This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/8ef740-1052-49ec-a409-e615493117d2/1/921A09PidqQ_DPqribEcJ4Ns9ic.roa
File:                     921A09PidqQ_DPqribEcJ4Ns9ic.roa (raw, json)
Hash identifier:          1p6ZvcbQbV5L2uaDpeFuyGxdzNA8guzksazYOvFT/c0=
Subject key identifier:   F7:6D:40:D3:D3:E2:76:A4:3F:0C:FA:AB:89:B1:1C:27:83:6C:F6:27
Certificate issuer:       /CN=3befe50a40fb1732541e8a97450ab5de774771d8
Certificate serial:       019B7F15708A481E5573379E7DCBB4D7B799
Authority key identifier: 3B:EF:E5:0A:40:FB:17:32:54:1E:8A:97:45:0A:B5:DE:77:47:71:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O-_lCkD7FzJUHoqXRQq13ndHcdg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/8ef740-1052-49ec-a409-e615493117d2/1/921A09PidqQ_DPqribEcJ4Ns9ic.roa
Signing time:             Fri 02 Jan 2026 14:21:10 +0000
ROA not before:           Fri 02 Jan 2026 14:21:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214293
IP address blocks:        91.238.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/8ef740-1052-49ec-a409-e615493117d2/1/O-_lCkD7FzJUHoqXRQq13ndHcdg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/8ef740-1052-49ec-a409-e615493117d2/1/O-_lCkD7FzJUHoqXRQq13ndHcdg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O-_lCkD7FzJUHoqXRQq13ndHcdg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 20:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:70:8a:48:1e:55:73:37:9e:7d:cb:b4:d7:b7:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3befe50a40fb1732541e8a97450ab5de774771d8
        Validity
            Not Before: Jan  2 14:21:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f76d40d3d3e276a43f0cfaab89b11c27836cf627
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:cc:17:b3:af:e0:d8:37:af:6b:38:01:b4:23:
                    c9:2f:4e:79:b1:14:3e:ca:9e:30:74:91:6a:62:23:
                    a6:13:d4:61:b4:da:12:5b:d9:22:d3:82:a8:ad:db:
                    f6:f6:8a:f4:60:35:37:65:65:5f:95:54:67:6a:b8:
                    67:ac:d6:2e:7f:d8:dd:61:e3:56:82:65:8b:a8:ad:
                    fe:05:34:86:a2:54:69:28:c5:d9:30:c9:17:6e:74:
                    bd:eb:14:1b:8c:c8:e0:ef:ef:c1:06:2b:2e:6b:b1:
                    aa:9a:fa:a6:b2:f4:08:c1:35:98:be:4c:be:ca:4a:
                    23:0c:6d:e4:2d:67:16:13:7c:ca:84:55:54:43:cf:
                    4b:ed:dc:de:1d:8d:31:1e:f6:a5:28:16:b0:18:ff:
                    dc:e3:76:e6:1c:5f:fe:9c:d6:41:15:7e:a8:3a:f4:
                    bb:50:c5:00:9d:29:c9:5e:a5:68:0c:94:bf:ca:96:
                    2c:72:37:b2:64:24:ac:a4:f9:a0:c4:3f:c1:56:9e:
                    c6:12:f1:96:2b:68:e5:e3:45:78:26:ff:bb:cf:96:
                    06:5c:ba:c8:f3:b8:c5:d6:e8:7d:3b:43:60:9b:b4:
                    66:6a:eb:35:e0:f4:06:a2:a4:75:0a:eb:2b:5f:24:
                    b3:7f:cb:80:41:24:e6:d3:b5:89:47:3e:2b:2b:1f:
                    4c:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:6D:40:D3:D3:E2:76:A4:3F:0C:FA:AB:89:B1:1C:27:83:6C:F6:27
            X509v3 Authority Key Identifier:
                keyid:3B:EF:E5:0A:40:FB:17:32:54:1E:8A:97:45:0A:B5:DE:77:47:71:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O-_lCkD7FzJUHoqXRQq13ndHcdg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/8ef740-1052-49ec-a409-e615493117d2/1/921A09PidqQ_DPqribEcJ4Ns9ic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/8ef740-1052-49ec-a409-e615493117d2/1/O-_lCkD7FzJUHoqXRQq13ndHcdg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.238.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:ef:a3:42:55:27:bb:5c:42:3d:7e:c2:79:8f:e5:b7:e7:b1:
         3e:85:91:c2:0f:c2:90:30:41:c3:f5:b1:92:1e:43:a1:a6:b4:
         e2:e5:96:d4:d1:e3:73:19:1d:7d:bc:23:e2:4c:c9:2b:f3:e2:
         c6:49:3b:4e:78:08:16:2f:c3:79:7b:35:86:d7:17:ab:f8:bc:
         19:38:a7:c0:1c:82:c7:0b:be:a5:a4:60:3f:7d:84:73:8f:43:
         1a:d6:b5:7e:c2:c4:72:b7:8d:ed:b6:47:57:74:67:18:fb:a8:
         64:c1:95:91:72:ff:65:1a:b3:6d:58:87:f1:a6:28:2b:1e:6f:
         9e:79:2e:2a:58:6f:60:1e:a2:be:bc:d7:f0:31:00:58:48:16:
         65:a6:e9:db:e2:d0:36:fc:67:ab:e0:f5:e5:b9:b4:4a:3a:27:
         c1:fb:17:99:46:94:9b:b3:38:08:f7:7b:37:b5:bd:e8:bc:07:
         9b:50:a5:df:57:52:4f:04:18:df:8c:bb:68:e4:e5:e2:ad:18:
         73:83:4e:c2:c8:14:13:c3:bf:b0:6f:fe:1d:83:9e:ee:87:a6:
         d6:eb:15:04:e5:bd:08:3a:5d:67:a9:fd:33:dc:4f:a7:a8:11:
         44:64:da:67:00:b9:52:27:b1:93:e0:ce:7c:66:22:ad:be:42:
         27:91:3a:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FXCKSB5Vczeefcu017eZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiZWZlNTBhNDBmYjE3MzI1NDFlOGE5NzQ1MGFiNWRlNzc0
NzcxZDgwHhcNMjYwMTAyMTQyMTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzZkNDBkM2QzZTI3NmE0M2YwY2ZhYWI4OWIxMWMyNzgzNmNmNjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApMwXs6/g2DevazgBtCPJL055sRQ+
yp4wdJFqYiOmE9RhtNoSW9ki04Kordv29or0YDU3ZWVflVRnarhnrNYuf9jdYeNW
gmWLqK3+BTSGolRpKMXZMMkXbnS96xQbjMjg7+/BBisua7GqmvqmsvQIwTWYvky+
ykojDG3kLWcWE3zKhFVUQ89L7dzeHY0xHvalKBawGP/c43bmHF/+nNZBFX6oOvS7
UMUAnSnJXqVoDJS/ypYscjeyZCSspPmgxD/BVp7GEvGWK2jl40V4Jv+7z5YGXLrI
87jF1uh9O0Ngm7Rmaus14PQGoqR1CusrXySzf8uAQSTm07WJRz4rKx9MiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPdtQNPT4nakPwz6q4mxHCeDbPYnMB8GA1UdIwQY
MBaAFDvv5QpA+xcyVB6Kl0UKtd53R3HYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTy1fbENrRDdGekpVSG9xWFJRcTEzbmRIY2RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi84ZWY3NDAtMTA1Mi00OWVjLWE0MDkt
ZTYxNTQ5MzExN2QyLzEvOTIxQTA5UGlkcVFfRFBxcmliRWNKNE5zOWljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi84ZWY3NDAtMTA1Mi00OWVjLWE0MDktZTYxNTQ5MzExN2Qy
LzEvTy1fbENrRDdGekpVSG9xWFJRcTEzbmRIY2RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+7CMA0G
CSqGSIb3DQEBCwUAA4IBAQAd76NCVSe7XEI9fsJ5j+W357E+hZHCD8KQMEHD9bGS
HkOhprTi5ZbU0eNzGR19vCPiTMkr8+LGSTtOeAgWL8N5ezWG1xer+LwZOKfAHILH
C76lpGA/fYRzj0Ma1rV+wsRyt43ttkdXdGcY+6hkwZWRcv9lGrNtWIfxpigrHm+e
eS4qWG9gHqK+vNfwMQBYSBZlpunb4tA2/Ger4PXlubRKOifB+xeZRpSbszgI93s3
tb3ovAebUKXfV1JPBBjfjLto5OXirRhzg07CyBQTw7+wb/4dg57uh6bW6xUE5b0I
Ol1nqf0z3E+nqBFEZNpnALlSJ7GT4M58ZiKtvkInkToI
-----END CERTIFICATE-----