This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/f251ed-5967-4ddd-932b-7d40b7c8fb01/1/0lIjaAWtUooPCjw9z9PIRARmkBs.roa
File:                     0lIjaAWtUooPCjw9z9PIRARmkBs.roa (raw, json)
Hash identifier:          sO74ZmU/4s1BoIcendr5mqxDbviNVo71E4p/VNutlgY=
Subject key identifier:   D2:52:23:68:05:AD:52:8A:0F:0A:3C:3D:CF:D3:C8:44:04:66:90:1B
Certificate issuer:       /CN=32a77427c03709b339a95b0ad9a4ac9d2c92c903
Certificate serial:       019B7B356BDB95CA37A12B6CFBE768EF1D63
Authority key identifier: 32:A7:74:27:C0:37:09:B3:39:A9:5B:0A:D9:A4:AC:9D:2C:92:C9:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mqd0J8A3CbM5qVsK2aSsnSySyQM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/f251ed-5967-4ddd-932b-7d40b7c8fb01/1/0lIjaAWtUooPCjw9z9PIRARmkBs.roa
Signing time:             Thu 01 Jan 2026 20:17:37 +0000
ROA not before:           Thu 01 Jan 2026 20:17:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56574
IP address blocks:        192.166.232.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/f251ed-5967-4ddd-932b-7d40b7c8fb01/1/Mqd0J8A3CbM5qVsK2aSsnSySyQM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/f251ed-5967-4ddd-932b-7d40b7c8fb01/1/Mqd0J8A3CbM5qVsK2aSsnSySyQM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mqd0J8A3CbM5qVsK2aSsnSySyQM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:6b:db:95:ca:37:a1:2b:6c:fb:e7:68:ef:1d:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32a77427c03709b339a95b0ad9a4ac9d2c92c903
        Validity
            Not Before: Jan  1 20:17:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d252236805ad528a0f0a3c3dcfd3c8440466901b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:fd:0c:a9:06:a3:4e:40:38:4f:f8:c7:38:e2:
                    09:82:71:12:cd:51:50:01:9a:cf:79:a3:f8:93:26:
                    a6:48:a0:5e:78:ef:01:b0:6d:50:5c:0d:4b:1b:55:
                    34:82:48:d6:4f:57:56:5f:3d:cd:b9:29:68:b8:da:
                    5a:89:16:dd:6b:12:e0:62:d8:1a:ec:0c:2b:3c:a9:
                    4e:e5:dd:57:97:08:71:22:1f:2b:c0:49:1c:a8:fd:
                    1a:b9:c4:9b:60:2a:4e:a7:17:a9:47:c1:14:9f:38:
                    4a:36:36:d7:42:bf:9c:05:69:55:9a:e8:6f:a3:b9:
                    04:63:e5:f5:f1:ed:ab:d2:91:de:e9:fd:18:90:fb:
                    64:76:82:29:c0:f8:e2:27:d9:7a:79:c7:9e:f2:c4:
                    96:43:4c:a7:d0:a0:c5:a5:fc:87:7a:51:58:21:93:
                    40:3e:fa:9b:28:54:23:55:7e:a3:82:c2:0b:ae:19:
                    d0:ab:3a:1b:7f:87:16:99:86:98:29:97:11:dd:09:
                    36:9b:79:dd:c4:1f:83:53:3c:57:7f:1f:87:c9:3c:
                    15:3f:6d:16:f8:52:80:7e:e9:0d:61:03:01:bf:ec:
                    33:c8:85:fe:49:53:c3:56:e6:ad:12:90:8f:39:ea:
                    62:09:d3:38:72:66:61:e4:25:7b:1d:b7:ba:06:fa:
                    d4:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:52:23:68:05:AD:52:8A:0F:0A:3C:3D:CF:D3:C8:44:04:66:90:1B
            X509v3 Authority Key Identifier:
                keyid:32:A7:74:27:C0:37:09:B3:39:A9:5B:0A:D9:A4:AC:9D:2C:92:C9:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mqd0J8A3CbM5qVsK2aSsnSySyQM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/f251ed-5967-4ddd-932b-7d40b7c8fb01/1/0lIjaAWtUooPCjw9z9PIRARmkBs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/f251ed-5967-4ddd-932b-7d40b7c8fb01/1/Mqd0J8A3CbM5qVsK2aSsnSySyQM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.166.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ae:f3:e7:a0:23:d0:7e:f9:e3:c4:d0:6a:05:18:e5:de:47:ec:
         81:15:f7:c6:8a:1e:ec:ac:2a:01:3d:8c:44:9d:f7:4e:45:96:
         f3:15:12:cc:94:c7:88:23:01:79:67:db:53:c9:11:07:82:30:
         f1:9b:52:63:f4:f7:80:c9:a8:e7:bb:24:c1:33:ef:d8:4c:98:
         a0:1f:10:73:1c:c5:27:fb:6b:b5:6c:3f:1b:ee:65:fc:98:9c:
         53:39:2d:82:2c:00:5e:a7:4b:6d:08:35:0f:8c:64:62:4d:95:
         32:2c:37:09:c4:ed:3d:d9:94:c9:4e:a1:45:79:ca:26:d6:dd:
         d8:23:68:10:2f:c8:a6:59:6e:00:fe:8e:fb:4e:eb:db:b5:c2:
         8f:88:3b:21:94:3a:4f:07:c6:f6:26:01:c9:e1:92:6d:6d:01:
         3a:53:7f:f9:82:d8:5a:24:96:b3:81:2c:fd:9c:12:c1:f8:6a:
         22:11:80:00:02:4c:75:f4:4a:58:b2:80:b2:1a:b3:65:bb:fb:
         17:dd:cd:c9:f8:93:69:c6:ad:d6:30:42:aa:51:a7:85:be:63:
         2e:8d:73:d6:1f:8b:d3:77:0a:ec:9a:3f:ab:88:3f:26:7f:cb:
         68:46:61:0f:b9:b0:8a:08:d5:e4:dc:07:90:8f:7e:aa:d7:8c:
         8c:8a:64:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NWvblco3oSts++do7x1jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyYTc3NDI3YzAzNzA5YjMzOWE5NWIwYWQ5YTRhYzlkMmM5
MmM5MDMwHhcNMjYwMTAxMjAxNzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjUyMjM2ODA1YWQ1MjhhMGYwYTNjM2RjZmQzYzg0NDA0NjY5MDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqf0MqQajTkA4T/jHOOIJgnESzVFQ
AZrPeaP4kyamSKBeeO8BsG1QXA1LG1U0gkjWT1dWXz3NuSlouNpaiRbdaxLgYtga
7AwrPKlO5d1XlwhxIh8rwEkcqP0aucSbYCpOpxepR8EUnzhKNjbXQr+cBWlVmuhv
o7kEY+X18e2r0pHe6f0YkPtkdoIpwPjiJ9l6ecee8sSWQ0yn0KDFpfyHelFYIZNA
PvqbKFQjVX6jgsILrhnQqzobf4cWmYaYKZcR3Qk2m3ndxB+DUzxXfx+HyTwVP20W
+FKAfukNYQMBv+wzyIX+SVPDVuatEpCPOepiCdM4cmZh5CV7Hbe6BvrUZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNJSI2gFrVKKDwo8Pc/TyEQEZpAbMB8GA1UdIwQY
MBaAFDKndCfANwmzOalbCtmkrJ0skskDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXFkMEo4QTNDYk01cVZzSzJhU3NuU3lTeVFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy9mMjUxZWQtNTk2Ny00ZGRkLTkzMmIt
N2Q0MGI3YzhmYjAxLzEvMGxJamFBV3RVb29QQ2p3OXo5UElSQVJta0JzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy9mMjUxZWQtNTk2Ny00ZGRkLTkzMmItN2Q0MGI3YzhmYjAx
LzEvTXFkMEo4QTNDYk01cVZzSzJhU3NuU3lTeVFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwKboMA0G
CSqGSIb3DQEBCwUAA4IBAQCu8+egI9B++ePE0GoFGOXeR+yBFffGih7srCoBPYxE
nfdORZbzFRLMlMeIIwF5Z9tTyREHgjDxm1Jj9PeAyajnuyTBM+/YTJigHxBzHMUn
+2u1bD8b7mX8mJxTOS2CLABep0ttCDUPjGRiTZUyLDcJxO092ZTJTqFFecom1t3Y
I2gQL8imWW4A/o77TuvbtcKPiDshlDpPB8b2JgHJ4ZJtbQE6U3/5gthaJJazgSz9
nBLB+GoiEYAAAkx19EpYsoCyGrNlu/sX3c3J+JNpxq3WMEKqUaeFvmMujXPWH4vT
dwrsmj+riD8mf8toRmEPubCKCNXk3AeQj36q14yMimQQ
-----END CERTIFICATE-----