This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de477f-0785-4026-83be-69890c829e33/1/9SsHjlBtd69QJ3ndqo-1KhdedKw.roa
File:                     9SsHjlBtd69QJ3ndqo-1KhdedKw.roa (raw, json)
Hash identifier:          qiOm4Fr0eZzz2bsbkMUTFYSa9lmGOwKDeaQIOpLMzdY=
Subject key identifier:   F5:2B:07:8E:50:6D:77:AF:50:27:79:DD:AA:8F:B5:2A:17:5E:74:AC
Certificate issuer:       /CN=89da60f049dfba34be4b4e8418b9ff492125c449
Certificate serial:       019B7DCB4E30EA0418327248168C2C53CDB4
Authority key identifier: 89:DA:60:F0:49:DF:BA:34:BE:4B:4E:84:18:B9:FF:49:21:25:C4:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/idpg8EnfujS-S06EGLn_SSElxEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de477f-0785-4026-83be-69890c829e33/1/9SsHjlBtd69QJ3ndqo-1KhdedKw.roa
Signing time:             Fri 02 Jan 2026 08:20:34 +0000
ROA not before:           Fri 02 Jan 2026 08:20:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     26380
IP address blocks:        5.32.43.128/25 maxlen: 25
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/de477f-0785-4026-83be-69890c829e33/1/idpg8EnfujS-S06EGLn_SSElxEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/de477f-0785-4026-83be-69890c829e33/1/idpg8EnfujS-S06EGLn_SSElxEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/idpg8EnfujS-S06EGLn_SSElxEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:cb:4e:30:ea:04:18:32:72:48:16:8c:2c:53:cd:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89da60f049dfba34be4b4e8418b9ff492125c449
        Validity
            Not Before: Jan  2 08:20:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f52b078e506d77af502779ddaa8fb52a175e74ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:b3:d4:1f:8f:6c:00:96:f6:8f:9c:cb:de:c4:
                    f2:a2:9e:b3:40:81:8a:45:28:48:34:9a:6d:cd:65:
                    31:03:f0:a1:3f:16:75:74:e7:91:41:76:e3:25:e4:
                    31:7d:4d:09:52:12:9b:58:61:05:e6:86:72:d5:b6:
                    a4:83:9b:73:57:36:0a:6a:34:03:b0:93:31:1d:61:
                    e9:e2:3a:61:6a:24:1c:66:f3:a0:ce:1a:8d:35:7c:
                    51:da:e0:58:26:77:71:45:a6:b4:83:74:aa:c5:df:
                    8a:87:05:5e:71:54:3c:29:9b:2e:a4:99:11:d9:35:
                    9e:af:89:84:b9:f5:ec:d3:ce:57:d2:05:eb:3c:47:
                    75:a5:66:df:ac:53:b5:ed:55:f6:4b:67:0f:ec:4a:
                    f8:f6:47:86:1c:1b:ee:64:c5:ac:73:c1:79:aa:04:
                    98:ef:53:b4:16:21:7c:39:c0:0c:c8:70:75:c3:5b:
                    e4:14:df:a3:44:d5:6b:0a:53:80:e8:1d:28:53:63:
                    91:e6:33:34:c9:14:0b:97:ba:f8:4e:77:6a:95:01:
                    33:04:93:bc:e6:4b:53:4b:f7:50:26:5f:22:e3:5b:
                    82:a0:81:97:94:23:53:f9:f4:68:9a:05:f5:57:52:
                    19:0d:f9:8d:74:59:ff:03:ce:c4:96:3d:9f:7f:9e:
                    a6:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:2B:07:8E:50:6D:77:AF:50:27:79:DD:AA:8F:B5:2A:17:5E:74:AC
            X509v3 Authority Key Identifier:
                keyid:89:DA:60:F0:49:DF:BA:34:BE:4B:4E:84:18:B9:FF:49:21:25:C4:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/idpg8EnfujS-S06EGLn_SSElxEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de477f-0785-4026-83be-69890c829e33/1/9SsHjlBtd69QJ3ndqo-1KhdedKw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de477f-0785-4026-83be-69890c829e33/1/idpg8EnfujS-S06EGLn_SSElxEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.32.43.128/25

    Signature Algorithm: sha256WithRSAEncryption
         9c:93:2b:b0:3e:4c:bc:71:1a:d8:6f:cf:17:b1:ff:5f:55:4c:
         90:9f:2a:ae:27:b2:c8:a4:2e:df:90:43:bf:a7:94:5e:c7:d1:
         f4:7d:60:7f:a4:4b:0f:9d:ca:dd:03:ce:47:09:93:ce:57:88:
         b2:e5:0e:20:a5:54:ea:5d:9d:1b:36:1b:c2:cc:43:41:ac:c9:
         bb:1f:9e:4a:e0:2f:7c:d8:2e:47:6a:b5:92:70:3b:f5:05:1c:
         1c:40:dd:7d:2f:4b:e5:32:fa:ae:e1:23:cb:2e:0c:22:f6:93:
         93:bf:6b:7f:f9:cb:71:d1:74:89:17:a1:7f:76:4f:89:fc:65:
         aa:f3:fe:ba:2f:75:a6:9d:1d:81:45:16:88:c1:61:94:db:50:
         53:18:aa:bc:34:82:7e:db:4a:7c:99:aa:9c:e8:26:0a:7d:1f:
         68:d7:16:e6:2e:31:f4:5a:62:e3:26:a4:ec:bf:35:7c:4f:04:
         90:59:40:da:a8:72:0d:66:36:66:85:9a:17:7d:61:a4:2a:1a:
         12:48:d3:a4:3c:7a:e7:5c:ad:e7:1e:84:14:c3:20:f2:67:f9:
         65:c3:1b:e1:72:ac:7e:42:82:0f:98:aa:55:8d:f7:0b:34:3a:
         fd:e1:b6:4c:f7:dd:bc:25:16:4d:67:3d:16:87:3a:88:32:a2:
         aa:32:13:65
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt9y04w6gQYMnJIFowsU820MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5ZGE2MGYwNDlkZmJhMzRiZTRiNGU4NDE4YjlmZjQ5MjEy
NWM0NDkwHhcNMjYwMTAyMDgyMDM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTJiMDc4ZTUwNmQ3N2FmNTAyNzc5ZGRhYThmYjUyYTE3NWU3NGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA27PUH49sAJb2j5zL3sTyop6zQIGK
RShINJptzWUxA/ChPxZ1dOeRQXbjJeQxfU0JUhKbWGEF5oZy1bakg5tzVzYKajQD
sJMxHWHp4jphaiQcZvOgzhqNNXxR2uBYJndxRaa0g3Sqxd+KhwVecVQ8KZsupJkR
2TWer4mEufXs085X0gXrPEd1pWbfrFO17VX2S2cP7Er49keGHBvuZMWsc8F5qgSY
71O0FiF8OcAMyHB1w1vkFN+jRNVrClOA6B0oU2OR5jM0yRQLl7r4TndqlQEzBJO8
5ktTS/dQJl8i41uCoIGXlCNT+fRomgX1V1IZDfmNdFn/A87Elj2ff56m5QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPUrB45QbXevUCd53aqPtSoXXnSsMB8GA1UdIwQY
MBaAFInaYPBJ37o0vktOhBi5/0khJcRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWRwZzhFbmZ1alMtUzA2RUdMbl9TU0VseEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTQ3N2YtMDc4NS00MDI2LTgzYmUt
Njk4OTBjODI5ZTMzLzEvOVNzSGpsQnRkNjlRSjNuZHFvLTFLaGRlZEt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTQ3N2YtMDc4NS00MDI2LTgzYmUtNjk4OTBjODI5ZTMz
LzEvaWRwZzhFbmZ1alMtUzA2RUdMbl9TU0VseEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUHBSArgDAN
BgkqhkiG9w0BAQsFAAOCAQEAnJMrsD5MvHEa2G/PF7H/X1VMkJ8qrieyyKQu35BD
v6eUXsfR9H1gf6RLD53K3QPORwmTzleIsuUOIKVU6l2dGzYbwsxDQazJux+eSuAv
fNguR2q1knA79QUcHEDdfS9L5TL6ruEjyy4MIvaTk79rf/nLcdF0iRehf3ZPifxl
qvP+ui91pp0dgUUWiMFhlNtQUxiqvDSCfttKfJmqnOgmCn0faNcW5i4x9Fpi4yak
7L81fE8EkFlA2qhyDWY2ZoWaF31hpCoaEkjTpDx651yt5x6EFMMg8mf5ZcMb4XKs
fkKCD5iqVY33CzQ6/eG2TPfdvCUWTWc9Foc6iDKiqjITZQ==
-----END CERTIFICATE-----