This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/73195c-e663-498c-97db-af64f3fa2459/1/9CiYOh3Tvo2DBfl0jabQvFLWLFc.roa
File:                     9CiYOh3Tvo2DBfl0jabQvFLWLFc.roa (raw, json)
Hash identifier:          43nWzmq/RjcNjuxCi4y1M8IbSxUCfohc5YoCfDEycLQ=
Subject key identifier:   F4:28:98:3A:1D:D3:BE:8D:83:05:F9:74:8D:A6:D0:BC:52:D6:2C:57
Certificate issuer:       /CN=83f36b0adee6cb5518763b5bc8eaa3d41f23e938
Certificate serial:       019B783544FC118049C7A139DE2E92731CE2
Authority key identifier: 83:F3:6B:0A:DE:E6:CB:55:18:76:3B:5B:C8:EA:A3:D4:1F:23:E9:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g_NrCt7my1UYdjtbyOqj1B8j6Tg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/73195c-e663-498c-97db-af64f3fa2459/1/9CiYOh3Tvo2DBfl0jabQvFLWLFc.roa
Signing time:             Thu 01 Jan 2026 06:18:35 +0000
ROA not before:           Thu 01 Jan 2026 06:18:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209372
IP address blocks:        176.100.128.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/73195c-e663-498c-97db-af64f3fa2459/1/g_NrCt7my1UYdjtbyOqj1B8j6Tg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/73195c-e663-498c-97db-af64f3fa2459/1/g_NrCt7my1UYdjtbyOqj1B8j6Tg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g_NrCt7my1UYdjtbyOqj1B8j6Tg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:35:44:fc:11:80:49:c7:a1:39:de:2e:92:73:1c:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83f36b0adee6cb5518763b5bc8eaa3d41f23e938
        Validity
            Not Before: Jan  1 06:18:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f428983a1dd3be8d8305f9748da6d0bc52d62c57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:19:a5:2b:fb:f9:47:07:c8:68:bc:12:56:a1:
                    e2:8c:20:b2:30:dd:e4:a5:7c:10:f7:fa:03:7d:97:
                    b5:c0:82:dc:9f:28:ed:a4:8a:52:aa:45:2d:25:27:
                    1c:ee:c9:a9:60:ca:e6:19:08:f2:dd:01:fa:1a:77:
                    23:5e:ff:b5:00:e9:36:dd:9d:d9:4c:c8:a6:6a:9f:
                    32:c4:3a:a8:9c:bf:fc:79:0f:41:fa:0e:1a:f3:9e:
                    de:96:5f:dc:5d:8a:41:39:92:47:f9:28:32:15:0d:
                    29:c7:77:04:d6:16:18:ec:38:77:4d:8b:5d:7d:1a:
                    3f:48:e9:54:03:dc:60:35:e0:c8:14:cc:55:03:1b:
                    f0:ce:c9:ae:ea:17:a3:f4:74:cd:be:bd:2d:f5:3f:
                    a5:d9:68:48:97:66:9e:af:2f:76:4e:06:a7:4e:5c:
                    ba:21:e5:97:11:96:73:03:02:1f:b6:1f:51:7d:38:
                    01:33:aa:c8:ad:9d:0a:76:d5:1b:f3:00:3f:61:8a:
                    b5:99:02:73:2c:76:9e:dc:fc:8f:47:9b:b1:94:1b:
                    3f:53:b5:6e:78:3c:cc:c8:82:f0:6b:ea:f0:da:24:
                    c5:c5:f7:57:e6:59:87:4d:62:e6:4b:19:bf:d4:c9:
                    7a:74:43:a1:2d:2a:2a:46:e8:91:66:84:f8:34:7a:
                    91:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:28:98:3A:1D:D3:BE:8D:83:05:F9:74:8D:A6:D0:BC:52:D6:2C:57
            X509v3 Authority Key Identifier:
                keyid:83:F3:6B:0A:DE:E6:CB:55:18:76:3B:5B:C8:EA:A3:D4:1F:23:E9:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g_NrCt7my1UYdjtbyOqj1B8j6Tg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/73195c-e663-498c-97db-af64f3fa2459/1/9CiYOh3Tvo2DBfl0jabQvFLWLFc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/73195c-e663-498c-97db-af64f3fa2459/1/g_NrCt7my1UYdjtbyOqj1B8j6Tg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.100.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         32:73:53:2e:a2:93:a0:10:81:a3:ab:44:2e:e2:ad:79:6c:5f:
         0a:7c:f0:ea:82:ed:51:e4:1d:bf:f6:ad:8b:81:47:4c:f3:d8:
         b0:dc:5c:90:14:1a:db:31:9f:8d:d6:ab:e2:c4:1e:b6:75:68:
         a0:bf:d2:1c:bf:f9:b7:ce:8f:f7:1b:09:04:fa:fa:79:af:e6:
         ab:0f:ec:ad:54:49:01:12:f9:ea:09:f4:b0:b8:a1:1b:50:9f:
         50:5f:9c:a2:34:ac:b2:28:3d:5e:6c:eb:1e:02:65:ed:b4:42:
         d5:65:25:80:c0:4a:77:cf:a3:7c:20:d0:53:f3:16:7b:56:dc:
         11:de:91:64:b7:9a:0f:6a:2f:1f:e5:1a:ad:82:4f:a4:f3:73:
         64:c3:55:6c:2a:1b:6d:65:f3:54:05:e5:d8:44:58:23:2c:a2:
         6f:3f:64:f9:9a:26:b3:04:c0:03:50:a6:19:a2:5b:9d:49:9e:
         1f:6c:96:50:24:4d:8b:6d:e5:51:2c:58:b1:56:05:f0:d0:07:
         e6:cf:a1:d1:0a:db:08:fb:3e:a3:a7:bd:2a:67:51:ab:f4:87:
         b1:01:30:f6:e2:d8:c7:c4:bb:c9:05:b1:3a:3c:fc:64:b3:da:
         a5:d2:c4:33:67:4f:3b:28:96:8c:f6:6c:66:07:d8:4c:b1:9f:
         cb:40:d4:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NUT8EYBJx6E53i6ScxziMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzZjM2YjBhZGVlNmNiNTUxODc2M2I1YmM4ZWFhM2Q0MWYy
M2U5MzgwHhcNMjYwMTAxMDYxODM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDI4OTgzYTFkZDNiZThkODMwNWY5NzQ4ZGE2ZDBiYzUyZDYyYzU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuBmlK/v5RwfIaLwSVqHijCCyMN3k
pXwQ9/oDfZe1wILcnyjtpIpSqkUtJScc7smpYMrmGQjy3QH6GncjXv+1AOk23Z3Z
TMimap8yxDqonL/8eQ9B+g4a857ell/cXYpBOZJH+SgyFQ0px3cE1hYY7Dh3TYtd
fRo/SOlUA9xgNeDIFMxVAxvwzsmu6hej9HTNvr0t9T+l2WhIl2aery92TganTly6
IeWXEZZzAwIfth9RfTgBM6rIrZ0KdtUb8wA/YYq1mQJzLHae3PyPR5uxlBs/U7Vu
eDzMyILwa+rw2iTFxfdX5lmHTWLmSxm/1Ml6dEOhLSoqRuiRZoT4NHqRiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPQomDod076NgwX5dI2m0LxS1ixXMB8GA1UdIwQY
MBaAFIPzawre5stVGHY7W8jqo9QfI+k4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ19OckN0N215MVVZZGp0YnlPcWoxQjhqNlRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC83MzE5NWMtZTY2My00OThjLTk3ZGIt
YWY2NGYzZmEyNDU5LzEvOUNpWU9oM1R2bzJEQmZsMGphYlF2RkxXTEZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC83MzE5NWMtZTY2My00OThjLTk3ZGItYWY2NGYzZmEyNDU5
LzEvZ19OckN0N215MVVZZGp0YnlPcWoxQjhqNlRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFsGSAMA0G
CSqGSIb3DQEBCwUAA4IBAQAyc1MuopOgEIGjq0Qu4q15bF8KfPDqgu1R5B2/9q2L
gUdM89iw3FyQFBrbMZ+N1qvixB62dWigv9Icv/m3zo/3GwkE+vp5r+arD+ytVEkB
EvnqCfSwuKEbUJ9QX5yiNKyyKD1ebOseAmXttELVZSWAwEp3z6N8INBT8xZ7VtwR
3pFkt5oPai8f5Rqtgk+k83Nkw1VsKhttZfNUBeXYRFgjLKJvP2T5miazBMADUKYZ
oludSZ4fbJZQJE2LbeVRLFixVgXw0Afmz6HRCtsI+z6jp70qZ1Gr9IexATD24tjH
xLvJBbE6PPxks9ql0sQzZ087KJaM9mxmB9hMsZ/LQNRJ
-----END CERTIFICATE-----