This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/0977ee-b98d-4a3e-b3af-67c76320186a/1/9hnY7Mi-DWWNXT8zxPWlDMpFkVY.roa
File:                     9hnY7Mi-DWWNXT8zxPWlDMpFkVY.roa (raw, json)
Hash identifier:          KmgeWMyp8Cb4dRrZsFfQDYyQitlhpxsyGtinqL7w4YI=
Subject key identifier:   F6:19:D8:EC:C8:BE:0D:65:8D:5D:3F:33:C4:F5:A5:0C:CA:45:91:56
Certificate issuer:       /CN=5c4c28a75ac96951dc38400a80f9ef3aaaf2aacb
Certificate serial:       019B7F152035029314AA85934587C029C341
Authority key identifier: 5C:4C:28:A7:5A:C9:69:51:DC:38:40:0A:80:F9:EF:3A:AA:F2:AA:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XEwop1rJaVHcOEAKgPnvOqryqss.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/0977ee-b98d-4a3e-b3af-67c76320186a/1/9hnY7Mi-DWWNXT8zxPWlDMpFkVY.roa
Signing time:             Fri 02 Jan 2026 14:20:49 +0000
ROA not before:           Fri 02 Jan 2026 14:20:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15576
IP address blocks:        195.248.92.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/0977ee-b98d-4a3e-b3af-67c76320186a/1/XEwop1rJaVHcOEAKgPnvOqryqss.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/0977ee-b98d-4a3e-b3af-67c76320186a/1/XEwop1rJaVHcOEAKgPnvOqryqss.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XEwop1rJaVHcOEAKgPnvOqryqss.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 14:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:20:35:02:93:14:aa:85:93:45:87:c0:29:c3:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c4c28a75ac96951dc38400a80f9ef3aaaf2aacb
        Validity
            Not Before: Jan  2 14:20:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f619d8ecc8be0d658d5d3f33c4f5a50cca459156
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:72:88:40:84:1a:94:9f:d1:d9:4d:1f:a7:4a:
                    51:25:d8:25:fb:8f:1f:69:e9:ce:da:de:14:b5:ae:
                    30:e6:64:8b:86:0e:0d:96:c5:ad:bd:bb:7e:03:0e:
                    45:d7:d3:68:a4:7e:5a:56:27:96:55:c8:8e:07:b3:
                    2d:fb:85:fa:ee:da:a5:3f:11:f5:fc:2e:ba:1c:c5:
                    51:8f:83:1c:c1:e0:31:33:56:6b:a9:df:35:86:99:
                    46:d7:57:1e:a9:95:e4:5a:02:d2:c2:86:47:c3:02:
                    02:9e:3d:69:ae:65:b4:b9:32:be:6b:4e:93:de:65:
                    6d:43:eb:c3:06:c2:28:e3:1c:7e:aa:f1:5c:8d:df:
                    9d:60:5d:1d:b9:a8:8d:11:02:48:95:ee:38:08:08:
                    36:e2:de:a3:4d:76:06:d3:0e:39:40:40:46:a9:22:
                    0f:86:aa:08:bd:bc:ba:c1:66:ff:fa:c1:08:2c:50:
                    a3:e3:32:5b:72:9f:70:96:6f:10:3e:4f:3f:a6:30:
                    bd:ab:ef:75:14:f1:5b:f5:68:f3:c1:4a:88:ad:57:
                    df:0c:8a:70:ae:31:ae:aa:06:ff:db:c8:8b:43:dd:
                    56:13:2a:8c:fe:b5:96:d9:f9:bd:5b:28:d0:cc:63:
                    78:9d:ba:da:a6:ef:d5:ab:27:d2:f1:24:a7:81:6b:
                    8d:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:19:D8:EC:C8:BE:0D:65:8D:5D:3F:33:C4:F5:A5:0C:CA:45:91:56
            X509v3 Authority Key Identifier:
                keyid:5C:4C:28:A7:5A:C9:69:51:DC:38:40:0A:80:F9:EF:3A:AA:F2:AA:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XEwop1rJaVHcOEAKgPnvOqryqss.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/0977ee-b98d-4a3e-b3af-67c76320186a/1/9hnY7Mi-DWWNXT8zxPWlDMpFkVY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/0977ee-b98d-4a3e-b3af-67c76320186a/1/XEwop1rJaVHcOEAKgPnvOqryqss.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.248.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:98:f6:11:64:71:6d:51:da:af:ef:50:2b:4c:2c:bb:fb:1d:
         90:b2:90:e1:61:60:1a:69:35:aa:75:cd:ce:fd:b2:92:26:34:
         c0:f1:98:26:3a:51:86:50:82:d9:5a:a9:9d:ea:8c:81:0c:f9:
         2b:29:d7:ac:dc:92:4b:0c:39:06:ba:ba:ef:d8:dc:06:99:39:
         53:8b:73:d8:6e:7e:fe:23:0c:fe:7f:ec:13:c4:33:7a:97:6e:
         3e:e2:51:09:37:a2:aa:8e:72:65:11:34:14:96:b2:b5:27:fe:
         5c:01:6b:67:c3:91:8c:b4:91:4b:89:18:9d:64:0f:11:26:01:
         a5:0b:71:a1:4f:14:17:3c:ff:4b:8e:eb:4b:ce:2c:50:f6:12:
         1b:91:67:7b:61:9d:96:0f:23:0e:30:fc:3d:44:7b:b5:5a:48:
         27:97:19:dd:06:34:2c:22:22:14:24:49:23:a3:76:49:02:c7:
         1c:67:fe:0b:2a:24:c6:b7:54:7a:5a:fc:0b:a8:25:5d:eb:b9:
         a9:5e:95:71:47:4e:c0:7e:db:68:ea:5c:09:6b:20:45:25:c1:
         7e:79:4c:f3:e1:a0:86:2f:73:ab:b1:b7:c3:e3:cd:8b:b2:16:
         76:d5:5b:cb:b8:69:89:50:7e:9c:18:4a:45:88:18:78:6f:8f:
         ef:e9:43:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FSA1ApMUqoWTRYfAKcNBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjNGMyOGE3NWFjOTY5NTFkYzM4NDAwYTgwZjllZjNhYWFm
MmFhY2IwHhcNMjYwMTAyMTQyMDQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjE5ZDhlY2M4YmUwZDY1OGQ1ZDNmMzNjNGY1YTUwY2NhNDU5MTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqHKIQIQalJ/R2U0fp0pRJdgl+48f
aenO2t4Uta4w5mSLhg4NlsWtvbt+Aw5F19NopH5aVieWVciOB7Mt+4X67tqlPxH1
/C66HMVRj4McweAxM1Zrqd81hplG11ceqZXkWgLSwoZHwwICnj1prmW0uTK+a06T
3mVtQ+vDBsIo4xx+qvFcjd+dYF0duaiNEQJIle44CAg24t6jTXYG0w45QEBGqSIP
hqoIvby6wWb/+sEILFCj4zJbcp9wlm8QPk8/pjC9q+91FPFb9WjzwUqIrVffDIpw
rjGuqgb/28iLQ91WEyqM/rWW2fm9WyjQzGN4nbrapu/VqyfS8SSngWuNGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPYZ2OzIvg1ljV0/M8T1pQzKRZFWMB8GA1UdIwQY
MBaAFFxMKKdayWlR3DhACoD57zqq8qrLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEV3b3AxckphVkhjT0VBS2dQbnZPcXJ5cXNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8wOTc3ZWUtYjk4ZC00YTNlLWIzYWYt
NjdjNzYzMjAxODZhLzEvOWhuWTdNaS1EV1dOWFQ4enhQV2xETXBGa1ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8wOTc3ZWUtYjk4ZC00YTNlLWIzYWYtNjdjNzYzMjAxODZh
LzEvWEV3b3AxckphVkhjT0VBS2dQbnZPcXJ5cXNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/hcMA0G
CSqGSIb3DQEBCwUAA4IBAQBImPYRZHFtUdqv71ArTCy7+x2QspDhYWAaaTWqdc3O
/bKSJjTA8ZgmOlGGUILZWqmd6oyBDPkrKdes3JJLDDkGurrv2NwGmTlTi3PYbn7+
Iwz+f+wTxDN6l24+4lEJN6KqjnJlETQUlrK1J/5cAWtnw5GMtJFLiRidZA8RJgGl
C3GhTxQXPP9LjutLzixQ9hIbkWd7YZ2WDyMOMPw9RHu1WkgnlxndBjQsIiIUJEkj
o3ZJAsccZ/4LKiTGt1R6WvwLqCVd67mpXpVxR07Aftto6lwJayBFJcF+eUzz4aCG
L3OrsbfD482LshZ21VvLuGmJUH6cGEpFiBh4b4/v6UP2
-----END CERTIFICATE-----