This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/b9dc4c-643a-41b8-a459-2b518acb78f3/1/g7fYHM51W9swYseMkrEDa3soWXY.roa
File:                     g7fYHM51W9swYseMkrEDa3soWXY.roa (raw, json)
Hash identifier:          k9K4BHL4fbJsHQSn19Joe+3Hon27U4MZ6GclcBUO56E=
Subject key identifier:   83:B7:D8:1C:CE:75:5B:DB:30:62:C7:8C:92:B1:03:6B:7B:28:59:76
Certificate issuer:       /CN=74f9369c6e23c1bf0dbed301c7d00b4a3fdf0d04
Certificate serial:       019B78A27F8AF64C1BCD8BA7D79576D317F0
Authority key identifier: 74:F9:36:9C:6E:23:C1:BF:0D:BE:D3:01:C7:D0:0B:4A:3F:DF:0D:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dPk2nG4jwb8NvtMBx9ALSj_fDQQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/b9dc4c-643a-41b8-a459-2b518acb78f3/1/g7fYHM51W9swYseMkrEDa3soWXY.roa
Signing time:             Thu 01 Jan 2026 08:17:53 +0000
ROA not before:           Thu 01 Jan 2026 08:17:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     680
IP address blocks:        130.73.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/b9dc4c-643a-41b8-a459-2b518acb78f3/1/dPk2nG4jwb8NvtMBx9ALSj_fDQQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/b9dc4c-643a-41b8-a459-2b518acb78f3/1/dPk2nG4jwb8NvtMBx9ALSj_fDQQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dPk2nG4jwb8NvtMBx9ALSj_fDQQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 28 Jan 2026 00:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:7f:8a:f6:4c:1b:cd:8b:a7:d7:95:76:d3:17:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74f9369c6e23c1bf0dbed301c7d00b4a3fdf0d04
        Validity
            Not Before: Jan  1 08:17:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=83b7d81cce755bdb3062c78c92b1036b7b285976
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:a6:32:6f:59:4b:99:ea:97:34:0d:0d:51:57:
                    e4:bf:59:12:2b:18:63:13:f5:89:41:c3:04:73:9a:
                    a8:89:6e:1b:d7:3e:10:a7:36:c1:0c:bc:2f:62:56:
                    5f:dc:d6:26:06:7a:2d:a6:15:ed:e1:4a:0e:35:31:
                    bd:ba:a7:d6:5c:d9:93:a7:30:a8:b6:ee:c9:87:3e:
                    15:c7:9d:62:b6:f3:31:43:19:7f:85:c0:c8:2a:1a:
                    58:87:25:33:d0:47:84:9b:fa:7a:a0:ac:5c:f6:19:
                    0b:1f:5f:d3:84:19:39:30:8b:fd:d0:ca:05:e1:8e:
                    ec:52:02:23:4f:42:3d:ae:a5:f0:c9:12:b3:1d:0b:
                    7a:5a:08:3b:80:91:be:d9:1a:62:b5:df:91:f8:32:
                    24:bc:f6:39:3f:d4:80:35:9b:6e:35:6c:12:d5:aa:
                    bd:42:2d:81:ea:6b:51:15:12:e4:39:b0:ee:95:bc:
                    8f:a3:6b:06:78:f3:63:55:12:6d:44:ef:d5:93:a9:
                    a6:30:0c:10:73:1f:69:74:9e:65:1a:a2:92:2f:c3:
                    34:4f:ee:3e:89:53:72:e4:2d:4d:fa:75:13:e6:af:
                    36:b3:b2:09:fa:46:3c:74:94:62:91:5c:8f:fe:e4:
                    ca:1d:e9:08:a8:9e:29:2b:61:04:31:47:4a:75:c7:
                    55:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:B7:D8:1C:CE:75:5B:DB:30:62:C7:8C:92:B1:03:6B:7B:28:59:76
            X509v3 Authority Key Identifier:
                keyid:74:F9:36:9C:6E:23:C1:BF:0D:BE:D3:01:C7:D0:0B:4A:3F:DF:0D:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dPk2nG4jwb8NvtMBx9ALSj_fDQQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/b9dc4c-643a-41b8-a459-2b518acb78f3/1/g7fYHM51W9swYseMkrEDa3soWXY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/b9dc4c-643a-41b8-a459-2b518acb78f3/1/dPk2nG4jwb8NvtMBx9ALSj_fDQQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.73.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         65:da:88:96:97:e7:fe:e5:32:07:8d:52:ee:56:22:19:be:b0:
         70:3c:26:2d:20:cf:39:a2:d8:85:fe:56:57:70:2c:38:fb:54:
         dd:6d:a9:67:c4:7f:f0:59:af:c2:d7:8a:1a:29:44:a8:55:58:
         fd:5b:68:6d:0e:a3:82:9b:32:c2:2a:26:6c:4d:82:7d:a4:36:
         9c:0e:c6:66:1b:ba:89:cc:c1:91:bf:af:f1:6f:fa:18:0a:d0:
         8f:89:ab:c3:9f:86:33:2d:32:9b:67:fc:2d:ce:8c:ca:85:e2:
         84:47:40:44:8b:89:cb:99:f2:52:52:21:16:27:0c:88:06:fd:
         6e:d0:92:6b:80:1d:39:a9:43:d5:9b:3f:be:1b:5e:a2:44:2c:
         fa:db:cc:da:24:7e:c3:ea:fd:29:27:df:dc:53:3d:21:d6:7d:
         90:1e:bf:16:bc:44:89:1a:4f:1e:96:cb:3c:bd:5b:c9:e7:16:
         8c:3a:3b:df:a4:b4:68:b3:c0:67:81:b7:8b:50:3c:37:4e:94:
         6a:9b:79:e4:39:93:d8:b7:1a:31:17:5a:c8:7e:c3:0f:87:03:
         d8:9a:e3:49:fa:11:eb:b8:ff:07:5e:92:e8:f3:16:39:4f:bc:
         b3:b0:7c:e6:50:97:6f:ec:98:12:5f:b3:b3:7d:d5:fd:7a:17:
         ba:5d:77:e3
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZt4on+K9kwbzYun15V20xfwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0ZjkzNjljNmUyM2MxYmYwZGJlZDMwMWM3ZDAwYjRhM2Zk
ZjBkMDQwHhcNMjYwMTAxMDgxNzUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2I3ZDgxY2NlNzU1YmRiMzA2MmM3OGM5MmIxMDM2YjdiMjg1OTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuqYyb1lLmeqXNA0NUVfkv1kSKxhj
E/WJQcMEc5qoiW4b1z4QpzbBDLwvYlZf3NYmBnotphXt4UoONTG9uqfWXNmTpzCo
tu7Jhz4Vx51itvMxQxl/hcDIKhpYhyUz0EeEm/p6oKxc9hkLH1/ThBk5MIv90MoF
4Y7sUgIjT0I9rqXwyRKzHQt6Wgg7gJG+2Rpitd+R+DIkvPY5P9SANZtuNWwS1aq9
Qi2B6mtRFRLkObDulbyPo2sGePNjVRJtRO/Vk6mmMAwQcx9pdJ5lGqKSL8M0T+4+
iVNy5C1N+nUT5q82s7IJ+kY8dJRikVyP/uTKHekIqJ4pK2EEMUdKdcdV0wIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFIO32BzOdVvbMGLHjJKxA2t7KFl2MB8GA1UdIwQY
MBaAFHT5NpxuI8G/Db7TAcfQC0o/3w0EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFBrMm5HNGp3YjhOdnRNQng5QUxTal9mRFFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9iOWRjNGMtNjQzYS00MWI4LWE0NTkt
MmI1MThhY2I3OGYzLzEvZzdmWUhNNTFXOXN3WXNlTWtyRURhM3NvV1hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9iOWRjNGMtNjQzYS00MWI4LWE0NTktMmI1MThhY2I3OGYz
LzEvZFBrMm5HNGp3YjhOdnRNQng5QUxTal9mRFFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAgkkwDQYJ
KoZIhvcNAQELBQADggEBAGXaiJaX5/7lMgeNUu5WIhm+sHA8Ji0gzzmi2IX+Vldw
LDj7VN1tqWfEf/BZr8LXihopRKhVWP1baG0Oo4KbMsIqJmxNgn2kNpwOxmYbuonM
wZG/r/Fv+hgK0I+Jq8OfhjMtMptn/C3OjMqF4oRHQESLicuZ8lJSIRYnDIgG/W7Q
kmuAHTmpQ9WbP74bXqJELPrbzNokfsPq/Skn39xTPSHWfZAevxa8RIkaTx6Wyzy9
W8nnFow6O9+ktGizwGeBt4tQPDdOlGqbeeQ5k9i3GjEXWsh+ww+HA9ia40n6Eeu4
/wdekujzFjlPvLOwfOZQl2/smBJfs7N91f16F7pdd+M=
-----END CERTIFICATE-----