This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/77c074-da25-45e8-9d26-54c16b9cc118/1/9TRe-gsjU-dBjQcuZ-q4l2bvRSs.roa
File:                     9TRe-gsjU-dBjQcuZ-q4l2bvRSs.roa (raw, json)
Hash identifier:          vjau9AsLLlQGPYiXCLnW5ln7ueUy3Cz4DJl167eyp+Q=
Subject key identifier:   F5:34:5E:FA:0B:23:53:E7:41:8D:07:2E:67:EA:B8:97:66:EF:45:2B
Certificate issuer:       /CN=66719ec516f11540da4c4e7e4b7f5b377d9fd25b
Certificate serial:       019B7CEE6DDEB9C092AEA1685C5E8C1A3E12
Authority key identifier: 66:71:9E:C5:16:F1:15:40:DA:4C:4E:7E:4B:7F:5B:37:7D:9F:D2:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZnGexRbxFUDaTE5-S39bN32f0ls.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/77c074-da25-45e8-9d26-54c16b9cc118/1/9TRe-gsjU-dBjQcuZ-q4l2bvRSs.roa
Signing time:             Fri 02 Jan 2026 04:19:18 +0000
ROA not before:           Fri 02 Jan 2026 04:19:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8685
IP address blocks:        91.195.138.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/77c074-da25-45e8-9d26-54c16b9cc118/1/ZnGexRbxFUDaTE5-S39bN32f0ls.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/77c074-da25-45e8-9d26-54c16b9cc118/1/ZnGexRbxFUDaTE5-S39bN32f0ls.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZnGexRbxFUDaTE5-S39bN32f0ls.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 04:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ee:6d:de:b9:c0:92:ae:a1:68:5c:5e:8c:1a:3e:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66719ec516f11540da4c4e7e4b7f5b377d9fd25b
        Validity
            Not Before: Jan  2 04:19:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f5345efa0b2353e7418d072e67eab89766ef452b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:7e:68:4c:fb:e0:e8:6a:c0:53:e5:f2:be:40:
                    d7:36:79:49:b0:0a:bb:12:3b:18:2a:c7:41:b3:19:
                    2c:b4:41:8f:78:4e:8a:94:f9:e2:6c:90:1e:03:6a:
                    5b:02:b5:4c:71:fc:84:8d:bd:71:7f:aa:d0:b3:f4:
                    ed:f5:76:a7:d3:2e:b8:b7:cf:da:b1:73:2a:06:bd:
                    ea:02:a5:0d:7a:49:09:dc:5b:c3:77:fd:f1:00:f5:
                    c1:f4:d1:30:a5:fa:40:25:d0:66:6d:38:59:7b:db:
                    c6:26:48:9c:fe:bc:e6:35:43:c0:6b:57:f7:22:12:
                    ff:ea:60:00:43:14:b1:14:8e:40:82:53:11:84:53:
                    1d:34:33:91:74:e7:f8:b7:c7:c3:42:0b:14:62:46:
                    01:8a:f1:d2:ae:17:da:bf:d9:01:68:5e:9d:16:4c:
                    3b:33:e7:9f:df:1e:b7:dc:e9:e4:31:dd:88:91:c4:
                    c0:50:a6:c1:3e:82:fc:c3:d3:95:b6:26:98:23:e6:
                    e5:6b:83:f9:97:b1:7a:c7:3d:2f:a8:6a:0c:4a:db:
                    14:66:30:83:54:31:48:4d:b0:a0:91:0d:e8:3f:bf:
                    8c:ac:70:8a:d8:6b:34:60:c0:00:dc:c0:f3:5e:f3:
                    91:62:b3:aa:ae:0a:1b:d3:de:d5:b0:34:42:14:ff:
                    39:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:34:5E:FA:0B:23:53:E7:41:8D:07:2E:67:EA:B8:97:66:EF:45:2B
            X509v3 Authority Key Identifier:
                keyid:66:71:9E:C5:16:F1:15:40:DA:4C:4E:7E:4B:7F:5B:37:7D:9F:D2:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZnGexRbxFUDaTE5-S39bN32f0ls.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/77c074-da25-45e8-9d26-54c16b9cc118/1/9TRe-gsjU-dBjQcuZ-q4l2bvRSs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/77c074-da25-45e8-9d26-54c16b9cc118/1/ZnGexRbxFUDaTE5-S39bN32f0ls.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.195.138.0/23

    Signature Algorithm: sha256WithRSAEncryption
         87:e1:58:18:b1:f2:b6:8c:c4:3e:c2:d8:8f:e3:6b:2b:55:94:
         ae:2a:62:d8:bb:e5:1f:db:e6:34:53:57:f9:bf:bd:ca:7a:67:
         b3:af:ea:4c:c4:a1:28:b4:d5:39:83:22:12:38:4d:0c:98:13:
         31:29:0a:c3:6a:98:05:14:d1:0c:d6:c3:c1:93:6c:f9:07:1b:
         1a:33:68:26:62:0d:ed:cb:1d:48:be:17:44:eb:5d:b3:6b:30:
         2b:4e:e4:9e:0f:11:08:2e:1a:73:56:86:ea:1f:35:c9:1d:f9:
         cb:29:5c:c4:ad:33:fe:e0:a3:ff:15:c3:9b:28:f3:27:84:e7:
         41:b1:cd:3c:d0:67:a9:23:3f:05:26:b1:f9:b7:63:9f:b2:ab:
         bd:f4:26:3c:85:b5:79:9f:58:7e:c0:72:7f:15:25:a4:f0:85:
         62:ba:7e:47:f7:fd:ff:7d:b1:30:21:81:e6:d6:4b:9e:d1:bf:
         15:ff:95:47:c6:3a:0d:77:68:7d:9e:69:f2:cc:09:0c:c9:c7:
         32:f8:83:52:71:11:97:bf:1a:29:e0:ae:9b:86:4a:14:a8:fe:
         db:77:09:2c:6e:bf:73:17:df:cf:14:c3:0b:38:c6:bf:61:56:
         d7:05:8d:5d:3d:ba:bf:bb:97:c6:a1:c8:a1:16:0b:6a:02:49:
         5d:5a:11:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87m3eucCSrqFoXF6MGj4SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NzE5ZWM1MTZmMTE1NDBkYTRjNGU3ZTRiN2Y1YjM3N2Q5
ZmQyNWIwHhcNMjYwMTAyMDQxOTE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTM0NWVmYTBiMjM1M2U3NDE4ZDA3MmU2N2VhYjg5NzY2ZWY0NTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvX5oTPvg6GrAU+XyvkDXNnlJsAq7
EjsYKsdBsxkstEGPeE6KlPnibJAeA2pbArVMcfyEjb1xf6rQs/Tt9Xan0y64t8/a
sXMqBr3qAqUNekkJ3FvDd/3xAPXB9NEwpfpAJdBmbThZe9vGJkic/rzmNUPAa1f3
IhL/6mAAQxSxFI5AglMRhFMdNDORdOf4t8fDQgsUYkYBivHSrhfav9kBaF6dFkw7
M+ef3x633OnkMd2IkcTAUKbBPoL8w9OVtiaYI+bla4P5l7F6xz0vqGoMStsUZjCD
VDFITbCgkQ3oP7+MrHCK2Gs0YMAA3MDzXvORYrOqrgob097VsDRCFP85rwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPU0XvoLI1PnQY0HLmfquJdm70UrMB8GA1UdIwQY
MBaAFGZxnsUW8RVA2kxOfkt/Wzd9n9JbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWm5HZXhSYnhGVURhVEU1LVMzOWJOMzJmMGxzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC83N2MwNzQtZGEyNS00NWU4LTlkMjYt
NTRjMTZiOWNjMTE4LzEvOVRSZS1nc2pVLWRCalFjdVotcTRsMmJ2UlNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC83N2MwNzQtZGEyNS00NWU4LTlkMjYtNTRjMTZiOWNjMTE4
LzEvWm5HZXhSYnhGVURhVEU1LVMzOWJOMzJmMGxzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW8OKMA0G
CSqGSIb3DQEBCwUAA4IBAQCH4VgYsfK2jMQ+wtiP42srVZSuKmLYu+Uf2+Y0U1f5
v73Kemezr+pMxKEotNU5gyISOE0MmBMxKQrDapgFFNEM1sPBk2z5BxsaM2gmYg3t
yx1IvhdE612zazArTuSeDxEILhpzVobqHzXJHfnLKVzErTP+4KP/FcObKPMnhOdB
sc080GepIz8FJrH5t2Ofsqu99CY8hbV5n1h+wHJ/FSWk8IViun5H9/3/fbEwIYHm
1kue0b8V/5VHxjoNd2h9nmnyzAkMyccy+INScRGXvxop4K6bhkoUqP7bdwksbr9z
F9/PFMMLOMa/YVbXBY1dPbq/u5fGocihFgtqAkldWhEs
-----END CERTIFICATE-----