This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/9RcFiPDd3R3zQqDhd_LItb-oDTA.roa
File:                     9RcFiPDd3R3zQqDhd_LItb-oDTA.roa (raw, json)
Hash identifier:          AC0BWwsNFcYLQdYfVVpkxBC/1xIK6znU8uU1YFKJpGM=
Subject key identifier:   F5:17:05:88:F0:DD:DD:1D:F3:42:A0:E1:77:F2:C8:B5:BF:A8:0D:30
Certificate issuer:       /CN=f0c104041691dc384f3b1a8cdf95c96628ea6daf
Certificate serial:       019B7E37D7FDC5F90F43B19444C8CEF6D2EB
Authority key identifier: F0:C1:04:04:16:91:DC:38:4F:3B:1A:8C:DF:95:C9:66:28:EA:6D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8MEEBBaR3DhPOxqM35XJZijqba8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/9RcFiPDd3R3zQqDhd_LItb-oDTA.roa
Signing time:             Fri 02 Jan 2026 10:19:07 +0000
ROA not before:           Fri 02 Jan 2026 10:19:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43754
IP address blocks:        164.215.128.0/17 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/8MEEBBaR3DhPOxqM35XJZijqba8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/8MEEBBaR3DhPOxqM35XJZijqba8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8MEEBBaR3DhPOxqM35XJZijqba8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:d7:fd:c5:f9:0f:43:b1:94:44:c8:ce:f6:d2:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0c104041691dc384f3b1a8cdf95c96628ea6daf
        Validity
            Not Before: Jan  2 10:19:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f5170588f0dddd1df342a0e177f2c8b5bfa80d30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:09:c6:11:06:89:d3:b2:59:1f:c0:52:15:35:
                    8d:5b:03:a5:d6:9b:8a:d5:cd:a6:d7:ff:1c:ff:2f:
                    1a:76:d3:77:84:da:86:58:de:ac:49:7a:9d:be:0c:
                    45:65:d2:a9:00:c2:1b:86:57:fb:7f:fa:49:c5:d6:
                    11:0a:12:79:f4:a7:9a:bd:4f:9c:b3:e9:2f:83:54:
                    54:16:af:c0:d3:c0:de:4c:f0:16:bb:9b:1d:35:77:
                    ba:42:43:17:eb:00:a2:5a:37:2b:2a:28:a1:13:93:
                    8d:f5:ab:73:b1:ff:46:e8:58:75:bb:b9:17:c0:eb:
                    47:6e:9e:16:bd:7d:e6:28:e4:1a:9e:57:d3:e5:29:
                    9b:2d:93:fc:81:d5:69:3f:b8:7a:f8:0d:1e:79:1f:
                    4e:f0:06:df:c3:b9:75:63:28:56:92:6a:e2:79:db:
                    47:ca:82:db:90:17:a4:a7:07:3c:04:61:40:7c:69:
                    73:73:f0:27:e6:d0:9b:5c:51:e9:ef:e7:a8:6d:98:
                    03:59:d4:aa:9a:ac:d8:10:dd:8f:22:12:1f:48:f7:
                    9b:48:df:2c:d4:02:22:84:ef:d8:21:9a:75:5c:1d:
                    8c:31:47:74:2c:25:b2:dd:b7:ed:6c:20:1a:0c:05:
                    38:d2:f4:a2:b1:ec:1a:c1:bd:a9:d1:11:91:f9:03:
                    b2:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:17:05:88:F0:DD:DD:1D:F3:42:A0:E1:77:F2:C8:B5:BF:A8:0D:30
            X509v3 Authority Key Identifier:
                keyid:F0:C1:04:04:16:91:DC:38:4F:3B:1A:8C:DF:95:C9:66:28:EA:6D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8MEEBBaR3DhPOxqM35XJZijqba8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/9RcFiPDd3R3zQqDhd_LItb-oDTA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/8MEEBBaR3DhPOxqM35XJZijqba8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.215.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         53:e4:19:4d:bd:28:bb:8a:d6:a4:0c:61:69:f2:33:c1:14:9c:
         a8:0a:7d:80:a9:22:a8:8d:61:b7:e7:41:80:e7:1a:b0:d4:21:
         42:4b:08:5d:5d:88:50:1c:98:00:91:f0:63:e2:06:74:fd:50:
         71:61:c3:c2:f8:5c:d0:85:74:a5:c0:e7:b1:77:1d:6b:2d:24:
         89:d0:af:35:8b:64:34:ff:b0:12:4d:7a:65:5a:42:02:53:b2:
         c8:58:2b:a7:70:28:99:79:c3:7b:e4:6b:2e:4c:22:a3:c9:02:
         ae:c1:1e:21:6f:9b:3c:c1:a8:8d:47:ca:c7:91:12:1a:7a:60:
         0d:f9:86:d0:bf:9c:ab:96:b7:64:c5:01:68:c4:f2:1e:c8:9d:
         65:00:76:ed:7f:5c:ef:5f:bd:9d:63:44:e0:0b:66:99:67:c3:
         d1:8d:49:14:9f:d6:90:8c:f2:d5:87:28:79:8a:22:a0:30:f5:
         4f:5b:e3:07:0c:4b:28:6b:3b:17:a3:19:3a:b4:e1:32:b3:cc:
         53:c5:ad:05:36:b1:ac:bc:17:1d:87:aa:71:97:35:81:43:c0:
         c0:ba:d4:84:64:15:89:27:d2:ee:52:ac:5f:18:f1:05:dd:94:
         0b:29:78:f7:e4:84:d3:16:59:c2:d6:53:d4:2e:12:7d:80:5e:
         38:2e:57:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+N9f9xfkPQ7GURMjO9tLrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwYzEwNDA0MTY5MWRjMzg0ZjNiMWE4Y2RmOTVjOTY2Mjhl
YTZkYWYwHhcNMjYwMTAyMTAxOTA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTE3MDU4OGYwZGRkZDFkZjM0MmEwZTE3N2YyYzhiNWJmYTgwZDMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxQnGEQaJ07JZH8BSFTWNWwOl1puK
1c2m1/8c/y8adtN3hNqGWN6sSXqdvgxFZdKpAMIbhlf7f/pJxdYRChJ59KeavU+c
s+kvg1RUFq/A08DeTPAWu5sdNXe6QkMX6wCiWjcrKiihE5ON9atzsf9G6Fh1u7kX
wOtHbp4WvX3mKOQanlfT5SmbLZP8gdVpP7h6+A0eeR9O8Abfw7l1YyhWkmriedtH
yoLbkBekpwc8BGFAfGlzc/An5tCbXFHp7+eobZgDWdSqmqzYEN2PIhIfSPebSN8s
1AIihO/YIZp1XB2MMUd0LCWy3bftbCAaDAU40vSisewawb2p0RGR+QOyUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPUXBYjw3d0d80Kg4XfyyLW/qA0wMB8GA1UdIwQY
MBaAFPDBBAQWkdw4TzsajN+VyWYo6m2vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE1FRUJCYVIzRGhQT3hxTTM1WEpaaWpxYmE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS83ODljYWYtYzhkMi00MTllLWFlMDQt
NjkxNDIyMzExNzI5LzEvOVJjRmlQRGQzUjN6UXFEaGRfTEl0Yi1vRFRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS83ODljYWYtYzhkMi00MTllLWFlMDQtNjkxNDIyMzExNzI5
LzEvOE1FRUJCYVIzRGhQT3hxTTM1WEpaaWpxYmE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQHpNeAMA0G
CSqGSIb3DQEBCwUAA4IBAQBT5BlNvSi7itakDGFp8jPBFJyoCn2AqSKojWG350GA
5xqw1CFCSwhdXYhQHJgAkfBj4gZ0/VBxYcPC+FzQhXSlwOexdx1rLSSJ0K81i2Q0
/7ASTXplWkICU7LIWCuncCiZecN75GsuTCKjyQKuwR4hb5s8waiNR8rHkRIaemAN
+YbQv5yrlrdkxQFoxPIeyJ1lAHbtf1zvX72dY0TgC2aZZ8PRjUkUn9aQjPLVhyh5
iiKgMPVPW+MHDEsoazsXoxk6tOEys8xTxa0FNrGsvBcdh6pxlzWBQ8DAutSEZBWJ
J9LuUqxfGPEF3ZQLKXj35ITTFlnC1lPULhJ9gF44LlfP
-----END CERTIFICATE-----