This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/126755-eedd-40b1-95e8-a4ca8b9c205b/1/Q0Jdhd0Xijh5Qg2MMx6tv_NFg0Y.roa
File:                     Q0Jdhd0Xijh5Qg2MMx6tv_NFg0Y.roa (raw, json)
Hash identifier:          e8/UdF909D8bl8btP6fz+eUx2PtucIwHXcMCcE3Yfss=
Subject key identifier:   43:42:5D:85:DD:17:8A:38:79:42:0D:8C:33:1E:AD:BF:F3:45:83:46
Certificate issuer:       /CN=9da140e8028e6d537600e0888a9af5a971c5db46
Certificate serial:       019B79109673F84F736F968F95B4953A1540
Authority key identifier: 9D:A1:40:E8:02:8E:6D:53:76:00:E0:88:8A:9A:F5:A9:71:C5:DB:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/naFA6AKObVN2AOCIipr1qXHF20Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/126755-eedd-40b1-95e8-a4ca8b9c205b/1/Q0Jdhd0Xijh5Qg2MMx6tv_NFg0Y.roa
Signing time:             Thu 01 Jan 2026 10:18:08 +0000
ROA not before:           Thu 01 Jan 2026 10:18:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8837
IP address blocks:        192.58.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/126755-eedd-40b1-95e8-a4ca8b9c205b/1/naFA6AKObVN2AOCIipr1qXHF20Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/126755-eedd-40b1-95e8-a4ca8b9c205b/1/naFA6AKObVN2AOCIipr1qXHF20Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/naFA6AKObVN2AOCIipr1qXHF20Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:96:73:f8:4f:73:6f:96:8f:95:b4:95:3a:15:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9da140e8028e6d537600e0888a9af5a971c5db46
        Validity
            Not Before: Jan  1 10:18:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=43425d85dd178a3879420d8c331eadbff3458346
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:0d:61:fc:c2:5e:36:eb:62:b2:1a:b7:04:e3:
                    7d:d2:17:84:81:02:0d:ec:69:38:27:49:6b:fd:a2:
                    b0:78:60:9f:04:8c:de:66:0d:cf:1a:b1:07:52:d9:
                    01:c7:5b:6a:8b:08:b8:67:76:2d:12:46:d2:d8:a4:
                    79:82:c9:7f:27:f8:ea:d1:79:c8:63:e5:1c:53:66:
                    10:41:dc:ba:4c:db:8e:d4:0a:b8:68:aa:bb:72:09:
                    9d:84:1e:d0:73:89:59:6c:e3:b8:fb:e7:54:30:f8:
                    34:45:83:b0:3f:ac:06:34:0f:54:11:c5:7f:45:39:
                    42:15:06:c2:07:9a:33:15:7f:92:a0:48:84:5f:0f:
                    89:a4:37:d7:d5:94:3a:b7:ef:83:a4:24:9e:fc:26:
                    be:b5:95:b8:9f:fe:fc:ac:28:65:28:3e:e8:a1:b3:
                    73:ff:7a:f4:09:7e:4b:b9:cd:72:88:85:0f:29:45:
                    02:57:81:96:0e:54:ad:41:4a:1a:f7:34:76:f5:86:
                    54:cd:07:5b:c8:65:e3:de:52:96:00:01:f4:79:b4:
                    95:b3:23:d4:8f:ce:86:4a:b2:96:b3:43:73:72:38:
                    4c:d1:ca:d6:18:b4:d4:6a:21:06:ea:bc:39:63:5b:
                    b9:f6:f6:54:70:98:76:2c:2e:07:83:6d:ff:52:9e:
                    0b:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:42:5D:85:DD:17:8A:38:79:42:0D:8C:33:1E:AD:BF:F3:45:83:46
            X509v3 Authority Key Identifier:
                keyid:9D:A1:40:E8:02:8E:6D:53:76:00:E0:88:8A:9A:F5:A9:71:C5:DB:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/naFA6AKObVN2AOCIipr1qXHF20Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/126755-eedd-40b1-95e8-a4ca8b9c205b/1/Q0Jdhd0Xijh5Qg2MMx6tv_NFg0Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/126755-eedd-40b1-95e8-a4ca8b9c205b/1/naFA6AKObVN2AOCIipr1qXHF20Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.58.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:2a:09:47:61:3e:00:42:25:e6:8f:7f:5f:5c:a6:97:77:3f:
         ed:07:67:b5:98:ae:36:d1:e5:85:75:92:7c:6d:7e:aa:12:fa:
         82:01:99:72:4a:5c:cc:bd:a5:4c:20:67:a6:e8:c6:bb:5d:a0:
         f8:4c:ef:85:09:90:87:19:e2:58:2c:91:af:e8:83:6b:ce:e7:
         f9:1d:a8:ba:63:48:bc:c6:71:15:d4:ef:80:fa:a1:5e:8d:dd:
         84:42:32:4f:05:26:ce:55:a2:1c:cd:02:21:e3:ce:b6:da:ac:
         b0:55:0b:09:66:29:0a:13:55:9b:ed:1a:3d:a3:75:76:9e:3d:
         b8:45:40:61:3d:b9:3d:fe:72:07:14:a2:1b:b3:22:fc:ff:f8:
         68:db:41:c7:32:33:e7:8d:a6:b0:eb:99:3b:4c:cd:19:ff:57:
         e1:d9:62:9c:37:6e:3d:0b:9b:3d:6b:14:08:81:8b:c9:02:11:
         f4:97:65:2f:9e:b0:41:52:80:fb:84:3b:74:79:a5:56:cd:cf:
         32:56:79:7c:3b:47:c4:78:24:18:94:22:94:ba:23:74:f0:3c:
         2d:aa:e0:6e:38:f1:c5:c2:07:77:12:7f:1e:47:26:ea:a9:9f:
         5c:d2:ab:a5:db:71:74:f2:68:9d:10:53:2e:a3:3d:50:56:a7:
         49:9a:c1:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EJZz+E9zb5aPlbSVOhVAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkYTE0MGU4MDI4ZTZkNTM3NjAwZTA4ODhhOWFmNWE5NzFj
NWRiNDYwHhcNMjYwMTAxMTAxODA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzQyNWQ4NWRkMTc4YTM4Nzk0MjBkOGMzMzFlYWRiZmYzNDU4MzQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAww1h/MJeNutishq3BON90heEgQIN
7Gk4J0lr/aKweGCfBIzeZg3PGrEHUtkBx1tqiwi4Z3YtEkbS2KR5gsl/J/jq0XnI
Y+UcU2YQQdy6TNuO1Aq4aKq7cgmdhB7Qc4lZbOO4++dUMPg0RYOwP6wGNA9UEcV/
RTlCFQbCB5ozFX+SoEiEXw+JpDfX1ZQ6t++DpCSe/Ca+tZW4n/78rChlKD7oobNz
/3r0CX5Luc1yiIUPKUUCV4GWDlStQUoa9zR29YZUzQdbyGXj3lKWAAH0ebSVsyPU
j86GSrKWs0NzcjhM0crWGLTUaiEG6rw5Y1u59vZUcJh2LC4Hg23/Up4L+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFENCXYXdF4o4eUINjDMerb/zRYNGMB8GA1UdIwQY
MBaAFJ2hQOgCjm1TdgDgiIqa9alxxdtGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmFGQTZBS09iVk4yQU9DSWlwcjFxWEhGMjBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8xMjY3NTUtZWVkZC00MGIxLTk1ZTgt
YTRjYThiOWMyMDViLzEvUTBKZGhkMFhpamg1UWcyTU14NnR2X05GZzBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8xMjY3NTUtZWVkZC00MGIxLTk1ZTgtYTRjYThiOWMyMDVi
LzEvbmFGQTZBS09iVk4yQU9DSWlwcjFxWEhGMjBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwDopMA0G
CSqGSIb3DQEBCwUAA4IBAQCQKglHYT4AQiXmj39fXKaXdz/tB2e1mK420eWFdZJ8
bX6qEvqCAZlySlzMvaVMIGem6Ma7XaD4TO+FCZCHGeJYLJGv6INrzuf5Hai6Y0i8
xnEV1O+A+qFejd2EQjJPBSbOVaIczQIh48622qywVQsJZikKE1Wb7Ro9o3V2nj24
RUBhPbk9/nIHFKIbsyL8//ho20HHMjPnjaaw65k7TM0Z/1fh2WKcN249C5s9axQI
gYvJAhH0l2UvnrBBUoD7hDt0eaVWzc8yVnl8O0fEeCQYlCKUuiN08DwtquBuOPHF
wgd3En8eRybqqZ9c0qul23F08midEFMuoz1QVqdJmsFX
-----END CERTIFICATE-----