This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/28e113-3931-4d3d-b793-ecb80702a117/1/SpWXQfnXhUu9qhkeG1TVG0H4SQU.roa
File:                     SpWXQfnXhUu9qhkeG1TVG0H4SQU.roa (raw, json)
Hash identifier:          gNWnU3IuDkhC9ei21eiBQWzWKaO3beh6JvvEKmw7ib0=
Subject key identifier:   4A:95:97:41:F9:D7:85:4B:BD:AA:19:1E:1B:54:D5:1B:41:F8:49:05
Certificate issuer:       /CN=8e90bd2870050c84477a161eb090f05eb962016c
Certificate serial:       019B7E378FBE1742E530A765B49FE1243D0C
Authority key identifier: 8E:90:BD:28:70:05:0C:84:47:7A:16:1E:B0:90:F0:5E:B9:62:01:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jpC9KHAFDIRHehYesJDwXrliAWw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/28e113-3931-4d3d-b793-ecb80702a117/1/SpWXQfnXhUu9qhkeG1TVG0H4SQU.roa
Signing time:             Fri 02 Jan 2026 10:18:49 +0000
ROA not before:           Fri 02 Jan 2026 10:18:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     786
IP address blocks:        136.201.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/28e113-3931-4d3d-b793-ecb80702a117/1/jpC9KHAFDIRHehYesJDwXrliAWw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/28e113-3931-4d3d-b793-ecb80702a117/1/jpC9KHAFDIRHehYesJDwXrliAWw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jpC9KHAFDIRHehYesJDwXrliAWw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:8f:be:17:42:e5:30:a7:65:b4:9f:e1:24:3d:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e90bd2870050c84477a161eb090f05eb962016c
        Validity
            Not Before: Jan  2 10:18:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4a959741f9d7854bbdaa191e1b54d51b41f84905
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:24:31:f4:ce:7f:e3:e8:89:3b:f9:b1:d5:98:
                    1c:ba:3f:eb:21:8b:df:2a:57:a0:28:02:6a:26:58:
                    5c:e7:6e:2a:2a:66:b6:b4:0e:50:5b:28:1f:c1:7c:
                    1e:79:99:df:3f:a4:ab:ae:28:f4:8c:81:03:7a:ff:
                    cf:b9:4f:03:74:52:81:fe:de:0b:63:2e:0d:5c:62:
                    9e:3e:ed:51:c9:a4:7d:f3:d9:dc:7f:93:b0:69:aa:
                    ad:68:c3:13:c9:eb:c7:55:9a:73:31:73:6a:7c:de:
                    35:3c:3b:04:06:18:45:a3:63:64:d6:ba:bc:f4:11:
                    88:6a:b9:19:d1:7c:9e:b9:44:24:57:00:20:36:0a:
                    7f:65:c2:c1:41:e0:ff:f3:ed:5f:aa:1d:cc:de:3f:
                    d9:c2:32:cd:59:22:c4:a1:45:8b:e9:d6:75:9d:7c:
                    47:86:55:13:b6:c0:c1:17:ca:c1:41:b1:b3:98:a5:
                    e4:6d:6c:7e:be:46:1a:94:1c:14:18:c6:27:a5:f1:
                    96:87:ef:04:31:b5:94:1d:cb:63:39:bc:db:58:e3:
                    e4:d0:72:8b:ba:be:65:f8:c9:4a:41:4d:df:2f:54:
                    97:b7:a6:1b:6c:60:25:5a:fa:02:ba:72:bd:f4:e6:
                    06:92:7a:e6:35:6f:25:59:29:cd:c5:49:4e:da:9f:
                    a1:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:95:97:41:F9:D7:85:4B:BD:AA:19:1E:1B:54:D5:1B:41:F8:49:05
            X509v3 Authority Key Identifier:
                keyid:8E:90:BD:28:70:05:0C:84:47:7A:16:1E:B0:90:F0:5E:B9:62:01:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jpC9KHAFDIRHehYesJDwXrliAWw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/28e113-3931-4d3d-b793-ecb80702a117/1/SpWXQfnXhUu9qhkeG1TVG0H4SQU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/28e113-3931-4d3d-b793-ecb80702a117/1/jpC9KHAFDIRHehYesJDwXrliAWw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.201.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         69:0a:84:b8:1f:14:71:e7:0d:5a:24:36:e4:18:c6:d1:cf:ed:
         e0:eb:c9:f1:2c:82:db:24:5f:e6:16:b9:d2:44:c9:8e:b2:0b:
         e7:9f:f7:b0:31:7b:2d:33:25:7d:7b:fd:3b:c7:18:09:89:be:
         3f:36:33:c9:b2:3d:b6:40:ed:16:25:bb:ee:3b:55:83:f4:fb:
         22:81:bb:66:1e:12:30:c6:66:80:f0:7b:d2:fe:c6:c2:3b:ae:
         ec:95:af:6e:50:b2:bd:11:1b:9f:5f:5e:16:35:e0:80:db:b6:
         b3:ed:cf:74:8a:ed:34:a4:91:48:69:1a:80:fd:8a:6a:7b:6d:
         01:57:f9:4c:70:80:42:c0:14:b6:3b:ea:71:32:95:dc:41:1b:
         3b:7f:85:4d:0c:d0:04:2b:52:a8:26:d5:a5:0a:de:a3:9e:9c:
         52:d5:09:67:97:32:1b:74:98:fb:c7:6f:65:78:ec:76:fa:7f:
         ae:86:6a:3b:fa:80:36:a6:6b:96:ab:5a:80:b8:ee:e5:e7:99:
         e7:45:34:3e:f9:43:d1:f5:10:5a:be:af:a4:a7:ba:bd:38:51:
         00:9d:75:a7:9d:dd:6d:37:2d:c6:27:77:60:ce:e6:ca:59:6f:
         6c:90:5b:39:82:7e:e2:f1:01:1c:f5:47:9d:7a:53:c3:07:de:
         0b:5f:fd:d9
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZt+N4++F0LlMKdltJ/hJD0MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlOTBiZDI4NzAwNTBjODQ0NzdhMTYxZWIwOTBmMDVlYjk2
MjAxNmMwHhcNMjYwMTAyMTAxODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTk1OTc0MWY5ZDc4NTRiYmRhYTE5MWUxYjU0ZDUxYjQxZjg0OTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1SQx9M5/4+iJO/mx1Zgcuj/rIYvf
KlegKAJqJlhc524qKma2tA5QWygfwXweeZnfP6Srrij0jIEDev/PuU8DdFKB/t4L
Yy4NXGKePu1RyaR989ncf5OwaaqtaMMTyevHVZpzMXNqfN41PDsEBhhFo2Nk1rq8
9BGIarkZ0XyeuUQkVwAgNgp/ZcLBQeD/8+1fqh3M3j/ZwjLNWSLEoUWL6dZ1nXxH
hlUTtsDBF8rBQbGzmKXkbWx+vkYalBwUGMYnpfGWh+8EMbWUHctjObzbWOPk0HKL
ur5l+MlKQU3fL1SXt6YbbGAlWvoCunK99OYGknrmNW8lWSnNxUlO2p+hQwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFEqVl0H514VLvaoZHhtU1RtB+EkFMB8GA1UdIwQY
MBaAFI6QvShwBQyER3oWHrCQ8F65YgFsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanBDOUtIQUZESVJIZWhZZXNKRHdYcmxpQVd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi8yOGUxMTMtMzkzMS00ZDNkLWI3OTMt
ZWNiODA3MDJhMTE3LzEvU3BXWFFmblhoVXU5cWhrZUcxVFZHMEg0U1FVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi8yOGUxMTMtMzkzMS00ZDNkLWI3OTMtZWNiODA3MDJhMTE3
LzEvanBDOUtIQUZESVJIZWhZZXNKRHdYcmxpQVd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAiMkwDQYJ
KoZIhvcNAQELBQADggEBAGkKhLgfFHHnDVokNuQYxtHP7eDryfEsgtskX+YWudJE
yY6yC+ef97Axey0zJX17/TvHGAmJvj82M8myPbZA7RYlu+47VYP0+yKBu2YeEjDG
ZoDwe9L+xsI7ruyVr25Qsr0RG59fXhY14IDbtrPtz3SK7TSkkUhpGoD9imp7bQFX
+UxwgELAFLY76nEyldxBGzt/hU0M0AQrUqgm1aUK3qOenFLVCWeXMht0mPvHb2V4
7Hb6f66Gajv6gDama5arWoC47uXnmedFND75Q9H1EFq+r6Snur04UQCddaed3W03
LcYnd2DO5spZb2yQWzmCfuLxARz1R516U8MH3gtf/dk=
-----END CERTIFICATE-----