This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/5b788e-f847-4df9-9334-964cca722f73/1/9QPcxbHpWgVOHRfj3NoPhiQ58EM.roa
File:                     9QPcxbHpWgVOHRfj3NoPhiQ58EM.roa (raw, json)
Hash identifier:          XHp5Hjfo/9X6W4BtkLuJfmSNkmSR4XZrHJ8I100zW0g=
Subject key identifier:   F5:03:DC:C5:B1:E9:5A:05:4E:1D:17:E3:DC:DA:0F:86:24:39:F0:43
Certificate issuer:       /CN=4cad185414c16ae5d229a8aa2bfa15fefc71a222
Certificate serial:       019B7BA3EECF1E3511DE109B9FB7965BB97A
Authority key identifier: 4C:AD:18:54:14:C1:6A:E5:D2:29:A8:AA:2B:FA:15:FE:FC:71:A2:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TK0YVBTBauXSKaiqK_oV_vxxoiI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/5b788e-f847-4df9-9334-964cca722f73/1/9QPcxbHpWgVOHRfj3NoPhiQ58EM.roa
Signing time:             Thu 01 Jan 2026 22:18:19 +0000
ROA not before:           Thu 01 Jan 2026 22:18:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     553
IP address blocks:        141.7.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/5b788e-f847-4df9-9334-964cca722f73/1/TK0YVBTBauXSKaiqK_oV_vxxoiI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/5b788e-f847-4df9-9334-964cca722f73/1/TK0YVBTBauXSKaiqK_oV_vxxoiI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TK0YVBTBauXSKaiqK_oV_vxxoiI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Feb 2026 21:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:ee:cf:1e:35:11:de:10:9b:9f:b7:96:5b:b9:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cad185414c16ae5d229a8aa2bfa15fefc71a222
        Validity
            Not Before: Jan  1 22:18:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f503dcc5b1e95a054e1d17e3dcda0f862439f043
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:0d:a6:e1:14:3f:43:0b:e7:7d:95:ed:05:97:
                    06:e2:7a:67:e8:46:5b:e7:74:af:7d:eb:f5:43:af:
                    9f:2a:8a:f4:50:79:d2:4a:71:6a:d2:70:5c:e3:1e:
                    ec:77:97:15:02:38:32:51:6f:f7:8e:25:ab:3b:d9:
                    67:fc:52:98:71:e6:b4:78:af:f1:f0:2e:f3:92:7e:
                    a9:45:e4:9b:9e:a5:1a:09:b9:28:a0:32:f4:56:1d:
                    35:d8:a5:cc:c0:05:c2:b3:44:ef:90:52:d1:38:98:
                    e2:38:96:1d:82:65:46:24:46:ba:f3:f9:a9:86:c4:
                    62:8f:54:7d:1f:96:4c:bf:67:2f:a2:92:98:65:ab:
                    1a:97:fb:b4:05:9f:73:60:f5:83:a2:19:2e:9d:ca:
                    4f:0f:56:87:0d:87:7f:e4:f8:22:7e:2e:de:63:37:
                    4c:b5:c5:ec:bf:a2:b2:59:b3:74:3a:16:38:04:ff:
                    32:63:61:4d:f8:7f:b3:1d:4e:e4:35:6b:9b:62:de:
                    10:4b:37:70:6f:db:12:3e:50:34:ae:d7:29:fb:d6:
                    e7:6f:97:5e:ec:67:ed:4b:80:ae:40:46:7f:e5:93:
                    2b:7b:f0:bd:95:03:a6:ea:d3:e1:99:7d:44:07:40:
                    f1:41:6d:14:5f:55:65:b8:f5:85:c1:ed:c7:73:ec:
                    5e:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:03:DC:C5:B1:E9:5A:05:4E:1D:17:E3:DC:DA:0F:86:24:39:F0:43
            X509v3 Authority Key Identifier:
                keyid:4C:AD:18:54:14:C1:6A:E5:D2:29:A8:AA:2B:FA:15:FE:FC:71:A2:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TK0YVBTBauXSKaiqK_oV_vxxoiI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/5b788e-f847-4df9-9334-964cca722f73/1/9QPcxbHpWgVOHRfj3NoPhiQ58EM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/5b788e-f847-4df9-9334-964cca722f73/1/TK0YVBTBauXSKaiqK_oV_vxxoiI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.7.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         10:f1:07:73:05:9d:55:cd:b9:25:1a:41:f4:b5:67:e3:82:53:
         34:d3:b2:c9:96:d7:b2:5d:b1:5b:f3:29:26:6b:4d:f1:fb:07:
         ea:22:43:63:d9:ed:9e:65:c7:e5:86:fb:dc:1b:ca:1e:0b:18:
         54:72:1a:a3:a7:4f:cb:29:16:29:cf:44:d8:b4:e3:a3:93:6e:
         02:36:ff:37:58:a6:ba:64:62:e7:41:49:f8:11:5f:cc:f6:7b:
         cb:a6:13:8a:02:73:0a:d3:be:f5:05:74:51:35:62:3a:cb:1c:
         df:80:87:6a:71:87:51:2c:f7:2d:b1:7b:7a:ce:5d:a8:6a:9d:
         c7:ce:80:af:74:5d:8c:d3:5f:3e:18:54:92:ef:c5:fc:b0:aa:
         a1:7c:fa:dc:f5:e7:29:64:cc:1a:ed:fb:c8:06:69:ac:33:36:
         72:07:e8:70:1e:b3:22:01:ca:bd:dc:1d:f2:4e:de:f1:77:98:
         03:f6:54:e4:d0:1f:90:38:36:e1:90:66:02:fd:22:31:73:78:
         95:58:9f:1e:16:5c:71:70:ac:ad:13:2c:89:80:64:b2:df:d8:
         84:0e:89:ce:55:6f:df:b8:0d:59:79:8e:39:89:ca:8d:f9:86:
         ff:d8:94:af:c4:1a:f2:75:07:36:7d:bf:65:0f:f5:9d:34:4c:
         5a:7c:87:b7
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZt7o+7PHjUR3hCbn7eWW7l6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjYWQxODU0MTRjMTZhZTVkMjI5YThhYTJiZmExNWZlZmM3
MWEyMjIwHhcNMjYwMTAxMjIxODE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTAzZGNjNWIxZTk1YTA1NGUxZDE3ZTNkY2RhMGY4NjI0MzlmMDQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuQ2m4RQ/QwvnfZXtBZcG4npn6EZb
53Svfev1Q6+fKor0UHnSSnFq0nBc4x7sd5cVAjgyUW/3jiWrO9ln/FKYcea0eK/x
8C7zkn6pReSbnqUaCbkooDL0Vh012KXMwAXCs0TvkFLROJjiOJYdgmVGJEa68/mp
hsRij1R9H5ZMv2cvopKYZasal/u0BZ9zYPWDohkuncpPD1aHDYd/5Pgifi7eYzdM
tcXsv6KyWbN0OhY4BP8yY2FN+H+zHU7kNWubYt4QSzdwb9sSPlA0rtcp+9bnb5de
7GftS4CuQEZ/5ZMre/C9lQOm6tPhmX1EB0DxQW0UX1VluPWFwe3Hc+xeYQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFPUD3MWx6VoFTh0X49zaD4YkOfBDMB8GA1UdIwQY
MBaAFEytGFQUwWrl0imoqiv6Ff78caIiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEswWVZCVEJhdVhTS2FpcUtfb1Zfdnh4b2lJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS81Yjc4OGUtZjg0Ny00ZGY5LTkzMzQt
OTY0Y2NhNzIyZjczLzEvOVFQY3hiSHBXZ1ZPSFJmajNOb1BoaVE1OEVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS81Yjc4OGUtZjg0Ny00ZGY5LTkzMzQtOTY0Y2NhNzIyZjcz
LzEvVEswWVZCVEJhdVhTS2FpcUtfb1Zfdnh4b2lJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjQcwDQYJ
KoZIhvcNAQELBQADggEBABDxB3MFnVXNuSUaQfS1Z+OCUzTTssmW17JdsVvzKSZr
TfH7B+oiQ2PZ7Z5lx+WG+9wbyh4LGFRyGqOnT8spFinPRNi046OTbgI2/zdYprpk
YudBSfgRX8z2e8umE4oCcwrTvvUFdFE1YjrLHN+Ah2pxh1Es9y2xe3rOXahqncfO
gK90XYzTXz4YVJLvxfywqqF8+tz15ylkzBrt+8gGaawzNnIH6HAesyIByr3cHfJO
3vF3mAP2VOTQH5A4NuGQZgL9IjFzeJVYnx4WXHFwrK0TLImAZLLf2IQOic5Vb9+4
DVl5jjmJyo35hv/YlK/EGvJ1BzZ9v2UP9Z00TFp8h7c=
-----END CERTIFICATE-----