This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/9375a2-3e6f-4577-85d1-5f145cfd2070/1/kuiIDIypzpnRYSUj7glsmT4M63U.roa
File:                     kuiIDIypzpnRYSUj7glsmT4M63U.roa (raw, json)
Hash identifier:          AhvHWn0Zw078JqRJpm27EiFTVl5Aqm3ouDehrx0PfD8=
Subject key identifier:   92:E8:88:0C:8C:A9:CE:99:D1:61:25:23:EE:09:6C:99:3E:0C:EB:75
Certificate issuer:       /CN=00f4cc412cc30fb2f9f7c37c3e390bec5e6256b0
Certificate serial:       019B78354CB3D5433B93E4AE237A8D9E84DA
Authority key identifier: 00:F4:CC:41:2C:C3:0F:B2:F9:F7:C3:7C:3E:39:0B:EC:5E:62:56:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/APTMQSzDD7L598N8PjkL7F5iVrA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/9375a2-3e6f-4577-85d1-5f145cfd2070/1/kuiIDIypzpnRYSUj7glsmT4M63U.roa
Signing time:             Thu 01 Jan 2026 06:18:37 +0000
ROA not before:           Thu 01 Jan 2026 06:18:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8609
IP address blocks:        158.162.124.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/9375a2-3e6f-4577-85d1-5f145cfd2070/1/APTMQSzDD7L598N8PjkL7F5iVrA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/9375a2-3e6f-4577-85d1-5f145cfd2070/1/APTMQSzDD7L598N8PjkL7F5iVrA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/APTMQSzDD7L598N8PjkL7F5iVrA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:35:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:35:4c:b3:d5:43:3b:93:e4:ae:23:7a:8d:9e:84:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00f4cc412cc30fb2f9f7c37c3e390bec5e6256b0
        Validity
            Not Before: Jan  1 06:18:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=92e8880c8ca9ce99d1612523ee096c993e0ceb75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:b7:a8:b9:18:0c:87:a0:86:38:81:b5:af:79:
                    68:7a:9b:98:5c:b0:ae:2d:c0:bb:cb:6f:4b:b9:e2:
                    59:1a:14:77:98:f9:77:8f:9f:fc:13:c9:2d:ea:66:
                    54:0e:1e:ee:5a:c8:6b:6b:57:cb:ac:e0:0a:85:45:
                    c7:10:4d:c6:8a:ce:af:ba:ac:64:6f:3f:99:6e:82:
                    e5:f5:ab:ae:89:13:a8:5b:21:b9:ea:61:24:5e:36:
                    62:3c:de:05:2b:33:84:b5:63:c3:51:6f:c3:01:d2:
                    f9:d6:52:5d:fd:a1:8e:68:0e:24:3a:f2:0b:6c:1b:
                    70:ac:71:36:b8:2b:2d:30:e8:61:fa:43:c6:20:f9:
                    2f:eb:0c:08:55:95:5a:fb:e0:7b:d8:e9:86:0b:41:
                    d5:fd:e7:0b:09:dc:32:96:da:f6:d6:d8:94:98:82:
                    60:c9:3f:2e:5e:87:59:bf:be:be:d1:9a:d4:61:a9:
                    86:10:65:21:cf:ac:7c:49:bd:8c:f8:ce:b5:3b:54:
                    3f:8e:88:ef:1d:5c:6d:c2:9e:ac:4d:fa:d6:4b:e7:
                    68:0b:f8:e5:3f:e1:2b:2e:f1:54:af:68:0e:e6:35:
                    7d:1f:dd:95:d9:fd:3b:2c:72:2d:ca:34:83:6d:32:
                    c3:8c:aa:88:b4:ae:57:30:74:6f:a8:13:71:c2:eb:
                    2c:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:E8:88:0C:8C:A9:CE:99:D1:61:25:23:EE:09:6C:99:3E:0C:EB:75
            X509v3 Authority Key Identifier:
                keyid:00:F4:CC:41:2C:C3:0F:B2:F9:F7:C3:7C:3E:39:0B:EC:5E:62:56:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/APTMQSzDD7L598N8PjkL7F5iVrA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/9375a2-3e6f-4577-85d1-5f145cfd2070/1/kuiIDIypzpnRYSUj7glsmT4M63U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/9375a2-3e6f-4577-85d1-5f145cfd2070/1/APTMQSzDD7L598N8PjkL7F5iVrA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.162.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8a:0e:7a:85:ec:03:eb:c7:de:20:2e:9a:3d:20:65:23:67:8c:
         53:b8:ea:18:19:13:5c:7f:0a:c8:77:b2:5e:a6:7c:c0:39:f3:
         1a:9c:75:7b:45:dd:9f:1e:bf:a5:a3:e1:5c:f3:50:6e:02:32:
         86:12:fa:43:87:cd:69:6a:dd:eb:7b:2e:4e:cc:86:07:32:fb:
         01:f6:5d:c5:03:70:3b:a8:16:4e:f1:71:ad:67:df:4e:7d:a5:
         91:bc:79:af:b7:8d:94:79:94:90:53:7e:14:00:d4:9d:f7:98:
         81:0a:c1:4d:81:ae:fd:2d:1e:c2:a3:97:e1:27:1e:81:4e:8b:
         14:fa:ba:65:dd:47:fb:ff:40:6a:0a:22:70:e8:3f:53:69:ad:
         c1:36:0c:f3:8d:ed:ee:c9:d6:29:63:c3:e8:d7:0d:62:86:c0:
         bb:62:f0:49:48:ca:5b:50:e9:69:76:f5:70:9d:27:36:ca:f8:
         df:40:e6:1d:e3:92:c5:3a:be:16:92:2b:5a:49:e9:94:e8:23:
         85:b5:5b:b9:b8:1b:01:7b:ca:14:89:83:8e:ef:01:5f:36:e9:
         c5:53:75:f6:88:c5:f5:70:06:75:13:48:f7:e1:02:fe:cb:89:
         d5:ea:6b:ee:bf:c0:f1:6d:ae:e2:0c:3b:9b:5e:45:4e:62:57:
         5f:1a:50:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NUyz1UM7k+SuI3qNnoTaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwZjRjYzQxMmNjMzBmYjJmOWY3YzM3YzNlMzkwYmVjNWU2
MjU2YjAwHhcNMjYwMTAxMDYxODM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmU4ODgwYzhjYTljZTk5ZDE2MTI1MjNlZTA5NmM5OTNlMGNlYjc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAybeouRgMh6CGOIG1r3loepuYXLCu
LcC7y29LueJZGhR3mPl3j5/8E8kt6mZUDh7uWshra1fLrOAKhUXHEE3Gis6vuqxk
bz+ZboLl9auuiROoWyG56mEkXjZiPN4FKzOEtWPDUW/DAdL51lJd/aGOaA4kOvIL
bBtwrHE2uCstMOhh+kPGIPkv6wwIVZVa++B72OmGC0HV/ecLCdwyltr21tiUmIJg
yT8uXodZv76+0ZrUYamGEGUhz6x8Sb2M+M61O1Q/jojvHVxtwp6sTfrWS+doC/jl
P+ErLvFUr2gO5jV9H92V2f07LHItyjSDbTLDjKqItK5XMHRvqBNxwussfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJLoiAyMqc6Z0WElI+4JbJk+DOt1MB8GA1UdIwQY
MBaAFAD0zEEsww+y+ffDfD45C+xeYlawMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVBUTVFTekREN0w1OThOOFBqa0w3RjVpVnJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy85Mzc1YTItM2U2Zi00NTc3LTg1ZDEt
NWYxNDVjZmQyMDcwLzEva3VpSURJeXB6cG5SWVNVajdnbHNtVDRNNjNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy85Mzc1YTItM2U2Zi00NTc3LTg1ZDEtNWYxNDVjZmQyMDcw
LzEvQVBUTVFTekREN0w1OThOOFBqa0w3RjVpVnJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCnqJ8MA0G
CSqGSIb3DQEBCwUAA4IBAQCKDnqF7APrx94gLpo9IGUjZ4xTuOoYGRNcfwrId7Je
pnzAOfManHV7Rd2fHr+lo+Fc81BuAjKGEvpDh81pat3rey5OzIYHMvsB9l3FA3A7
qBZO8XGtZ99OfaWRvHmvt42UeZSQU34UANSd95iBCsFNga79LR7Co5fhJx6BTosU
+rpl3Uf7/0BqCiJw6D9Taa3BNgzzje3uydYpY8Po1w1ihsC7YvBJSMpbUOlpdvVw
nSc2yvjfQOYd45LFOr4WkitaSemU6COFtVu5uBsBe8oUiYOO7wFfNunFU3X2iMX1
cAZ1E0j34QL+y4nV6mvuv8Dxba7iDDubXkVOYldfGlDF
-----END CERTIFICATE-----