This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/493b98-7f59-4f61-9945-1e8ddafe3a14/1/9FMdAJpJObGaK-lhU63lLtnTmI8.roa
File:                     9FMdAJpJObGaK-lhU63lLtnTmI8.roa (raw, json)
Hash identifier:          iIiD99Z2LWAsYTeI+Wi/SqEc7CWMVEjakdaMwbyIs0M=
Subject key identifier:   F4:53:1D:00:9A:49:39:B1:9A:2B:E9:61:53:AD:E5:2E:D9:D3:98:8F
Certificate issuer:       /CN=08fcf0ed5b5677c1155f2b784c6d73d8093af1aa
Certificate serial:       019B77590DF34184479437683EEB6CC1230A
Authority key identifier: 08:FC:F0:ED:5B:56:77:C1:15:5F:2B:78:4C:6D:73:D8:09:3A:F1:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPzw7VtWd8EVXyt4TG1z2Ak68ao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/493b98-7f59-4f61-9945-1e8ddafe3a14/1/9FMdAJpJObGaK-lhU63lLtnTmI8.roa
Signing time:             Thu 01 Jan 2026 02:18:03 +0000
ROA not before:           Thu 01 Jan 2026 02:18:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15763
IP address blocks:        193.28.40.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/493b98-7f59-4f61-9945-1e8ddafe3a14/1/CPzw7VtWd8EVXyt4TG1z2Ak68ao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/493b98-7f59-4f61-9945-1e8ddafe3a14/1/CPzw7VtWd8EVXyt4TG1z2Ak68ao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPzw7VtWd8EVXyt4TG1z2Ak68ao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 11:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:0d:f3:41:84:47:94:37:68:3e:eb:6c:c1:23:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fcf0ed5b5677c1155f2b784c6d73d8093af1aa
        Validity
            Not Before: Jan  1 02:18:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f4531d009a4939b19a2be96153ade52ed9d3988f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:f8:ec:58:0c:12:c7:ff:dc:86:47:27:3f:f3:
                    9e:ef:af:fa:fb:0a:32:3e:63:fb:e9:3c:e7:02:56:
                    6c:6c:c5:25:c9:51:95:04:af:c3:ef:75:8f:50:fb:
                    9e:b1:9c:a3:82:70:4a:9f:74:00:36:84:98:31:3a:
                    f0:1a:28:73:4e:8c:77:30:4d:94:33:7d:10:03:4a:
                    73:d1:7a:54:5a:79:1a:6a:d0:8d:72:31:23:9c:2a:
                    42:a2:0e:ef:ff:f8:2d:b8:1c:62:7c:9e:20:98:63:
                    0a:96:b0:4a:53:f7:3a:3c:19:69:09:63:9d:92:26:
                    81:b1:e4:0f:27:31:67:71:44:ec:c3:78:17:0a:75:
                    46:7a:bc:0d:b0:0c:3b:af:11:3d:56:35:a0:f7:64:
                    f0:40:d3:c1:c1:fb:64:dd:8b:a8:6f:32:f5:d3:56:
                    01:7f:cd:9b:47:34:ad:77:23:ca:67:7e:11:50:2f:
                    d1:cc:b1:39:31:f1:2e:a9:1e:b9:8f:cc:df:0e:d2:
                    91:25:73:b9:03:b7:cc:1e:9b:63:b3:f5:f0:4b:98:
                    45:ab:d8:81:93:8c:16:6a:85:31:6d:55:08:71:06:
                    4f:6a:5a:de:e5:b8:07:0d:f7:72:5e:64:40:30:ba:
                    29:b3:52:aa:88:c9:1f:0e:7c:ec:6e:61:85:d7:22:
                    bc:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:53:1D:00:9A:49:39:B1:9A:2B:E9:61:53:AD:E5:2E:D9:D3:98:8F
            X509v3 Authority Key Identifier:
                keyid:08:FC:F0:ED:5B:56:77:C1:15:5F:2B:78:4C:6D:73:D8:09:3A:F1:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPzw7VtWd8EVXyt4TG1z2Ak68ao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/493b98-7f59-4f61-9945-1e8ddafe3a14/1/9FMdAJpJObGaK-lhU63lLtnTmI8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/493b98-7f59-4f61-9945-1e8ddafe3a14/1/CPzw7VtWd8EVXyt4TG1z2Ak68ao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.28.40.0/23

    Signature Algorithm: sha256WithRSAEncryption
         03:40:87:21:c9:5d:04:3d:c9:fc:93:77:de:57:dc:84:8f:89:
         c1:ae:fe:1d:60:28:4a:c8:39:2e:71:25:c0:6f:66:a8:c0:ae:
         79:df:a8:3c:d7:83:99:8b:c0:08:4d:d7:c7:bf:36:98:da:56:
         4a:be:fb:45:6f:a7:b3:c2:e5:ca:f7:ae:53:5a:f3:8e:29:12:
         3e:42:f0:a7:df:c0:12:50:46:94:b9:b6:0f:95:a1:42:8c:9f:
         5c:aa:4c:fb:ef:5b:66:cf:4e:73:87:1b:28:39:ac:e8:3d:20:
         6c:c0:f6:2d:4c:6d:eb:2f:ad:23:63:97:0b:fd:ee:fe:5e:d3:
         4e:9e:6f:f2:69:9a:ca:f1:65:fe:e3:30:27:4a:7d:54:90:e8:
         37:d4:eb:a4:58:59:1f:13:94:96:f0:6b:4e:90:1a:64:96:b1:
         9e:12:e5:53:c8:1c:b6:c5:54:68:37:d4:db:6b:84:51:31:1f:
         f0:c5:01:54:98:c7:f5:76:e9:41:e7:0e:a6:c9:00:7a:c2:4c:
         84:1c:11:c3:3e:83:05:12:a1:fc:e4:24:24:c2:0a:b4:05:81:
         a1:82:a4:27:1b:30:b8:1a:84:e5:c2:c4:f9:28:51:72:d3:17:
         5b:c2:59:24:73:74:bd:05:9d:80:0a:ff:d9:1f:a1:2c:ef:90:
         af:2e:86:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WQ3zQYRHlDdoPutswSMKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ZmNmMGVkNWI1Njc3YzExNTVmMmI3ODRjNmQ3M2Q4MDkz
YWYxYWEwHhcNMjYwMTAxMDIxODAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDUzMWQwMDlhNDkzOWIxOWEyYmU5NjE1M2FkZTUyZWQ5ZDM5ODhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPjsWAwSx//chkcnP/Oe76/6+woy
PmP76TznAlZsbMUlyVGVBK/D73WPUPuesZyjgnBKn3QANoSYMTrwGihzTox3ME2U
M30QA0pz0XpUWnkaatCNcjEjnCpCog7v//gtuBxifJ4gmGMKlrBKU/c6PBlpCWOd
kiaBseQPJzFncUTsw3gXCnVGerwNsAw7rxE9VjWg92TwQNPBwftk3YuobzL101YB
f82bRzStdyPKZ34RUC/RzLE5MfEuqR65j8zfDtKRJXO5A7fMHptjs/XwS5hFq9iB
k4wWaoUxbVUIcQZPalre5bgHDfdyXmRAMLops1KqiMkfDnzsbmGF1yK8DwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPRTHQCaSTmxmivpYVOt5S7Z05iPMB8GA1UdIwQY
MBaAFAj88O1bVnfBFV8reExtc9gJOvGqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1B6dzdWdFdkOEVWWHl0NFRHMXoyQWs2OGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi80OTNiOTgtN2Y1OS00ZjYxLTk5NDUt
MWU4ZGRhZmUzYTE0LzEvOUZNZEFKcEpPYkdhSy1saFU2M2xMdG5UbUk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi80OTNiOTgtN2Y1OS00ZjYxLTk5NDUtMWU4ZGRhZmUzYTE0
LzEvQ1B6dzdWdFdkOEVWWHl0NFRHMXoyQWs2OGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwRwoMA0G
CSqGSIb3DQEBCwUAA4IBAQADQIchyV0EPcn8k3feV9yEj4nBrv4dYChKyDkucSXA
b2aowK5536g814OZi8AITdfHvzaY2lZKvvtFb6ezwuXK965TWvOOKRI+QvCn38AS
UEaUubYPlaFCjJ9cqkz771tmz05zhxsoOazoPSBswPYtTG3rL60jY5cL/e7+XtNO
nm/yaZrK8WX+4zAnSn1UkOg31OukWFkfE5SW8GtOkBpklrGeEuVTyBy2xVRoN9Tb
a4RRMR/wxQFUmMf1dulB5w6myQB6wkyEHBHDPoMFEqH85CQkwgq0BYGhgqQnGzC4
GoTlwsT5KFFy0xdbwlkkc3S9BZ2ACv/ZH6Es75CvLoZv
-----END CERTIFICATE-----