This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/9ddc9d-60c7-4bcb-919a-3408089edc45/1/MyEobwPvVlPZfo18i7oAV1Xhf8s.roa
File:                     MyEobwPvVlPZfo18i7oAV1Xhf8s.roa (raw, json)
Hash identifier:          +PGToJCT+bUcRHVwTrA1c0sAhKUye1v74DJg5l+yDRc=
Subject key identifier:   33:21:28:6F:03:EF:56:53:D9:7E:8D:7C:8B:BA:00:57:55:E1:7F:CB
Certificate issuer:       /CN=542d971ad3c2e438d4a312d1a1de751810aca4e0
Certificate serial:       019B7EA728DFC649BB49B1AD514FA6268049
Authority key identifier: 54:2D:97:1A:D3:C2:E4:38:D4:A3:12:D1:A1:DE:75:18:10:AC:A4:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VC2XGtPC5DjUoxLRod51GBCspOA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/9ddc9d-60c7-4bcb-919a-3408089edc45/1/MyEobwPvVlPZfo18i7oAV1Xhf8s.roa
Signing time:             Fri 02 Jan 2026 12:20:42 +0000
ROA not before:           Fri 02 Jan 2026 12:20:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209490
IP address blocks:        171.22.56.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/9ddc9d-60c7-4bcb-919a-3408089edc45/1/VC2XGtPC5DjUoxLRod51GBCspOA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/9ddc9d-60c7-4bcb-919a-3408089edc45/1/VC2XGtPC5DjUoxLRod51GBCspOA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VC2XGtPC5DjUoxLRod51GBCspOA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a7:28:df:c6:49:bb:49:b1:ad:51:4f:a6:26:80:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=542d971ad3c2e438d4a312d1a1de751810aca4e0
        Validity
            Not Before: Jan  2 12:20:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3321286f03ef5653d97e8d7c8bba005755e17fcb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:61:dd:3f:74:e2:de:3c:02:5e:df:8b:ef:0a:
                    13:f3:8b:82:dc:f2:e9:35:3c:bd:f8:ea:d9:f2:19:
                    48:62:f9:38:b2:3d:65:db:77:f0:86:7e:61:42:7d:
                    b8:63:6c:50:2d:a6:b4:46:ba:95:96:05:aa:58:ce:
                    e1:86:b8:3e:94:d9:86:17:a5:5a:26:11:66:fe:da:
                    c6:e2:f9:bb:ae:0a:ae:1d:6a:48:b8:43:11:4a:e2:
                    c1:ba:db:0d:71:f5:c8:a9:e4:7a:d9:1d:ff:e5:ea:
                    05:fa:10:b8:28:59:d0:dd:57:84:f8:10:ca:22:38:
                    92:fe:7f:46:f2:38:56:d6:7a:7b:ac:e5:f2:83:c1:
                    e4:7f:8f:e6:ad:55:74:0d:07:6b:6a:d3:06:64:25:
                    d8:ed:a2:76:a1:bd:8f:a8:0e:64:04:a3:98:1f:11:
                    0f:96:39:75:24:d4:98:a8:41:51:48:93:41:4d:1f:
                    a1:a2:5d:b2:70:4d:f6:7c:ba:dc:48:82:0b:93:d6:
                    69:51:c3:19:31:e8:1b:2a:8b:e7:db:71:2e:c0:0b:
                    bc:a0:8a:ac:f1:6c:ef:fe:ac:c7:5d:9b:0d:83:94:
                    8b:d3:22:b5:9e:12:68:e8:f0:9c:80:5c:7b:8c:c9:
                    fb:3a:7b:be:1a:de:c7:33:ca:a3:52:c5:7e:27:79:
                    48:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:21:28:6F:03:EF:56:53:D9:7E:8D:7C:8B:BA:00:57:55:E1:7F:CB
            X509v3 Authority Key Identifier:
                keyid:54:2D:97:1A:D3:C2:E4:38:D4:A3:12:D1:A1:DE:75:18:10:AC:A4:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VC2XGtPC5DjUoxLRod51GBCspOA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/9ddc9d-60c7-4bcb-919a-3408089edc45/1/MyEobwPvVlPZfo18i7oAV1Xhf8s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/9ddc9d-60c7-4bcb-919a-3408089edc45/1/VC2XGtPC5DjUoxLRod51GBCspOA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.22.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         80:9c:8a:93:58:2a:9e:9d:2c:ab:c1:e5:e5:a6:17:c7:fb:f1:
         97:6d:e6:94:84:09:9d:be:17:b9:24:72:fd:50:b3:6f:a0:a2:
         20:56:65:70:7a:90:38:20:ec:2a:8a:58:66:28:75:35:18:d4:
         d9:11:5a:40:a8:48:31:d8:05:e0:7b:c0:49:0a:a4:28:f7:1a:
         cd:d8:30:de:43:3f:e2:01:d3:66:86:86:8a:e8:61:28:66:ec:
         c4:d6:72:60:6e:2e:38:1e:4c:5d:f6:64:2e:d6:38:14:f2:03:
         31:b1:c9:bc:ce:cf:b7:2a:b0:5a:74:70:dd:cf:f1:8a:13:29:
         3f:c5:64:eb:e0:98:52:0c:21:e2:01:ce:e7:32:b0:e9:6c:af:
         56:08:92:5e:e7:1e:9d:bf:18:9b:d3:bf:bf:ae:92:66:3d:44:
         90:47:52:57:69:d3:d0:ba:dc:53:9c:9d:86:27:7c:41:e0:59:
         50:f6:7c:e7:f8:28:bb:98:a3:3f:24:89:41:e5:c8:39:9b:1e:
         08:f5:ad:19:e8:9c:37:ef:7a:8d:e1:a8:fd:c3:ef:dc:7a:56:
         58:8e:41:69:99:40:f8:79:ae:82:74:b9:ff:2e:cd:f7:8e:63:
         5f:a6:a8:35:2b:5b:20:57:a2:43:c4:dc:4a:ef:e7:02:d2:24:
         46:53:f5:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pyjfxkm7SbGtUU+mJoBJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0MmQ5NzFhZDNjMmU0MzhkNGEzMTJkMWExZGU3NTE4MTBh
Y2E0ZTAwHhcNMjYwMTAyMTIyMDQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzIxMjg2ZjAzZWY1NjUzZDk3ZThkN2M4YmJhMDA1NzU1ZTE3ZmNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvmHdP3Ti3jwCXt+L7woT84uC3PLp
NTy9+OrZ8hlIYvk4sj1l23fwhn5hQn24Y2xQLaa0RrqVlgWqWM7hhrg+lNmGF6Va
JhFm/trG4vm7rgquHWpIuEMRSuLButsNcfXIqeR62R3/5eoF+hC4KFnQ3VeE+BDK
IjiS/n9G8jhW1np7rOXyg8Hkf4/mrVV0DQdratMGZCXY7aJ2ob2PqA5kBKOYHxEP
ljl1JNSYqEFRSJNBTR+hol2ycE32fLrcSIILk9ZpUcMZMegbKovn23EuwAu8oIqs
8Wzv/qzHXZsNg5SL0yK1nhJo6PCcgFx7jMn7Onu+Gt7HM8qjUsV+J3lIAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDMhKG8D71ZT2X6NfIu6AFdV4X/LMB8GA1UdIwQY
MBaAFFQtlxrTwuQ41KMS0aHedRgQrKTgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkMyWEd0UEM1RGpVb3hMUm9kNTFHQkNzcE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi85ZGRjOWQtNjBjNy00YmNiLTkxOWEt
MzQwODA4OWVkYzQ1LzEvTXlFb2J3UHZWbFBaZm8xOGk3b0FWMVhoZjhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi85ZGRjOWQtNjBjNy00YmNiLTkxOWEtMzQwODA4OWVkYzQ1
LzEvVkMyWEd0UEM1RGpVb3hMUm9kNTFHQkNzcE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCqxY4MA0G
CSqGSIb3DQEBCwUAA4IBAQCAnIqTWCqenSyrweXlphfH+/GXbeaUhAmdvhe5JHL9
ULNvoKIgVmVwepA4IOwqilhmKHU1GNTZEVpAqEgx2AXge8BJCqQo9xrN2DDeQz/i
AdNmhoaK6GEoZuzE1nJgbi44Hkxd9mQu1jgU8gMxscm8zs+3KrBadHDdz/GKEyk/
xWTr4JhSDCHiAc7nMrDpbK9WCJJe5x6dvxib07+/rpJmPUSQR1JXadPQutxTnJ2G
J3xB4FlQ9nzn+Ci7mKM/JIlB5cg5mx4I9a0Z6Jw373qN4aj9w+/celZYjkFpmUD4
ea6CdLn/Ls33jmNfpqg1K1sgV6JDxNxK7+cC0iRGU/VA
-----END CERTIFICATE-----