This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/u0totAhTEmo6Dh8lKIzrzz7zrI4.roa
File:                     u0totAhTEmo6Dh8lKIzrzz7zrI4.roa (raw, json)
Hash identifier:          dB6supuTI73kkukZ2Y6W1d+w8n5woWlbkSQm99EFTrk=
Subject key identifier:   BB:4B:68:B4:08:53:12:6A:3A:0E:1F:25:28:8C:EB:CF:3E:F3:AC:8E
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       019B78344369575C2AB5D94DA44964B868EC
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/u0totAhTEmo6Dh8lKIzrzz7zrI4.roa
Signing time:             Thu 01 Jan 2026 06:17:29 +0000
ROA not before:           Thu 01 Jan 2026 06:17:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8075
IP address blocks:        192.71.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 05:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:43:69:57:5c:2a:b5:d9:4d:a4:49:64:b8:68:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  1 06:17:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bb4b68b40853126a3a0e1f25288cebcf3ef3ac8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:68:b3:6a:11:87:e7:f7:01:5e:4a:f7:e9:6f:
                    aa:56:79:d2:8b:aa:aa:70:b8:91:e5:f0:f3:86:d3:
                    f9:e8:c4:57:6a:f7:03:6f:1b:59:b0:52:02:7c:b2:
                    5d:63:60:a0:48:e9:78:a8:9e:5d:c5:11:b3:a9:a3:
                    2f:ef:36:fb:ba:29:f6:72:9b:b7:e8:3f:eb:dc:a7:
                    16:45:cd:84:e1:e1:f3:3c:20:bc:04:1e:b0:3d:ae:
                    df:50:0c:55:3e:46:db:58:ea:36:cc:c6:0d:b7:5a:
                    f6:13:2e:75:4c:11:b1:c8:1d:41:1c:dc:63:e0:59:
                    88:4d:3f:d4:2c:1f:1e:00:71:21:19:a1:83:65:58:
                    31:35:3d:05:69:ca:0a:61:8d:35:2d:6f:b0:e3:c5:
                    39:8d:e5:40:31:3f:32:1b:1d:21:06:40:82:6f:2a:
                    3c:e4:e5:eb:41:16:c9:c1:e5:bd:34:4a:37:fe:cf:
                    ba:bd:3a:1c:d3:f6:18:de:9e:1c:0b:89:1d:04:a2:
                    4f:d3:48:e9:70:f1:70:a4:10:44:dc:5d:d4:08:8c:
                    61:f6:87:4c:f0:bf:96:dd:0c:66:cb:c4:af:9b:36:
                    5b:49:61:67:9c:27:c7:3f:da:81:43:1d:0d:25:a5:
                    7a:3b:da:81:aa:5c:4f:e8:5b:bc:39:78:57:fe:ac:
                    a3:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:4B:68:B4:08:53:12:6A:3A:0E:1F:25:28:8C:EB:CF:3E:F3:AC:8E
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/u0totAhTEmo6Dh8lKIzrzz7zrI4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.71.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:c4:aa:86:bd:57:56:ab:7e:6f:69:14:8e:47:fa:cc:c2:d7:
         2f:42:e1:87:59:da:52:9e:37:3b:b8:10:3b:89:ae:d9:f1:90:
         b8:d2:10:45:a4:b2:5e:f8:12:48:60:50:7f:92:6f:a2:f4:6c:
         c6:f9:76:00:8d:95:f8:fc:b0:5c:3f:b4:0d:bc:6d:c9:d8:09:
         2e:a9:69:d9:58:a4:27:1a:08:80:73:20:48:7b:54:51:a4:a6:
         00:8c:4a:97:c2:aa:22:99:a4:95:2d:36:58:98:6f:e2:70:89:
         2e:45:c1:69:c9:99:3c:f9:59:20:a8:fe:22:4b:08:5d:bc:d6:
         11:5d:36:9c:e1:c6:61:b5:31:29:2e:b6:f0:7a:53:22:95:e0:
         cc:e6:b8:24:18:45:b4:56:ac:70:c1:c7:c6:a1:b8:39:a4:13:
         85:94:01:06:04:83:5b:e0:98:6e:9b:39:08:a8:4e:69:cc:86:
         be:68:18:38:41:ff:14:93:fc:bd:7c:ed:c3:dc:9a:ce:dd:e6:
         9f:c2:43:72:58:a1:d3:b0:7d:9d:00:2d:97:94:34:88:91:bf:
         8b:c1:29:9f:78:50:39:fa:92:6e:b0:cf:a4:79:b1:73:99:44:
         d1:ee:0d:78:c3:36:e2:39:67:d8:45:38:50:b6:3a:2b:7f:98:
         53:46:e3:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NENpV1wqtdlNpElkuGjsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjYwMTAxMDYxNzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjRiNjhiNDA4NTMxMjZhM2EwZTFmMjUyODhjZWJjZjNlZjNhYzhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn2izahGH5/cBXkr36W+qVnnSi6qq
cLiR5fDzhtP56MRXavcDbxtZsFICfLJdY2CgSOl4qJ5dxRGzqaMv7zb7uin2cpu3
6D/r3KcWRc2E4eHzPCC8BB6wPa7fUAxVPkbbWOo2zMYNt1r2Ey51TBGxyB1BHNxj
4FmITT/ULB8eAHEhGaGDZVgxNT0FacoKYY01LW+w48U5jeVAMT8yGx0hBkCCbyo8
5OXrQRbJweW9NEo3/s+6vToc0/YY3p4cC4kdBKJP00jpcPFwpBBE3F3UCIxh9odM
8L+W3Qxmy8SvmzZbSWFnnCfHP9qBQx0NJaV6O9qBqlxP6Fu8OXhX/qyjwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLtLaLQIUxJqOg4fJSiM688+86yOMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvdTB0b3RBaFRFbW82RGg4bEtJenJ6ejd6ckk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwEcpMA0G
CSqGSIb3DQEBCwUAA4IBAQCgxKqGvVdWq35vaRSOR/rMwtcvQuGHWdpSnjc7uBA7
ia7Z8ZC40hBFpLJe+BJIYFB/km+i9GzG+XYAjZX4/LBcP7QNvG3J2AkuqWnZWKQn
GgiAcyBIe1RRpKYAjEqXwqoimaSVLTZYmG/icIkuRcFpyZk8+VkgqP4iSwhdvNYR
XTac4cZhtTEpLrbwelMileDM5rgkGEW0VqxwwcfGobg5pBOFlAEGBINb4JhumzkI
qE5pzIa+aBg4Qf8Uk/y9fO3D3JrO3eafwkNyWKHTsH2dAC2XlDSIkb+LwSmfeFA5
+pJusM+kebFzmUTR7g14wzbiOWfYRThQtjorf5hTRuMz
-----END CERTIFICATE-----