This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/cc7843-d136-4ffb-8b99-836c312ac8c2/1/Cm2yDKipOZ7sHlbR_Hzzd41nQYs.roa
File:                     Cm2yDKipOZ7sHlbR_Hzzd41nQYs.roa (raw, json)
Hash identifier:          yWZv7NkDFzKo9TIx/TWSen6p9EYZYREsasP3I0CUfzQ=
Subject key identifier:   0A:6D:B2:0C:A8:A9:39:9E:EC:1E:56:D1:FC:7C:F3:77:8D:67:41:8B
Certificate issuer:       /CN=9ba94bc14937bb0b3632374355a446724104a981
Certificate serial:       019B77C6F29274E54F53275EBCCF3D0632D1
Authority key identifier: 9B:A9:4B:C1:49:37:BB:0B:36:32:37:43:55:A4:46:72:41:04:A9:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m6lLwUk3uws2MjdDVaRGckEEqYE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/cc7843-d136-4ffb-8b99-836c312ac8c2/1/Cm2yDKipOZ7sHlbR_Hzzd41nQYs.roa
Signing time:             Thu 01 Jan 2026 04:18:05 +0000
ROA not before:           Thu 01 Jan 2026 04:18:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     10010
IP address blocks:        193.151.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/cc7843-d136-4ffb-8b99-836c312ac8c2/1/m6lLwUk3uws2MjdDVaRGckEEqYE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/cc7843-d136-4ffb-8b99-836c312ac8c2/1/m6lLwUk3uws2MjdDVaRGckEEqYE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m6lLwUk3uws2MjdDVaRGckEEqYE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:f2:92:74:e5:4f:53:27:5e:bc:cf:3d:06:32:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ba94bc14937bb0b3632374355a446724104a981
        Validity
            Not Before: Jan  1 04:18:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0a6db20ca8a9399eec1e56d1fc7cf3778d67418b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:e3:00:ad:7f:69:45:65:b4:fe:e8:7b:9f:b6:
                    5a:30:a3:0f:21:e7:fa:c3:a9:05:2d:b2:1b:9a:1a:
                    8b:03:1b:14:fe:63:bb:93:06:d2:b3:2b:ba:4a:52:
                    2c:a4:db:d1:3f:65:c0:cd:03:c6:ac:b7:5b:26:ce:
                    0f:84:5f:56:0a:ca:13:5f:32:99:e1:9c:68:73:c8:
                    50:2e:c2:b2:3c:0c:f1:0a:e1:63:a8:25:ee:36:88:
                    67:84:9a:e6:a4:a7:08:d8:77:a0:aa:41:59:b6:91:
                    64:af:fd:a8:96:2e:c5:65:2e:f9:69:d0:92:ff:6c:
                    1b:ee:51:b4:ce:5e:16:81:20:af:d4:17:43:93:07:
                    a0:87:34:e5:0b:0b:c3:fe:8c:42:ed:bd:73:00:b2:
                    c6:59:b9:8d:31:a2:c8:77:45:8e:ca:5f:f2:1f:8a:
                    f5:4d:12:14:77:de:1b:f2:a0:99:97:d5:d4:ed:73:
                    2f:34:6e:67:4a:f8:0b:ec:57:96:2c:72:d3:b1:e4:
                    b3:cf:0c:55:30:56:21:ee:d0:82:d6:5f:34:73:65:
                    a7:74:8f:a1:62:34:7f:a8:39:a9:5a:98:31:f5:80:
                    20:3b:7d:13:88:51:21:69:ba:82:aa:05:b2:c2:91:
                    77:d7:e7:32:5c:5e:ed:6b:aa:27:49:2d:9c:73:ba:
                    59:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:6D:B2:0C:A8:A9:39:9E:EC:1E:56:D1:FC:7C:F3:77:8D:67:41:8B
            X509v3 Authority Key Identifier:
                keyid:9B:A9:4B:C1:49:37:BB:0B:36:32:37:43:55:A4:46:72:41:04:A9:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m6lLwUk3uws2MjdDVaRGckEEqYE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/cc7843-d136-4ffb-8b99-836c312ac8c2/1/Cm2yDKipOZ7sHlbR_Hzzd41nQYs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/cc7843-d136-4ffb-8b99-836c312ac8c2/1/m6lLwUk3uws2MjdDVaRGckEEqYE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.151.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:27:3a:77:6b:9f:da:2f:d4:8d:be:3f:36:ed:68:0b:1c:86:
         37:e7:90:d9:22:c3:90:98:c5:e3:1c:95:d3:36:6f:8d:9b:23:
         20:f2:6f:97:8f:29:79:f5:75:11:2f:d9:55:ac:4a:c7:09:31:
         7b:ff:e8:21:bf:5d:11:85:f8:82:26:b9:cd:a6:ae:67:96:94:
         71:81:e9:69:1b:ad:c3:4b:e1:5a:14:18:45:7a:8b:16:d1:4e:
         f1:3d:03:03:98:ee:0e:20:d2:1d:93:47:ff:8b:f5:61:83:ca:
         78:89:8c:e4:84:40:fc:94:c6:4c:a0:15:18:2b:6e:7e:3b:70:
         f7:4e:b6:66:37:74:24:42:81:62:20:7c:50:05:c2:af:b4:aa:
         4d:b1:14:2a:ec:19:ce:f7:5a:50:90:e4:47:ac:4a:ee:8d:06:
         fe:ce:4c:c3:8f:c7:be:80:f4:1f:cf:35:3e:8f:98:b3:41:06:
         22:8c:54:4e:df:4e:93:da:a7:e3:0a:35:a2:d4:5b:48:c9:4e:
         f9:05:a4:4d:08:e8:65:d9:db:67:61:ee:46:e5:13:b7:62:4c:
         d3:ae:00:16:80:c3:09:8a:ad:ee:fa:e5:68:51:c4:de:f9:d8:
         05:f6:1a:9b:1b:f3:08:76:79:86:95:ea:4d:f6:af:6f:c7:4b:
         e8:66:3d:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xvKSdOVPUydevM89BjLRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliYTk0YmMxNDkzN2JiMGIzNjMyMzc0MzU1YTQ0NjcyNDEw
NGE5ODEwHhcNMjYwMTAxMDQxODA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTZkYjIwY2E4YTkzOTllZWMxZTU2ZDFmYzdjZjM3NzhkNjc0MThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxeMArX9pRWW0/uh7n7ZaMKMPIef6
w6kFLbIbmhqLAxsU/mO7kwbSsyu6SlIspNvRP2XAzQPGrLdbJs4PhF9WCsoTXzKZ
4Zxoc8hQLsKyPAzxCuFjqCXuNohnhJrmpKcI2HegqkFZtpFkr/2oli7FZS75adCS
/2wb7lG0zl4WgSCv1BdDkweghzTlCwvD/oxC7b1zALLGWbmNMaLId0WOyl/yH4r1
TRIUd94b8qCZl9XU7XMvNG5nSvgL7FeWLHLTseSzzwxVMFYh7tCC1l80c2WndI+h
YjR/qDmpWpgx9YAgO30TiFEhabqCqgWywpF31+cyXF7ta6onSS2cc7pZYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAptsgyoqTme7B5W0fx883eNZ0GLMB8GA1UdIwQY
MBaAFJupS8FJN7sLNjI3Q1WkRnJBBKmBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTZsTHdVazN1d3MyTWpkRFZhUkdja0VFcVlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS9jYzc4NDMtZDEzNi00ZmZiLThiOTkt
ODM2YzMxMmFjOGMyLzEvQ20yeURLaXBPWjdzSGxiUl9IenpkNDFuUVlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS9jYzc4NDMtZDEzNi00ZmZiLThiOTktODM2YzMxMmFjOGMy
LzEvbTZsTHdVazN1d3MyTWpkRFZhUkdja0VFcVlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwZdvMA0G
CSqGSIb3DQEBCwUAA4IBAQAgJzp3a5/aL9SNvj827WgLHIY355DZIsOQmMXjHJXT
Nm+NmyMg8m+Xjyl59XURL9lVrErHCTF7/+ghv10RhfiCJrnNpq5nlpRxgelpG63D
S+FaFBhFeosW0U7xPQMDmO4OINIdk0f/i/Vhg8p4iYzkhED8lMZMoBUYK25+O3D3
TrZmN3QkQoFiIHxQBcKvtKpNsRQq7BnO91pQkORHrErujQb+zkzDj8e+gPQfzzU+
j5izQQYijFRO306T2qfjCjWi1FtIyU75BaRNCOhl2dtnYe5G5RO3YkzTrgAWgMMJ
iq3u+uVoUcTe+dgF9hqbG/MIdnmGlepN9q9vx0voZj0R
-----END CERTIFICATE-----