This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/b717c5-a64b-4475-be3e-5da8d677d847/1/40z5BTIzE-Otta9d5IxXlYjWk7Y.roa
File:                     40z5BTIzE-Otta9d5IxXlYjWk7Y.roa (raw, json)
Hash identifier:          /K+vL2kVy1Ot78ZCbPvu7R3pgRcpdRMgsyhuVzNibSE=
Subject key identifier:   E3:4C:F9:05:32:33:13:E3:AD:B5:AF:5D:E4:8C:57:95:88:D6:93:B6
Certificate issuer:       /CN=9256ebf66b80f08135858d144ced6f785834f5f4
Certificate serial:       019B7910A07234818794BC5397D830F247BD
Authority key identifier: 92:56:EB:F6:6B:80:F0:81:35:85:8D:14:4C:ED:6F:78:58:34:F5:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/klbr9muA8IE1hY0UTO1veFg09fQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/b717c5-a64b-4475-be3e-5da8d677d847/1/40z5BTIzE-Otta9d5IxXlYjWk7Y.roa
Signing time:             Thu 01 Jan 2026 10:18:11 +0000
ROA not before:           Thu 01 Jan 2026 10:18:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44926
IP address blocks:        185.168.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/b717c5-a64b-4475-be3e-5da8d677d847/1/klbr9muA8IE1hY0UTO1veFg09fQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/b717c5-a64b-4475-be3e-5da8d677d847/1/klbr9muA8IE1hY0UTO1veFg09fQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/klbr9muA8IE1hY0UTO1veFg09fQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:a0:72:34:81:87:94:bc:53:97:d8:30:f2:47:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9256ebf66b80f08135858d144ced6f785834f5f4
        Validity
            Not Before: Jan  1 10:18:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e34cf905323313e3adb5af5de48c579588d693b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:a1:aa:cb:bf:e2:6a:3a:c6:2e:c9:62:0b:56:
                    83:55:48:b6:84:c0:94:25:1e:57:48:c9:d7:3a:3f:
                    48:bf:03:93:de:92:2a:07:db:9f:d6:2a:74:e9:53:
                    d1:45:a7:34:59:a6:a4:1e:6e:81:6b:2c:a7:ad:e7:
                    fc:94:47:41:04:35:25:ec:e2:d9:e9:6c:13:40:7a:
                    e3:eb:06:f2:00:53:0c:cc:21:56:8d:b2:ae:99:aa:
                    4f:44:21:8d:be:19:ed:a8:98:67:51:4a:d0:e7:40:
                    ae:b2:cb:3f:30:a1:a3:e5:99:cb:21:19:1b:ce:bf:
                    07:25:b8:f9:ec:bd:9e:dd:9e:c6:71:02:f9:c8:fc:
                    a1:47:4b:76:00:8d:d4:5a:66:f6:56:80:1e:52:2e:
                    65:c7:3a:62:4e:e6:08:d2:fc:5c:32:07:4f:65:ec:
                    3b:00:14:73:eb:1e:3f:e9:83:6d:73:74:37:45:66:
                    d5:d5:e5:53:c3:c1:73:e7:d9:06:ee:ca:e6:b9:09:
                    f6:9a:f2:01:50:51:1c:14:45:a0:51:40:43:bb:5f:
                    76:42:46:8e:fa:83:4d:6e:fc:76:1c:e8:5d:22:8e:
                    c8:53:02:7c:6e:58:37:52:7f:d3:49:f3:61:f8:56:
                    e4:d0:a3:51:2a:b8:17:56:66:be:0d:cc:b7:12:12:
                    70:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:4C:F9:05:32:33:13:E3:AD:B5:AF:5D:E4:8C:57:95:88:D6:93:B6
            X509v3 Authority Key Identifier:
                keyid:92:56:EB:F6:6B:80:F0:81:35:85:8D:14:4C:ED:6F:78:58:34:F5:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/klbr9muA8IE1hY0UTO1veFg09fQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/b717c5-a64b-4475-be3e-5da8d677d847/1/40z5BTIzE-Otta9d5IxXlYjWk7Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/b717c5-a64b-4475-be3e-5da8d677d847/1/klbr9muA8IE1hY0UTO1veFg09fQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.168.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:a2:58:99:69:db:85:79:ec:bb:83:ac:02:51:7d:d0:c4:ac:
         12:fd:50:e4:b3:df:89:a6:23:3a:8b:9d:8c:45:3b:9b:b2:1e:
         64:f1:80:9f:be:35:8c:e2:46:06:8e:d5:f6:53:3c:9d:2f:99:
         11:36:3a:46:f6:cc:95:04:dd:c5:6f:09:bf:a2:08:10:1d:e0:
         95:04:b4:3b:b2:de:21:b9:a1:4c:20:a1:76:52:e4:2d:81:35:
         ef:6e:d2:bc:75:1d:c1:d5:b2:eb:f8:85:05:f3:3e:d2:aa:73:
         ac:00:c7:9d:92:c4:e0:28:65:02:78:24:6e:7e:bd:d3:20:05:
         03:05:44:eb:61:39:ed:89:a4:14:61:a5:8a:66:02:cd:15:43:
         db:b4:60:61:dd:e1:1a:11:c9:b0:e0:66:04:a6:6f:1b:bd:28:
         ee:f3:eb:47:67:5d:1c:7e:25:f4:aa:dd:02:9b:a1:0b:09:87:
         5d:1c:b1:f7:c1:d1:66:83:70:6a:d9:ed:d0:30:d3:e5:b3:c3:
         a6:62:92:00:33:19:34:c6:5e:1f:ff:62:a0:a3:95:07:19:ea:
         b3:f2:ee:f1:96:60:54:aa:4a:9a:6d:79:fb:36:02:92:bd:dd:
         da:73:cb:e3:4c:e7:42:cd:d7:7a:d3:f9:57:f0:36:d0:55:6f:
         41:3c:18:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EKByNIGHlLxTl9gw8ke9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyNTZlYmY2NmI4MGYwODEzNTg1OGQxNDRjZWQ2Zjc4NTgz
NGY1ZjQwHhcNMjYwMTAxMTAxODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzRjZjkwNTMyMzMxM2UzYWRiNWFmNWRlNDhjNTc5NTg4ZDY5M2I2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn6Gqy7/iajrGLsliC1aDVUi2hMCU
JR5XSMnXOj9IvwOT3pIqB9uf1ip06VPRRac0WaakHm6Bayynref8lEdBBDUl7OLZ
6WwTQHrj6wbyAFMMzCFWjbKumapPRCGNvhntqJhnUUrQ50Cusss/MKGj5ZnLIRkb
zr8HJbj57L2e3Z7GcQL5yPyhR0t2AI3UWmb2VoAeUi5lxzpiTuYI0vxcMgdPZew7
ABRz6x4/6YNtc3Q3RWbV1eVTw8Fz59kG7srmuQn2mvIBUFEcFEWgUUBDu192QkaO
+oNNbvx2HOhdIo7IUwJ8blg3Un/TSfNh+Fbk0KNRKrgXVma+Dcy3EhJw7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFONM+QUyMxPjrbWvXeSMV5WI1pO2MB8GA1UdIwQY
MBaAFJJW6/ZrgPCBNYWNFEztb3hYNPX0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2xicjltdUE4SUUxaFkwVVRPMXZlRmcwOWZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9iNzE3YzUtYTY0Yi00NDc1LWJlM2Ut
NWRhOGQ2NzdkODQ3LzEvNDB6NUJUSXpFLU90dGE5ZDVJeFhsWWpXazdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS9iNzE3YzUtYTY0Yi00NDc1LWJlM2UtNWRhOGQ2NzdkODQ3
LzEva2xicjltdUE4SUUxaFkwVVRPMXZlRmcwOWZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaihMA0G
CSqGSIb3DQEBCwUAA4IBAQAgoliZaduFeey7g6wCUX3QxKwS/VDks9+JpiM6i52M
RTubsh5k8YCfvjWM4kYGjtX2UzydL5kRNjpG9syVBN3Fbwm/oggQHeCVBLQ7st4h
uaFMIKF2UuQtgTXvbtK8dR3B1bLr+IUF8z7SqnOsAMedksTgKGUCeCRufr3TIAUD
BUTrYTntiaQUYaWKZgLNFUPbtGBh3eEaEcmw4GYEpm8bvSju8+tHZ10cfiX0qt0C
m6ELCYddHLH3wdFmg3Bq2e3QMNPls8OmYpIAMxk0xl4f/2Kgo5UHGeqz8u7xlmBU
qkqabXn7NgKSvd3ac8vjTOdCzdd60/lX8DbQVW9BPBjM
-----END CERTIFICATE-----