This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/psnLTq9oj0zoEtX755KpVPy0ws8.roa
File:                     psnLTq9oj0zoEtX755KpVPy0ws8.roa (raw, json)
Hash identifier:          8tn9lCYFdmG1BOJcqSY0wLhBU8frfgy5f/M7MDD6IgU=
Subject key identifier:   A6:C9:CB:4E:AF:68:8F:4C:E8:12:D5:FB:E7:92:A9:54:FC:B4:C2:CF
Certificate issuer:       /CN=4dd954d3c77c9c4e37eebf753d86f3dcf091d4a9
Certificate serial:       019B7BA35634B2C1424342A0181B5A75F5A5
Authority key identifier: 4D:D9:54:D3:C7:7C:9C:4E:37:EE:BF:75:3D:86:F3:DC:F0:91:D4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/psnLTq9oj0zoEtX755KpVPy0ws8.roa
Signing time:             Thu 01 Jan 2026 22:17:40 +0000
ROA not before:           Thu 01 Jan 2026 22:17:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20115
IP address blocks:        161.8.128.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 03:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:56:34:b2:c1:42:43:42:a0:18:1b:5a:75:f5:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd954d3c77c9c4e37eebf753d86f3dcf091d4a9
        Validity
            Not Before: Jan  1 22:17:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a6c9cb4eaf688f4ce812d5fbe792a954fcb4c2cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:2b:ed:6e:83:c6:b3:63:ef:25:f8:c9:24:64:
                    68:78:9b:e6:5e:a5:28:ca:98:84:97:96:d4:ce:aa:
                    0b:67:c5:1e:b3:82:07:21:13:66:75:5f:a2:10:ad:
                    b3:8b:56:be:f8:16:1c:2d:f0:e0:da:9d:9e:58:81:
                    a5:0f:dc:f7:e8:d8:aa:c1:32:56:b6:bc:e2:cf:b5:
                    29:a6:40:c1:37:52:d0:2b:91:cf:ee:84:2d:9c:24:
                    e3:f0:27:9f:72:1a:ca:fb:b0:b5:d0:f1:06:75:92:
                    9d:70:43:82:89:d9:74:3f:28:81:2b:af:7a:f7:36:
                    7e:91:eb:b4:21:e8:62:dc:93:5b:fd:d8:88:c4:0f:
                    25:ab:20:66:11:fc:9a:c4:d6:59:03:25:dc:ab:fd:
                    45:cb:6e:12:ad:06:2f:b0:54:82:7d:6a:5a:5d:2b:
                    98:18:a3:da:e9:de:19:c2:48:c5:a4:23:39:c1:5c:
                    a8:c7:2e:42:ce:a0:92:3b:0d:ee:4d:6b:e2:14:70:
                    b5:16:70:9c:68:76:6d:75:e1:ca:07:38:8a:15:38:
                    33:a0:4e:bd:d1:44:f0:b6:b1:4e:dc:fb:02:88:34:
                    3b:14:d0:6f:bd:d9:95:41:d5:e5:3f:74:ce:a1:e4:
                    50:2e:9c:0e:8c:32:74:b5:5b:84:2b:9b:61:fb:4f:
                    9c:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:C9:CB:4E:AF:68:8F:4C:E8:12:D5:FB:E7:92:A9:54:FC:B4:C2:CF
            X509v3 Authority Key Identifier:
                keyid:4D:D9:54:D3:C7:7C:9C:4E:37:EE:BF:75:3D:86:F3:DC:F0:91:D4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/psnLTq9oj0zoEtX755KpVPy0ws8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.8.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         71:62:69:8f:c3:20:98:c7:84:88:e9:a4:0f:f7:98:6f:b3:7c:
         78:73:aa:27:67:31:d5:a4:0b:b5:6f:2a:47:fb:9a:4a:e7:ec:
         67:37:07:2f:25:5d:e0:41:ac:50:61:15:d6:2f:78:57:07:07:
         a8:38:d3:fe:84:ba:e3:10:50:c8:e8:ff:35:c9:fa:3f:7f:83:
         1c:7a:91:79:72:b3:6d:1b:ab:ae:c0:30:f6:f3:e0:29:6f:c4:
         de:d7:73:45:d3:13:5c:70:8c:b3:ac:08:54:ce:4a:0b:db:b0:
         e4:96:25:eb:75:64:c3:e9:d0:85:f0:c7:2d:c6:48:be:da:7f:
         64:78:b5:00:a7:a6:ba:f2:7e:3d:0d:3b:52:82:14:10:6e:d1:
         6d:5e:3d:1c:c5:0e:76:ee:65:ff:6c:9e:f8:12:42:d9:aa:39:
         12:82:54:d0:64:0a:e9:52:3e:a6:3d:af:cc:4a:f0:b0:b7:35:
         49:aa:85:0e:75:d9:c3:48:89:85:7a:0d:fc:de:0a:6a:b0:d7:
         cc:a0:ea:69:f8:bd:38:d8:6f:cf:39:66:be:23:9c:d4:9b:76:
         c1:8a:94:4c:67:db:08:de:af:21:01:5c:ec:3b:0f:2d:c3:dd:
         5f:10:2d:2f:ea:d8:01:3f:22:9c:88:0a:72:ab:10:67:1f:68:
         c5:97:96:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7o1Y0ssFCQ0KgGBtadfWlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDk1NGQzYzc3YzljNGUzN2VlYmY3NTNkODZmM2RjZjA5
MWQ0YTkwHhcNMjYwMTAxMjIxNzQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmM5Y2I0ZWFmNjg4ZjRjZTgxMmQ1ZmJlNzkyYTk1NGZjYjRjMmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwSvtboPGs2PvJfjJJGRoeJvmXqUo
ypiEl5bUzqoLZ8Ues4IHIRNmdV+iEK2zi1a++BYcLfDg2p2eWIGlD9z36NiqwTJW
trziz7UppkDBN1LQK5HP7oQtnCTj8CefchrK+7C10PEGdZKdcEOCidl0PyiBK696
9zZ+keu0Iehi3JNb/diIxA8lqyBmEfyaxNZZAyXcq/1Fy24SrQYvsFSCfWpaXSuY
GKPa6d4ZwkjFpCM5wVyoxy5CzqCSOw3uTWviFHC1FnCcaHZtdeHKBziKFTgzoE69
0UTwtrFO3PsCiDQ7FNBvvdmVQdXlP3TOoeRQLpwOjDJ0tVuEK5th+0+c2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKbJy06vaI9M6BLV++eSqVT8tMLPMB8GA1UdIwQY
MBaAFE3ZVNPHfJxON+6/dT2G89zwkdSpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRsVTA4ZDhuRTQzN3I5MVBZYnozUENSMUtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC83YTJhOTktMTQ2Yy00NzgxLWEzMDIt
ZWI3YWFhNjgyOGJlLzEvcHNuTFRxOW9qMHpvRXRYNzU1S3BWUHkwd3M4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC83YTJhOTktMTQ2Yy00NzgxLWEzMDItZWI3YWFhNjgyOGJl
LzEvVGRsVTA4ZDhuRTQzN3I5MVBZYnozUENSMUtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFoQiAMA0G
CSqGSIb3DQEBCwUAA4IBAQBxYmmPwyCYx4SI6aQP95hvs3x4c6onZzHVpAu1bypH
+5pK5+xnNwcvJV3gQaxQYRXWL3hXBweoONP+hLrjEFDI6P81yfo/f4McepF5crNt
G6uuwDD28+Apb8Te13NF0xNccIyzrAhUzkoL27DkliXrdWTD6dCF8Mctxki+2n9k
eLUAp6a68n49DTtSghQQbtFtXj0cxQ527mX/bJ74EkLZqjkSglTQZArpUj6mPa/M
SvCwtzVJqoUOddnDSImFeg383gpqsNfMoOpp+L042G/POWa+I5zUm3bBipRMZ9sI
3q8hAVzsOw8tw91fEC0v6tgBPyKciApyqxBnH2jFl5Yn
-----END CERTIFICATE-----