This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/9e0f5e-8141-43c9-8f44-33ebab24bbb3/1/ny9j0kdOILJWp2147BBuq8zAUi4.roa
File:                     ny9j0kdOILJWp2147BBuq8zAUi4.roa (raw, json)
Hash identifier:          R/3Kz0+7hhy0EpV+pM7qwZ7FqiiZAGr/HoDJvTKAiaU=
Subject key identifier:   9F:2F:63:D2:47:4E:20:B2:56:A7:6D:78:EC:10:6E:AB:CC:C0:52:2E
Certificate issuer:       /CN=bb7d379c04f8175b35ef673d76c68e44c70e833f
Certificate serial:       019B7D5C1C09B5ADBC9725B4580C9A4292B4
Authority key identifier: BB:7D:37:9C:04:F8:17:5B:35:EF:67:3D:76:C6:8E:44:C7:0E:83:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u303nAT4F1s172c9dsaORMcOgz8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/9e0f5e-8141-43c9-8f44-33ebab24bbb3/1/ny9j0kdOILJWp2147BBuq8zAUi4.roa
Signing time:             Fri 02 Jan 2026 06:19:07 +0000
ROA not before:           Fri 02 Jan 2026 06:19:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35336
IP address blocks:        2.56.40.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/9e0f5e-8141-43c9-8f44-33ebab24bbb3/1/u303nAT4F1s172c9dsaORMcOgz8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/9e0f5e-8141-43c9-8f44-33ebab24bbb3/1/u303nAT4F1s172c9dsaORMcOgz8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u303nAT4F1s172c9dsaORMcOgz8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5c:1c:09:b5:ad:bc:97:25:b4:58:0c:9a:42:92:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb7d379c04f8175b35ef673d76c68e44c70e833f
        Validity
            Not Before: Jan  2 06:19:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9f2f63d2474e20b256a76d78ec106eabccc0522e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:3e:02:79:bb:71:bc:87:3e:44:92:56:75:a3:
                    a8:8e:06:dd:88:92:23:ca:35:1c:4b:cc:66:f8:0a:
                    a6:e2:53:16:9f:89:63:54:a7:0c:9d:3c:32:d5:d5:
                    22:57:fb:3b:d9:aa:24:55:c5:36:91:4a:42:76:5d:
                    03:3b:59:9c:4a:66:74:fa:76:2b:bd:ea:45:6a:a5:
                    ed:7c:5e:ef:e7:2f:4b:7b:34:02:a6:63:9a:1c:4c:
                    78:32:dc:49:80:08:6c:c4:ad:45:0b:9f:ba:bd:93:
                    c8:e6:2e:ae:b5:10:e5:38:7b:96:86:5d:74:67:07:
                    fa:81:61:a2:f7:fa:df:b1:15:7c:56:e5:5f:33:c0:
                    9e:cc:b1:3f:4b:9c:71:69:28:c2:7b:8b:a5:00:42:
                    ca:de:b6:77:2b:4c:cb:83:22:c0:8e:5a:a2:3e:7f:
                    56:ad:5c:5f:b2:3a:9c:e3:69:60:df:74:0b:0d:ba:
                    1d:cc:5b:ff:89:97:d1:00:0a:67:01:c8:95:a0:99:
                    6d:37:67:96:6d:c5:64:a7:e6:10:50:e4:92:15:34:
                    b7:ac:80:d4:7c:88:16:db:4a:e6:18:0b:5f:37:bb:
                    05:47:52:f3:ed:b2:6b:f0:04:ee:a5:4c:53:78:62:
                    ab:48:dd:cc:e6:3f:6c:89:e0:d0:e8:ed:7e:6f:f0:
                    64:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:2F:63:D2:47:4E:20:B2:56:A7:6D:78:EC:10:6E:AB:CC:C0:52:2E
            X509v3 Authority Key Identifier:
                keyid:BB:7D:37:9C:04:F8:17:5B:35:EF:67:3D:76:C6:8E:44:C7:0E:83:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u303nAT4F1s172c9dsaORMcOgz8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/9e0f5e-8141-43c9-8f44-33ebab24bbb3/1/ny9j0kdOILJWp2147BBuq8zAUi4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/9e0f5e-8141-43c9-8f44-33ebab24bbb3/1/u303nAT4F1s172c9dsaORMcOgz8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         90:e0:95:ea:bd:ec:ad:f7:36:1f:eb:5e:e4:56:04:00:94:36:
         a5:64:61:11:4c:08:b5:e2:20:33:fd:d7:c8:12:df:03:4d:3d:
         3f:fc:06:90:fb:65:04:8e:d1:95:29:dc:02:5a:c3:6a:f9:2b:
         0d:2f:9f:fa:fa:cd:8c:f0:17:93:61:a8:8b:90:32:8a:10:77:
         c9:36:07:85:28:6f:07:b8:35:44:c0:ef:94:ed:ba:4c:17:99:
         8f:a9:5e:14:ee:bc:0e:c2:69:82:6b:fb:43:6f:e4:1f:ae:a1:
         5e:48:a7:61:82:cd:3e:c7:ec:e9:5b:95:3d:15:f7:0a:70:60:
         85:7e:26:51:66:1e:be:d3:bb:0c:3e:f8:71:5e:0c:fe:52:6b:
         1e:b2:2a:71:e6:4e:9c:20:7f:9f:d4:76:7c:aa:39:3c:b9:f5:
         8e:c4:a2:d0:b4:b0:ab:b8:eb:e7:5d:9e:9e:df:42:a5:ab:61:
         c2:cc:c6:1b:97:4b:32:5e:db:06:1f:51:8a:b2:93:61:cd:87:
         48:05:0d:c0:9a:d3:7b:28:5c:5a:98:5c:2d:af:f7:24:da:2e:
         d2:b0:b3:fb:a7:d7:91:a4:c0:c6:dd:f8:3b:6f:5a:1b:a6:ae:
         bb:8b:2b:a2:51:a6:34:b4:0e:60:47:57:77:78:72:ed:3c:a1:
         1e:d2:21:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XBwJta28lyW0WAyaQpK0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiN2QzNzljMDRmODE3NWIzNWVmNjczZDc2YzY4ZTQ0Yzcw
ZTgzM2YwHhcNMjYwMTAyMDYxOTA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjJmNjNkMjQ3NGUyMGIyNTZhNzZkNzhlYzEwNmVhYmNjYzA1MjJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5D4CebtxvIc+RJJWdaOojgbdiJIj
yjUcS8xm+Aqm4lMWn4ljVKcMnTwy1dUiV/s72aokVcU2kUpCdl0DO1mcSmZ0+nYr
vepFaqXtfF7v5y9LezQCpmOaHEx4MtxJgAhsxK1FC5+6vZPI5i6utRDlOHuWhl10
Zwf6gWGi9/rfsRV8VuVfM8CezLE/S5xxaSjCe4ulAELK3rZ3K0zLgyLAjlqiPn9W
rVxfsjqc42lg33QLDbodzFv/iZfRAApnAciVoJltN2eWbcVkp+YQUOSSFTS3rIDU
fIgW20rmGAtfN7sFR1Lz7bJr8ATupUxTeGKrSN3M5j9sieDQ6O1+b/BkrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ8vY9JHTiCyVqdteOwQbqvMwFIuMB8GA1UdIwQY
MBaAFLt9N5wE+BdbNe9nPXbGjkTHDoM/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTMwM25BVDRGMXMxNzJjOWRzYU9STWNPZ3o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy85ZTBmNWUtODE0MS00M2M5LThmNDQt
MzNlYmFiMjRiYmIzLzEvbnk5ajBrZE9JTEpXcDIxNDdCQnVxOHpBVWk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy85ZTBmNWUtODE0MS00M2M5LThmNDQtMzNlYmFiMjRiYmIz
LzEvdTMwM25BVDRGMXMxNzJjOWRzYU9STWNPZ3o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCAjgoMA0G
CSqGSIb3DQEBCwUAA4IBAQCQ4JXqveyt9zYf617kVgQAlDalZGERTAi14iAz/dfI
Et8DTT0//AaQ+2UEjtGVKdwCWsNq+SsNL5/6+s2M8BeTYaiLkDKKEHfJNgeFKG8H
uDVEwO+U7bpMF5mPqV4U7rwOwmmCa/tDb+QfrqFeSKdhgs0+x+zpW5U9FfcKcGCF
fiZRZh6+07sMPvhxXgz+Umsesipx5k6cIH+f1HZ8qjk8ufWOxKLQtLCruOvnXZ6e
30Klq2HCzMYbl0syXtsGH1GKspNhzYdIBQ3AmtN7KFxamFwtr/ck2i7SsLP7p9eR
pMDG3fg7b1obpq67iyuiUaY0tA5gR1d3eHLtPKEe0iET
-----END CERTIFICATE-----