This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/916917-88c5-4e7b-811e-7d32ca065b66/1/1-DvdtgWb776R-vxeFJmte5oKNog.roa
File:                     1-DvdtgWb776R-vxeFJmte5oKNog.roa (raw, json)
Hash identifier:          U79trVylTaw41dHsIv/e6/kjFAklh1ItFsx5acuYE6Y=
Subject key identifier:   F8:3B:DD:B6:05:9B:EF:BE:91:FA:FC:5E:14:99:AD:7B:9A:0A:36:88
Certificate issuer:       /CN=9f5646f7d8afc0a933fb33333f37013d83a04d00
Certificate serial:       019B78A30AD03B86961CF42BF0AD8AE3568B
Authority key identifier: 9F:56:46:F7:D8:AF:C0:A9:33:FB:33:33:3F:37:01:3D:83:A0:4D:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n1ZG99ivwKkz-zMzPzcBPYOgTQA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/916917-88c5-4e7b-811e-7d32ca065b66/1/1-DvdtgWb776R-vxeFJmte5oKNog.roa
Signing time:             Thu 01 Jan 2026 08:18:29 +0000
ROA not before:           Thu 01 Jan 2026 08:18:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197642
IP address blocks:        91.223.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/916917-88c5-4e7b-811e-7d32ca065b66/1/n1ZG99ivwKkz-zMzPzcBPYOgTQA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/916917-88c5-4e7b-811e-7d32ca065b66/1/n1ZG99ivwKkz-zMzPzcBPYOgTQA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/n1ZG99ivwKkz-zMzPzcBPYOgTQA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:35:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:0a:d0:3b:86:96:1c:f4:2b:f0:ad:8a:e3:56:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f5646f7d8afc0a933fb33333f37013d83a04d00
        Validity
            Not Before: Jan  1 08:18:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f83bddb6059befbe91fafc5e1499ad7b9a0a3688
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:cf:01:13:e3:f9:ac:df:20:3d:0f:25:7e:ce:
                    6a:36:13:a5:7b:4a:65:50:77:b6:99:92:a9:66:3f:
                    12:a6:7b:5c:fc:96:cc:8d:29:b4:cc:4d:fd:c4:fe:
                    b1:9e:af:4d:5b:a1:49:26:d5:d9:d7:6a:ff:9a:d8:
                    a2:d0:f7:6e:b1:0f:e6:be:fb:52:7b:0d:cc:40:24:
                    dc:32:1c:bf:ed:28:f4:40:8b:59:21:85:b8:dc:c0:
                    f9:76:3a:ce:85:b1:4b:aa:89:a2:43:a8:53:0d:16:
                    b1:2c:57:e9:68:43:93:a8:45:ef:8a:d8:26:0d:1e:
                    b2:66:73:dd:51:5c:33:b7:93:b6:29:0f:2c:56:11:
                    ca:28:8e:8e:e2:9a:6d:b5:8d:5a:21:0d:48:3d:a2:
                    32:df:65:72:71:b9:32:ff:dc:77:64:bc:1b:48:26:
                    a6:cd:e4:0b:ca:35:a2:54:1d:82:22:11:8f:38:f9:
                    72:60:fc:02:7b:37:45:f7:46:25:67:07:d2:f3:14:
                    53:63:f4:5c:24:d9:32:36:60:fc:7e:8f:e7:cf:b7:
                    15:dd:4a:f2:b6:36:71:59:f0:5d:f5:b4:a3:c1:5e:
                    af:5d:b4:ee:81:6d:69:a9:70:fd:5c:fd:7b:55:fa:
                    30:29:11:87:df:83:f1:13:02:4c:cf:12:6e:4b:ee:
                    f8:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:3B:DD:B6:05:9B:EF:BE:91:FA:FC:5E:14:99:AD:7B:9A:0A:36:88
            X509v3 Authority Key Identifier:
                keyid:9F:56:46:F7:D8:AF:C0:A9:33:FB:33:33:3F:37:01:3D:83:A0:4D:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n1ZG99ivwKkz-zMzPzcBPYOgTQA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/916917-88c5-4e7b-811e-7d32ca065b66/1/1-DvdtgWb776R-vxeFJmte5oKNog.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/916917-88c5-4e7b-811e-7d32ca065b66/1/n1ZG99ivwKkz-zMzPzcBPYOgTQA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:e5:8e:8e:c2:1c:af:f6:87:12:ac:85:20:81:c1:55:01:8f:
         18:5b:24:79:77:47:22:19:02:28:f3:96:6c:d8:a6:35:5d:13:
         39:f6:a9:f1:ac:5e:b0:46:40:6f:df:47:2e:c6:3c:7a:4f:2a:
         f7:77:c8:e4:8f:e5:98:03:51:e3:4c:5d:4c:86:cd:d6:24:21:
         d6:04:f7:4a:26:ed:51:9f:83:18:81:02:92:f3:c3:76:f3:95:
         99:39:2c:ea:46:a7:20:16:8b:df:4a:b1:26:e2:bd:b9:df:d1:
         2d:c6:13:24:d8:ae:85:a8:fd:f2:84:c4:7a:4f:d5:59:4b:83:
         ca:95:e8:4b:d0:6d:30:97:78:9b:67:0b:b2:36:4a:f4:81:6f:
         5e:c3:0a:6f:a5:97:c5:e0:b1:38:90:f7:9d:b0:33:a6:5e:0a:
         4e:1d:00:29:48:cc:90:3d:45:41:bf:aa:c6:70:ee:dd:1c:d1:
         ab:03:2a:4d:b1:bd:4e:41:eb:60:f2:4c:50:c0:80:38:69:f8:
         b7:21:a1:67:eb:49:8d:92:df:51:c1:0e:31:a5:03:f5:c8:87:
         f8:c1:8d:f7:1f:07:91:4f:4d:aa:32:12:b3:42:04:b9:7e:cf:
         c0:7d:76:e6:52:f0:a5:33:28:df:7d:ac:26:ed:f4:99:f7:71:
         c0:6d:70:59
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt4owrQO4aWHPQr8K2K41aLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmNTY0NmY3ZDhhZmMwYTkzM2ZiMzMzMzNmMzcwMTNkODNh
MDRkMDAwHhcNMjYwMTAxMDgxODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODNiZGRiNjA1OWJlZmJlOTFmYWZjNWUxNDk5YWQ3YjlhMGEzNjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvM8BE+P5rN8gPQ8lfs5qNhOle0pl
UHe2mZKpZj8Spntc/JbMjSm0zE39xP6xnq9NW6FJJtXZ12r/mtii0PdusQ/mvvtS
ew3MQCTcMhy/7Sj0QItZIYW43MD5djrOhbFLqomiQ6hTDRaxLFfpaEOTqEXvitgm
DR6yZnPdUVwzt5O2KQ8sVhHKKI6O4ppttY1aIQ1IPaIy32Vycbky/9x3ZLwbSCam
zeQLyjWiVB2CIhGPOPlyYPwCezdF90YlZwfS8xRTY/RcJNkyNmD8fo/nz7cV3Ury
tjZxWfBd9bSjwV6vXbTugW1pqXD9XP17VfowKRGH34PxEwJMzxJuS+74awIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPg73bYFm+++kfr8XhSZrXuaCjaIMB8GA1UdIwQY
MBaAFJ9WRvfYr8CpM/szMz83AT2DoE0AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjFaRzk5aXZ3S2t6LXpNelB6Y0JQWU9nVFFBLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi85MTY5MTctODhjNS00ZTdiLTgxMWUt
N2QzMmNhMDY1YjY2LzEvMS1EdmR0Z1diNzc2Ui12eGVGSm10ZTVvS05vZy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMDIvOTE2OTE3LTg4YzUtNGU3Yi04MTFlLTdkMzJjYTA2NWI2
Ni8xL24xWkc5OWl2d0trei16TXpQemNCUFlPZ1RRQS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvf0TAN
BgkqhkiG9w0BAQsFAAOCAQEAleWOjsIcr/aHEqyFIIHBVQGPGFskeXdHIhkCKPOW
bNimNV0TOfap8axesEZAb99HLsY8ek8q93fI5I/lmANR40xdTIbN1iQh1gT3Sibt
UZ+DGIECkvPDdvOVmTks6kanIBaL30qxJuK9ud/RLcYTJNiuhaj98oTEek/VWUuD
ypXoS9BtMJd4m2cLsjZK9IFvXsMKb6WXxeCxOJD3nbAzpl4KTh0AKUjMkD1FQb+q
xnDu3RzRqwMqTbG9TkHrYPJMUMCAOGn4tyGhZ+tJjZLfUcEOMaUD9ciH+MGN9x8H
kU9NqjISs0IEuX7PwH125lLwpTMo332sJu30mfdxwG1wWQ==
-----END CERTIFICATE-----