06:54:12:40:
         25:3d:a2:2b:01:17:bc:0c:ac:ec:b6:5e:ae:5f:04:24:8b:06:
         88:39:78:5c:03:17:f9:11:4f:3a:e4:28:2e:07:31:47:d5:0b:
         7f:73:f7:dc:4b:ee:f5:59:09:5e:2e:26:89:b8:b3:a5:a9:7d:
         96:04:1e:29:7a:e4:6b:ca:6d:c2:b9:fd:6b:cc:a3:16:16:5b:
         3a:e0:3d:41:79:84:19:fe:1c:7a:67:16:29:f0:88:24:2f:7c:
         9e:fa:f0:82:cf:a0:bb:64:d7:36:b7:55:ee:10:6a:32:b1:b0:
         ef:c6:a0:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OQpjMc3npdL8tw9MIbr0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjYTY2ZjNjMGYyNTc3NGU2OTZkMmE0NjcyMzI3N2ViOTYx
MTI4YzMwHhcNMjYwMTAyMTAyMDI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDhhY2E2ZjgzOWNhMjZmZjNmYmM3MTYzYmFhMjA4NjhmZmQxMjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvlUFTEmtO26F7+V0t01OrwnCNBuc
oMP7NAhIAzYCnX18nINhm1/JvhDngvfOG4SkwLgaYjB9cIDDAqvVReL9ChsxRv2h
Lck/NzF3/LkcPrueSlDEB4lcUnj/TH040zwAidJdn8Vg+pTl4UxMb8hb9xzhjnsd
zOiBIoC5dCgkRmoSSzwuwElxiItdqpD31xSbh+ut3vtmaFmajaprzUgtL5LhxSi/
ISoZ55Q0HeMu8/N7nec41V2NEFDHhlmSUb3Zm28/zQkAzXkqB9fsqeiQC3rldvdd
VQzGHegcqYFmnr8VmQqkNvRxCGgocC6iDr+hQJ6ftmxCwQR2kaf3muHFBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNCKym+DnKJv8/vHFjuqIIaP/RI7MB8GA1UdIwQY
MBaAFEymbzwPJXdOaW0qRnIyd+uWESjDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEtadlBBOGxkMDVwYlNwR2NqSjM2NVlSS01NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8yMDQwMTctZjA0Ni00YjY5LWIzZTUt
MzE5YjBjODc0NDQwLzEvMElyS2I0T2NvbV96LThjV082b2dob185RWpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8yMDQwMTctZjA0Ni00YjY5LWIzZTUtMzE5YjBjODc0NDQw
LzEvVEtadlBBOGxkMDVwYlNwR2NqSjM2NVlSS01NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsEGJMA0G
CSqGSIb3DQEBCwUAA4IBAQAB0aFUJAJ1nYyXcKCi4UnpwOIKSrMAWgSTNEO7fqhZ
oKIzwgKGS0iM9mLbCNV8yFIeSgq/pGKIhN4lW2qnPlb0sOfFaZZx7vYvQebvlEm2
DQI0YthRBLOmCgw0+7moBKkzcFi1rLYGmgoq90xVU79BdZi/7jpnbibzkh9k7riR
6H5kPS7C/BuYXVjAXwZUEkAlPaIrARe8DKzstl6uXwQkiwaIOXhcAxf5EU865Cgu
BzFH1Qt/c/fcS+71WQleLiaJuLOlqX2WBB4peuRrym3Cuf1rzKMWFls64D1BeYQZ
/hx6ZxYp8IgkL3ye+vCCz6C7ZNc2t1XuEGoysbDvxqAY
-----END CERTIFICATE-----