This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/ZmA7YXk1EXie8V8IljOsrQAeVMc.roa
File:                     ZmA7YXk1EXie8V8IljOsrQAeVMc.roa (raw, json)
Hash identifier:          KfN3YtXoCnYtbOhys/L3JbGSTPU3Jpxa1rNO5rVZaaM=
Subject key identifier:   66:60:3B:61:79:35:11:78:9E:F1:5F:08:96:33:AC:AD:00:1E:54:C7
Certificate issuer:       /CN=f73425724cae273f2963060dc865c6f0b0425cad
Certificate serial:       019BC394AC08DC412A7C167640D5875BB727
Authority key identifier: F7:34:25:72:4C:AE:27:3F:29:63:06:0D:C8:65:C6:F0:B0:42:5C:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/ZmA7YXk1EXie8V8IljOsrQAeVMc.roa
Signing time:             Thu 15 Jan 2026 21:34:19 +0000
ROA not before:           Thu 15 Jan 2026 21:34:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203142
IP address blocks:        72.56.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:c3:94:ac:08:dc:41:2a:7c:16:76:40:d5:87:5b:b7:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f73425724cae273f2963060dc865c6f0b0425cad
        Validity
            Not Before: Jan 15 21:34:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=66603b61793511789ef15f089633acad001e54c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:b9:3b:5b:a9:8a:4a:5d:c7:49:9a:46:d5:3a:
                    c0:2c:a4:1a:71:26:10:a9:74:04:70:73:dd:26:87:
                    b6:eb:0e:b9:f8:5c:35:5e:b4:8d:ad:9c:c4:14:c7:
                    b5:f2:3c:8c:6a:a6:13:06:5a:1d:97:e4:7d:16:c3:
                    7c:b6:11:d7:a1:43:0e:9d:02:b1:00:ea:40:2f:ea:
                    2e:e4:39:fa:a7:dd:72:9c:31:8f:09:15:bf:75:9f:
                    39:43:de:9e:d8:f0:b3:da:26:01:19:95:8f:03:38:
                    6d:21:27:7d:45:46:a9:96:06:c9:b4:fd:7b:ba:65:
                    db:72:7a:38:76:a7:7a:3e:4e:62:02:cc:b5:42:08:
                    23:68:62:31:f3:c5:2d:d9:19:21:07:36:f6:49:96:
                    fe:73:56:a3:92:a2:e2:2e:22:41:f9:9e:ab:b5:58:
                    f2:19:16:61:5b:24:ce:b5:81:45:10:c3:64:4e:08:
                    08:ab:4b:0f:04:b8:ca:46:8c:23:2d:4f:fe:ce:a2:
                    30:0a:2b:99:99:67:90:0e:af:a0:19:23:2a:cc:a1:
                    42:dc:9d:85:96:51:e7:7d:c0:8e:33:6b:c5:6c:8d:
                    40:20:1c:53:06:1f:15:07:89:91:f2:43:4e:1b:b1:
                    37:d4:41:0b:2c:21:fd:e3:1b:68:ee:7b:cc:91:75:
                    a0:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:60:3B:61:79:35:11:78:9E:F1:5F:08:96:33:AC:AD:00:1E:54:C7
            X509v3 Authority Key Identifier:
                keyid:F7:34:25:72:4C:AE:27:3F:29:63:06:0D:C8:65:C6:F0:B0:42:5C:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9zQlckyuJz8pYwYNyGXG8LBCXK0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/ZmA7YXk1EXie8V8IljOsrQAeVMc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9f09aa-dd5e-4e06-b28e-e871b21790de/1/9zQlckyuJz8pYwYNyGXG8LBCXK0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  72.56.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:61:e7:8b:90:07:b8:25:68:ba:d7:02:1f:9c:1c:0d:39:f2:
         bb:92:2b:ee:fd:52:d8:30:93:19:6b:13:88:24:70:0e:24:43:
         ad:32:c3:01:7a:d9:f0:c7:24:04:0d:2f:d3:48:e4:40:e1:82:
         c1:c0:20:db:b0:83:42:46:c3:6a:6e:89:97:21:d9:d6:0d:ae:
         0e:c4:ce:93:a6:fd:c5:cf:14:20:b3:7c:6e:b5:c7:b7:d8:25:
         53:21:40:fe:a5:79:df:54:85:b4:4f:23:70:7d:7a:a8:15:91:
         f4:b5:c9:dc:9e:b7:82:b3:8b:71:b1:04:eb:69:bd:b3:c2:67:
         ef:23:dc:87:18:85:03:83:ad:73:2d:4a:d2:53:73:32:85:e7:
         11:24:95:e6:ad:88:91:ab:dc:39:83:8b:c3:8b:5d:9c:7e:ed:
         61:41:cf:ad:39:79:9d:3c:0e:2a:0f:e7:ea:0f:bf:d8:fd:83:
         fd:d7:b4:79:e3:3d:7d:c0:1c:7b:dc:57:cb:cb:5f:a9:5c:c2:
         4f:5c:39:58:ad:a1:3c:29:61:b6:d0:bb:86:ff:d0:bb:f5:8d:
         9f:65:fe:35:1d:d8:7c:bb:5f:bf:5c:09:d2:6a:28:1a:30:1c:
         83:1c:37:e5:ff:48:db:21:91:38:b3:e2:f2:a4:15:de:be:f7:
         50:b7:71:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZvDlKwI3EEqfBZ2QNWHW7cnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3MzQyNTcyNGNhZTI3M2YyOTYzMDYwZGM4NjVjNmYwYjA0
MjVjYWQwHhcNMjYwMTE1MjEzNDE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjYwM2I2MTc5MzUxMTc4OWVmMTVmMDg5NjMzYWNhZDAwMWU1NGM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu7k7W6mKSl3HSZpG1TrALKQacSYQ
qXQEcHPdJoe26w65+Fw1XrSNrZzEFMe18jyMaqYTBlodl+R9FsN8thHXoUMOnQKx
AOpAL+ou5Dn6p91ynDGPCRW/dZ85Q96e2PCz2iYBGZWPAzhtISd9RUaplgbJtP17
umXbcno4dqd6Pk5iAsy1QggjaGIx88Ut2RkhBzb2SZb+c1ajkqLiLiJB+Z6rtVjy
GRZhWyTOtYFFEMNkTggIq0sPBLjKRowjLU/+zqIwCiuZmWeQDq+gGSMqzKFC3J2F
llHnfcCOM2vFbI1AIBxTBh8VB4mR8kNOG7E31EELLCH94xto7nvMkXWgywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGZgO2F5NRF4nvFfCJYzrK0AHlTHMB8GA1UdIwQY
MBaAFPc0JXJMric/KWMGDchlxvCwQlytMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXpRbGNreXVKejhwWXdZTnlHWEc4TEJDWEswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85ZjA5YWEtZGQ1ZS00ZTA2LWIyOGUt
ZTg3MWIyMTc5MGRlLzEvWm1BN1lYazFFWGllOFY4SWxqT3NyUUFlVk1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85ZjA5YWEtZGQ1ZS00ZTA2LWIyOGUtZTg3MWIyMTc5MGRl
LzEvOXpRbGNreXVKejhwWXdZTnlHWEc4TEJDWEswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQASDg3MA0G
CSqGSIb3DQEBCwUAA4IBAQBGYeeLkAe4JWi61wIfnBwNOfK7kivu/VLYMJMZaxOI
JHAOJEOtMsMBetnwxyQEDS/TSORA4YLBwCDbsINCRsNqbomXIdnWDa4OxM6Tpv3F
zxQgs3xutce32CVTIUD+pXnfVIW0TyNwfXqoFZH0tcncnreCs4txsQTrab2zwmfv
I9yHGIUDg61zLUrSU3MyhecRJJXmrYiRq9w5g4vDi12cfu1hQc+tOXmdPA4qD+fq
D7/Y/YP917R54z19wBx73FfLy1+pXMJPXDlYraE8KWG20LuG/9C79Y2fZf41Hdh8
u1+/XAnSaigaMByDHDfl/0jbIZE4s+LypBXevvdQt3G3
-----END CERTIFICATE-----