This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/9Apk7z1Y_gJ_rG8_9HRdvAGRDtc.roa
File:                     9Apk7z1Y_gJ_rG8_9HRdvAGRDtc.roa (raw, json)
Hash identifier:          G28Shyl2LUNFSI8lNP9RFb8LXMXTC2Jm6p1S4Grsi0I=
Subject key identifier:   F4:0A:64:EF:3D:58:FE:02:7F:AC:6F:3F:F4:74:5D:BC:01:91:0E:D7
Certificate issuer:       /CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
Certificate serial:       019B7F8111ABF7BB684E14A805BEEEB6CADA
Authority key identifier: FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/9Apk7z1Y_gJ_rG8_9HRdvAGRDtc.roa
Signing time:             Fri 02 Jan 2026 16:18:43 +0000
ROA not before:           Fri 02 Jan 2026 16:18:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204157
IP address blocks:        45.139.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 14 Jan 2026 01:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:81:11:ab:f7:bb:68:4e:14:a8:05:be:ee:b6:ca:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
        Validity
            Not Before: Jan  2 16:18:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f40a64ef3d58fe027fac6f3ff4745dbc01910ed7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:e6:1a:19:97:c3:f9:bd:53:3d:9a:1e:1d:c9:
                    d0:60:23:2e:35:10:e1:ec:22:67:90:8d:6b:49:1e:
                    ab:6a:c3:72:d3:1b:d1:56:1c:da:1c:1a:8b:80:46:
                    0d:ea:4a:08:1d:15:c7:e8:2b:da:2a:fd:1f:90:e0:
                    c8:52:f8:b1:15:b8:64:1e:54:c0:52:de:82:bf:3f:
                    2d:03:37:20:c9:33:8f:b6:a3:39:3c:3c:ad:a3:d3:
                    24:50:0f:e9:3e:b9:e6:86:01:50:25:4e:12:7a:08:
                    4f:4f:c5:67:11:45:ca:e8:44:be:64:ae:5a:67:df:
                    80:cd:35:44:a7:d9:10:fc:81:dc:4e:5d:74:bb:76:
                    41:76:d9:ba:84:b6:49:26:fa:f5:f3:8b:c4:cb:86:
                    c4:44:06:f2:cf:bd:54:b4:4e:f6:97:da:93:13:5b:
                    37:67:1f:4b:53:96:a6:56:5e:0e:c8:25:5d:5b:a5:
                    a7:f8:29:36:7d:eb:57:e8:c7:9b:2a:8d:19:64:01:
                    18:40:28:22:b1:d7:3d:f0:16:7c:df:b4:fa:c7:f1:
                    b9:73:3c:3e:c3:43:24:ce:fe:fe:1a:89:cd:ea:7d:
                    25:2e:77:3c:9b:a7:f6:66:3f:c5:ee:96:81:3f:23:
                    51:78:6f:08:a7:28:f5:74:ef:b8:5a:bd:06:af:c0:
                    03:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:0A:64:EF:3D:58:FE:02:7F:AC:6F:3F:F4:74:5D:BC:01:91:0E:D7
            X509v3 Authority Key Identifier:
                keyid:FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/9Apk7z1Y_gJ_rG8_9HRdvAGRDtc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cf:ce:f3:8c:50:51:61:cf:70:e9:ff:3b:1e:0e:a6:3c:88:68:
         25:1e:91:5a:ef:d0:b7:86:b9:af:b4:9f:59:26:fb:e5:b0:9b:
         56:4d:38:72:c5:4f:83:82:95:73:c3:ab:19:1d:0f:0c:43:75:
         18:22:04:05:f0:0c:be:8d:fb:56:35:3b:b5:5c:e9:05:31:7f:
         5f:01:5c:f4:8e:45:fb:b6:3c:23:de:45:c3:0a:b1:7c:8a:cd:
         6e:69:5f:49:61:1a:30:62:60:69:a6:3e:ca:af:51:76:9c:b6:
         a8:a8:57:f8:c9:23:9b:d8:00:c7:1e:80:ed:4c:b8:5a:01:55:
         11:bb:9d:c9:50:59:7b:14:4d:a9:ae:37:42:16:bc:9c:d9:c2:
         fe:47:8e:8d:3a:9f:e8:31:42:79:04:60:cb:33:26:d7:5b:0b:
         45:c8:11:70:ca:92:50:30:a8:3f:b4:83:22:16:9e:6d:98:c3:
         5b:8f:ab:4c:2b:eb:99:e9:23:3c:70:d8:97:6a:97:02:9f:e0:
         fa:07:47:8d:3f:7e:df:32:ad:41:cc:e3:be:09:ae:bb:24:d2:
         a2:eb:ff:80:46:fa:6f:51:bc:34:5b:ac:59:00:94:a9:b5:76:
         1c:fa:1c:03:d2:c5:8a:39:74:f7:2a:e9:38:43:40:7b:cb:87:
         5b:6f:a9:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/gRGr97toThSoBb7utsraMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODIzMDlhNjgxNDY3OGFkNzJlM2YzMWE0ZmUwMjcyZjQw
YmQ5ODYwHhcNMjYwMTAyMTYxODQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDBhNjRlZjNkNThmZTAyN2ZhYzZmM2ZmNDc0NWRiYzAxOTEwZWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAueYaGZfD+b1TPZoeHcnQYCMuNRDh
7CJnkI1rSR6rasNy0xvRVhzaHBqLgEYN6koIHRXH6CvaKv0fkODIUvixFbhkHlTA
Ut6Cvz8tAzcgyTOPtqM5PDyto9MkUA/pPrnmhgFQJU4SeghPT8VnEUXK6ES+ZK5a
Z9+AzTVEp9kQ/IHcTl10u3ZBdtm6hLZJJvr184vEy4bERAbyz71UtE72l9qTE1s3
Zx9LU5amVl4OyCVdW6Wn+Ck2fetX6MebKo0ZZAEYQCgisdc98BZ837T6x/G5czw+
w0Mkzv7+GonN6n0lLnc8m6f2Zj/F7paBPyNReG8Ipyj1dO+4Wr0Gr8ADXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPQKZO89WP4Cf6xvP/R0XbwBkQ7XMB8GA1UdIwQY
MBaAFP+CMJpoFGeK1y4/MaT+AnL0C9mGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTkt
ZjUyNTgxNjQwMmJkLzEvOUFwazd6MVlfZ0pfckc4XzlIUmR2QUdSRHRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTktZjUyNTgxNjQwMmJk
LzEvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYtHMA0G
CSqGSIb3DQEBCwUAA4IBAQDPzvOMUFFhz3Dp/zseDqY8iGglHpFa79C3hrmvtJ9Z
JvvlsJtWTThyxU+DgpVzw6sZHQ8MQ3UYIgQF8Ay+jftWNTu1XOkFMX9fAVz0jkX7
tjwj3kXDCrF8is1uaV9JYRowYmBppj7Kr1F2nLaoqFf4ySOb2ADHHoDtTLhaAVUR
u53JUFl7FE2prjdCFryc2cL+R46NOp/oMUJ5BGDLMybXWwtFyBFwypJQMKg/tIMi
Fp5tmMNbj6tMK+uZ6SM8cNiXapcCn+D6B0eNP37fMq1BzOO+Ca67JNKi6/+ARvpv
Ubw0W6xZAJSptXYc+hwD0sWKOXT3Kuk4Q0B7y4dbb6kF
-----END CERTIFICATE-----