This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/fR8Sj7qPvSsegrc5cvXE_3c58VA.roa
File:                     fR8Sj7qPvSsegrc5cvXE_3c58VA.roa (raw, json)
Hash identifier:          valE9KfmP8wJDIQ+h1QKYZFv8JH48MGyAU5h4M83KlM=
Subject key identifier:   7D:1F:12:8F:BA:8F:BD:2B:1E:82:B7:39:72:F5:C4:FF:77:39:F1:50
Certificate issuer:       /CN=bd19d4535c7e62b921e859e6557b821f278e716a
Certificate serial:       019B7EA535C3E7F3493B03B4D6D6B2B62AEC
Authority key identifier: BD:19:D4:53:5C:7E:62:B9:21:E8:59:E6:55:7B:82:1F:27:8E:71:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/fR8Sj7qPvSsegrc5cvXE_3c58VA.roa
Signing time:             Fri 02 Jan 2026 12:18:35 +0000
ROA not before:           Fri 02 Jan 2026 12:18:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57043
IP address blocks:        91.239.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a5:35:c3:e7:f3:49:3b:03:b4:d6:d6:b2:b6:2a:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd19d4535c7e62b921e859e6557b821f278e716a
        Validity
            Not Before: Jan  2 12:18:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7d1f128fba8fbd2b1e82b73972f5c4ff7739f150
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:cf:03:30:ec:f0:79:5c:1c:4e:33:c1:c9:ce:
                    01:83:36:9d:f8:d9:e6:5e:4f:4d:ca:f6:1e:7a:69:
                    45:2b:47:92:85:57:b7:93:b8:47:44:5a:c6:e4:58:
                    ff:2d:1d:fc:88:12:74:74:e2:0f:00:c7:a5:ce:50:
                    b2:05:43:09:aa:ea:a5:43:e4:ff:e1:1c:8f:58:29:
                    42:d1:7d:57:9b:c7:60:f1:09:db:c1:f5:2b:fb:63:
                    0a:96:9b:5b:74:36:fa:23:0a:29:3b:6a:6c:66:7b:
                    42:1b:e1:13:96:5b:4b:f6:39:79:90:5f:e0:6b:6e:
                    e3:38:82:4b:e8:e3:8c:96:8e:97:09:fa:fd:c7:f8:
                    7e:96:f3:f4:bd:cf:2c:3b:d0:51:1a:c5:cd:98:01:
                    5a:e0:41:38:52:1b:6d:09:ca:f8:d4:8f:d5:d2:ae:
                    e9:1b:2c:1f:3d:cc:ee:32:78:4c:79:f2:76:ba:7b:
                    12:91:7d:ec:d6:8e:0d:65:01:93:a4:78:3a:ba:bf:
                    4d:8a:fb:dc:de:56:51:6d:14:34:60:99:71:dd:b1:
                    0a:4a:b3:01:fc:30:4c:0c:ac:17:c4:23:d7:09:8a:
                    1b:c2:3d:70:e6:00:42:74:5e:0a:ef:da:3a:41:13:
                    e2:cc:2c:3c:0a:86:80:82:e1:bf:7b:8f:a7:d9:c1:
                    94:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:1F:12:8F:BA:8F:BD:2B:1E:82:B7:39:72:F5:C4:FF:77:39:F1:50
            X509v3 Authority Key Identifier:
                keyid:BD:19:D4:53:5C:7E:62:B9:21:E8:59:E6:55:7B:82:1F:27:8E:71:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/fR8Sj7qPvSsegrc5cvXE_3c58VA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:44:a9:18:4e:ea:1c:1d:4c:91:45:1f:c6:af:ed:cf:4e:47:
         0c:9f:c8:24:c9:2c:fe:1e:ce:63:b8:04:1a:f5:20:a9:a4:b7:
         9c:13:f5:38:2a:b1:8b:67:a1:1e:ef:7c:e7:80:85:7a:2f:87:
         8c:c1:63:cd:df:61:b5:29:5c:b6:de:0c:b9:e4:4a:7c:97:a7:
         b8:dc:d6:8b:d9:54:be:7f:bb:87:7d:7e:4e:02:f9:df:c2:3c:
         0d:1d:2b:6a:c2:14:2e:65:22:fc:7e:29:8e:65:d2:50:96:a8:
         cc:f4:e0:18:27:a9:05:32:04:2e:b3:5e:0a:0b:d6:3f:d7:b7:
         f2:d0:ea:9b:55:ff:cc:96:9f:ee:c8:bd:43:ef:a7:42:4c:d3:
         b5:fb:59:a5:9a:3e:79:45:96:a7:83:a4:1d:7c:f7:e0:bc:c1:
         cf:29:8d:47:2d:37:d9:fb:ce:34:3c:00:31:bd:17:1f:b2:fb:
         08:fc:d7:37:f8:3a:bd:d4:cc:99:ff:73:04:c4:a4:01:a8:cb:
         f7:40:38:6e:2d:14:55:c7:38:68:ea:4c:fa:3e:5c:8d:33:1f:
         65:df:bd:7a:92:63:59:a7:6e:c5:d5:6e:50:99:a1:b4:37:e4:
         6c:8e:32:e2:6b:b5:3e:f6:d7:dc:4a:51:84:ce:f1:6a:f8:14:
         88:28:1e:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pTXD5/NJOwO01taytirsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMTlkNDUzNWM3ZTYyYjkyMWU4NTllNjU1N2I4MjFmMjc4
ZTcxNmEwHhcNMjYwMTAyMTIxODM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDFmMTI4ZmJhOGZiZDJiMWU4MmI3Mzk3MmY1YzRmZjc3MzlmMTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkM8DMOzweVwcTjPByc4Bgzad+Nnm
Xk9NyvYeemlFK0eShVe3k7hHRFrG5Fj/LR38iBJ0dOIPAMelzlCyBUMJquqlQ+T/
4RyPWClC0X1Xm8dg8QnbwfUr+2MKlptbdDb6IwopO2psZntCG+ETlltL9jl5kF/g
a27jOIJL6OOMlo6XCfr9x/h+lvP0vc8sO9BRGsXNmAFa4EE4UhttCcr41I/V0q7p
GywfPczuMnhMefJ2unsSkX3s1o4NZQGTpHg6ur9Nivvc3lZRbRQ0YJlx3bEKSrMB
/DBMDKwXxCPXCYobwj1w5gBCdF4K79o6QRPizCw8CoaAguG/e4+n2cGUswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH0fEo+6j70rHoK3OXL1xP93OfFQMB8GA1UdIwQY
MBaAFL0Z1FNcfmK5IehZ5lV7gh8njnFqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlJuVVUxeC1ZcmtoNkZubVZYdUNIeWVPY1dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy8yNTk5ZjktNmY3Ni00ZGI2LWJjYTct
YzEzMzFmNDlmYzA5LzEvZlI4U2o3cVB2U3NlZ3JjNWN2WEVfM2M1OFZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy8yNTk5ZjktNmY3Ni00ZGI2LWJjYTctYzEzMzFmNDlmYzA5
LzEvdlJuVVUxeC1ZcmtoNkZubVZYdUNIeWVPY1dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+/TMA0G
CSqGSIb3DQEBCwUAA4IBAQCQRKkYTuocHUyRRR/Gr+3PTkcMn8gkySz+Hs5juAQa
9SCppLecE/U4KrGLZ6Ee73zngIV6L4eMwWPN32G1KVy23gy55Ep8l6e43NaL2VS+
f7uHfX5OAvnfwjwNHStqwhQuZSL8fimOZdJQlqjM9OAYJ6kFMgQus14KC9Y/17fy
0OqbVf/Mlp/uyL1D76dCTNO1+1mlmj55RZang6QdfPfgvMHPKY1HLTfZ+840PAAx
vRcfsvsI/Nc3+Dq91MyZ/3MExKQBqMv3QDhuLRRVxzho6kz6PlyNMx9l3716kmNZ
p27F1W5QmaG0N+RsjjLia7U+9tfcSlGEzvFq+BSIKB5u
-----END CERTIFICATE-----