This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/AaMwDajT0YVHdge8LjOAnpqJ_B4.roa
File:                     AaMwDajT0YVHdge8LjOAnpqJ_B4.roa (raw, json)
Hash identifier:          YU84jDUdQTVaA/HhMUcrFyY8n8KdKw9aAeda/3f0XzE=
Subject key identifier:   01:A3:30:0D:A8:D3:D1:85:47:76:07:BC:2E:33:80:9E:9A:89:FC:1E
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       019B7AC7D5A9BFBB3885ED9838BCEDCD60C6
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/AaMwDajT0YVHdge8LjOAnpqJ_B4.roa
Signing time:             Thu 01 Jan 2026 18:17:55 +0000
ROA not before:           Thu 01 Jan 2026 18:17:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60066
IP address blocks:        159.148.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 16:55:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c7:d5:a9:bf:bb:38:85:ed:98:38:bc:ed:cd:60:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Jan  1 18:17:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=01a3300da8d3d185477607bc2e33809e9a89fc1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:a4:83:e4:62:32:73:aa:e6:13:52:41:9f:10:
                    e1:bd:33:84:72:6e:5e:95:44:24:eb:f1:ee:b0:91:
                    06:9c:cb:87:e5:10:49:52:02:b2:60:7a:d9:63:2d:
                    49:49:da:bc:cd:7b:fb:0b:68:a9:08:4f:f5:bb:22:
                    26:0f:03:25:53:34:ac:af:5e:b6:25:0b:72:06:5d:
                    e6:63:47:2b:b6:f0:2c:bd:7e:d9:a8:36:17:1a:67:
                    67:16:33:32:b8:1d:08:63:50:7c:03:a5:b6:de:43:
                    46:07:e0:86:f6:d4:25:ac:3d:6b:7b:11:a3:c5:14:
                    a3:38:2d:d8:bd:f7:ab:9c:66:ae:b2:00:00:9c:67:
                    9e:78:1c:01:b6:d8:7c:71:37:81:83:f9:2c:b3:6d:
                    a3:e7:d2:dc:66:b9:30:4e:89:f7:32:27:db:eb:97:
                    b3:5c:e9:e6:47:61:b7:4c:9b:b5:a0:73:4a:24:2b:
                    09:c3:83:24:42:2a:11:87:a4:be:1b:3c:ac:a1:c7:
                    89:1e:33:26:ed:61:ed:ab:92:ff:a2:79:d3:ba:95:
                    17:08:d0:e4:fc:b7:12:4e:2f:6a:20:74:9f:90:70:
                    68:4d:b9:6a:73:96:51:4e:1a:24:6f:66:c2:e6:26:
                    c6:53:0f:09:7a:f8:13:b0:2a:8c:cc:16:b1:b3:ec:
                    44:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:A3:30:0D:A8:D3:D1:85:47:76:07:BC:2E:33:80:9E:9A:89:FC:1E
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/AaMwDajT0YVHdge8LjOAnpqJ_B4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.148.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:f4:fa:bf:9f:0d:be:fc:68:0d:f1:a0:8c:d3:dd:75:7f:60:
         90:22:f9:47:4f:f1:14:0b:cb:a7:8f:cf:3e:d4:75:8e:a5:b5:
         bc:c1:22:30:92:4c:be:41:2c:90:5e:b4:a7:f4:90:b5:91:1f:
         0e:cc:e6:57:3f:cc:30:95:b0:70:22:d2:5e:17:09:4b:a4:ec:
         85:f7:33:d1:63:0c:36:45:9d:55:2d:3e:2b:1f:cb:11:a1:7a:
         c1:3d:4a:b4:a9:36:63:79:d5:61:02:b9:ff:b5:01:71:fc:13:
         11:d6:30:28:95:48:f3:6d:03:5e:29:ec:e4:33:21:b3:35:2d:
         f0:39:6d:73:eb:69:16:9e:9d:ea:87:43:69:73:13:33:c8:8c:
         66:8e:6a:6a:be:b6:33:8f:0b:14:81:be:b4:f3:1c:23:dc:60:
         fd:dc:dc:74:b0:0b:c9:0a:6d:8c:e6:c0:12:ee:c1:c1:b7:88:
         8d:3d:e0:e9:9f:6f:c4:4b:2c:58:a2:6d:2a:b1:7a:17:7c:ea:
         06:30:a0:02:13:2d:b4:17:2d:38:a3:39:4a:3f:a0:a8:af:53:
         b1:82:ee:bc:c9:fe:f5:1c:91:9d:9c:60:6f:78:26:8e:31:81:
         2c:30:a6:72:c1:ab:ed:c3:dd:34:5f:f2:fd:9a:8e:a5:4f:36:
         3d:96:9d:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6x9Wpv7s4he2YOLztzWDGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjYwMTAxMTgxNzU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWEzMzAwZGE4ZDNkMTg1NDc3NjA3YmMyZTMzODA5ZTlhODlmYzFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvqSD5GIyc6rmE1JBnxDhvTOEcm5e
lUQk6/HusJEGnMuH5RBJUgKyYHrZYy1JSdq8zXv7C2ipCE/1uyImDwMlUzSsr162
JQtyBl3mY0crtvAsvX7ZqDYXGmdnFjMyuB0IY1B8A6W23kNGB+CG9tQlrD1rexGj
xRSjOC3YvfernGausgAAnGeeeBwBtth8cTeBg/kss22j59LcZrkwTon3Mifb65ez
XOnmR2G3TJu1oHNKJCsJw4MkQioRh6S+GzysoceJHjMm7WHtq5L/onnTupUXCNDk
/LcSTi9qIHSfkHBoTblqc5ZRThokb2bC5ibGUw8JevgTsCqMzBaxs+xEcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAGjMA2o09GFR3YHvC4zgJ6aifweMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvQWFNd0RhalQwWVZIZGdlOExqT0FucHFKX0I0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAn5R3MA0G
CSqGSIb3DQEBCwUAA4IBAQCO9Pq/nw2+/GgN8aCM0911f2CQIvlHT/EUC8unj88+
1HWOpbW8wSIwkky+QSyQXrSn9JC1kR8OzOZXP8wwlbBwItJeFwlLpOyF9zPRYww2
RZ1VLT4rH8sRoXrBPUq0qTZjedVhArn/tQFx/BMR1jAolUjzbQNeKezkMyGzNS3w
OW1z62kWnp3qh0NpcxMzyIxmjmpqvrYzjwsUgb608xwj3GD93Nx0sAvJCm2M5sAS
7sHBt4iNPeDpn2/ESyxYom0qsXoXfOoGMKACEy20Fy04ozlKP6Cor1Oxgu68yf71
HJGdnGBveCaOMYEsMKZywavtw900X/L9mo6lTzY9lp1J
-----END CERTIFICATE-----