This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/a80dbf-5cb4-4e26-adaf-68fe08622614/1/D9w27obqocEFDTdBIPGTWc0hJYs.roa
File:                     D9w27obqocEFDTdBIPGTWc0hJYs.roa (raw, json)
Hash identifier:          w/x4WJOjB+8CrMv8hDIJNBTxxZWB2vm/ke2sX5HhAl8=
Subject key identifier:   0F:DC:36:EE:86:EA:A1:C1:05:0D:37:41:20:F1:93:59:CD:21:25:8B
Certificate issuer:       /CN=b0a4fc2af38af5b4f5861e27fd007e624b5f9b02
Certificate serial:       019B7CEE3ED8DC065D33896864BF39B0150B
Authority key identifier: B0:A4:FC:2A:F3:8A:F5:B4:F5:86:1E:27:FD:00:7E:62:4B:5F:9B:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sKT8KvOK9bT1hh4n_QB-YktfmwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/a80dbf-5cb4-4e26-adaf-68fe08622614/1/D9w27obqocEFDTdBIPGTWc0hJYs.roa
Signing time:             Fri 02 Jan 2026 04:19:06 +0000
ROA not before:           Fri 02 Jan 2026 04:19:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48492
IP address blocks:        176.222.60.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/a80dbf-5cb4-4e26-adaf-68fe08622614/1/sKT8KvOK9bT1hh4n_QB-YktfmwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/a80dbf-5cb4-4e26-adaf-68fe08622614/1/sKT8KvOK9bT1hh4n_QB-YktfmwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sKT8KvOK9bT1hh4n_QB-YktfmwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 03:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ee:3e:d8:dc:06:5d:33:89:68:64:bf:39:b0:15:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0a4fc2af38af5b4f5861e27fd007e624b5f9b02
        Validity
            Not Before: Jan  2 04:19:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0fdc36ee86eaa1c1050d374120f19359cd21258b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:0d:31:32:80:6b:21:be:ef:34:48:fc:34:a4:
                    d8:c4:53:2a:aa:3a:93:6d:ae:7a:49:87:53:3e:5f:
                    59:63:60:74:0c:9c:d5:06:07:c7:e6:ae:00:9b:2f:
                    ba:3c:e2:c2:78:52:a8:7e:b0:e9:32:22:5c:8c:f4:
                    9b:8d:f7:ea:2f:e4:e3:96:c4:37:32:8b:5a:7f:91:
                    c3:3a:ab:85:ff:7a:f1:b5:fd:c8:27:47:28:36:fa:
                    66:73:93:2a:6b:86:db:02:ae:15:4a:fc:5f:98:63:
                    ab:c7:90:5f:47:43:aa:56:81:d0:24:f2:58:92:bb:
                    73:cb:db:de:4a:22:6c:46:27:c7:7a:38:d1:18:3f:
                    d3:af:c4:ab:e6:de:f2:52:bc:5a:44:ce:94:9b:e5:
                    9e:59:62:78:23:0b:bf:38:29:ed:a3:08:05:a9:37:
                    a8:c4:b1:95:f5:24:db:80:60:5f:bd:c9:6d:ce:51:
                    6a:1e:04:21:c1:94:10:05:ec:d7:2b:52:b7:70:ff:
                    6c:c5:7d:75:14:19:76:57:8a:24:33:cc:89:9c:18:
                    24:b9:fb:9e:fe:30:77:83:4c:85:f3:12:ad:4a:bc:
                    19:0a:f4:b7:10:c1:78:82:51:3b:32:a6:f1:04:2a:
                    c8:0d:61:a3:68:cb:e9:9d:22:4f:65:5a:96:45:6d:
                    b9:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:DC:36:EE:86:EA:A1:C1:05:0D:37:41:20:F1:93:59:CD:21:25:8B
            X509v3 Authority Key Identifier:
                keyid:B0:A4:FC:2A:F3:8A:F5:B4:F5:86:1E:27:FD:00:7E:62:4B:5F:9B:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sKT8KvOK9bT1hh4n_QB-YktfmwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/a80dbf-5cb4-4e26-adaf-68fe08622614/1/D9w27obqocEFDTdBIPGTWc0hJYs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/a80dbf-5cb4-4e26-adaf-68fe08622614/1/sKT8KvOK9bT1hh4n_QB-YktfmwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.222.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         20:23:49:63:b8:4f:cc:e7:4c:c7:5b:f3:ae:ca:0b:72:86:17:
         11:c1:27:17:0b:9a:54:d9:7e:33:b8:c2:c2:4d:51:c4:d1:ef:
         95:7e:6a:28:cb:36:96:c0:27:0b:ef:42:2c:e1:49:c1:54:02:
         07:67:a5:bb:35:3a:a6:2e:4c:a5:07:c1:f9:cc:b8:8d:30:9f:
         be:54:5b:65:67:b5:dc:bf:c5:6c:f1:c7:04:51:75:dd:cc:b6:
         92:d3:79:04:fb:dc:a3:ef:c8:f4:d6:34:6d:7b:d1:fe:75:3d:
         61:e4:ec:69:c4:81:91:5b:2c:24:16:fb:7b:c3:50:1c:5d:71:
         c9:91:e0:d9:7f:60:98:1a:a8:94:38:f7:bd:4f:4c:57:69:56:
         6d:a8:9b:64:f7:80:a3:eb:00:57:f3:09:ef:6b:ae:79:7c:b8:
         30:b7:88:f9:4a:ce:21:1b:00:50:ed:b9:03:fa:e2:2d:9a:1e:
         8a:cd:c5:ea:12:0e:83:af:a2:83:36:b9:a4:cd:03:65:bb:27:
         c7:0a:4e:cd:14:74:8f:2f:8d:74:05:5d:1e:02:36:0a:a5:94:
         1c:04:33:c0:60:4f:4f:94:9d:76:bc:a3:aa:f7:40:d9:61:e0:
         68:ed:8c:c0:72:18:b8:a2:65:bc:23:50:27:48:40:79:34:d2:
         0b:f5:4b:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87j7Y3AZdM4loZL85sBULMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwYTRmYzJhZjM4YWY1YjRmNTg2MWUyN2ZkMDA3ZTYyNGI1
ZjliMDIwHhcNMjYwMTAyMDQxOTA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmRjMzZlZTg2ZWFhMWMxMDUwZDM3NDEyMGYxOTM1OWNkMjEyNThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAww0xMoBrIb7vNEj8NKTYxFMqqjqT
ba56SYdTPl9ZY2B0DJzVBgfH5q4Amy+6POLCeFKofrDpMiJcjPSbjffqL+TjlsQ3
Motaf5HDOquF/3rxtf3IJ0coNvpmc5Mqa4bbAq4VSvxfmGOrx5BfR0OqVoHQJPJY
krtzy9veSiJsRifHejjRGD/Tr8Sr5t7yUrxaRM6Um+WeWWJ4Iwu/OCntowgFqTeo
xLGV9STbgGBfvcltzlFqHgQhwZQQBezXK1K3cP9sxX11FBl2V4okM8yJnBgkufue
/jB3g0yF8xKtSrwZCvS3EMF4glE7MqbxBCrIDWGjaMvpnSJPZVqWRW25wwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA/cNu6G6qHBBQ03QSDxk1nNISWLMB8GA1UdIwQY
MBaAFLCk/CrzivW09YYeJ/0AfmJLX5sCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0tUOEt2T0s5YlQxaGg0bl9RQi1Za3RmbXdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9hODBkYmYtNWNiNC00ZTI2LWFkYWYt
NjhmZTA4NjIyNjE0LzEvRDl3MjdvYnFvY0VGRFRkQklQR1RXYzBoSllzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9hODBkYmYtNWNiNC00ZTI2LWFkYWYtNjhmZTA4NjIyNjE0
LzEvc0tUOEt2T0s5YlQxaGg0bl9RQi1Za3RmbXdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCsN48MA0G
CSqGSIb3DQEBCwUAA4IBAQAgI0ljuE/M50zHW/OuygtyhhcRwScXC5pU2X4zuMLC
TVHE0e+VfmooyzaWwCcL70Is4UnBVAIHZ6W7NTqmLkylB8H5zLiNMJ++VFtlZ7Xc
v8Vs8ccEUXXdzLaS03kE+9yj78j01jRte9H+dT1h5OxpxIGRWywkFvt7w1AcXXHJ
keDZf2CYGqiUOPe9T0xXaVZtqJtk94Cj6wBX8wnva655fLgwt4j5Ss4hGwBQ7bkD
+uItmh6KzcXqEg6Dr6KDNrmkzQNluyfHCk7NFHSPL410BV0eAjYKpZQcBDPAYE9P
lJ12vKOq90DZYeBo7YzAchi4omW8I1AnSEB5NNIL9Ut6
-----END CERTIFICATE-----