This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/64ce8b-ff7a-4744-9712-d9730f5b5867/1/ev65uGpdeskGU8rxMwP9DGzY7yo.roa
File:                     ev65uGpdeskGU8rxMwP9DGzY7yo.roa (raw, json)
Hash identifier:          mm84YFZH+EnFHVYRA5O2XqnvCrusjCtnVPoVlpbhPxc=
Subject key identifier:   7A:FE:B9:B8:6A:5D:7A:C9:06:53:CA:F1:33:03:FD:0C:6C:D8:EF:2A
Certificate issuer:       /CN=a9d988d1df0a6ccab2e93614951059960bad4342
Certificate serial:       019B76EAC87A1A9A2BC10029044A68DBBF12
Authority key identifier: A9:D9:88:D1:DF:0A:6C:CA:B2:E9:36:14:95:10:59:96:0B:AD:43:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qdmI0d8KbMqy6TYUlRBZlgutQ0I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/64ce8b-ff7a-4744-9712-d9730f5b5867/1/ev65uGpdeskGU8rxMwP9DGzY7yo.roa
Signing time:             Thu 01 Jan 2026 00:17:36 +0000
ROA not before:           Thu 01 Jan 2026 00:17:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15557
IP address blocks:        129.104.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/64ce8b-ff7a-4744-9712-d9730f5b5867/1/qdmI0d8KbMqy6TYUlRBZlgutQ0I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/64ce8b-ff7a-4744-9712-d9730f5b5867/1/qdmI0d8KbMqy6TYUlRBZlgutQ0I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qdmI0d8KbMqy6TYUlRBZlgutQ0I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 21:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:c8:7a:1a:9a:2b:c1:00:29:04:4a:68:db:bf:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9d988d1df0a6ccab2e93614951059960bad4342
        Validity
            Not Before: Jan  1 00:17:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7afeb9b86a5d7ac90653caf13303fd0c6cd8ef2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:a3:bb:2e:34:00:fb:cf:cb:81:cb:d7:36:29:
                    a7:61:95:4b:4f:b1:74:ee:d4:fa:51:c6:f7:60:c7:
                    7e:db:e4:28:3e:f8:da:c6:b7:93:88:20:2f:16:0f:
                    b2:18:26:9a:5d:1f:0d:88:63:23:22:2c:98:63:ba:
                    5d:ea:41:b2:ad:13:98:12:3f:a4:df:d6:de:8f:d6:
                    ea:7c:ad:94:1a:2a:11:d1:08:7b:01:17:e8:87:92:
                    70:30:5f:73:08:7f:26:2f:b9:be:2c:2b:4e:16:aa:
                    a8:9b:e6:25:fc:6a:28:0a:7b:67:b4:d2:74:32:18:
                    d4:3f:79:93:b0:45:63:57:7a:54:7d:2b:b0:e2:bd:
                    13:e9:cf:c5:05:e0:f2:8f:a0:e4:4b:19:f7:93:5e:
                    51:20:e4:db:46:bc:4f:5c:a2:2b:cc:f9:8a:5e:c5:
                    bd:26:71:7c:a5:c5:e5:a5:87:00:6d:c4:db:e5:77:
                    b9:3d:a2:89:69:c8:8d:8d:2e:3b:01:81:7a:65:8f:
                    ae:c7:5e:d1:da:6a:29:b7:85:13:da:7b:c8:7b:59:
                    44:b4:b5:1c:9b:a4:aa:55:76:a0:ad:44:73:d1:c2:
                    a7:61:29:87:48:96:74:25:af:88:e0:50:fc:04:c0:
                    f7:22:eb:60:98:2c:67:28:7c:cb:37:c2:5f:e1:52:
                    71:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:FE:B9:B8:6A:5D:7A:C9:06:53:CA:F1:33:03:FD:0C:6C:D8:EF:2A
            X509v3 Authority Key Identifier:
                keyid:A9:D9:88:D1:DF:0A:6C:CA:B2:E9:36:14:95:10:59:96:0B:AD:43:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qdmI0d8KbMqy6TYUlRBZlgutQ0I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/64ce8b-ff7a-4744-9712-d9730f5b5867/1/ev65uGpdeskGU8rxMwP9DGzY7yo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/64ce8b-ff7a-4744-9712-d9730f5b5867/1/qdmI0d8KbMqy6TYUlRBZlgutQ0I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  129.104.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         98:e8:7c:ba:87:f1:61:eb:2b:f2:8a:5c:aa:a2:b1:4b:b1:c3:
         39:c1:45:76:dc:e0:26:0f:52:6c:a6:00:4a:16:71:3b:b7:fa:
         ea:72:8c:4d:c7:b0:31:f8:ae:80:0c:f6:6c:9a:38:c9:83:8e:
         3f:a0:89:55:ef:59:23:ac:1a:cb:c0:9d:da:3f:1d:e2:da:06:
         5a:cc:a9:5d:58:fd:67:42:6f:fa:d3:91:50:ac:72:d5:92:71:
         c7:7f:d2:9e:36:51:2f:8a:a8:2a:0c:33:09:cc:7c:5e:0e:a8:
         9b:b8:fa:d9:ae:89:30:76:b1:15:99:ab:47:5c:04:c4:ab:f0:
         5c:fe:78:da:0b:fe:d2:66:ed:8e:c7:f0:41:5f:b1:a6:81:d3:
         58:6f:d4:00:a1:ba:3e:51:6f:e3:7d:69:11:ca:72:61:86:cd:
         cb:62:6e:8c:5a:a3:e7:19:7c:0d:75:45:ae:e4:2a:d5:06:d2:
         74:74:cb:84:81:b9:4b:3f:aa:fc:a3:28:77:60:f8:6f:a3:f8:
         03:0b:56:59:a6:c3:e0:15:01:71:63:4d:d9:23:fd:8c:7e:38:
         7b:b8:1b:ba:d1:5e:9e:0f:b1:dd:5d:bd:22:52:61:6a:a8:22:
         6f:89:ac:db:1a:83:2c:30:7b:8a:16:cc:df:5c:9c:03:91:0e:
         5d:31:56:80
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZt26sh6GporwQApBEpo278SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5ZDk4OGQxZGYwYTZjY2FiMmU5MzYxNDk1MTA1OTk2MGJh
ZDQzNDIwHhcNMjYwMTAxMDAxNzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWZlYjliODZhNWQ3YWM5MDY1M2NhZjEzMzAzZmQwYzZjZDhlZjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh6O7LjQA+8/LgcvXNimnYZVLT7F0
7tT6Ucb3YMd+2+QoPvjaxreTiCAvFg+yGCaaXR8NiGMjIiyYY7pd6kGyrROYEj+k
39bej9bqfK2UGioR0Qh7ARfoh5JwMF9zCH8mL7m+LCtOFqqom+Yl/GooCntntNJ0
MhjUP3mTsEVjV3pUfSuw4r0T6c/FBeDyj6DkSxn3k15RIOTbRrxPXKIrzPmKXsW9
JnF8pcXlpYcAbcTb5Xe5PaKJaciNjS47AYF6ZY+ux17R2mopt4UT2nvIe1lEtLUc
m6SqVXagrURz0cKnYSmHSJZ0Ja+I4FD8BMD3IutgmCxnKHzLN8Jf4VJxcwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFHr+ubhqXXrJBlPK8TMD/Qxs2O8qMB8GA1UdIwQY
MBaAFKnZiNHfCmzKsuk2FJUQWZYLrUNCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWRtSTBkOEtiTXF5NlRZVWxSQlpsZ3V0UTBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi82NGNlOGItZmY3YS00NzQ0LTk3MTIt
ZDk3MzBmNWI1ODY3LzEvZXY2NXVHcGRlc2tHVThyeE13UDlER3pZN3lvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi82NGNlOGItZmY3YS00NzQ0LTk3MTItZDk3MzBmNWI1ODY3
LzEvcWRtSTBkOEtiTXF5NlRZVWxSQlpsZ3V0UTBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAgWgwDQYJ
KoZIhvcNAQELBQADggEBAJjofLqH8WHrK/KKXKqisUuxwznBRXbc4CYPUmymAEoW
cTu3+upyjE3HsDH4roAM9myaOMmDjj+giVXvWSOsGsvAndo/HeLaBlrMqV1Y/WdC
b/rTkVCsctWSccd/0p42US+KqCoMMwnMfF4OqJu4+tmuiTB2sRWZq0dcBMSr8Fz+
eNoL/tJm7Y7H8EFfsaaB01hv1AChuj5Rb+N9aRHKcmGGzctiboxao+cZfA11Ra7k
KtUG0nR0y4SBuUs/qvyjKHdg+G+j+AMLVlmmw+AVAXFjTdkj/Yx+OHu4G7rRXp4P
sd1dvSJSYWqoIm+JrNsagywwe4oWzN9cnAORDl0xVoA=
-----END CERTIFICATE-----