This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/31d2ed-8e2f-4fa9-83ca-70405e3528af/1/9pt3MDCay7srVLLtOW6VihLRgqg.roa
File:                     9pt3MDCay7srVLLtOW6VihLRgqg.roa (raw, json)
Hash identifier:          t8waBrYlHxhkv2G7wxFbB2b8tWVcdcespy2BiSBs4U8=
Subject key identifier:   F6:9B:77:30:30:9A:CB:BB:2B:54:B2:ED:39:6E:95:8A:12:D1:82:A8
Certificate issuer:       /CN=76e2ba5cc150b353cbd34b9f045ea0509740844d
Certificate serial:       019B7F833668DC68C9F8AF3BFD1A028BA6ED
Authority key identifier: 76:E2:BA:5C:C1:50:B3:53:CB:D3:4B:9F:04:5E:A0:50:97:40:84:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/duK6XMFQs1PL00ufBF6gUJdAhE0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/31d2ed-8e2f-4fa9-83ca-70405e3528af/1/9pt3MDCay7srVLLtOW6VihLRgqg.roa
Signing time:             Fri 02 Jan 2026 16:21:04 +0000
ROA not before:           Fri 02 Jan 2026 16:21:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200069
IP address blocks:        185.211.120.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/31d2ed-8e2f-4fa9-83ca-70405e3528af/1/duK6XMFQs1PL00ufBF6gUJdAhE0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/31d2ed-8e2f-4fa9-83ca-70405e3528af/1/duK6XMFQs1PL00ufBF6gUJdAhE0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/duK6XMFQs1PL00ufBF6gUJdAhE0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 16:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:83:36:68:dc:68:c9:f8:af:3b:fd:1a:02:8b:a6:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76e2ba5cc150b353cbd34b9f045ea0509740844d
        Validity
            Not Before: Jan  2 16:21:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f69b7730309acbbb2b54b2ed396e958a12d182a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:84:c0:28:7c:a0:d0:04:9f:32:cb:43:57:10:
                    b1:58:82:40:ce:1c:03:0e:09:8a:a7:4b:e5:f7:ce:
                    fd:08:2e:df:e5:5e:a8:e4:e9:ef:76:93:8f:41:07:
                    54:8d:b3:4a:b2:5d:2d:f2:25:cc:1d:b6:5b:d6:a5:
                    9b:7c:a5:7b:71:00:c8:f7:f8:d6:a8:74:bf:13:14:
                    a9:64:e4:67:ed:f3:fa:a1:fa:9c:19:c7:2d:57:e9:
                    08:36:f3:36:dd:70:f6:66:0b:37:ef:be:5a:79:7c:
                    5f:3c:4c:fa:ef:a4:00:ca:0a:05:d5:d6:98:3c:cd:
                    fa:d6:fd:3f:11:13:aa:c2:c1:12:dd:97:9a:00:ef:
                    c7:17:49:8b:ae:b2:33:1e:c4:84:2a:6d:4c:a9:99:
                    4e:fb:7c:bd:c2:c1:7b:69:e1:c9:95:2b:f2:4d:bd:
                    f1:d9:47:6e:ee:c5:58:e7:a6:3c:33:f8:4e:9e:83:
                    b0:4e:e9:8f:94:77:b6:86:45:fd:67:b8:a9:7d:e8:
                    60:79:b0:29:c4:8d:87:50:4d:c7:ec:57:22:5b:fe:
                    2b:c6:45:53:4e:f3:5e:d8:05:69:be:cb:cf:b4:69:
                    05:95:70:3c:b6:35:aa:6d:ea:4f:09:87:5a:f4:68:
                    93:34:26:e9:69:4a:a9:d5:de:65:1c:06:99:a3:45:
                    e1:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:9B:77:30:30:9A:CB:BB:2B:54:B2:ED:39:6E:95:8A:12:D1:82:A8
            X509v3 Authority Key Identifier:
                keyid:76:E2:BA:5C:C1:50:B3:53:CB:D3:4B:9F:04:5E:A0:50:97:40:84:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/duK6XMFQs1PL00ufBF6gUJdAhE0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/31d2ed-8e2f-4fa9-83ca-70405e3528af/1/9pt3MDCay7srVLLtOW6VihLRgqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/31d2ed-8e2f-4fa9-83ca-70405e3528af/1/duK6XMFQs1PL00ufBF6gUJdAhE0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.211.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3a:d0:f2:07:3e:cb:a4:7c:15:52:00:60:1f:84:40:ac:6a:e7:
         aa:1b:66:30:dd:4b:9d:fa:c0:68:5b:63:58:33:97:df:8a:04:
         f5:f7:a4:ec:6f:d5:60:4a:d6:63:1f:ed:7e:cc:aa:f8:e2:82:
         1c:28:ef:06:28:21:e2:7f:9c:ab:96:e3:35:18:a3:10:60:df:
         02:17:46:0a:74:58:a2:1f:7e:97:bb:41:57:ea:23:11:fe:ee:
         68:d4:fd:e9:69:3e:09:62:35:08:d6:ec:83:ee:9a:d0:af:76:
         88:82:33:c9:9c:4e:4f:4d:3b:29:d5:46:1c:11:cf:bc:e1:d6:
         b3:fe:e1:6b:39:2d:17:d0:11:42:82:c2:e4:9b:50:c6:87:99:
         e6:4b:5c:79:20:02:7a:29:39:e1:8c:d9:2d:e9:48:be:53:10:
         cf:3a:ba:f8:e4:15:14:1a:c1:9a:4b:55:da:e8:12:bd:19:6c:
         29:37:1d:95:28:7f:10:08:41:ea:29:65:90:04:24:54:f8:e4:
         e1:3f:04:17:25:14:69:e1:54:b4:e1:fa:c9:47:8b:9c:7d:08:
         0c:a1:ee:90:d4:f9:ca:e6:17:53:02:63:a4:06:a8:be:7b:b6:
         b0:42:36:60:8d:34:71:35:81:5c:2d:d2:b5:56:70:e3:d6:ee:
         f2:99:1b:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/gzZo3GjJ+K87/RoCi6btMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2ZTJiYTVjYzE1MGIzNTNjYmQzNGI5ZjA0NWVhMDUwOTc0
MDg0NGQwHhcNMjYwMTAyMTYyMTA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjliNzczMDMwOWFjYmJiMmI1NGIyZWQzOTZlOTU4YTEyZDE4MmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxoTAKHyg0ASfMstDVxCxWIJAzhwD
DgmKp0vl9879CC7f5V6o5OnvdpOPQQdUjbNKsl0t8iXMHbZb1qWbfKV7cQDI9/jW
qHS/ExSpZORn7fP6ofqcGcctV+kINvM23XD2Zgs3775aeXxfPEz676QAygoF1daY
PM361v0/EROqwsES3ZeaAO/HF0mLrrIzHsSEKm1MqZlO+3y9wsF7aeHJlSvyTb3x
2Udu7sVY56Y8M/hOnoOwTumPlHe2hkX9Z7ipfehgebApxI2HUE3H7FciW/4rxkVT
TvNe2AVpvsvPtGkFlXA8tjWqbepPCYda9GiTNCbpaUqp1d5lHAaZo0XhPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPabdzAwmsu7K1Sy7TlulYoS0YKoMB8GA1UdIwQY
MBaAFHbiulzBULNTy9NLnwReoFCXQIRNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHVLNlhNRlFzMVBMMDB1ZkJGNmdVSmRBaEUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8zMWQyZWQtOGUyZi00ZmE5LTgzY2Et
NzA0MDVlMzUyOGFmLzEvOXB0M01EQ2F5N3NyVkxMdE9XNlZpaExSZ3FnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8zMWQyZWQtOGUyZi00ZmE5LTgzY2EtNzA0MDVlMzUyOGFm
LzEvZHVLNlhNRlFzMVBMMDB1ZkJGNmdVSmRBaEUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudN4MA0G
CSqGSIb3DQEBCwUAA4IBAQA60PIHPsukfBVSAGAfhECsaueqG2Yw3Uud+sBoW2NY
M5ffigT196Tsb9VgStZjH+1+zKr44oIcKO8GKCHif5yrluM1GKMQYN8CF0YKdFii
H36Xu0FX6iMR/u5o1P3paT4JYjUI1uyD7prQr3aIgjPJnE5PTTsp1UYcEc+84daz
/uFrOS0X0BFCgsLkm1DGh5nmS1x5IAJ6KTnhjNkt6Ui+UxDPOrr45BUUGsGaS1Xa
6BK9GWwpNx2VKH8QCEHqKWWQBCRU+OThPwQXJRRp4VS04frJR4ucfQgMoe6Q1PnK
5hdTAmOkBqi+e7awQjZgjTRxNYFcLdK1VnDj1u7ymRuo
-----END CERTIFICATE-----