This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/9NcRRgQm3L4JYs2aRWjdSlL_piw.roa
File:                     9NcRRgQm3L4JYs2aRWjdSlL_piw.roa (raw, json)
Hash identifier:          jGJ66KJC3sxqtNqAKPMq6D359A202+HqXS+z4Dd12GE=
Subject key identifier:   F4:D7:11:46:04:26:DC:BE:09:62:CD:9A:45:68:DD:4A:52:FF:A6:2C
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       019B76EAB1C220C0B40B817B123EAFDB4CDB
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/9NcRRgQm3L4JYs2aRWjdSlL_piw.roa
Signing time:             Thu 01 Jan 2026 00:17:30 +0000
ROA not before:           Thu 01 Jan 2026 00:17:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5065
IP address blocks:        45.9.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 06:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:b1:c2:20:c0:b4:0b:81:7b:12:3e:af:db:4c:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan  1 00:17:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f4d711460426dcbe0962cd9a4568dd4a52ffa62c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:18:9f:11:c2:1d:8a:11:63:70:6e:0f:8f:51:
                    63:db:83:c6:64:bd:2c:4b:31:da:89:c0:0a:3a:d5:
                    88:2f:81:f4:a1:d6:5b:f2:b1:44:79:ca:be:e0:9a:
                    ce:8f:00:d0:b7:a6:bd:5e:1f:91:9c:26:9b:76:2b:
                    08:a9:2d:00:5e:d6:71:27:a2:cb:ee:70:1f:63:24:
                    48:81:13:99:e5:65:73:7e:66:b1:68:f9:56:3c:d5:
                    74:d3:e4:38:de:14:ac:0a:27:a5:27:9d:54:de:64:
                    35:73:5e:15:53:5c:ab:38:d6:cb:db:0a:0d:5c:38:
                    25:f9:59:7a:0d:49:6f:ba:52:e3:9d:1e:85:f0:8b:
                    67:34:15:c2:e6:19:22:a1:de:ce:02:cb:7e:27:72:
                    96:af:e1:7d:fd:cd:69:b8:b7:ee:f3:00:e5:3b:56:
                    4d:ea:66:11:39:2e:10:c3:eb:6d:56:4d:a0:3d:32:
                    37:e2:44:aa:bc:1e:a7:c6:3a:74:4c:0c:71:c8:a0:
                    7c:11:9c:f0:86:82:17:d3:6e:36:75:09:39:01:21:
                    b8:c8:32:65:90:56:f3:1f:9a:49:cb:11:7f:89:75:
                    fe:65:99:4c:fc:cd:96:04:dc:44:e1:2e:57:5e:b2:
                    7c:01:4a:4f:b0:ca:76:d4:d0:32:b0:77:a4:5f:56:
                    7e:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:D7:11:46:04:26:DC:BE:09:62:CD:9A:45:68:DD:4A:52:FF:A6:2C
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/9NcRRgQm3L4JYs2aRWjdSlL_piw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:3d:f7:c8:43:4d:f8:67:0f:78:bb:c7:21:75:78:33:38:46:
         75:90:26:82:5e:10:c8:f3:c2:6f:3c:1f:fd:e8:57:71:fd:2f:
         c7:fe:72:9d:76:06:5f:86:4c:c3:9a:37:b6:76:5f:c9:ed:50:
         02:94:a0:66:fc:6b:c8:57:a0:ab:e8:8e:61:90:80:f3:e1:60:
         bf:76:5a:23:a8:9b:ea:ae:8b:4b:92:a2:7b:6d:11:8c:5a:93:
         f9:6e:13:14:9b:2f:7a:00:8a:25:f7:bb:1d:ec:27:ba:d3:1b:
         83:a7:ab:f2:c6:ab:59:e8:c6:b0:81:40:e7:f1:69:6b:a3:55:
         45:76:5e:88:04:e6:98:44:94:25:45:88:65:a5:20:80:55:2a:
         bb:93:8a:b8:d3:1e:4a:ca:2d:c7:dd:b8:6f:d1:58:0a:4c:25:
         0f:8a:3a:e2:f3:b7:37:b9:b9:1d:09:7b:78:ae:48:03:75:97:
         49:96:7f:d0:49:cf:b3:81:dd:43:f3:04:b9:74:d1:85:87:ce:
         2c:d0:85:c8:d0:84:46:e3:e2:09:ad:79:cd:2e:95:22:94:37:
         35:de:1e:2e:46:d4:eb:53:e9:73:b9:7f:4a:d8:d5:3c:c8:d8:
         e9:77:8b:a3:33:e1:ca:66:28:19:1f:c5:c1:a0:aa:67:2a:ba:
         54:24:9c:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26rHCIMC0C4F7Ej6v20zbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjYwMTAxMDAxNzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGQ3MTE0NjA0MjZkY2JlMDk2MmNkOWE0NTY4ZGQ0YTUyZmZhNjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxBifEcIdihFjcG4Pj1Fj24PGZL0s
SzHaicAKOtWIL4H0odZb8rFEecq+4JrOjwDQt6a9Xh+RnCabdisIqS0AXtZxJ6LL
7nAfYyRIgROZ5WVzfmaxaPlWPNV00+Q43hSsCielJ51U3mQ1c14VU1yrONbL2woN
XDgl+Vl6DUlvulLjnR6F8ItnNBXC5hkiod7OAst+J3KWr+F9/c1puLfu8wDlO1ZN
6mYROS4Qw+ttVk2gPTI34kSqvB6nxjp0TAxxyKB8EZzwhoIX0242dQk5ASG4yDJl
kFbzH5pJyxF/iXX+ZZlM/M2WBNxE4S5XXrJ8AUpPsMp21NAysHekX1Z+4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPTXEUYEJty+CWLNmkVo3UpS/6YsMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvOU5jUlJnUW0zTDRKWXMyYVJXamRTbExfcGl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQkDMA0G
CSqGSIb3DQEBCwUAA4IBAQBKPffIQ034Zw94u8chdXgzOEZ1kCaCXhDI88JvPB/9
6Fdx/S/H/nKddgZfhkzDmje2dl/J7VAClKBm/GvIV6Cr6I5hkIDz4WC/dlojqJvq
rotLkqJ7bRGMWpP5bhMUmy96AIol97sd7Ce60xuDp6vyxqtZ6MawgUDn8Wlro1VF
dl6IBOaYRJQlRYhlpSCAVSq7k4q40x5Kyi3H3bhv0VgKTCUPijri87c3ubkdCXt4
rkgDdZdJln/QSc+zgd1D8wS5dNGFh84s0IXI0IRG4+IJrXnNLpUilDc13h4uRtTr
U+lzuX9K2NU8yNjpd4ujM+HKZigZH8XBoKpnKrpUJJwh
-----END CERTIFICATE-----