This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/256cb6-dc42-41a5-b920-24cba1c03c99/1/CDYJ5duT-YiN5vn4ue9hcM_s3OA.roa
File:                     CDYJ5duT-YiN5vn4ue9hcM_s3OA.roa (raw, json)
Hash identifier:          ZtL4bRFnSWFbHHuzOCLv1emqHa4TMbYiRtAD7J2vEiI=
Subject key identifier:   08:36:09:E5:DB:93:F9:88:8D:E6:F9:F8:B9:EF:61:70:CF:EC:DC:E0
Certificate issuer:       /CN=c9392c3276b243aff740a082c588fb73941ebbf7
Certificate serial:       019B7C803217E00ECD2E9B758D4C9741943C
Authority key identifier: C9:39:2C:32:76:B2:43:AF:F7:40:A0:82:C5:88:FB:73:94:1E:BB:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yTksMnayQ6_3QKCCxYj7c5Qeu_c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/256cb6-dc42-41a5-b920-24cba1c03c99/1/CDYJ5duT-YiN5vn4ue9hcM_s3OA.roa
Signing time:             Fri 02 Jan 2026 02:18:54 +0000
ROA not before:           Fri 02 Jan 2026 02:18:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49981
IP address blocks:        195.128.184.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/256cb6-dc42-41a5-b920-24cba1c03c99/1/yTksMnayQ6_3QKCCxYj7c5Qeu_c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/256cb6-dc42-41a5-b920-24cba1c03c99/1/yTksMnayQ6_3QKCCxYj7c5Qeu_c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yTksMnayQ6_3QKCCxYj7c5Qeu_c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 08:02:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:32:17:e0:0e:cd:2e:9b:75:8d:4c:97:41:94:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9392c3276b243aff740a082c588fb73941ebbf7
        Validity
            Not Before: Jan  2 02:18:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=083609e5db93f9888de6f9f8b9ef6170cfecdce0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:3b:84:0b:b7:b2:04:26:91:46:eb:08:2f:bb:
                    4d:d2:ba:b5:6c:30:89:d5:c0:9e:f1:65:bb:ce:36:
                    12:8a:78:c8:09:13:37:34:7c:ba:7e:71:d2:c4:04:
                    71:df:0c:e1:7b:12:43:de:a3:3d:c4:1a:16:79:de:
                    33:1d:ad:9f:84:5f:f1:2c:45:e6:c1:9e:8b:a1:0f:
                    2f:e3:62:b3:4e:29:03:04:ef:b8:b2:a8:ef:32:68:
                    6e:2e:28:be:b5:3e:e3:67:21:da:4d:e8:b3:6b:f1:
                    3e:70:5d:02:2b:d9:da:97:d4:ec:8f:95:95:b4:f3:
                    b3:65:7f:68:ea:74:3b:83:97:83:01:1d:80:73:53:
                    c7:6a:df:76:a7:93:19:b0:65:1a:f3:28:dc:a0:dd:
                    4c:4f:fe:60:23:8f:d4:4d:53:84:ba:78:65:71:dc:
                    bd:ea:84:eb:71:bb:cb:0c:e2:18:f2:db:2e:9a:1b:
                    0c:51:49:49:2e:af:b9:d3:c2:84:9f:60:73:55:bf:
                    12:18:58:5b:1d:f0:29:a2:53:31:16:0c:25:1f:3d:
                    53:a4:37:f3:2e:78:1a:d2:d2:14:c3:c4:f4:ee:78:
                    9e:89:f2:3b:99:fd:83:c5:2e:49:1e:33:45:9d:e4:
                    b9:28:75:cf:12:f1:23:17:60:aa:11:85:45:97:83:
                    49:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:36:09:E5:DB:93:F9:88:8D:E6:F9:F8:B9:EF:61:70:CF:EC:DC:E0
            X509v3 Authority Key Identifier:
                keyid:C9:39:2C:32:76:B2:43:AF:F7:40:A0:82:C5:88:FB:73:94:1E:BB:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yTksMnayQ6_3QKCCxYj7c5Qeu_c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/256cb6-dc42-41a5-b920-24cba1c03c99/1/CDYJ5duT-YiN5vn4ue9hcM_s3OA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/256cb6-dc42-41a5-b920-24cba1c03c99/1/yTksMnayQ6_3QKCCxYj7c5Qeu_c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.128.184.0/23

    Signature Algorithm: sha256WithRSAEncryption
         00:8c:1b:15:67:34:a8:52:2e:16:ad:5e:c7:7a:03:f0:3f:92:
         7b:0a:e7:3d:70:c4:3a:d9:cd:34:94:f1:39:96:02:d7:f2:8c:
         81:68:ba:70:8e:fd:f3:b9:6a:35:fc:a2:39:a2:33:15:6e:1d:
         18:e0:d3:93:6b:64:6d:5d:cf:d1:b3:ad:c8:28:64:9e:25:ce:
         c1:64:95:e7:d4:78:8c:e4:70:97:dd:be:41:76:3e:90:78:72:
         06:70:56:41:80:8f:75:5e:af:2b:94:ec:ef:59:04:d0:91:4c:
         24:db:d8:71:87:84:77:1e:7b:2c:28:6f:cf:e0:46:e7:4a:69:
         5c:72:16:73:39:65:91:d4:2e:4c:ca:d5:2f:a1:e5:51:47:98:
         11:81:76:6b:7d:86:a3:4b:8e:a1:2f:fa:5d:60:b6:ae:cf:20:
         67:3e:48:82:1f:d8:f5:c1:4c:08:6f:b3:bf:c0:f7:df:39:a4:
         89:2e:0a:6b:70:31:48:85:fb:0c:ca:61:56:24:08:b5:0a:f0:
         4d:ad:f9:9b:09:9a:31:ae:6b:50:41:b0:63:f4:af:a9:4f:87:
         fe:de:1e:ff:9b:bf:de:a3:e8:ff:13:d7:c9:f0:05:02:cb:fc:
         43:a6:44:d8:b7:c2:7f:45:1d:bd:67:f8:68:22:14:21:4c:0f:
         e4:68:21:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gDIX4A7NLpt1jUyXQZQ8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5MzkyYzMyNzZiMjQzYWZmNzQwYTA4MmM1ODhmYjczOTQx
ZWJiZjcwHhcNMjYwMTAyMDIxODU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODM2MDllNWRiOTNmOTg4OGRlNmY5ZjhiOWVmNjE3MGNmZWNkY2UwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnzuEC7eyBCaRRusIL7tN0rq1bDCJ
1cCe8WW7zjYSinjICRM3NHy6fnHSxARx3wzhexJD3qM9xBoWed4zHa2fhF/xLEXm
wZ6LoQ8v42KzTikDBO+4sqjvMmhuLii+tT7jZyHaTeiza/E+cF0CK9nal9Tsj5WV
tPOzZX9o6nQ7g5eDAR2Ac1PHat92p5MZsGUa8yjcoN1MT/5gI4/UTVOEunhlcdy9
6oTrcbvLDOIY8tsumhsMUUlJLq+508KEn2BzVb8SGFhbHfApolMxFgwlHz1TpDfz
Lnga0tIUw8T07nieifI7mf2DxS5JHjNFneS5KHXPEvEjF2CqEYVFl4NJywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAg2CeXbk/mIjeb5+LnvYXDP7NzgMB8GA1UdIwQY
MBaAFMk5LDJ2skOv90CggsWI+3OUHrv3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVRrc01uYXlRNl8zUUtDQ3hZajdjNVFldV9jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS8yNTZjYjYtZGM0Mi00MWE1LWI5MjAt
MjRjYmExYzAzYzk5LzEvQ0RZSjVkdVQtWWlONXZuNHVlOWhjTV9zM09BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS8yNTZjYjYtZGM0Mi00MWE1LWI5MjAtMjRjYmExYzAzYzk5
LzEveVRrc01uYXlRNl8zUUtDQ3hZajdjNVFldV9jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw4C4MA0G
CSqGSIb3DQEBCwUAA4IBAQAAjBsVZzSoUi4WrV7HegPwP5J7Cuc9cMQ62c00lPE5
lgLX8oyBaLpwjv3zuWo1/KI5ojMVbh0Y4NOTa2RtXc/Rs63IKGSeJc7BZJXn1HiM
5HCX3b5Bdj6QeHIGcFZBgI91Xq8rlOzvWQTQkUwk29hxh4R3HnssKG/P4EbnSmlc
chZzOWWR1C5MytUvoeVRR5gRgXZrfYajS46hL/pdYLauzyBnPkiCH9j1wUwIb7O/
wPffOaSJLgprcDFIhfsMymFWJAi1CvBNrfmbCZoxrmtQQbBj9K+pT4f+3h7/m7/e
o+j/E9fJ8AUCy/xDpkTYt8J/RR29Z/hoIhQhTA/kaCHa
-----END CERTIFICATE-----