This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/9ok7vlhzmI90nPgnO1IgrHdTxZs.roa
File:                     9ok7vlhzmI90nPgnO1IgrHdTxZs.roa (raw, json)
Hash identifier:          KMWs95W+KNbFg3H5cAfW7c/c378ZOgBFSVfOB7Q6xdc=
Subject key identifier:   F6:89:3B:BE:58:73:98:8F:74:9C:F8:27:3B:52:20:AC:77:53:C5:9B
Certificate issuer:       /CN=cdb83cfe5489835f294d0af4dd4db6e3dc25f1f3
Certificate serial:       019B7B36A23D7EAF7B2C047743E4D2C4BD0B
Authority key identifier: CD:B8:3C:FE:54:89:83:5F:29:4D:0A:F4:DD:4D:B6:E3:DC:25:F1:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zbg8_lSJg18pTQr03U2249wl8fM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/9ok7vlhzmI90nPgnO1IgrHdTxZs.roa
Signing time:             Thu 01 Jan 2026 20:18:56 +0000
ROA not before:           Thu 01 Jan 2026 20:18:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     4862
IP address blocks:        57.72.0.0/15 maxlen: 32
                          57.72.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/zbg8_lSJg18pTQr03U2249wl8fM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/zbg8_lSJg18pTQr03U2249wl8fM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zbg8_lSJg18pTQr03U2249wl8fM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:a2:3d:7e:af:7b:2c:04:77:43:e4:d2:c4:bd:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdb83cfe5489835f294d0af4dd4db6e3dc25f1f3
        Validity
            Not Before: Jan  1 20:18:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f6893bbe5873988f749cf8273b5220ac7753c59b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:ef:55:69:18:1e:d3:bd:2b:d4:0c:42:c8:9b:
                    39:87:2c:01:a8:77:a6:ee:f8:79:d5:0a:b7:b2:07:
                    83:4f:e1:b7:c1:b1:6b:b4:d5:11:3c:bb:99:41:06:
                    4a:72:d8:aa:a1:3a:d8:4b:7b:23:9b:05:af:22:61:
                    65:7a:75:ac:61:07:e2:5d:17:8a:fe:df:7c:a3:7c:
                    1a:17:42:d7:11:37:8f:c8:4c:77:82:81:de:a7:92:
                    4e:41:94:67:a8:57:b7:15:fb:d2:32:32:c2:43:2e:
                    e2:d0:85:f6:3b:62:e8:9b:08:dc:78:92:94:d5:f6:
                    47:12:f6:63:10:e3:e2:1d:e1:ac:38:6a:28:3b:1c:
                    00:ae:cc:2b:df:af:7c:e3:df:56:09:c0:ac:9f:39:
                    23:11:f1:42:d1:46:54:04:92:25:79:f3:a0:df:58:
                    96:0d:7f:98:f9:59:8c:34:a9:42:c3:5b:8f:5e:ee:
                    d7:93:8b:98:0b:68:c3:a4:6d:a9:5c:38:52:a5:f1:
                    08:ee:47:82:b9:30:63:c8:22:c3:04:be:9f:f0:2e:
                    63:2d:5d:c5:2d:0a:7c:bc:83:24:f8:45:9d:a6:ec:
                    47:6c:f4:49:65:02:53:cd:75:9a:bc:b3:77:1a:10:
                    9b:4d:da:df:a0:3d:2e:d5:9d:d3:ba:28:84:9a:42:
                    38:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:89:3B:BE:58:73:98:8F:74:9C:F8:27:3B:52:20:AC:77:53:C5:9B
            X509v3 Authority Key Identifier:
                keyid:CD:B8:3C:FE:54:89:83:5F:29:4D:0A:F4:DD:4D:B6:E3:DC:25:F1:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zbg8_lSJg18pTQr03U2249wl8fM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/9ok7vlhzmI90nPgnO1IgrHdTxZs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/zbg8_lSJg18pTQr03U2249wl8fM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  57.72.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         7f:63:7f:72:69:2b:e4:b3:6a:65:f7:6d:f9:2c:00:dc:11:06:
         52:05:cb:fe:1f:fa:8c:9b:44:30:80:e4:f2:73:81:06:4d:a2:
         9a:12:a7:03:96:64:ca:1b:38:10:66:d3:2d:15:59:a0:15:3d:
         c3:73:dd:3f:2f:19:34:a3:73:b4:e5:ec:c1:a3:3b:5b:1c:1a:
         ad:8a:c5:8b:9d:72:74:e7:0a:03:ce:91:3f:08:b1:e1:8c:db:
         10:00:ac:d0:e3:86:cc:6d:8c:fc:23:fb:d6:b7:00:52:fa:88:
         4c:79:93:80:c8:17:8d:83:f8:f1:68:5c:0f:04:2b:47:82:a0:
         55:d5:b9:a1:d6:6b:c4:54:77:94:a6:aa:ca:fc:ed:d0:1d:55:
         f3:52:0a:b3:85:71:7a:eb:9e:fe:fc:af:92:34:89:61:49:45:
         0f:3c:d8:73:9f:ce:b1:11:a2:25:b5:fd:ab:64:c6:b0:58:70:
         e4:0b:9b:ce:8e:d3:4b:c9:c8:ce:83:d3:0d:b4:15:e5:55:88:
         80:99:3b:fa:d3:25:24:d7:32:a5:f7:51:87:fa:be:99:14:ce:
         36:b2:60:73:d3:e8:15:5d:07:9a:aa:96:e4:38:32:30:58:93:
         87:bd:b4:cd:d9:20:85:56:19:d2:83:32:33:d5:27:79:32:89:
         24:75:d9:1e
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZt7NqI9fq97LAR3Q+TSxL0LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYjgzY2ZlNTQ4OTgzNWYyOTRkMGFmNGRkNGRiNmUzZGMy
NWYxZjMwHhcNMjYwMTAxMjAxODU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjg5M2JiZTU4NzM5ODhmNzQ5Y2Y4MjczYjUyMjBhYzc3NTNjNTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAke9VaRge070r1AxCyJs5hywBqHem
7vh51Qq3sgeDT+G3wbFrtNURPLuZQQZKctiqoTrYS3sjmwWvImFlenWsYQfiXReK
/t98o3waF0LXETePyEx3goHep5JOQZRnqFe3FfvSMjLCQy7i0IX2O2LomwjceJKU
1fZHEvZjEOPiHeGsOGooOxwArswr3698499WCcCsnzkjEfFC0UZUBJIlefOg31iW
DX+Y+VmMNKlCw1uPXu7Xk4uYC2jDpG2pXDhSpfEI7keCuTBjyCLDBL6f8C5jLV3F
LQp8vIMk+EWdpuxHbPRJZQJTzXWavLN3GhCbTdrfoD0u1Z3TuiiEmkI4IQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFPaJO75Yc5iPdJz4JztSIKx3U8WbMB8GA1UdIwQY
MBaAFM24PP5UiYNfKU0K9N1NtuPcJfHzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemJnOF9sU0pnMThwVFFyMDNVMjI0OXdsOGZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS83Mzk3MTYtOWFmMi00N2Y1LWE2ZjEt
YTNiNzRmOTY0MWFjLzEvOW9rN3ZsaHptSTkwblBnbk8xSWdySGRUeFpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS83Mzk3MTYtOWFmMi00N2Y1LWE2ZjEtYTNiNzRmOTY0MWFj
LzEvemJnOF9sU0pnMThwVFFyMDNVMjI0OXdsOGZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMBOUgwDQYJ
KoZIhvcNAQELBQADggEBAH9jf3JpK+SzamX3bfksANwRBlIFy/4f+oybRDCA5PJz
gQZNopoSpwOWZMobOBBm0y0VWaAVPcNz3T8vGTSjc7Tl7MGjO1scGq2KxYudcnTn
CgPOkT8IseGM2xAArNDjhsxtjPwj+9a3AFL6iEx5k4DIF42D+PFoXA8EK0eCoFXV
uaHWa8RUd5Smqsr87dAdVfNSCrOFcXrrnv78r5I0iWFJRQ882HOfzrERoiW1/atk
xrBYcOQLm86O00vJyM6D0w20FeVViICZO/rTJSTXMqX3UYf6vpkUzjayYHPT6BVd
B5qqluQ4MjBYk4e9tM3ZIIVWGdKDMjPVJ3kyiSR12R4=
-----END CERTIFICATE-----