This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/ca6f69-6fec-4753-ad77-eb6f9df045b2/1/nDj9PT5N_QWx4Sz5FT7RF4CSpok.roa
File:                     nDj9PT5N_QWx4Sz5FT7RF4CSpok.roa (raw, json)
Hash identifier:          h0RW3y25bIVEC8aKObDu/RDtNTnrw2v6jC5PsgpIK5Q=
Subject key identifier:   9C:38:FD:3D:3E:4D:FD:05:B1:E1:2C:F9:15:3E:D1:17:80:92:A6:89
Certificate issuer:       /CN=75a5a9e8ef27e3027293ef84fb8f8d30fab6e6d6
Certificate serial:       019B791137E01D126996EFB35E05F0A020C4
Authority key identifier: 75:A5:A9:E8:EF:27:E3:02:72:93:EF:84:FB:8F:8D:30:FA:B6:E6:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/daWp6O8n4wJyk--E-4-NMPq25tY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/ca6f69-6fec-4753-ad77-eb6f9df045b2/1/nDj9PT5N_QWx4Sz5FT7RF4CSpok.roa
Signing time:             Thu 01 Jan 2026 10:18:50 +0000
ROA not before:           Thu 01 Jan 2026 10:18:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     64426
IP address blocks:        109.206.232.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/ca6f69-6fec-4753-ad77-eb6f9df045b2/1/daWp6O8n4wJyk--E-4-NMPq25tY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/ca6f69-6fec-4753-ad77-eb6f9df045b2/1/daWp6O8n4wJyk--E-4-NMPq25tY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/daWp6O8n4wJyk--E-4-NMPq25tY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:11:37:e0:1d:12:69:96:ef:b3:5e:05:f0:a0:20:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=75a5a9e8ef27e3027293ef84fb8f8d30fab6e6d6
        Validity
            Not Before: Jan  1 10:18:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9c38fd3d3e4dfd05b1e12cf9153ed1178092a689
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:6d:d5:69:44:db:fd:80:5a:0c:f3:b2:be:6b:
                    9c:e7:69:57:16:ed:36:22:db:9e:1a:12:bb:3e:30:
                    d2:25:a1:e1:2c:0a:a0:e1:59:23:d9:56:63:49:b7:
                    4d:89:63:e0:77:1f:77:40:5a:b3:b5:89:e5:b3:47:
                    21:f9:42:2e:00:58:63:91:c2:1e:4b:cc:82:0c:bb:
                    06:f6:5c:39:f4:01:d4:de:74:3d:30:73:42:02:9c:
                    30:47:de:cc:13:42:1b:8b:ed:87:c8:7b:f2:c3:41:
                    5a:26:a8:3e:e5:be:f5:91:13:bb:97:12:40:a4:89:
                    58:d7:5b:82:bf:16:29:59:03:61:05:de:18:74:01:
                    7d:b7:3f:56:23:c3:ed:92:a3:cd:bf:4f:82:a6:24:
                    7b:26:ac:a0:d1:a1:2d:ff:35:9d:65:a3:75:00:18:
                    f4:0c:6f:7b:70:4b:04:f9:15:7a:b5:45:69:08:57:
                    67:f9:48:a7:9c:53:7a:0b:46:9c:b0:c8:42:c4:0a:
                    b5:6a:45:59:63:9a:08:ee:90:c5:2a:13:da:e8:1b:
                    9a:95:66:cd:83:87:58:39:4f:69:1d:c7:3d:57:74:
                    f0:80:be:9d:e2:b8:24:18:4b:5c:42:dd:98:d0:04:
                    4c:36:71:7f:06:64:39:80:9e:41:16:0a:dc:76:d5:
                    c4:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:38:FD:3D:3E:4D:FD:05:B1:E1:2C:F9:15:3E:D1:17:80:92:A6:89
            X509v3 Authority Key Identifier:
                keyid:75:A5:A9:E8:EF:27:E3:02:72:93:EF:84:FB:8F:8D:30:FA:B6:E6:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/daWp6O8n4wJyk--E-4-NMPq25tY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/ca6f69-6fec-4753-ad77-eb6f9df045b2/1/nDj9PT5N_QWx4Sz5FT7RF4CSpok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/ca6f69-6fec-4753-ad77-eb6f9df045b2/1/daWp6O8n4wJyk--E-4-NMPq25tY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.206.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0b:b6:d5:cf:35:5b:3b:03:77:57:ca:1b:0b:dc:9d:7e:32:7c:
         5b:19:63:6d:89:c0:85:0f:48:3d:d4:e2:80:93:cd:ac:57:fe:
         76:fd:43:45:b6:a6:aa:58:cb:9a:03:55:42:8b:8c:59:6f:f1:
         56:34:0c:00:75:6d:e4:db:8a:78:11:10:15:14:6f:70:7d:43:
         72:0a:0a:13:b4:c6:27:ae:2e:c6:41:2f:e5:d4:7c:d7:62:62:
         c0:7c:1f:fb:79:1f:da:ab:72:8a:09:4d:89:0f:5d:7a:68:a8:
         95:49:32:76:27:74:9c:cc:b3:8f:26:80:9d:d3:1a:af:aa:3f:
         4f:b9:5c:4b:66:b2:81:46:e0:cc:d6:e9:0c:19:38:2f:85:53:
         21:02:b4:5b:0d:0a:d3:69:1e:9f:eb:ac:bf:0a:bf:70:6b:06:
         c9:05:d4:79:51:cf:ca:f3:0b:69:4c:fd:bd:3f:e6:aa:f4:0f:
         be:fd:7f:0f:e5:99:42:4f:e6:46:2d:57:cc:29:68:b9:9f:b1:
         4f:2f:8e:22:06:b0:b6:e7:df:0e:38:92:82:90:1d:1b:aa:56:
         c6:50:8d:c8:4d:62:b4:dd:a9:ef:d0:ec:d5:31:6a:17:0f:73:
         04:85:c5:0d:eb:bd:7e:f7:7a:a6:be:28:8c:0d:04:2a:22:c9:
         f5:ea:05:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5ETfgHRJplu+zXgXwoCDEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1YTVhOWU4ZWYyN2UzMDI3MjkzZWY4NGZiOGY4ZDMwZmFi
NmU2ZDYwHhcNMjYwMTAxMTAxODUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzM4ZmQzZDNlNGRmZDA1YjFlMTJjZjkxNTNlZDExNzgwOTJhNjg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxm3VaUTb/YBaDPOyvmuc52lXFu02
ItueGhK7PjDSJaHhLAqg4Vkj2VZjSbdNiWPgdx93QFqztYnls0ch+UIuAFhjkcIe
S8yCDLsG9lw59AHU3nQ9MHNCApwwR97ME0Ibi+2HyHvyw0FaJqg+5b71kRO7lxJA
pIlY11uCvxYpWQNhBd4YdAF9tz9WI8PtkqPNv0+CpiR7Jqyg0aEt/zWdZaN1ABj0
DG97cEsE+RV6tUVpCFdn+UinnFN6C0acsMhCxAq1akVZY5oI7pDFKhPa6BualWbN
g4dYOU9pHcc9V3TwgL6d4rgkGEtcQt2Y0ARMNnF/BmQ5gJ5BFgrcdtXE3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJw4/T0+Tf0FseEs+RU+0ReAkqaJMB8GA1UdIwQY
MBaAFHWlqejvJ+MCcpPvhPuPjTD6tubWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGFXcDZPOG40d0p5ay0tRS00LU5NUHEyNXRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS9jYTZmNjktNmZlYy00NzUzLWFkNzct
ZWI2ZjlkZjA0NWIyLzEvbkRqOVBUNU5fUVd4NFN6NUZUN1JGNENTcG9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS9jYTZmNjktNmZlYy00NzUzLWFkNzctZWI2ZjlkZjA0NWIy
LzEvZGFXcDZPOG40d0p5ay0tRS00LU5NUHEyNXRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCbc7oMA0G
CSqGSIb3DQEBCwUAA4IBAQALttXPNVs7A3dXyhsL3J1+MnxbGWNticCFD0g91OKA
k82sV/52/UNFtqaqWMuaA1VCi4xZb/FWNAwAdW3k24p4ERAVFG9wfUNyCgoTtMYn
ri7GQS/l1HzXYmLAfB/7eR/aq3KKCU2JD116aKiVSTJ2J3SczLOPJoCd0xqvqj9P
uVxLZrKBRuDM1ukMGTgvhVMhArRbDQrTaR6f66y/Cr9wawbJBdR5Uc/K8wtpTP29
P+aq9A++/X8P5ZlCT+ZGLVfMKWi5n7FPL44iBrC2598OOJKCkB0bqlbGUI3ITWK0
3anv0OzVMWoXD3MEhcUN671+93qmviiMDQQqIsn16gUJ
-----END CERTIFICATE-----