This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/a962a9-abff-4495-86cc-b56c8ccb2935/1/sMktTpfGHbgv6HFYRTILiDr3y4Y.roa
File:                     sMktTpfGHbgv6HFYRTILiDr3y4Y.roa (raw, json)
Hash identifier:          pIuZdKxK8yFs7L1CCJy6Vhhj+nazdkwlFtFaPKVuzK0=
Subject key identifier:   B0:C9:2D:4E:97:C6:1D:B8:2F:E8:71:58:45:32:0B:88:3A:F7:CB:86
Certificate issuer:       /CN=cb662ceeb726774b1b44c51ff1fc0df908bdebbc
Certificate serial:       019B7EA4C91C12C7AFFF04C37B64B30EA869
Authority key identifier: CB:66:2C:EE:B7:26:77:4B:1B:44:C5:1F:F1:FC:0D:F9:08:BD:EB:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y2Ys7rcmd0sbRMUf8fwN-Qi967w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/a962a9-abff-4495-86cc-b56c8ccb2935/1/sMktTpfGHbgv6HFYRTILiDr3y4Y.roa
Signing time:             Fri 02 Jan 2026 12:18:07 +0000
ROA not before:           Fri 02 Jan 2026 12:18:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31441
IP address blocks:        83.173.0.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/a962a9-abff-4495-86cc-b56c8ccb2935/1/y2Ys7rcmd0sbRMUf8fwN-Qi967w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/a962a9-abff-4495-86cc-b56c8ccb2935/1/y2Ys7rcmd0sbRMUf8fwN-Qi967w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y2Ys7rcmd0sbRMUf8fwN-Qi967w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a4:c9:1c:12:c7:af:ff:04:c3:7b:64:b3:0e:a8:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb662ceeb726774b1b44c51ff1fc0df908bdebbc
        Validity
            Not Before: Jan  2 12:18:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b0c92d4e97c61db82fe8715845320b883af7cb86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:57:0f:07:c0:72:07:18:f4:c7:2e:39:06:1c:
                    88:4d:bf:6a:f0:4f:2f:db:eb:8b:98:fa:d0:25:f5:
                    9d:63:6d:ec:2b:31:27:0b:f4:2f:7c:06:9a:4a:7e:
                    ea:62:43:60:fa:29:d9:86:b8:c0:57:e4:5a:40:6e:
                    50:34:98:21:43:8d:56:fc:13:da:98:26:d6:af:4e:
                    7a:26:96:c4:0e:97:c3:4f:e9:1a:c4:ec:b8:59:fc:
                    d2:e6:7b:37:4a:c0:ab:84:c9:c6:08:c6:3d:8d:32:
                    13:df:f8:77:9c:03:49:eb:d2:9d:c2:9f:15:a8:08:
                    50:8c:b8:1b:66:bc:e6:70:ae:24:8c:d7:66:55:19:
                    a3:6d:89:64:b0:64:e6:d4:39:fe:68:ae:b1:ab:13:
                    c0:34:4b:88:15:a9:4f:c2:f2:2b:c4:50:24:22:22:
                    d2:a7:3a:69:4c:0b:a3:e9:d9:f3:8a:b6:f9:a5:60:
                    5a:66:50:b6:e1:84:2f:7e:fb:34:97:e5:78:2b:4b:
                    3a:03:ed:3a:d8:a5:e9:e6:fc:5b:69:8d:dd:3c:dd:
                    16:e9:53:7a:7f:a3:87:49:e6:34:6e:8e:a8:3c:76:
                    5a:0d:5d:ee:3a:c0:2a:ec:a4:6b:2f:70:fe:b9:13:
                    5a:0c:c6:58:81:23:cf:90:43:df:5d:b4:6f:75:fa:
                    76:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:C9:2D:4E:97:C6:1D:B8:2F:E8:71:58:45:32:0B:88:3A:F7:CB:86
            X509v3 Authority Key Identifier:
                keyid:CB:66:2C:EE:B7:26:77:4B:1B:44:C5:1F:F1:FC:0D:F9:08:BD:EB:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y2Ys7rcmd0sbRMUf8fwN-Qi967w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/a962a9-abff-4495-86cc-b56c8ccb2935/1/sMktTpfGHbgv6HFYRTILiDr3y4Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/a962a9-abff-4495-86cc-b56c8ccb2935/1/y2Ys7rcmd0sbRMUf8fwN-Qi967w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.173.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         3a:3a:96:86:73:f3:7d:4e:ac:33:02:5b:1c:62:09:4b:eb:13:
         65:08:58:34:33:72:37:3e:17:df:db:da:32:b5:fe:dd:dc:84:
         f5:a3:3a:f7:fe:a8:a8:f9:e0:67:f3:22:8d:9c:ee:e5:7b:c9:
         7c:8c:28:8b:e2:bf:1c:d4:03:0d:7a:55:2a:54:3b:83:87:72:
         29:c5:37:64:e4:d5:cd:c9:21:41:cf:f5:80:d0:9c:48:ce:0e:
         42:98:38:e5:5e:71:d3:18:53:ec:98:8c:af:89:2e:05:be:89:
         c9:63:45:6c:02:a8:1b:ca:23:91:df:32:ac:4e:46:84:8d:b5:
         f7:07:c6:f5:d1:af:86:a5:99:13:a1:49:8c:d1:d3:77:20:72:
         37:5a:e8:7f:e8:91:ad:1e:2d:ab:c0:d7:f2:7d:c5:19:43:a9:
         f6:42:aa:0d:70:6b:0a:be:af:a2:5a:01:eb:c4:29:fa:f1:57:
         24:2c:d9:a2:8c:b7:89:9e:6f:6a:43:ce:4d:4e:71:c5:94:72:
         13:d2:ca:6c:04:72:cc:44:00:88:f4:18:54:ba:f4:d9:f7:39:
         f9:40:38:9f:27:b7:e1:7c:d2:57:10:31:42:3e:2a:21:85:2f:
         2e:c9:6c:01:6a:e0:e7:d2:bb:24:59:66:d6:7e:87:af:09:d0:
         4f:c6:fb:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pMkcEsev/wTDe2SzDqhpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiNjYyY2VlYjcyNjc3NGIxYjQ0YzUxZmYxZmMwZGY5MDhi
ZGViYmMwHhcNMjYwMTAyMTIxODA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGM5MmQ0ZTk3YzYxZGI4MmZlODcxNTg0NTMyMGI4ODNhZjdjYjg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzFcPB8ByBxj0xy45BhyITb9q8E8v
2+uLmPrQJfWdY23sKzEnC/QvfAaaSn7qYkNg+inZhrjAV+RaQG5QNJghQ41W/BPa
mCbWr056JpbEDpfDT+kaxOy4WfzS5ns3SsCrhMnGCMY9jTIT3/h3nANJ69Kdwp8V
qAhQjLgbZrzmcK4kjNdmVRmjbYlksGTm1Dn+aK6xqxPANEuIFalPwvIrxFAkIiLS
pzppTAuj6dnzirb5pWBaZlC24YQvfvs0l+V4K0s6A+062KXp5vxbaY3dPN0W6VN6
f6OHSeY0bo6oPHZaDV3uOsAq7KRrL3D+uRNaDMZYgSPPkEPfXbRvdfp2NQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLDJLU6Xxh24L+hxWEUyC4g698uGMB8GA1UdIwQY
MBaAFMtmLO63JndLG0TFH/H8DfkIveu8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTJZczdyY21kMHNiUk1VZjhmd04tUWk5Njd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9hOTYyYTktYWJmZi00NDk1LTg2Y2Mt
YjU2YzhjY2IyOTM1LzEvc01rdFRwZkdIYmd2NkhGWVJUSUxpRHIzeTRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9hOTYyYTktYWJmZi00NDk1LTg2Y2MtYjU2YzhjY2IyOTM1
LzEveTJZczdyY21kMHNiUk1VZjhmd04tUWk5Njd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQGU60AMA0G
CSqGSIb3DQEBCwUAA4IBAQA6OpaGc/N9TqwzAlscYglL6xNlCFg0M3I3Phff29oy
tf7d3IT1ozr3/qio+eBn8yKNnO7le8l8jCiL4r8c1AMNelUqVDuDh3IpxTdk5NXN
ySFBz/WA0JxIzg5CmDjlXnHTGFPsmIyviS4FvonJY0VsAqgbyiOR3zKsTkaEjbX3
B8b10a+GpZkToUmM0dN3IHI3Wuh/6JGtHi2rwNfyfcUZQ6n2QqoNcGsKvq+iWgHr
xCn68VckLNmijLeJnm9qQ85NTnHFlHIT0spsBHLMRACI9BhUuvTZ9zn5QDifJ7fh
fNJXEDFCPiohhS8uyWwBauDn0rskWWbWfoevCdBPxvsP
-----END CERTIFICATE-----