This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/3824cd-e527-4adc-a412-f91bb5179217/1/q9_YDIRra6aFcMc0ByB5ssvbp7c.roa
File:                     q9_YDIRra6aFcMc0ByB5ssvbp7c.roa (raw, json)
Hash identifier:          Aqh+b9LnXWSFB27cNYCIor6EI4XZue2eU7FkAjMEl08=
Subject key identifier:   AB:DF:D8:0C:84:6B:6B:A6:85:70:C7:34:07:20:79:B2:CB:DB:A7:B7
Certificate issuer:       /CN=1847b59d21ea36b3062fca80ce75c1616af5119a
Certificate serial:       019B7B3546326D54AF9AA92E85ED78669105
Authority key identifier: 18:47:B5:9D:21:EA:36:B3:06:2F:CA:80:CE:75:C1:61:6A:F5:11:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GEe1nSHqNrMGL8qAznXBYWr1EZo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/3824cd-e527-4adc-a412-f91bb5179217/1/q9_YDIRra6aFcMc0ByB5ssvbp7c.roa
Signing time:             Thu 01 Jan 2026 20:17:27 +0000
ROA not before:           Thu 01 Jan 2026 20:17:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31465
IP address blocks:        91.215.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/3824cd-e527-4adc-a412-f91bb5179217/1/GEe1nSHqNrMGL8qAznXBYWr1EZo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/3824cd-e527-4adc-a412-f91bb5179217/1/GEe1nSHqNrMGL8qAznXBYWr1EZo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GEe1nSHqNrMGL8qAznXBYWr1EZo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:46:32:6d:54:af:9a:a9:2e:85:ed:78:66:91:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1847b59d21ea36b3062fca80ce75c1616af5119a
        Validity
            Not Before: Jan  1 20:17:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=abdfd80c846b6ba68570c734072079b2cbdba7b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:a2:68:1b:5b:39:b0:b0:0b:9e:8c:86:13:75:
                    c0:dc:f2:ac:22:a7:c7:d3:16:bd:ae:1b:40:3b:45:
                    ce:f8:43:15:7d:0c:df:eb:a2:3a:a7:0a:92:6b:55:
                    ae:71:7d:97:ce:7e:1a:a2:e4:fb:9f:df:6e:88:c3:
                    bf:9d:9a:0e:18:1a:cc:2f:dd:07:dd:9d:96:76:a9:
                    7e:46:30:e8:b9:4f:9e:4f:c7:a2:99:39:25:59:0e:
                    45:97:5b:dd:0c:97:df:db:cc:d5:74:10:d4:f4:e4:
                    e6:a4:09:1a:77:93:7e:ba:6b:81:35:b1:7c:60:1f:
                    28:a7:46:25:0b:07:64:29:bf:f5:d6:6e:9d:8f:64:
                    66:47:2d:48:17:e9:89:ee:ea:8d:21:95:35:76:18:
                    e7:d7:ac:36:6b:f7:6c:36:24:52:20:c7:20:73:50:
                    4e:4a:a5:f7:bf:f8:2b:a3:d4:c1:90:72:e7:42:fe:
                    21:f4:32:62:2a:a5:61:92:f2:d8:66:c8:93:ec:09:
                    2a:df:8a:18:8a:7d:63:bd:38:d6:30:34:67:80:03:
                    3b:dd:cd:33:9d:64:4b:f8:b7:38:94:d6:34:f5:73:
                    9f:30:fb:5a:e5:a1:f7:55:98:6f:04:9d:7d:f7:21:
                    69:03:fb:b5:58:b9:88:cd:df:2a:76:28:df:c6:df:
                    b8:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:DF:D8:0C:84:6B:6B:A6:85:70:C7:34:07:20:79:B2:CB:DB:A7:B7
            X509v3 Authority Key Identifier:
                keyid:18:47:B5:9D:21:EA:36:B3:06:2F:CA:80:CE:75:C1:61:6A:F5:11:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GEe1nSHqNrMGL8qAznXBYWr1EZo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/3824cd-e527-4adc-a412-f91bb5179217/1/q9_YDIRra6aFcMc0ByB5ssvbp7c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/3824cd-e527-4adc-a412-f91bb5179217/1/GEe1nSHqNrMGL8qAznXBYWr1EZo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.215.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:d1:83:0a:87:88:1b:79:e9:17:f9:89:8f:ae:bc:f2:b2:22:
         60:ed:22:c3:d1:cc:b4:b7:06:6b:94:07:d6:27:a1:8a:76:b3:
         7b:c2:60:bf:11:53:21:25:05:d8:86:f1:59:a3:d9:55:d8:9d:
         b9:d6:29:42:8c:70:cc:b9:d0:55:f0:18:b2:ff:c1:10:1a:21:
         c4:a7:28:65:69:0e:1e:ee:9b:14:e5:8b:2e:23:e0:2d:6e:69:
         02:ae:d2:aa:f3:67:18:fd:4f:bd:ab:22:fa:ea:55:7a:bf:2a:
         36:bd:f3:8c:e0:6d:07:e1:25:50:f3:2f:71:41:79:80:df:15:
         bb:f0:92:18:3c:e6:75:65:3f:c8:d4:d0:2b:02:08:76:ab:01:
         e7:43:5e:fb:27:9e:d3:57:62:20:3c:76:71:5a:f6:95:0d:65:
         3b:b4:54:56:cb:a6:7b:27:d8:f8:fc:00:e1:f3:ff:85:0e:09:
         ba:fc:9c:61:7d:e4:e0:49:d4:2a:32:36:ed:51:04:8c:07:86:
         1e:20:d2:75:8c:f3:36:7a:a1:d7:91:5a:b9:64:13:62:5b:e2:
         97:c8:a0:62:2c:14:53:7a:18:7e:71:08:0f:c1:72:34:ea:b4:
         aa:86:7c:95:0c:a8:36:c6:61:2a:07:57:65:8c:fe:86:07:03:
         d0:ef:0d:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NUYybVSvmqkuhe14ZpEFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4NDdiNTlkMjFlYTM2YjMwNjJmY2E4MGNlNzVjMTYxNmFm
NTExOWEwHhcNMjYwMTAxMjAxNzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmRmZDgwYzg0NmI2YmE2ODU3MGM3MzQwNzIwNzliMmNiZGJhN2I3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8qJoG1s5sLALnoyGE3XA3PKsIqfH
0xa9rhtAO0XO+EMVfQzf66I6pwqSa1WucX2Xzn4aouT7n99uiMO/nZoOGBrML90H
3Z2Wdql+RjDouU+eT8eimTklWQ5Fl1vdDJff28zVdBDU9OTmpAkad5N+umuBNbF8
YB8op0YlCwdkKb/11m6dj2RmRy1IF+mJ7uqNIZU1dhjn16w2a/dsNiRSIMcgc1BO
SqX3v/gro9TBkHLnQv4h9DJiKqVhkvLYZsiT7Akq34oYin1jvTjWMDRngAM73c0z
nWRL+Lc4lNY09XOfMPta5aH3VZhvBJ199yFpA/u1WLmIzd8qdijfxt+4kQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKvf2AyEa2umhXDHNAcgebLL26e3MB8GA1UdIwQY
MBaAFBhHtZ0h6jazBi/KgM51wWFq9RGaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0VlMW5TSHFOck1HTDhxQXpuWEJZV3IxRVpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi8zODI0Y2QtZTUyNy00YWRjLWE0MTIt
ZjkxYmI1MTc5MjE3LzEvcTlfWURJUnJhNmFGY01jMEJ5QjVzc3ZicDdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi8zODI0Y2QtZTUyNy00YWRjLWE0MTItZjkxYmI1MTc5MjE3
LzEvR0VlMW5TSHFOck1HTDhxQXpuWEJZV3IxRVpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9eKMA0G
CSqGSIb3DQEBCwUAA4IBAQCe0YMKh4gbeekX+YmPrrzysiJg7SLD0cy0twZrlAfW
J6GKdrN7wmC/EVMhJQXYhvFZo9lV2J251ilCjHDMudBV8Biy/8EQGiHEpyhlaQ4e
7psU5YsuI+AtbmkCrtKq82cY/U+9qyL66lV6vyo2vfOM4G0H4SVQ8y9xQXmA3xW7
8JIYPOZ1ZT/I1NArAgh2qwHnQ177J57TV2IgPHZxWvaVDWU7tFRWy6Z7J9j4/ADh
8/+FDgm6/JxhfeTgSdQqMjbtUQSMB4YeINJ1jPM2eqHXkVq5ZBNiW+KXyKBiLBRT
ehh+cQgPwXI06rSqhnyVDKg2xmEqB1dljP6GBwPQ7w3s
-----END CERTIFICATE-----