This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/15f690-5add-470d-a286-33bdc73ed0ea/1/phyf72oMEtXEeQf0b55IBK65kHk.roa
File:                     phyf72oMEtXEeQf0b55IBK65kHk.roa (raw, json)
Hash identifier:          R8eau6VdwgmovkLrdipJ4ZSn0SB3UvS4sKRU9OlPGpc=
Subject key identifier:   A6:1C:9F:EF:6A:0C:12:D5:C4:79:07:F4:6F:9E:48:04:AE:B9:90:79
Certificate issuer:       /CN=090e592a2e0d427a09aa2de1b9baf08ccd14f0a0
Certificate serial:       019B7C7FF7E40F6428DF1B6BC87CC2C56F84
Authority key identifier: 09:0E:59:2A:2E:0D:42:7A:09:AA:2D:E1:B9:BA:F0:8C:CD:14:F0:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CQ5ZKi4NQnoJqi3hubrwjM0U8KA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/15f690-5add-470d-a286-33bdc73ed0ea/1/phyf72oMEtXEeQf0b55IBK65kHk.roa
Signing time:             Fri 02 Jan 2026 02:18:39 +0000
ROA not before:           Fri 02 Jan 2026 02:18:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209181
IP address blocks:        199.244.101.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/15f690-5add-470d-a286-33bdc73ed0ea/1/CQ5ZKi4NQnoJqi3hubrwjM0U8KA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/15f690-5add-470d-a286-33bdc73ed0ea/1/CQ5ZKi4NQnoJqi3hubrwjM0U8KA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CQ5ZKi4NQnoJqi3hubrwjM0U8KA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 16 Jan 2026 22:05:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:7f:f7:e4:0f:64:28:df:1b:6b:c8:7c:c2:c5:6f:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=090e592a2e0d427a09aa2de1b9baf08ccd14f0a0
        Validity
            Not Before: Jan  2 02:18:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a61c9fef6a0c12d5c47907f46f9e4804aeb99079
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:d0:bc:f3:1b:1f:0b:b5:b8:dd:a0:94:48:52:
                    ec:9c:7d:0b:47:81:cd:2b:f4:6e:c7:a1:c6:ca:3e:
                    22:ba:90:e1:73:77:e7:78:00:26:0d:cc:5d:94:d7:
                    5c:49:f0:d9:ed:33:a7:d1:86:fb:2c:c5:f2:7c:c4:
                    d7:bf:e4:6c:bc:a8:eb:a5:46:9f:32:53:72:02:71:
                    c8:76:79:ca:44:1c:99:fb:6e:5c:73:1a:9d:90:52:
                    76:15:64:92:2d:6d:00:bc:3f:66:61:00:24:7c:52:
                    c2:a8:62:73:37:22:59:a5:a8:d2:2c:6a:55:94:f7:
                    5a:df:62:cd:1a:1f:de:f2:db:fd:8a:d1:42:7d:e5:
                    06:41:2a:c1:f6:8a:4a:20:43:59:01:7e:10:17:2b:
                    40:a2:42:9a:f4:7e:07:4d:49:99:26:18:19:c7:f2:
                    7e:99:0b:12:1c:98:11:7d:26:39:cf:ff:e7:80:41:
                    cf:8e:35:db:6e:f1:28:6a:33:97:8d:72:b2:1c:17:
                    c3:27:c2:c0:a1:c9:f9:74:8a:4b:20:74:8f:cb:47:
                    1c:ae:6e:bf:18:af:f2:33:71:ff:60:8f:0b:00:20:
                    0e:14:ff:00:a6:fa:bf:69:ac:03:29:75:b8:9a:d1:
                    9a:6a:31:c2:23:a3:e6:66:8e:20:20:4a:36:c7:9f:
                    aa:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:1C:9F:EF:6A:0C:12:D5:C4:79:07:F4:6F:9E:48:04:AE:B9:90:79
            X509v3 Authority Key Identifier:
                keyid:09:0E:59:2A:2E:0D:42:7A:09:AA:2D:E1:B9:BA:F0:8C:CD:14:F0:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CQ5ZKi4NQnoJqi3hubrwjM0U8KA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/15f690-5add-470d-a286-33bdc73ed0ea/1/phyf72oMEtXEeQf0b55IBK65kHk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/15f690-5add-470d-a286-33bdc73ed0ea/1/CQ5ZKi4NQnoJqi3hubrwjM0U8KA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.244.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:d3:48:ca:e9:40:4b:79:2c:1b:d0:9b:22:e4:3d:76:d8:f3:
         7b:97:8d:12:55:3b:d1:ff:a0:c6:32:4a:19:6d:5e:b4:a9:bc:
         32:33:85:7d:d8:15:09:f7:a1:01:2c:fa:f8:fb:5a:3e:32:a0:
         45:58:a3:9f:68:07:db:ef:c9:32:94:80:1c:c7:7f:c6:54:e0:
         de:0d:1d:aa:5c:04:78:c9:af:30:2e:b4:ae:14:3a:4a:97:4f:
         31:da:67:6e:d8:3f:34:9d:e3:1a:d2:5c:be:44:3b:8b:12:84:
         77:d0:99:97:03:97:2e:b6:48:74:8b:98:fc:02:b7:41:ce:80:
         46:29:6f:18:f0:02:93:07:59:13:0a:0e:da:37:e6:6c:ae:4b:
         2c:8d:f1:59:52:59:8a:c7:b0:6f:5e:c4:18:77:bb:f7:5b:93:
         d0:ea:35:d7:12:ad:2f:d7:a2:5c:99:b0:84:a5:32:90:1a:38:
         c3:50:95:f4:8d:a1:12:4c:4a:c7:de:8b:23:0b:25:62:05:74:
         bf:55:89:6d:10:a2:61:f5:f0:ce:62:09:12:6e:fe:d8:c3:cf:
         0b:dd:c8:97:87:4b:c8:a9:51:a5:47:fb:4a:cd:fd:f8:0c:e9:
         ae:19:0c:dd:0a:e1:cc:f9:c3:65:dc:0c:37:82:63:75:90:67:
         58:ce:d1:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8f/fkD2Qo3xtryHzCxW+EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MGU1OTJhMmUwZDQyN2EwOWFhMmRlMWI5YmFmMDhjY2Qx
NGYwYTAwHhcNMjYwMTAyMDIxODM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjFjOWZlZjZhMGMxMmQ1YzQ3OTA3ZjQ2ZjllNDgwNGFlYjk5MDc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqdC88xsfC7W43aCUSFLsnH0LR4HN
K/Rux6HGyj4iupDhc3fneAAmDcxdlNdcSfDZ7TOn0Yb7LMXyfMTXv+RsvKjrpUaf
MlNyAnHIdnnKRByZ+25ccxqdkFJ2FWSSLW0AvD9mYQAkfFLCqGJzNyJZpajSLGpV
lPda32LNGh/e8tv9itFCfeUGQSrB9opKIENZAX4QFytAokKa9H4HTUmZJhgZx/J+
mQsSHJgRfSY5z//ngEHPjjXbbvEoajOXjXKyHBfDJ8LAocn5dIpLIHSPy0ccrm6/
GK/yM3H/YI8LACAOFP8Apvq/aawDKXW4mtGaajHCI6PmZo4gIEo2x5+qFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKYcn+9qDBLVxHkH9G+eSASuuZB5MB8GA1UdIwQY
MBaAFAkOWSouDUJ6Caot4bm68IzNFPCgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1E1WktpNE5Rbm9KcWkzaHVicndqTTBVOEtBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS8xNWY2OTAtNWFkZC00NzBkLWEyODYt
MzNiZGM3M2VkMGVhLzEvcGh5Zjcyb01FdFhFZVFmMGI1NUlCSzY1a0hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS8xNWY2OTAtNWFkZC00NzBkLWEyODYtMzNiZGM3M2VkMGVh
LzEvQ1E1WktpNE5Rbm9KcWkzaHVicndqTTBVOEtBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAx/RlMA0G
CSqGSIb3DQEBCwUAA4IBAQBO00jK6UBLeSwb0Jsi5D122PN7l40SVTvR/6DGMkoZ
bV60qbwyM4V92BUJ96EBLPr4+1o+MqBFWKOfaAfb78kylIAcx3/GVODeDR2qXAR4
ya8wLrSuFDpKl08x2mdu2D80neMa0ly+RDuLEoR30JmXA5cutkh0i5j8ArdBzoBG
KW8Y8AKTB1kTCg7aN+ZsrkssjfFZUlmKx7BvXsQYd7v3W5PQ6jXXEq0v16JcmbCE
pTKQGjjDUJX0jaESTErH3osjCyViBXS/VYltEKJh9fDOYgkSbv7Yw88L3ciXh0vI
qVGlR/tKzf34DOmuGQzdCuHM+cNl3Aw3gmN1kGdYztEl
-----END CERTIFICATE-----