This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/0f0927-c29b-4698-859e-f9c180ba4801/1/dnZtq0bwm61Im0Ni1VeeuAbXXDM.roa
File:                     dnZtq0bwm61Im0Ni1VeeuAbXXDM.roa (raw, json)
Hash identifier:          gMOoRKcjYT072cXzuogKtXmAQF95le8qOIdAlIczn4o=
Subject key identifier:   76:76:6D:AB:46:F0:9B:AD:48:9B:43:62:D5:57:9E:B8:06:D7:5C:33
Certificate issuer:       /CN=1f810cc3fd228338d9b969725d95bb33c4e65a48
Certificate serial:       019B76EAB56D31BD7C069AF2F3BCD55F0D0E
Authority key identifier: 1F:81:0C:C3:FD:22:83:38:D9:B9:69:72:5D:95:BB:33:C4:E6:5A:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H4EMw_0igzjZuWlyXZW7M8TmWkg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/0f0927-c29b-4698-859e-f9c180ba4801/1/dnZtq0bwm61Im0Ni1VeeuAbXXDM.roa
Signing time:             Thu 01 Jan 2026 00:17:31 +0000
ROA not before:           Thu 01 Jan 2026 00:17:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51858
IP address blocks:        176.120.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/0f0927-c29b-4698-859e-f9c180ba4801/1/H4EMw_0igzjZuWlyXZW7M8TmWkg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/0f0927-c29b-4698-859e-f9c180ba4801/1/H4EMw_0igzjZuWlyXZW7M8TmWkg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H4EMw_0igzjZuWlyXZW7M8TmWkg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:b5:6d:31:bd:7c:06:9a:f2:f3:bc:d5:5f:0d:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f810cc3fd228338d9b969725d95bb33c4e65a48
        Validity
            Not Before: Jan  1 00:17:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=76766dab46f09bad489b4362d5579eb806d75c33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:b9:71:f2:a7:8e:4f:22:bc:f0:b8:19:fc:1d:
                    b6:03:45:a4:0a:5c:29:e5:7a:53:e3:ed:5f:91:ff:
                    f4:b4:81:1c:a8:c0:5d:2b:9f:35:3e:0f:3f:a8:0b:
                    d2:65:25:d4:2f:4d:d2:06:a0:64:53:e7:04:83:eb:
                    07:78:dc:c1:cf:ac:87:73:43:50:f7:2b:49:f4:6a:
                    47:7e:8c:22:d9:9b:c1:1e:81:9e:12:53:ba:64:22:
                    3a:81:d4:fc:7b:dd:47:08:88:2a:74:b6:dd:7c:a6:
                    68:04:e5:90:c1:b1:aa:b5:f0:f0:10:0d:72:11:cf:
                    d2:8a:ba:2c:c3:49:78:ab:67:82:10:18:ac:66:47:
                    72:be:66:ce:71:17:24:7b:f5:cb:74:47:73:50:0e:
                    7f:e1:08:d7:14:07:b9:1d:cb:54:72:86:5d:89:7e:
                    21:aa:a5:ec:23:e7:5c:5f:dc:d5:a6:75:83:3f:f7:
                    09:09:ba:3d:1d:cb:c4:e6:42:ec:9e:55:5e:7d:3a:
                    e3:43:44:ff:ff:d5:0c:b3:f0:e2:69:ae:3f:fa:41:
                    4a:a3:05:c6:3e:f2:a3:b9:84:69:f4:02:36:32:44:
                    bd:53:dd:7a:95:ab:79:90:f6:a5:9e:d7:23:b7:7f:
                    64:8d:6b:f7:2d:d5:71:d5:f3:af:41:fc:ca:84:48:
                    0c:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:76:6D:AB:46:F0:9B:AD:48:9B:43:62:D5:57:9E:B8:06:D7:5C:33
            X509v3 Authority Key Identifier:
                keyid:1F:81:0C:C3:FD:22:83:38:D9:B9:69:72:5D:95:BB:33:C4:E6:5A:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H4EMw_0igzjZuWlyXZW7M8TmWkg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/0f0927-c29b-4698-859e-f9c180ba4801/1/dnZtq0bwm61Im0Ni1VeeuAbXXDM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/0f0927-c29b-4698-859e-f9c180ba4801/1/H4EMw_0igzjZuWlyXZW7M8TmWkg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.120.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:59:9f:8a:d7:08:25:f4:e4:06:50:a1:8c:5c:6b:a1:18:d5:
         71:89:bc:f5:cf:6d:1c:61:56:62:f9:6e:96:f6:e0:f7:bc:1c:
         01:f4:e5:72:72:87:b6:bc:3d:28:ae:06:5b:d2:b1:df:4b:f6:
         51:69:a0:8f:18:dc:8f:a1:96:7e:8d:1e:3f:a6:4a:de:92:38:
         f7:3d:28:1f:da:c5:0e:c9:ee:84:e2:c1:78:ed:0f:cb:61:bc:
         bd:6d:ee:56:e6:1c:0d:42:27:06:2b:11:37:c5:78:f8:af:a3:
         52:f5:5c:0e:7b:15:54:2a:2a:f9:07:ad:47:e1:9c:46:1c:8b:
         a4:38:2c:4d:c1:7d:7b:94:f1:a9:e8:64:48:71:0c:51:74:d9:
         43:af:ff:ca:d7:e4:35:49:db:fd:85:16:35:fd:0f:e3:f1:25:
         89:6a:c5:57:77:68:04:82:12:c8:ce:8a:0d:b0:76:d8:3c:95:
         42:65:f7:2a:c7:eb:27:b7:5c:f1:6f:c4:fc:6c:b8:99:de:1d:
         e9:0e:76:fd:90:ed:d3:90:29:57:da:9e:91:41:3c:23:49:ab:
         0f:63:3e:03:80:46:4d:30:11:56:a2:e4:64:2b:46:ae:5e:8c:
         a1:48:f7:a0:78:b6:bc:88:38:6e:16:d2:86:89:78:5e:81:76:
         99:04:36:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26rVtMb18Bpry87zVXw0OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmODEwY2MzZmQyMjgzMzhkOWI5Njk3MjVkOTViYjMzYzRl
NjVhNDgwHhcNMjYwMTAxMDAxNzMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Njc2NmRhYjQ2ZjA5YmFkNDg5YjQzNjJkNTU3OWViODA2ZDc1YzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt7lx8qeOTyK88LgZ/B22A0WkClwp
5XpT4+1fkf/0tIEcqMBdK581Pg8/qAvSZSXUL03SBqBkU+cEg+sHeNzBz6yHc0NQ
9ytJ9GpHfowi2ZvBHoGeElO6ZCI6gdT8e91HCIgqdLbdfKZoBOWQwbGqtfDwEA1y
Ec/Sirosw0l4q2eCEBisZkdyvmbOcRcke/XLdEdzUA5/4QjXFAe5HctUcoZdiX4h
qqXsI+dcX9zVpnWDP/cJCbo9HcvE5kLsnlVefTrjQ0T//9UMs/Diaa4/+kFKowXG
PvKjuYRp9AI2MkS9U916lat5kPalntcjt39kjWv3LdVx1fOvQfzKhEgMjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHZ2batG8JutSJtDYtVXnrgG11wzMB8GA1UdIwQY
MBaAFB+BDMP9IoM42blpcl2VuzPE5lpIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDRFTXdfMGlnempadVdseVhaVzdNOFRtV2tnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS8wZjA5MjctYzI5Yi00Njk4LTg1OWUt
ZjljMTgwYmE0ODAxLzEvZG5adHEwYndtNjFJbTBOaTFWZWV1QWJYWERNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS8wZjA5MjctYzI5Yi00Njk4LTg1OWUtZjljMTgwYmE0ODAx
LzEvSDRFTXdfMGlnempadVdseVhaVzdNOFRtV2tnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHhiMA0G
CSqGSIb3DQEBCwUAA4IBAQDCWZ+K1wgl9OQGUKGMXGuhGNVxibz1z20cYVZi+W6W
9uD3vBwB9OVycoe2vD0orgZb0rHfS/ZRaaCPGNyPoZZ+jR4/pkrekjj3PSgf2sUO
ye6E4sF47Q/LYby9be5W5hwNQicGKxE3xXj4r6NS9VwOexVUKir5B61H4ZxGHIuk
OCxNwX17lPGp6GRIcQxRdNlDr//K1+Q1Sdv9hRY1/Q/j8SWJasVXd2gEghLIzooN
sHbYPJVCZfcqx+snt1zxb8T8bLiZ3h3pDnb9kO3TkClX2p6RQTwjSasPYz4DgEZN
MBFWouRkK0auXoyhSPegeLa8iDhuFtKGiXhegXaZBDZH
-----END CERTIFICATE-----