This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/1-k-OrZcb2huNJwPgHKsTcR6Zb_w.roa
File:                     1-k-OrZcb2huNJwPgHKsTcR6Zb_w.roa (raw, json)
Hash identifier:          9S+snep7ZwacdKPNQLcAeZ799xDEbsa5ZdezscXaIcE=
Subject key identifier:   FA:4F:8E:AD:97:1B:DA:1B:8D:27:03:E0:1C:AB:13:71:1E:99:6F:FC
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       019B7AC7956EAE6BECCB9373944A57CB5A06
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/1-k-OrZcb2huNJwPgHKsTcR6Zb_w.roa
Signing time:             Thu 01 Jan 2026 18:17:38 +0000
ROA not before:           Thu 01 Jan 2026 18:17:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57494
IP address blocks:        85.209.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c7:95:6e:ae:6b:ec:cb:93:73:94:4a:57:cb:5a:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Jan  1 18:17:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fa4f8ead971bda1b8d2703e01cab13711e996ffc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:0e:82:d9:2b:64:67:41:e6:8e:0d:78:6d:98:
                    c4:c4:f2:26:70:e2:d8:39:71:11:40:85:ea:5d:7f:
                    95:7e:ad:6e:da:9d:d7:db:4e:c2:72:33:a3:a6:27:
                    62:b5:94:67:d9:24:d5:bb:c1:86:65:01:f0:de:b6:
                    6e:c5:49:ea:ac:a7:c5:95:5d:99:1d:d7:7e:03:74:
                    7f:11:d5:ae:71:ba:14:f4:8c:e2:a0:8f:8c:5f:3d:
                    e2:91:05:8f:84:dc:c6:3e:3d:f8:1d:e6:20:fe:6e:
                    dd:08:85:8e:e1:99:10:98:d2:98:e1:5b:bd:29:b4:
                    13:e6:c7:13:12:70:07:58:ea:61:23:8b:9e:ca:b9:
                    73:44:be:7a:ff:67:91:b3:d6:fc:6f:a6:a5:44:2f:
                    94:9e:d4:0e:14:9a:04:29:df:7a:89:8a:09:b8:59:
                    b3:2b:75:11:b1:99:cf:91:04:b8:2e:d2:a7:f1:00:
                    a9:4f:39:c4:13:97:1f:b5:58:1f:b0:16:84:ab:40:
                    a6:22:0e:55:3a:41:27:5a:ad:b3:84:75:27:a8:96:
                    d4:64:be:d2:7f:66:38:3b:0c:b9:ca:2f:1d:8f:77:
                    01:7e:24:ac:37:2a:83:f7:62:be:50:db:7f:f4:6a:
                    e7:70:25:87:13:6d:36:4a:a5:6b:6f:df:20:08:b8:
                    d0:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:4F:8E:AD:97:1B:DA:1B:8D:27:03:E0:1C:AB:13:71:1E:99:6F:FC
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/1-k-OrZcb2huNJwPgHKsTcR6Zb_w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:b8:6d:f7:7a:7b:f9:38:c8:25:01:dc:cd:40:3f:69:0c:6b:
         33:9c:bc:b8:12:5d:b8:d9:e7:8e:5f:bb:94:4d:aa:7e:8a:ed:
         8b:43:c4:0a:3f:38:d3:c7:26:14:e4:a9:18:76:10:b0:4f:3e:
         37:26:23:b2:c3:40:5b:cb:57:bb:5f:54:06:53:b3:2e:0c:d3:
         ae:e9:c3:a0:38:96:47:7d:61:05:35:4e:26:ef:c6:fe:db:74:
         87:10:6b:ef:37:e8:ab:91:83:4b:53:ba:f6:ec:29:c4:a4:ee:
         7a:19:c6:30:e8:89:03:32:d8:8b:44:84:07:bb:2c:d2:d2:bf:
         ff:72:c0:42:06:36:45:3c:86:10:8a:80:0d:a8:24:e0:98:1d:
         43:47:aa:fe:1c:2d:db:25:14:02:c2:3b:21:3c:c1:13:ce:c8:
         7a:70:e3:92:50:7c:8b:2e:4c:b0:da:a7:3c:8e:d6:59:10:97:
         be:75:20:1d:7c:45:db:ae:9d:6c:f8:44:07:9a:c1:ea:76:fb:
         16:22:a4:cc:ea:72:9c:9a:b0:1d:43:e9:d0:d8:76:29:41:ef:
         c3:79:e5:ae:81:e5:47:be:30:86:45:e4:ca:e1:95:1d:d5:f0:
         c6:3f:cd:de:18:c0:b2:59:b9:f5:54:a4:ec:4e:04:6e:f9:0d:
         38:52:e6:1f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt6x5Vurmvsy5NzlEpXy1oGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjYwMTAxMTgxNzM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTRmOGVhZDk3MWJkYTFiOGQyNzAzZTAxY2FiMTM3MTFlOTk2ZmZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuw6C2StkZ0Hmjg14bZjExPImcOLY
OXERQIXqXX+Vfq1u2p3X207CcjOjpiditZRn2STVu8GGZQHw3rZuxUnqrKfFlV2Z
Hdd+A3R/EdWucboU9IzioI+MXz3ikQWPhNzGPj34HeYg/m7dCIWO4ZkQmNKY4Vu9
KbQT5scTEnAHWOphI4ueyrlzRL56/2eRs9b8b6alRC+UntQOFJoEKd96iYoJuFmz
K3URsZnPkQS4LtKn8QCpTznEE5cftVgfsBaEq0CmIg5VOkEnWq2zhHUnqJbUZL7S
f2Y4Owy5yi8dj3cBfiSsNyqD92K+UNt/9GrncCWHE202SqVrb98gCLjQUwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPpPjq2XG9objScD4ByrE3EemW/8MB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvMS1rLU9yWmNiMmh1Tkp3UGdIS3NUY1I2WmJfdy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjUvOTk5Yjk3LWM3MzEtNDE5Mi04NWYxLTU3MzcwMWM4NDgz
My8xL1lpTGh3cVV4VXpTMmJZRDNqVnRRdEM1SUM1dy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFXRCTAN
BgkqhkiG9w0BAQsFAAOCAQEAuLht93p7+TjIJQHczUA/aQxrM5y8uBJduNnnjl+7
lE2qforti0PECj8408cmFOSpGHYQsE8+NyYjssNAW8tXu19UBlOzLgzTrunDoDiW
R31hBTVOJu/G/tt0hxBr7zfoq5GDS1O69uwpxKTuehnGMOiJAzLYi0SEB7ss0tK/
/3LAQgY2RTyGEIqADagk4JgdQ0eq/hwt2yUUAsI7ITzBE87IenDjklB8iy5MsNqn
PI7WWRCXvnUgHXxF266dbPhEB5rB6nb7FiKkzOpynJqwHUPp0Nh2KUHvw3nlroHl
R74whkXkyuGVHdXwxj/N3hjAslm59VSk7E4EbvkNOFLmHw==
-----END CERTIFICATE-----