This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/tXqsXErevO0NOogzbATIpWYvt2c.roa
File:                     tXqsXErevO0NOogzbATIpWYvt2c.roa (raw, json)
Hash identifier:          04RPOyDAN2W2dBa9D3heakDC0FMncGcbMhSugxpV5vw=
Subject key identifier:   B5:7A:AC:5C:4A:DE:BC:ED:0D:3A:88:33:6C:04:C8:A5:66:2F:B7:67
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       019B797EA2B4D2F96ADE1A84583EE9F4EA90
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/tXqsXErevO0NOogzbATIpWYvt2c.roa
Signing time:             Thu 01 Jan 2026 12:18:20 +0000
ROA not before:           Thu 01 Jan 2026 12:18:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     138997
IP address blocks:        45.9.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 Jan 2026 14:32:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:a2:b4:d2:f9:6a:de:1a:84:58:3e:e9:f4:ea:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 12:18:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b57aac5c4adebced0d3a88336c04c8a5662fb767
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:82:c2:12:31:95:44:6d:bd:f9:9d:ff:62:16:
                    9d:38:16:c9:ee:6e:07:d8:da:c7:cd:e8:8e:85:7f:
                    aa:ff:d6:24:c1:4a:8d:13:60:a5:8e:e0:51:6b:89:
                    a8:9d:c9:40:5d:9a:67:25:31:a3:51:ae:51:95:0f:
                    43:ab:20:e7:7e:db:4b:91:b3:ab:d6:71:17:1b:ca:
                    90:bf:b9:4c:d8:88:50:78:6b:ab:4c:76:1b:d9:f1:
                    cc:08:a6:b1:69:1a:41:5d:fa:d3:35:1c:07:f9:8f:
                    fb:ad:f8:f6:5c:a7:08:e9:34:42:44:b2:9f:9e:3e:
                    e1:3a:be:5d:e5:c6:ba:62:a3:9b:22:d7:1b:9c:e5:
                    5d:4e:70:84:fb:64:3c:dc:e1:ba:c2:8e:e3:fd:45:
                    2b:50:20:79:e8:a3:27:8c:c9:29:e3:1b:28:bf:14:
                    b9:bc:0c:2b:23:e4:44:f4:32:1c:af:7e:4b:06:cf:
                    62:7c:ec:58:3b:8f:53:44:a1:0e:98:3c:84:d3:d9:
                    73:f8:75:29:dd:f0:42:88:fa:4c:c8:ea:31:ae:1d:
                    27:d2:e7:3d:a8:5f:35:a5:f5:f3:28:f8:69:ad:19:
                    e9:2e:c3:68:15:7f:34:64:6a:36:f3:c2:31:4b:e6:
                    8f:b2:17:7c:5a:df:af:03:09:75:fb:31:25:f2:6e:
                    ff:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:7A:AC:5C:4A:DE:BC:ED:0D:3A:88:33:6C:04:C8:A5:66:2F:B7:67
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/tXqsXErevO0NOogzbATIpWYvt2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:ca:94:d2:50:7a:fc:ed:67:ab:6c:d9:ce:b0:5f:8d:a9:ae:
         83:ef:ae:7b:07:d3:24:ff:07:34:d3:a6:19:7b:49:b9:c8:92:
         cd:0d:ff:a7:d6:b0:52:21:af:24:3c:c9:b2:a7:5d:53:7a:97:
         f5:cc:b1:af:e2:94:d7:ed:ac:bf:7b:2d:c2:f9:22:e5:da:ad:
         48:cf:77:04:c6:08:4c:6d:a6:40:98:26:62:94:97:80:5e:64:
         7b:63:9d:74:b5:fe:e7:ba:83:8a:67:bd:51:4f:a6:d5:34:3e:
         8c:3f:ca:3f:c3:39:0a:91:8d:a7:f3:8b:22:37:ab:e5:78:29:
         3b:45:89:b2:31:5e:04:e2:2c:53:07:8c:fd:4f:67:b8:d7:a1:
         0b:b0:da:5c:63:e5:c8:1d:62:00:11:99:c2:71:59:d8:e3:ac:
         17:69:b4:4e:51:42:6f:f5:f4:10:a7:85:6b:33:a8:e8:ef:84:
         78:91:09:ec:2a:d0:61:4e:30:11:cd:77:97:a3:f5:d6:2c:8e:
         4e:b6:f7:78:a1:f3:b4:30:53:27:67:9c:fa:fc:46:be:6b:0b:
         52:22:59:ce:df:bb:9a:cf:ce:f8:8f:e8:a3:0c:c9:7b:d6:8e:
         f6:e1:6f:a0:87:08:e8:b8:0f:17:12:27:c9:b3:15:96:e0:3c:
         e1:15:c1:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fqK00vlq3hqEWD7p9OqQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjYwMTAxMTIxODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTdhYWM1YzRhZGViY2VkMGQzYTg4MzM2YzA0YzhhNTY2MmZiNzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmILCEjGVRG29+Z3/YhadOBbJ7m4H
2NrHzeiOhX+q/9YkwUqNE2CljuBRa4monclAXZpnJTGjUa5RlQ9DqyDnfttLkbOr
1nEXG8qQv7lM2IhQeGurTHYb2fHMCKaxaRpBXfrTNRwH+Y/7rfj2XKcI6TRCRLKf
nj7hOr5d5ca6YqObItcbnOVdTnCE+2Q83OG6wo7j/UUrUCB56KMnjMkp4xsovxS5
vAwrI+RE9DIcr35LBs9ifOxYO49TRKEOmDyE09lz+HUp3fBCiPpMyOoxrh0n0uc9
qF81pfXzKPhprRnpLsNoFX80ZGo288IxS+aPshd8Wt+vAwl1+zEl8m7/VQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLV6rFxK3rztDTqIM2wEyKVmL7dnMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvdFhxc1hFcmV2TzBOT29nemJBVElwV1l2dDJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQkIMA0G
CSqGSIb3DQEBCwUAA4IBAQCMypTSUHr87WerbNnOsF+Nqa6D7657B9Mk/wc006YZ
e0m5yJLNDf+n1rBSIa8kPMmyp11Tepf1zLGv4pTX7ay/ey3C+SLl2q1Iz3cExghM
baZAmCZilJeAXmR7Y510tf7nuoOKZ71RT6bVND6MP8o/wzkKkY2n84siN6vleCk7
RYmyMV4E4ixTB4z9T2e416ELsNpcY+XIHWIAEZnCcVnY46wXabROUUJv9fQQp4Vr
M6jo74R4kQnsKtBhTjARzXeXo/XWLI5Otvd4ofO0MFMnZ5z6/Ea+awtSIlnO37ua
z874j+ijDMl71o724W+ghwjouA8XEifJsxWW4DzhFcHe
-----END CERTIFICATE-----