This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/89f845-5765-4c11-92cd-8472ca40f7a7/1/RIbu27-D1A3-MonubZ_zZNoyyNM.roa
File:                     RIbu27-D1A3-MonubZ_zZNoyyNM.roa (raw, json)
Hash identifier:          /mnXw1tu71r9fbtUEEZDR8gD0rD8atHLNSZPRm849T8=
Subject key identifier:   44:86:EE:DB:BF:83:D4:0D:FE:32:89:EE:6D:9F:F3:64:DA:32:C8:D3
Certificate issuer:       /CN=23d14afe8750213c280e5b68befb18866f79497f
Certificate serial:       019B7C7FDC115CBCE54D9E11F00AA4DC6AFC
Authority key identifier: 23:D1:4A:FE:87:50:21:3C:28:0E:5B:68:BE:FB:18:86:6F:79:49:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I9FK_odQITwoDltovvsYhm95SX8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/89f845-5765-4c11-92cd-8472ca40f7a7/1/RIbu27-D1A3-MonubZ_zZNoyyNM.roa
Signing time:             Fri 02 Jan 2026 02:18:32 +0000
ROA not before:           Fri 02 Jan 2026 02:18:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200410
IP address blocks:        91.103.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/89f845-5765-4c11-92cd-8472ca40f7a7/1/I9FK_odQITwoDltovvsYhm95SX8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/89f845-5765-4c11-92cd-8472ca40f7a7/1/I9FK_odQITwoDltovvsYhm95SX8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I9FK_odQITwoDltovvsYhm95SX8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 10:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:7f:dc:11:5c:bc:e5:4d:9e:11:f0:0a:a4:dc:6a:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23d14afe8750213c280e5b68befb18866f79497f
        Validity
            Not Before: Jan  2 02:18:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4486eedbbf83d40dfe3289ee6d9ff364da32c8d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:b1:83:4d:ce:9b:8b:27:81:53:7f:3e:01:c4:
                    84:8e:b1:60:03:9d:50:e5:4a:8b:e6:be:da:8f:3f:
                    89:1c:ff:a2:70:83:dc:62:7f:54:a3:20:a1:44:43:
                    33:e9:d4:0e:00:00:b7:c1:cf:0f:b7:ac:d3:bb:86:
                    df:33:a3:84:ba:b6:9b:81:2a:10:1f:4a:a7:cf:e3:
                    53:25:28:99:51:de:94:06:31:d2:59:ea:dd:b8:0b:
                    1c:e0:9b:ef:f7:0b:34:7e:32:2b:e4:9c:51:9a:a4:
                    88:8a:32:ab:0d:6d:ff:9e:7c:4a:99:e1:9c:e7:4f:
                    58:a1:32:cd:6e:94:89:a7:a9:56:14:21:0a:88:5d:
                    f3:0f:f1:9e:13:3e:ff:24:26:b6:13:ac:97:de:6f:
                    12:47:1a:e9:ae:89:35:2e:4d:64:39:6c:4f:72:ce:
                    76:9b:05:51:9b:d9:05:30:08:23:9a:cb:14:68:3b:
                    a0:ab:e1:b2:18:4b:7c:6b:fd:7e:38:36:de:7c:a2:
                    f0:b3:d7:60:1f:2c:cb:da:44:be:b6:39:5d:fe:6d:
                    4c:9c:83:72:39:d5:49:b4:96:35:7f:9a:b8:b2:91:
                    c2:18:d1:f6:fb:7a:d4:c3:84:aa:f7:19:df:b8:f9:
                    ac:53:5f:4c:5f:62:36:2f:22:d3:32:0d:27:c5:a1:
                    56:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:86:EE:DB:BF:83:D4:0D:FE:32:89:EE:6D:9F:F3:64:DA:32:C8:D3
            X509v3 Authority Key Identifier:
                keyid:23:D1:4A:FE:87:50:21:3C:28:0E:5B:68:BE:FB:18:86:6F:79:49:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I9FK_odQITwoDltovvsYhm95SX8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/89f845-5765-4c11-92cd-8472ca40f7a7/1/RIbu27-D1A3-MonubZ_zZNoyyNM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/89f845-5765-4c11-92cd-8472ca40f7a7/1/I9FK_odQITwoDltovvsYhm95SX8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.103.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:28:6e:94:85:2e:c9:29:e7:47:0a:45:c4:d5:c6:bd:55:04:
         db:6e:d3:8d:3d:0b:6a:cd:f3:80:e8:51:31:f4:c5:5f:5d:da:
         38:76:39:dc:00:0d:b3:db:fe:1c:22:2d:90:9f:53:de:cf:c4:
         f2:ad:cc:a9:84:6c:14:54:91:6b:2f:72:79:d1:ce:25:e3:d2:
         c3:b2:95:ce:7f:98:b7:fd:59:94:c5:99:3a:74:32:fc:e2:91:
         30:24:1d:b1:f2:42:96:7d:b3:81:79:0d:ad:3c:c7:6c:33:bc:
         28:6b:80:b3:3e:d5:7e:d5:f0:99:f4:17:70:dc:ac:18:96:a8:
         a9:79:10:05:5d:b1:0f:c6:9d:b0:52:09:24:bf:f8:1e:f5:63:
         09:a4:08:e0:0c:f3:00:67:85:b1:de:c1:1d:79:cd:af:49:00:
         8b:50:0b:26:0b:7a:65:5f:32:c0:92:4e:4a:78:f3:64:62:32:
         c1:4b:f2:26:5f:ad:5e:4c:e0:c4:94:39:94:83:16:b4:ce:88:
         a5:fc:ca:76:3d:74:ec:0f:5d:54:a7:c6:fb:09:e8:eb:81:a3:
         dc:e8:dd:f9:0f:a2:76:e9:40:63:8a:7f:bf:be:5a:5a:3e:8d:
         7c:30:bd:b6:53:ff:04:2a:fc:e6:46:61:bb:bb:d6:38:4d:e4:
         78:b8:c3:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8f9wRXLzlTZ4R8Aqk3Gr8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzZDE0YWZlODc1MDIxM2MyODBlNWI2OGJlZmIxODg2NmY3
OTQ5N2YwHhcNMjYwMTAyMDIxODMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDg2ZWVkYmJmODNkNDBkZmUzMjg5ZWU2ZDlmZjM2NGRhMzJjOGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAobGDTc6biyeBU38+AcSEjrFgA51Q
5UqL5r7ajz+JHP+icIPcYn9UoyChREMz6dQOAAC3wc8Pt6zTu4bfM6OEurabgSoQ
H0qnz+NTJSiZUd6UBjHSWerduAsc4Jvv9ws0fjIr5JxRmqSIijKrDW3/nnxKmeGc
509YoTLNbpSJp6lWFCEKiF3zD/GeEz7/JCa2E6yX3m8SRxrprok1Lk1kOWxPcs52
mwVRm9kFMAgjmssUaDugq+GyGEt8a/1+ODbefKLws9dgHyzL2kS+tjld/m1MnINy
OdVJtJY1f5q4spHCGNH2+3rUw4Sq9xnfuPmsU19MX2I2LyLTMg0nxaFWXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFESG7tu/g9QN/jKJ7m2f82TaMsjTMB8GA1UdIwQY
MBaAFCPRSv6HUCE8KA5baL77GIZveUl/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTlGS19vZFFJVHdvRGx0b3Z2c1lobTk1U1g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS84OWY4NDUtNTc2NS00YzExLTkyY2Qt
ODQ3MmNhNDBmN2E3LzEvUklidTI3LUQxQTMtTW9udWJaX3paTm95eU5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS84OWY4NDUtNTc2NS00YzExLTkyY2QtODQ3MmNhNDBmN2E3
LzEvSTlGS19vZFFJVHdvRGx0b3Z2c1lobTk1U1g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW2eKMA0G
CSqGSIb3DQEBCwUAA4IBAQCHKG6UhS7JKedHCkXE1ca9VQTbbtONPQtqzfOA6FEx
9MVfXdo4djncAA2z2/4cIi2Qn1Pez8TyrcyphGwUVJFrL3J50c4l49LDspXOf5i3
/VmUxZk6dDL84pEwJB2x8kKWfbOBeQ2tPMdsM7woa4CzPtV+1fCZ9Bdw3KwYlqip
eRAFXbEPxp2wUgkkv/ge9WMJpAjgDPMAZ4Wx3sEdec2vSQCLUAsmC3plXzLAkk5K
ePNkYjLBS/ImX61eTODElDmUgxa0zoil/Mp2PXTsD11Up8b7CejrgaPc6N35D6J2
6UBjin+/vlpaPo18ML22U/8EKvzmRmG7u9Y4TeR4uMO8
-----END CERTIFICATE-----