This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/sCsOXSLMbQ8l1xjhGKDAh_bDQ3I.roa
File:                     sCsOXSLMbQ8l1xjhGKDAh_bDQ3I.roa (raw, json)
Hash identifier:          sye8BZx/a3/y7XtA+DUw5m+6azVhEENsOM3c7DGdfBY=
Subject key identifier:   B0:2B:0E:5D:22:CC:6D:0F:25:D7:18:E1:18:A0:C0:87:F6:C3:43:72
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       019B7DCB7152669808A540A955D984FD1AEC
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/sCsOXSLMbQ8l1xjhGKDAh_bDQ3I.roa
Signing time:             Fri 02 Jan 2026 08:20:43 +0000
ROA not before:           Fri 02 Jan 2026 08:20:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60081
IP address blocks:        176.100.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:cb:71:52:66:98:08:a5:40:a9:55:d9:84:fd:1a:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Jan  2 08:20:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b02b0e5d22cc6d0f25d718e118a0c087f6c34372
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:ab:98:9b:01:73:40:c4:6a:f1:7e:c9:c8:10:
                    fb:07:a1:f5:a1:78:b6:b1:f9:e1:87:8d:be:05:90:
                    59:12:db:d1:aa:33:21:a8:11:1f:c3:17:0f:7c:69:
                    c1:8d:c3:88:28:b2:1f:4a:a3:b5:c2:57:4c:e6:1b:
                    e9:da:e4:4f:cf:cc:8b:f9:1a:9c:1a:21:98:ef:b4:
                    78:ed:ac:49:80:1b:8c:06:02:9c:2b:fa:05:67:27:
                    13:5e:27:da:01:3b:bf:a6:93:92:62:1e:ff:a5:40:
                    3b:8b:68:be:a6:b0:17:e4:2a:f2:6a:f5:0a:91:59:
                    73:73:57:a7:da:4c:83:95:7d:a5:ab:e7:ad:fd:cb:
                    76:c1:6f:97:f3:8c:dd:a0:89:b6:21:92:9c:33:f8:
                    a5:93:ff:67:a3:8f:d4:7f:fb:b6:f1:f0:c6:c0:0d:
                    6c:68:37:60:40:39:4d:3c:ff:f7:5a:28:ac:46:f5:
                    7f:c8:9d:c0:86:ec:44:b1:b5:1d:0a:9f:3b:ca:9f:
                    f6:f2:7f:f9:bb:f9:3e:54:b5:54:fd:ec:c4:3d:66:
                    dc:b9:c3:46:13:c1:d3:c7:ea:c3:60:e4:0b:8d:2e:
                    ce:c5:f8:7e:2e:db:b4:88:f0:b8:60:08:48:d1:b1:
                    6d:5d:41:1e:4f:70:37:e7:dc:eb:f7:58:ac:50:97:
                    75:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:2B:0E:5D:22:CC:6D:0F:25:D7:18:E1:18:A0:C0:87:F6:C3:43:72
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/sCsOXSLMbQ8l1xjhGKDAh_bDQ3I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.100.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:ab:85:a0:49:68:04:19:fb:fa:82:70:c4:b8:74:79:36:50:
         d3:e1:fb:15:83:82:c8:eb:e4:05:13:ac:a2:e6:ca:e5:48:5e:
         45:22:02:d1:9e:c7:4c:54:d7:4f:b2:83:35:9f:82:57:5f:69:
         b0:b5:97:12:2a:0d:d1:6b:7a:d5:fe:04:7e:fe:73:c5:3d:23:
         40:74:b5:7f:8a:be:3b:fe:77:91:94:ff:5f:4f:1e:a1:27:88:
         7b:17:e1:a4:5e:79:14:f8:90:ff:44:1b:93:8d:d8:4b:64:e0:
         e0:1c:5d:c4:b5:c8:92:fe:55:12:a2:c4:af:25:fe:58:e5:83:
         b2:e8:f2:9e:f2:fa:b0:c1:f7:db:2e:ec:8d:ca:78:e9:88:6e:
         e4:25:6c:09:6b:8a:02:06:2d:55:50:cd:ae:89:28:14:15:f1:
         1a:58:e8:3c:4f:be:71:5f:45:45:57:95:ed:16:14:c3:60:fc:
         cd:31:a5:a3:d6:1f:99:05:a9:81:7d:f1:ed:f4:ed:a4:13:8e:
         a4:3d:60:b1:46:9a:a4:ca:18:9c:16:f2:70:59:3a:78:76:21:
         55:33:0d:79:db:78:af:e8:91:cb:53:ce:9c:e9:3e:14:de:04:
         1d:86:f7:ce:cb:60:4c:27:31:83:3f:22:a6:3e:a5:63:c8:65:
         e6:40:40:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9y3FSZpgIpUCpVdmE/RrsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjYwMTAyMDgyMDQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDJiMGU1ZDIyY2M2ZDBmMjVkNzE4ZTExOGEwYzA4N2Y2YzM0MzcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA36uYmwFzQMRq8X7JyBD7B6H1oXi2
sfnhh42+BZBZEtvRqjMhqBEfwxcPfGnBjcOIKLIfSqO1wldM5hvp2uRPz8yL+Rqc
GiGY77R47axJgBuMBgKcK/oFZycTXifaATu/ppOSYh7/pUA7i2i+prAX5CryavUK
kVlzc1en2kyDlX2lq+et/ct2wW+X84zdoIm2IZKcM/ilk/9no4/Uf/u28fDGwA1s
aDdgQDlNPP/3WiisRvV/yJ3AhuxEsbUdCp87yp/28n/5u/k+VLVU/ezEPWbcucNG
E8HTx+rDYOQLjS7Oxfh+Ltu0iPC4YAhI0bFtXUEeT3A359zr91isUJd1JwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLArDl0izG0PJdcY4RigwIf2w0NyMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvc0NzT1hTTE1iUThsMXhqaEdLREFoX2JEUTNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsGQoMA0G
CSqGSIb3DQEBCwUAA4IBAQBMq4WgSWgEGfv6gnDEuHR5NlDT4fsVg4LI6+QFE6yi
5srlSF5FIgLRnsdMVNdPsoM1n4JXX2mwtZcSKg3Ra3rV/gR+/nPFPSNAdLV/ir47
/neRlP9fTx6hJ4h7F+GkXnkU+JD/RBuTjdhLZODgHF3EtciS/lUSosSvJf5Y5YOy
6PKe8vqwwffbLuyNynjpiG7kJWwJa4oCBi1VUM2uiSgUFfEaWOg8T75xX0VFV5Xt
FhTDYPzNMaWj1h+ZBamBffHt9O2kE46kPWCxRpqkyhicFvJwWTp4diFVMw1523iv
6JHLU86c6T4U3gQdhvfOy2BMJzGDPyKmPqVjyGXmQED5
-----END CERTIFICATE-----