This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/9lOq7Wh0Dc-TKs_jMnqAjp9qty8.roa
File:                     9lOq7Wh0Dc-TKs_jMnqAjp9qty8.roa (raw, json)
Hash identifier:          gQsP3f9jY08L6TReTRhgCoFcXcYx56yiIKyEwP5fgis=
Subject key identifier:   F6:53:AA:ED:68:74:0D:CF:93:2A:CF:E3:32:7A:80:8E:9F:6A:B7:2F
Certificate issuer:       /CN=6bc5de7d7255b7d58260c65a120b164ef10ef903
Certificate serial:       019B77C7276B01DAD0711148F0E024557C9A
Authority key identifier: 6B:C5:DE:7D:72:55:B7:D5:82:60:C6:5A:12:0B:16:4E:F1:0E:F9:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a8XefXJVt9WCYMZaEgsWTvEO-QM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/9lOq7Wh0Dc-TKs_jMnqAjp9qty8.roa
Signing time:             Thu 01 Jan 2026 04:18:19 +0000
ROA not before:           Thu 01 Jan 2026 04:18:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200845
IP address blocks:        185.104.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/a8XefXJVt9WCYMZaEgsWTvEO-QM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/a8XefXJVt9WCYMZaEgsWTvEO-QM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a8XefXJVt9WCYMZaEgsWTvEO-QM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 06:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:27:6b:01:da:d0:71:11:48:f0:e0:24:55:7c:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6bc5de7d7255b7d58260c65a120b164ef10ef903
        Validity
            Not Before: Jan  1 04:18:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f653aaed68740dcf932acfe3327a808e9f6ab72f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:2a:0c:83:ca:53:22:96:8d:07:16:ae:8b:9c:
                    4f:25:fe:ed:44:3d:87:17:01:6d:15:ff:f3:8e:7a:
                    f9:a5:4f:10:71:7e:f8:4a:b9:20:1c:de:23:a4:94:
                    10:63:8f:aa:71:f8:3d:82:cf:05:9f:13:85:07:0c:
                    58:d5:01:d4:ae:92:2d:28:ac:19:46:22:ce:a1:41:
                    32:99:0d:29:dc:b2:98:50:f4:4f:5a:96:b1:24:71:
                    71:84:a5:b5:fd:dc:e1:40:6c:51:cf:b1:6b:09:0f:
                    60:3f:80:7b:f0:0e:d5:b8:2b:e2:e1:16:90:bf:13:
                    d8:ee:1d:8b:2d:79:9c:7e:53:87:af:06:23:15:ee:
                    7f:84:a4:fa:be:3d:17:c5:68:9a:7e:6a:7f:ca:a1:
                    b2:77:d3:f6:10:fa:b7:ad:d4:38:39:6e:9a:52:18:
                    2f:8c:48:44:93:02:2a:37:cf:07:0a:cb:22:57:67:
                    71:95:e0:08:6a:98:ba:7c:69:3b:9a:60:7c:bc:7e:
                    07:80:46:73:99:9c:6e:57:81:80:36:14:5c:cb:b6:
                    7c:ff:bd:33:8d:cf:f1:b0:98:08:f1:a6:48:a8:41:
                    3c:eb:90:9e:a6:ff:c1:6b:76:9c:2e:29:82:7d:35:
                    1e:85:c1:eb:0d:75:9c:02:5c:7a:a3:69:e1:5c:a2:
                    5e:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:53:AA:ED:68:74:0D:CF:93:2A:CF:E3:32:7A:80:8E:9F:6A:B7:2F
            X509v3 Authority Key Identifier:
                keyid:6B:C5:DE:7D:72:55:B7:D5:82:60:C6:5A:12:0B:16:4E:F1:0E:F9:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8XefXJVt9WCYMZaEgsWTvEO-QM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/9lOq7Wh0Dc-TKs_jMnqAjp9qty8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/a8XefXJVt9WCYMZaEgsWTvEO-QM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.104.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:db:a4:0b:53:24:91:f7:e3:01:3d:1b:4b:93:23:d6:30:c1:
         49:ff:6c:80:8a:0d:80:68:42:57:df:d8:c6:06:dc:d1:35:69:
         97:7d:06:7f:47:bd:d3:8d:90:ba:a0:a6:44:76:fa:a9:54:38:
         39:9a:98:fe:81:14:d8:8f:cf:69:0d:5e:83:f3:7a:c4:70:28:
         14:04:6d:ab:67:9d:6b:4d:46:e1:a1:3a:ad:7c:49:39:fa:68:
         6f:16:23:48:9e:e0:aa:34:2c:35:d0:2a:79:f2:04:1f:0b:be:
         08:4c:e4:6d:8d:f4:91:f7:cd:f8:35:b9:62:2a:87:73:ca:2d:
         89:39:74:46:b5:e9:35:28:26:28:2a:c8:d6:97:36:6b:24:00:
         e4:0f:13:5f:c1:e7:4b:6c:17:3b:49:fe:0d:f8:fc:fb:1b:3c:
         88:eb:19:92:50:d7:28:d5:a4:c4:91:80:88:a8:f7:09:09:34:
         f3:3a:c0:8b:9c:57:5c:f6:3b:6d:40:70:e8:6f:10:f5:05:5b:
         47:b8:44:1e:46:b4:4c:0e:be:24:cb:12:0c:d7:35:4c:f1:cd:
         fd:c2:5b:8c:ba:22:6d:7a:45:22:9e:62:dd:29:c4:ba:3d:ae:
         d1:26:c2:a4:bb:61:c2:23:d7:6a:3b:fc:59:08:d4:01:31:db:
         90:03:5c:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xydrAdrQcRFI8OAkVXyaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiYzVkZTdkNzI1NWI3ZDU4MjYwYzY1YTEyMGIxNjRlZjEw
ZWY5MDMwHhcNMjYwMTAxMDQxODE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjUzYWFlZDY4NzQwZGNmOTMyYWNmZTMzMjdhODA4ZTlmNmFiNzJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuyoMg8pTIpaNBxaui5xPJf7tRD2H
FwFtFf/zjnr5pU8QcX74SrkgHN4jpJQQY4+qcfg9gs8FnxOFBwxY1QHUrpItKKwZ
RiLOoUEymQ0p3LKYUPRPWpaxJHFxhKW1/dzhQGxRz7FrCQ9gP4B78A7VuCvi4RaQ
vxPY7h2LLXmcflOHrwYjFe5/hKT6vj0XxWiafmp/yqGyd9P2EPq3rdQ4OW6aUhgv
jEhEkwIqN88HCssiV2dxleAIapi6fGk7mmB8vH4HgEZzmZxuV4GANhRcy7Z8/70z
jc/xsJgI8aZIqEE865Cepv/Ba3acLimCfTUehcHrDXWcAlx6o2nhXKJe/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPZTqu1odA3PkyrP4zJ6gI6farcvMB8GA1UdIwQY
MBaAFGvF3n1yVbfVgmDGWhILFk7xDvkDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYThYZWZYSlZ0OVdDWU1aYUVnc1dUdkVPLVFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi8zMjEwOWUtMjRjOS00Yzg4LWE4ZTgt
ZmRmNjYzOGQyYzA0LzEvOWxPcTdXaDBEYy1US3Nfak1ucUFqcDlxdHk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi8zMjEwOWUtMjRjOS00Yzg4LWE4ZTgtZmRmNjYzOGQyYzA0
LzEvYThYZWZYSlZ0OVdDWU1aYUVnc1dUdkVPLVFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWiZMA0G
CSqGSIb3DQEBCwUAA4IBAQCG26QLUySR9+MBPRtLkyPWMMFJ/2yAig2AaEJX39jG
BtzRNWmXfQZ/R73TjZC6oKZEdvqpVDg5mpj+gRTYj89pDV6D83rEcCgUBG2rZ51r
TUbhoTqtfEk5+mhvFiNInuCqNCw10Cp58gQfC74ITORtjfSR9834NbliKodzyi2J
OXRGtek1KCYoKsjWlzZrJADkDxNfwedLbBc7Sf4N+Pz7GzyI6xmSUNco1aTEkYCI
qPcJCTTzOsCLnFdc9jttQHDobxD1BVtHuEQeRrRMDr4kyxIM1zVM8c39wluMuiJt
ekUinmLdKcS6Pa7RJsKku2HCI9dqO/xZCNQBMduQA1xO
-----END CERTIFICATE-----