This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/9a3gzCiLS9YbS3cWS0CFDgPAsSM.roa
File:                     9a3gzCiLS9YbS3cWS0CFDgPAsSM.roa (raw, json)
Hash identifier:          WH8iduE58Yi6h9GU24SUOSoBsSDGDnbXPWsSPvyASSo=
Subject key identifier:   F5:AD:E0:CC:28:8B:4B:D6:1B:4B:77:16:4B:40:85:0E:03:C0:B1:23
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       019B77593E02750E701737278762F49A4030
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/9a3gzCiLS9YbS3cWS0CFDgPAsSM.roa
Signing time:             Thu 01 Jan 2026 02:18:15 +0000
ROA not before:           Thu 01 Jan 2026 02:18:15 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9050
IP address blocks:        94.177.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:3e:02:75:0e:70:17:37:27:87:62:f4:9a:40:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  1 02:18:15 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f5ade0cc288b4bd61b4b77164b40850e03c0b123
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:86:2c:0b:2c:47:21:2a:95:9f:78:17:c7:58:
                    69:b2:ac:9c:c6:df:92:c8:5d:c3:34:32:f4:7e:76:
                    6c:41:e1:c7:c9:66:c3:da:85:8e:3c:fd:28:05:73:
                    fe:3d:63:a5:dc:3c:23:93:20:f4:bb:44:6d:7a:20:
                    a7:c9:77:79:3e:11:29:fc:76:bb:2e:56:c9:5b:38:
                    9e:5f:8e:97:54:b0:7d:5c:0e:52:1d:77:c2:1f:e8:
                    39:92:64:b2:b3:10:d5:65:d0:d6:7f:ba:b8:f3:60:
                    ec:ea:ad:f7:f4:2a:c9:ae:b4:3e:e3:a4:53:a8:4b:
                    91:9c:fa:35:37:8f:9f:6b:bd:43:37:c7:8f:3b:bc:
                    54:ca:38:22:84:dc:61:9d:2f:ad:0a:00:99:b0:18:
                    85:c5:20:e1:1c:a8:2b:79:75:7c:b6:c6:87:10:eb:
                    b4:3d:e9:98:8e:81:12:60:77:78:3d:ad:c5:72:da:
                    d1:ce:4a:f8:8b:71:c8:74:bb:95:22:62:03:d1:3a:
                    77:db:8f:b0:2f:62:da:46:87:4c:a6:a5:1f:e1:b0:
                    7e:d7:66:0a:2d:73:41:3d:c3:da:09:2f:a7:cd:8d:
                    6c:33:5e:7e:cc:45:2d:90:81:9f:24:32:34:f9:4d:
                    2a:00:86:a9:21:8b:70:8d:9b:30:fc:46:cc:bd:b3:
                    3d:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:AD:E0:CC:28:8B:4B:D6:1B:4B:77:16:4B:40:85:0E:03:C0:B1:23
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/9a3gzCiLS9YbS3cWS0CFDgPAsSM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.177.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:14:18:34:14:42:63:95:01:18:00:ca:9d:0c:27:e2:8c:f6:
         15:21:24:cc:56:3a:c9:cd:da:ab:84:a1:32:97:99:a0:4e:3a:
         11:80:d8:5c:b4:fa:f8:83:d6:39:eb:ee:6e:1e:0f:e5:73:fe:
         f2:bd:b5:cb:89:48:17:d6:fa:12:d0:0d:75:9f:d0:9d:a7:df:
         c3:f9:bb:69:ca:8a:48:00:e9:02:ca:ed:5f:b2:d2:d5:9b:85:
         ed:ac:3f:cf:79:88:94:d0:c1:9d:48:5f:f6:21:67:75:8d:be:
         0e:1a:73:d2:45:30:f8:c9:22:8c:0c:d5:9b:ae:fe:55:ab:1c:
         0e:57:0a:ee:b9:31:1d:84:e2:24:98:ec:87:00:65:56:ff:31:
         81:e0:ee:75:10:a8:f4:3e:42:31:00:cb:8f:55:b1:f9:54:3a:
         77:b8:d3:21:b1:c7:4a:3e:2e:44:db:dd:49:e1:ea:40:0e:06:
         21:f8:fe:f3:4d:7d:ac:c8:71:05:2a:43:14:89:2c:35:e7:99:
         3d:d0:a7:74:f7:7c:4f:da:f3:4a:29:85:08:26:9e:32:e7:b2:
         01:77:65:c8:7a:31:28:34:28:e6:4b:4a:6b:63:1d:54:2b:46:
         7b:7b:eb:ae:0a:0f:2f:82:ac:92:b1:ca:fa:16:b9:bd:e4:2f:
         18:0d:44:3b
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt3WT4CdQ5wFzcnh2L0mkAwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjYwMTAxMDIxODE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWFkZTBjYzI4OGI0YmQ2MWI0Yjc3MTY0YjQwODUwZTAzYzBiMTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjIYsCyxHISqVn3gXx1hpsqycxt+S
yF3DNDL0fnZsQeHHyWbD2oWOPP0oBXP+PWOl3DwjkyD0u0RteiCnyXd5PhEp/Ha7
LlbJWzieX46XVLB9XA5SHXfCH+g5kmSysxDVZdDWf7q482Ds6q339CrJrrQ+46RT
qEuRnPo1N4+fa71DN8ePO7xUyjgihNxhnS+tCgCZsBiFxSDhHKgreXV8tsaHEOu0
PemYjoESYHd4Pa3FctrRzkr4i3HIdLuVImID0Tp324+wL2LaRodMpqUf4bB+12YK
LXNBPcPaCS+nzY1sM15+zEUtkIGfJDI0+U0qAIapIYtwjZsw/EbMvbM9UwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPWt4Mwoi0vWG0t3FktAhQ4DwLEjMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xLzlhM2d6Q2lMUzlZYlMzY1dTMENGRGdQQXNTTS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABesWsw
DQYJKoZIhvcNAQELBQADggEBABQUGDQUQmOVARgAyp0MJ+KM9hUhJMxWOsnN2quE
oTKXmaBOOhGA2Fy0+viD1jnr7m4eD+Vz/vK9tcuJSBfW+hLQDXWf0J2n38P5u2nK
ikgA6QLK7V+y0tWbhe2sP895iJTQwZ1IX/YhZ3WNvg4ac9JFMPjJIowM1Zuu/lWr
HA5XCu65MR2E4iSY7IcAZVb/MYHg7nUQqPQ+QjEAy49VsflUOne40yGxx0o+LkTb
3Unh6kAOBiH4/vNNfazIcQUqQxSJLDXnmT3Qp3T3fE/a80ophQgmnjLnsgF3Zch6
MSg0KOZLSmtjHVQrRnt7664KDy+CrJKxyvoWub3kLxgNRDs=
-----END CERTIFICATE-----