This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/cac9c4-f9bb-46d4-bb62-475adf3aa7b1/1/O9do_tpuJS2IYg238tFeLgPwuLo.roa
File:                     O9do_tpuJS2IYg238tFeLgPwuLo.roa (raw, json)
Hash identifier:          inPkQd2M/OOC4cE+kZAGV36qocuoxkiJ2VIdZgql1s8=
Subject key identifier:   3B:D7:68:FE:DA:6E:25:2D:88:62:0D:B7:F2:D1:5E:2E:03:F0:B8:BA
Certificate issuer:       /CN=5e066de9829b761edce171e8ea3c5935e44f4e9a
Certificate serial:       019B7AC7D813322D618F733FF1CFA71C77E8
Authority key identifier: 5E:06:6D:E9:82:9B:76:1E:DC:E1:71:E8:EA:3C:59:35:E4:4F:4E:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XgZt6YKbdh7c4XHo6jxZNeRPTpo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/cac9c4-f9bb-46d4-bb62-475adf3aa7b1/1/O9do_tpuJS2IYg238tFeLgPwuLo.roa
Signing time:             Thu 01 Jan 2026 18:17:55 +0000
ROA not before:           Thu 01 Jan 2026 18:17:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     1299
IP address blocks:        194.120.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/cac9c4-f9bb-46d4-bb62-475adf3aa7b1/1/XgZt6YKbdh7c4XHo6jxZNeRPTpo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/cac9c4-f9bb-46d4-bb62-475adf3aa7b1/1/XgZt6YKbdh7c4XHo6jxZNeRPTpo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XgZt6YKbdh7c4XHo6jxZNeRPTpo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 21:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c7:d8:13:32:2d:61:8f:73:3f:f1:cf:a7:1c:77:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e066de9829b761edce171e8ea3c5935e44f4e9a
        Validity
            Not Before: Jan  1 18:17:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3bd768feda6e252d88620db7f2d15e2e03f0b8ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:33:82:85:f4:92:8d:39:9f:55:14:35:fe:80:
                    6b:d3:1c:43:bb:cb:e0:1f:49:bb:08:69:01:e5:17:
                    b7:91:26:65:00:77:bb:f5:ff:08:21:91:69:2a:fa:
                    3a:07:2d:81:98:de:a9:5d:f8:fe:46:d9:65:b7:12:
                    d9:d0:ae:ee:10:01:73:e4:c7:3e:cd:79:2d:35:42:
                    1f:48:c7:0f:fa:3d:15:44:9f:ee:e8:c9:9c:bf:dd:
                    a8:c0:e4:6c:11:f4:63:28:c1:c2:12:a9:bb:eb:2b:
                    40:03:6a:42:1d:b7:f8:91:44:a4:c6:b6:5b:4a:3f:
                    e6:01:12:03:ae:fb:87:c7:db:33:20:6c:8c:6c:13:
                    2a:65:18:64:1e:3d:2c:03:f5:83:72:12:de:ca:7e:
                    46:57:74:19:65:9c:a7:6d:c4:02:de:d1:79:78:cc:
                    ea:28:3e:f2:62:b2:b7:93:94:89:5a:ef:0f:90:ea:
                    50:8b:e4:52:a0:d1:71:cc:9f:9d:84:51:b5:5e:38:
                    7a:27:6a:83:70:2b:42:ed:77:6f:0e:53:d3:6d:ff:
                    f4:d6:1d:f8:35:03:72:dc:5c:ee:b6:77:03:11:8d:
                    f6:33:6e:2a:46:c8:2a:d8:71:f3:34:4b:d0:46:ac:
                    9e:75:ea:e5:80:18:e5:92:96:7b:dc:4e:d3:7e:dc:
                    27:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:D7:68:FE:DA:6E:25:2D:88:62:0D:B7:F2:D1:5E:2E:03:F0:B8:BA
            X509v3 Authority Key Identifier:
                keyid:5E:06:6D:E9:82:9B:76:1E:DC:E1:71:E8:EA:3C:59:35:E4:4F:4E:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XgZt6YKbdh7c4XHo6jxZNeRPTpo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/cac9c4-f9bb-46d4-bb62-475adf3aa7b1/1/O9do_tpuJS2IYg238tFeLgPwuLo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/cac9c4-f9bb-46d4-bb62-475adf3aa7b1/1/XgZt6YKbdh7c4XHo6jxZNeRPTpo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.120.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:20:f6:12:8e:98:07:7a:cd:52:8c:5b:6f:eb:d2:1d:7b:2d:
         b3:8b:68:97:49:b5:b4:35:00:24:df:67:4c:81:c7:f7:e1:3e:
         47:b1:d3:0a:d0:94:0a:8d:36:fe:21:e2:b7:92:f3:26:59:5d:
         5e:d6:a7:5c:bc:04:c6:7a:34:2a:a0:09:64:87:2d:a0:bd:61:
         67:fb:78:8b:e6:6f:16:cc:9e:1a:2c:69:33:95:c5:92:35:e4:
         6e:a9:f5:8a:be:bf:0b:e9:b5:e5:e0:4c:f6:bf:6a:03:79:3f:
         5c:52:7b:98:fa:a3:dd:2a:92:7c:d4:2c:5a:a2:4e:84:49:d6:
         91:13:b8:d8:da:47:26:6f:44:bd:60:e0:6d:7d:98:12:ec:33:
         a8:17:bd:71:82:63:47:2e:7f:b3:20:d8:32:8e:c1:2f:51:a6:
         e4:99:da:1f:ea:58:95:79:43:17:d6:53:50:10:bb:fc:03:fa:
         75:1b:68:51:e1:84:ae:af:d6:02:38:69:d8:48:98:97:38:3f:
         5f:30:01:33:2a:2f:bb:fe:48:3d:25:37:79:10:5e:2d:8b:cf:
         0f:23:43:28:21:2c:38:44:72:e1:70:e6:f8:46:8b:06:65:a5:
         1f:c0:7d:ce:9b:bd:e7:81:1b:d4:a7:1b:c7:af:9b:75:ee:12:
         86:d5:e0:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6x9gTMi1hj3M/8c+nHHfoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMDY2ZGU5ODI5Yjc2MWVkY2UxNzFlOGVhM2M1OTM1ZTQ0
ZjRlOWEwHhcNMjYwMTAxMTgxNzU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmQ3NjhmZWRhNmUyNTJkODg2MjBkYjdmMmQxNWUyZTAzZjBiOGJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlzOChfSSjTmfVRQ1/oBr0xxDu8vg
H0m7CGkB5Re3kSZlAHe79f8IIZFpKvo6By2BmN6pXfj+RtlltxLZ0K7uEAFz5Mc+
zXktNUIfSMcP+j0VRJ/u6Mmcv92owORsEfRjKMHCEqm76ytAA2pCHbf4kUSkxrZb
Sj/mARIDrvuHx9szIGyMbBMqZRhkHj0sA/WDchLeyn5GV3QZZZynbcQC3tF5eMzq
KD7yYrK3k5SJWu8PkOpQi+RSoNFxzJ+dhFG1Xjh6J2qDcCtC7XdvDlPTbf/01h34
NQNy3FzutncDEY32M24qRsgq2HHzNEvQRqyederlgBjlkpZ73E7TftwnRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDvXaP7abiUtiGINt/LRXi4D8Li6MB8GA1UdIwQY
MBaAFF4GbemCm3Ye3OFx6Oo8WTXkT06aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGdadDZZS2JkaDdjNFhIbzZqeFpOZVJQVHBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9jYWM5YzQtZjliYi00NmQ0LWJiNjIt
NDc1YWRmM2FhN2IxLzEvTzlkb190cHVKUzJJWWcyMzh0RmVMZ1B3dUxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9jYWM5YzQtZjliYi00NmQ0LWJiNjItNDc1YWRmM2FhN2Ix
LzEvWGdadDZZS2JkaDdjNFhIbzZqeFpOZVJQVHBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwnitMA0G
CSqGSIb3DQEBCwUAA4IBAQCAIPYSjpgHes1SjFtv69Idey2zi2iXSbW0NQAk32dM
gcf34T5HsdMK0JQKjTb+IeK3kvMmWV1e1qdcvATGejQqoAlkhy2gvWFn+3iL5m8W
zJ4aLGkzlcWSNeRuqfWKvr8L6bXl4Ez2v2oDeT9cUnuY+qPdKpJ81Cxaok6ESdaR
E7jY2kcmb0S9YOBtfZgS7DOoF71xgmNHLn+zINgyjsEvUabkmdof6liVeUMX1lNQ
ELv8A/p1G2hR4YSur9YCOGnYSJiXOD9fMAEzKi+7/kg9JTd5EF4ti88PI0MoISw4
RHLhcOb4RosGZaUfwH3Om73ngRvUpxvHr5t17hKG1eDz
-----END CERTIFICATE-----