This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/I08p1jkDdJlEDsjwq053srkjN2k.roa
File:                     I08p1jkDdJlEDsjwq053srkjN2k.roa (raw, json)
Hash identifier:          La1YGwc3oCLT3rS+rl/RN0PZ9UFeOvqPsj5JGqvzCv8=
Subject key identifier:   23:4F:29:D6:39:03:74:99:44:0E:C8:F0:AB:4E:77:B2:B9:23:37:69
Certificate issuer:       /CN=43d5ba0815c9f5193f80989ee893acacc4ba8849
Certificate serial:       019B7BA3C91FF65F5CD52FC7AB93D3AA34D7
Authority key identifier: 43:D5:BA:08:15:C9:F5:19:3F:80:98:9E:E8:93:AC:AC:C4:BA:88:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/I08p1jkDdJlEDsjwq053srkjN2k.roa
Signing time:             Thu 01 Jan 2026 22:18:09 +0000
ROA not before:           Thu 01 Jan 2026 22:18:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6085
IP address blocks:        57.250.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 04:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:c9:1f:f6:5f:5c:d5:2f:c7:ab:93:d3:aa:34:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43d5ba0815c9f5193f80989ee893acacc4ba8849
        Validity
            Not Before: Jan  1 22:18:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=234f29d639037499440ec8f0ab4e77b2b9233769
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:53:76:20:6a:cd:a5:a5:0d:7b:5d:32:70:9e:
                    91:cb:16:d6:f9:0b:50:2f:05:da:e9:d8:f3:45:30:
                    ee:32:6d:d4:65:ba:ef:db:99:39:25:b5:ad:34:b9:
                    82:5a:c8:06:3d:70:48:cf:f8:47:cd:5c:72:da:7d:
                    22:4a:c4:cb:81:d7:f7:36:24:37:35:3f:d2:42:d0:
                    65:c9:e3:fe:ee:e1:d2:f3:ac:e0:0b:a2:b3:1f:76:
                    fd:1e:a9:d0:55:43:71:c2:56:09:03:b6:3d:dc:ae:
                    72:8a:cc:2b:92:a9:80:b1:ff:45:99:0d:1c:31:da:
                    f0:2c:f1:72:42:7e:61:35:d2:ba:28:8f:e4:6a:7c:
                    4c:84:09:64:bc:3d:ca:78:4d:7a:ae:78:50:af:7d:
                    7e:1a:d0:5e:cc:28:d8:99:8e:d2:97:91:fc:05:07:
                    25:43:bc:4e:45:f7:6b:66:c1:a2:45:f7:f3:41:ac:
                    6b:89:32:7e:17:e3:65:f9:a8:2c:0d:b3:67:b0:e4:
                    dc:6c:74:d6:dc:e8:99:9f:90:6c:9e:1b:a8:4b:61:
                    53:e0:10:7d:fa:6c:95:16:5f:e4:ab:1e:59:f2:85:
                    a6:78:be:76:f9:b2:59:58:68:8b:c7:b3:cd:ea:0c:
                    1e:3d:f7:bf:79:42:4d:be:37:ae:ca:d1:f6:6f:8c:
                    8f:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:4F:29:D6:39:03:74:99:44:0E:C8:F0:AB:4E:77:B2:B9:23:37:69
            X509v3 Authority Key Identifier:
                keyid:43:D5:BA:08:15:C9:F5:19:3F:80:98:9E:E8:93:AC:AC:C4:BA:88:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/I08p1jkDdJlEDsjwq053srkjN2k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  57.250.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:85:f0:06:ce:90:19:dc:d9:d8:4d:88:af:1e:8a:c2:21:82:
         42:20:06:8c:a1:8a:b6:ec:6c:90:9a:87:00:02:b1:05:ae:17:
         66:fe:25:3c:41:82:33:86:12:c1:e7:e5:f7:6e:8a:d9:e1:48:
         9b:ad:0d:fa:e9:2b:4b:ac:f0:37:d5:0b:e1:3e:a3:56:38:31:
         86:e6:ca:c1:a6:4e:25:16:f9:7f:36:f9:ff:6d:56:e1:74:82:
         11:78:26:e0:00:c7:c9:5b:bd:e6:2e:7c:bd:61:41:9a:1c:10:
         f6:28:3a:e0:19:59:82:7a:7d:0d:28:25:ca:9d:6a:7b:71:c8:
         4a:93:dd:53:ed:5c:3c:99:15:10:e2:8d:0d:0f:dc:05:6e:2d:
         0b:86:0c:87:02:be:87:07:65:1b:dc:d7:43:77:a0:93:e5:14:
         90:0e:d3:5b:50:bf:6f:8e:c4:90:5b:77:39:ce:bb:e9:f6:e0:
         ba:8b:e4:ed:30:da:ce:80:80:a0:3e:41:02:61:56:f1:c5:79:
         32:cb:61:c5:f6:b3:b2:c2:04:38:45:21:20:6d:24:74:0b:c0:
         98:61:95:1a:b6:f9:bd:92:11:8e:d3:64:ee:2e:89:1e:34:c2:
         6c:4b:c4:20:88:97:89:df:d3:4d:48:57:dd:bf:79:c1:86:90:
         a0:c1:92:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7o8kf9l9c1S/Hq5PTqjTXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzZDViYTA4MTVjOWY1MTkzZjgwOTg5ZWU4OTNhY2FjYzRi
YTg4NDkwHhcNMjYwMTAxMjIxODA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzRmMjlkNjM5MDM3NDk5NDQwZWM4ZjBhYjRlNzdiMmI5MjMzNzY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1N2IGrNpaUNe10ycJ6RyxbW+QtQ
LwXa6djzRTDuMm3UZbrv25k5JbWtNLmCWsgGPXBIz/hHzVxy2n0iSsTLgdf3NiQ3
NT/SQtBlyeP+7uHS86zgC6KzH3b9HqnQVUNxwlYJA7Y93K5yiswrkqmAsf9FmQ0c
MdrwLPFyQn5hNdK6KI/kanxMhAlkvD3KeE16rnhQr31+GtBezCjYmY7Sl5H8BQcl
Q7xORfdrZsGiRffzQaxriTJ+F+Nl+agsDbNnsOTcbHTW3OiZn5BsnhuoS2FT4BB9
+myVFl/kqx5Z8oWmeL52+bJZWGiLx7PN6gwePfe/eUJNvjeuytH2b4yPlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCNPKdY5A3SZRA7I8KtOd7K5IzdpMB8GA1UdIwQY
MBaAFEPVuggVyfUZP4CYnuiTrKzEuohJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTlXNkNCWEo5UmtfZ0ppZTZKT3NyTVM2aUVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi83MjgyYjQtN2YxMS00ZWUwLWFiZWEt
ZTEzZTU1NzljNWRjLzEvSTA4cDFqa0RkSmxFRHNqd3EwNTNzcmtqTjJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi83MjgyYjQtN2YxMS00ZWUwLWFiZWEtZTEzZTU1NzljNWRj
LzEvUTlXNkNCWEo5UmtfZ0ppZTZKT3NyTVM2aUVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAOfpCMA0G
CSqGSIb3DQEBCwUAA4IBAQBmhfAGzpAZ3NnYTYivHorCIYJCIAaMoYq27GyQmocA
ArEFrhdm/iU8QYIzhhLB5+X3borZ4UibrQ366StLrPA31QvhPqNWODGG5srBpk4l
Fvl/Nvn/bVbhdIIReCbgAMfJW73mLny9YUGaHBD2KDrgGVmCen0NKCXKnWp7cchK
k91T7Vw8mRUQ4o0ND9wFbi0LhgyHAr6HB2Ub3NdDd6CT5RSQDtNbUL9vjsSQW3c5
zrvp9uC6i+TtMNrOgICgPkECYVbxxXkyy2HF9rOywgQ4RSEgbSR0C8CYYZUatvm9
khGO02TuLokeNMJsS8QgiJeJ39NNSFfdv3nBhpCgwZL1
-----END CERTIFICATE-----