This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/9wNgIovD2ag1SucwG9Hbp220S98.roa
File:                     9wNgIovD2ag1SucwG9Hbp220S98.roa (raw, json)
Hash identifier:          SSpBW3ck0Er+l2s8lvKDkUEI8yKX1WOAFclE8u4akiI=
Subject key identifier:   F7:03:60:22:8B:C3:D9:A8:35:4A:E7:30:1B:D1:DB:A7:6D:B4:4B:DF
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019B7F8571933F8D9E0F4456BCEFD0C33A26
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/9wNgIovD2ag1SucwG9Hbp220S98.roa
Signing time:             Fri 02 Jan 2026 16:23:30 +0000
ROA not before:           Fri 02 Jan 2026 16:23:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213999
IP address blocks:        193.124.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 13:02:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:85:71:93:3f:8d:9e:0f:44:56:bc:ef:d0:c3:3a:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 16:23:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f70360228bc3d9a8354ae7301bd1dba76db44bdf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:4e:b1:b5:69:d1:ec:4a:ef:1b:b9:52:c8:bf:
                    35:31:eb:92:8e:af:af:3e:15:38:c1:2d:be:34:4d:
                    a0:69:f7:47:29:44:3e:6c:cb:8e:38:94:bc:2e:9b:
                    d1:4d:3d:3a:43:09:83:92:99:99:24:c5:ff:d7:0c:
                    33:eb:b0:67:f4:ef:82:0a:76:c6:26:1d:0e:ad:40:
                    05:01:c1:f2:fe:96:4c:8a:e8:da:19:cd:65:33:e5:
                    d3:38:18:32:a7:cb:e7:95:ab:07:60:45:b2:bd:d2:
                    d0:78:3e:7f:f2:c8:ee:f1:b9:c1:05:24:bc:87:95:
                    2a:cf:ae:94:79:f4:b7:9a:c6:09:95:01:d5:ff:2d:
                    b4:d1:2b:10:99:65:f1:b5:84:8c:a7:74:dd:50:b7:
                    11:c5:e6:da:aa:86:6c:91:0e:56:00:09:fb:d6:75:
                    7d:60:63:65:53:fc:6a:21:c6:16:98:17:72:5d:67:
                    94:cc:84:b4:81:18:c5:36:fe:f9:ed:6c:f7:48:5d:
                    c9:fb:50:03:e3:8c:18:26:7d:ce:25:c0:13:cf:10:
                    14:49:0f:fc:da:e1:1d:bb:3d:33:64:46:06:34:a1:
                    4d:4e:b1:fe:de:67:70:39:ff:c2:3b:ec:5a:3c:15:
                    0b:31:8e:fe:b5:de:26:6c:16:7f:30:80:4e:25:17:
                    06:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:03:60:22:8B:C3:D9:A8:35:4A:E7:30:1B:D1:DB:A7:6D:B4:4B:DF
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/9wNgIovD2ag1SucwG9Hbp220S98.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:51:b4:d3:5f:91:d3:31:30:29:45:10:b2:39:13:70:8a:8f:
         fa:60:63:2b:18:ba:f7:ca:6f:b1:fa:10:93:23:5d:0f:b6:03:
         bb:27:30:61:7f:77:b0:7b:df:e0:4a:4a:1f:b9:f5:84:9c:cb:
         8a:83:47:b2:b9:91:3d:a1:da:94:a6:27:a9:c6:c5:65:d0:e1:
         89:41:20:5c:41:f0:da:81:52:12:fe:1b:0c:7d:d3:84:62:72:
         74:3e:17:9d:1f:8f:0e:63:c1:97:12:ea:ec:11:d6:52:6f:7d:
         a4:25:fd:58:72:68:90:70:ac:1b:23:95:15:0f:2a:c3:43:b1:
         25:bf:9b:29:7f:ad:86:92:f9:61:5a:83:40:87:99:ed:ee:d8:
         5f:ee:3b:fd:51:e6:90:68:87:56:38:df:2b:2c:90:c8:3c:09:
         81:bc:50:a1:f9:e8:55:b3:82:ce:42:a0:f0:e9:69:c5:d9:75:
         75:21:5f:82:9b:55:12:bf:16:b0:26:73:e7:b7:80:68:62:eb:
         4b:ba:b6:b8:08:12:ee:eb:b1:c3:0b:4f:72:7e:37:c9:8c:c5:
         13:41:ec:55:3c:2c:f2:a2:18:f1:f2:06:3c:bc:6f:fa:70:34:
         31:3f:4c:57:1c:de:cf:f7:7c:86:48:a5:77:a0:e6:24:e0:79:
         62:af:c7:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hXGTP42eD0RWvO/QwzomMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjYwMTAyMTYyMzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzAzNjAyMjhiYzNkOWE4MzU0YWU3MzAxYmQxZGJhNzZkYjQ0YmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4k6xtWnR7ErvG7lSyL81MeuSjq+v
PhU4wS2+NE2gafdHKUQ+bMuOOJS8LpvRTT06QwmDkpmZJMX/1wwz67Bn9O+CCnbG
Jh0OrUAFAcHy/pZMiujaGc1lM+XTOBgyp8vnlasHYEWyvdLQeD5/8sju8bnBBSS8
h5Uqz66UefS3msYJlQHV/y200SsQmWXxtYSMp3TdULcRxebaqoZskQ5WAAn71nV9
YGNlU/xqIcYWmBdyXWeUzIS0gRjFNv757Wz3SF3J+1AD44wYJn3OJcATzxAUSQ/8
2uEduz0zZEYGNKFNTrH+3mdwOf/CO+xaPBULMY7+td4mbBZ/MIBOJRcG4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPcDYCKLw9moNUrnMBvR26dttEvfMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvOXdOZ0lvdkQyYWcxU3Vjd0c5SGJwMjIwUzk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwXyFMA0G
CSqGSIb3DQEBCwUAA4IBAQBpUbTTX5HTMTApRRCyORNwio/6YGMrGLr3ym+x+hCT
I10PtgO7JzBhf3ewe9/gSkofufWEnMuKg0eyuZE9odqUpiepxsVl0OGJQSBcQfDa
gVIS/hsMfdOEYnJ0PhedH48OY8GXEursEdZSb32kJf1YcmiQcKwbI5UVDyrDQ7El
v5spf62GkvlhWoNAh5nt7thf7jv9UeaQaIdWON8rLJDIPAmBvFCh+ehVs4LOQqDw
6WnF2XV1IV+Cm1USvxawJnPnt4BoYutLura4CBLu67HDC09yfjfJjMUTQexVPCzy
ohjx8gY8vG/6cDQxP0xXHN7P93yGSKV3oOYk4Hlir8dy
-----END CERTIFICATE-----