This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/9ISwYUi7o0XorNi13cgOTTeKwcE.roa
File:                     9ISwYUi7o0XorNi13cgOTTeKwcE.roa (raw, json)
Hash identifier:          0UWDROvZQLsK3YHs9elHmQnGUX2LukkDieskoFa2GX0=
Subject key identifier:   F4:84:B0:61:48:BB:A3:45:E8:AC:D8:B5:DD:C8:0E:4D:37:8A:C1:C1
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       019B7BA52A203DEBCB3D9F888512657AE028
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/9ISwYUi7o0XorNi13cgOTTeKwcE.roa
Signing time:             Thu 01 Jan 2026 22:19:40 +0000
ROA not before:           Thu 01 Jan 2026 22:19:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12756
IP address blocks:        212.72.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:2a:20:3d:eb:cb:3d:9f:88:85:12:65:7a:e0:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 22:19:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f484b06148bba345e8acd8b5ddc80e4d378ac1c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:74:a2:cf:f3:68:f7:49:73:e4:21:98:e4:c0:
                    9a:4f:a7:0c:f2:dd:c1:40:83:99:2e:32:76:ff:b7:
                    22:e6:b0:60:cc:92:01:85:da:7e:2d:04:84:9e:b5:
                    ce:c8:83:6e:b0:ad:68:3c:cf:86:74:36:bd:84:23:
                    17:c6:ae:c3:a7:fd:5a:d9:39:48:3a:bb:49:e5:50:
                    52:9f:ef:8b:ed:cc:a6:bd:ab:55:34:d8:95:a3:df:
                    9e:1b:f1:b5:a4:b3:a5:10:cb:6a:3a:df:85:86:82:
                    54:ce:90:ec:2c:2c:54:42:51:a4:ad:5f:4a:c2:3d:
                    10:92:38:30:f4:85:d6:34:d5:0e:72:1e:5f:04:54:
                    87:7f:60:53:4d:a3:a2:4a:e5:a6:65:01:f2:2d:38:
                    38:13:00:82:d9:5b:51:d5:4c:c6:74:71:d4:20:44:
                    8d:bf:d1:f8:c8:9d:d1:a4:c4:40:b8:72:d5:54:b9:
                    88:28:8d:8c:ec:38:5d:5c:c6:e0:66:c9:9c:a3:72:
                    6e:85:32:52:ad:bc:8a:5b:60:b3:20:32:86:ee:ad:
                    49:d2:fd:e3:70:7e:11:84:46:b8:49:b3:29:87:f8:
                    89:cb:b4:cf:16:a3:a5:71:1c:d2:52:c9:e9:24:3f:
                    db:3f:1c:94:6d:36:8b:50:3d:40:5d:67:7b:02:f0:
                    6e:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:84:B0:61:48:BB:A3:45:E8:AC:D8:B5:DD:C8:0E:4D:37:8A:C1:C1
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/9ISwYUi7o0XorNi13cgOTTeKwcE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.72.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:b4:11:f8:8c:b6:5e:dd:f8:d5:ac:3d:9c:48:1e:14:28:bd:
         a8:0c:48:94:b8:9e:73:9f:61:c1:e9:cf:67:fb:56:82:5d:27:
         2a:eb:ad:3e:87:12:08:84:87:55:5c:7a:f8:12:3a:91:31:a8:
         cc:c7:ed:d0:91:04:bc:c1:64:3a:8d:7f:b9:45:75:4e:04:78:
         7a:c6:62:20:1d:f5:f3:f0:5e:65:bb:74:7b:09:91:75:e6:41:
         39:c0:c9:7a:d1:dc:c1:99:01:0a:d5:d0:79:dc:43:f3:22:84:
         29:93:9b:bb:d0:8c:14:b5:8b:7f:32:22:c2:a3:aa:2f:0a:2f:
         17:21:e8:f9:f3:73:80:b9:5a:f2:78:1b:43:d9:22:8c:e9:e9:
         37:47:b2:20:cc:e8:03:07:0f:5a:23:c1:d5:0b:b8:69:dd:9d:
         ce:11:87:4c:0e:ee:1f:fa:16:ce:cd:a2:14:bf:59:de:45:57:
         2f:c6:eb:64:cd:a1:8b:67:42:e4:e9:72:6c:04:e6:73:47:d7:
         27:51:4b:34:c8:c8:1c:b4:7a:f1:c7:c1:dd:2a:5d:cf:1b:69:
         bd:e6:a5:bf:2f:11:98:c9:81:34:65:c0:8a:1a:ae:17:c0:aa:
         2e:aa:72:cb:e6:d0:3a:a0:6a:fc:9f:bc:21:34:f1:fb:7a:6d:
         19:52:6f:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pSogPevLPZ+IhRJleuAoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjYwMTAxMjIxOTQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDg0YjA2MTQ4YmJhMzQ1ZThhY2Q4YjVkZGM4MGU0ZDM3OGFjMWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2XSiz/No90lz5CGY5MCaT6cM8t3B
QIOZLjJ2/7ci5rBgzJIBhdp+LQSEnrXOyINusK1oPM+GdDa9hCMXxq7Dp/1a2TlI
OrtJ5VBSn++L7cymvatVNNiVo9+eG/G1pLOlEMtqOt+FhoJUzpDsLCxUQlGkrV9K
wj0Qkjgw9IXWNNUOch5fBFSHf2BTTaOiSuWmZQHyLTg4EwCC2VtR1UzGdHHUIESN
v9H4yJ3RpMRAuHLVVLmIKI2M7DhdXMbgZsmco3JuhTJSrbyKW2CzIDKG7q1J0v3j
cH4RhEa4SbMph/iJy7TPFqOlcRzSUsnpJD/bPxyUbTaLUD1AXWd7AvBuKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPSEsGFIu6NF6KzYtd3IDk03isHBMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvOUlTd1lVaTdvMFhvck5pMTNjZ09UVGVLd2NFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1EjNMA0G
CSqGSIb3DQEBCwUAA4IBAQBrtBH4jLZe3fjVrD2cSB4UKL2oDEiUuJ5zn2HB6c9n
+1aCXScq660+hxIIhIdVXHr4EjqRMajMx+3QkQS8wWQ6jX+5RXVOBHh6xmIgHfXz
8F5lu3R7CZF15kE5wMl60dzBmQEK1dB53EPzIoQpk5u70IwUtYt/MiLCo6ovCi8X
Iej583OAuVryeBtD2SKM6ek3R7IgzOgDBw9aI8HVC7hp3Z3OEYdMDu4f+hbOzaIU
v1neRVcvxutkzaGLZ0Lk6XJsBOZzR9cnUUs0yMgctHrxx8HdKl3PG2m95qW/LxGY
yYE0ZcCKGq4XwKouqnLL5tA6oGr8n7whNPH7em0ZUm+w
-----END CERTIFICATE-----