This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/3cac6b-2c2a-4b66-adee-d52325de6b08/1/EkysD1nuSYyDinbnDahfH-VyT0k.roa
File:                     EkysD1nuSYyDinbnDahfH-VyT0k.roa (raw, json)
Hash identifier:          I2/OA/U368nOnLRCtdWjPsJgwSqvtccdxmLHw2kJW9Y=
Subject key identifier:   12:4C:AC:0F:59:EE:49:8C:83:8A:76:E7:0D:A8:5F:1F:E5:72:4F:49
Certificate issuer:       /CN=d350a076ce4a8ce6fb69f1fda4a194614a941afa
Certificate serial:       019B7EA47DB86BECFBDE26A3AA363ACF5213
Authority key identifier: D3:50:A0:76:CE:4A:8C:E6:FB:69:F1:FD:A4:A1:94:61:4A:94:1A:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/01Cgds5KjOb7afH9pKGUYUqUGvo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/3cac6b-2c2a-4b66-adee-d52325de6b08/1/EkysD1nuSYyDinbnDahfH-VyT0k.roa
Signing time:             Fri 02 Jan 2026 12:17:47 +0000
ROA not before:           Fri 02 Jan 2026 12:17:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204177
IP address blocks:        91.229.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/3cac6b-2c2a-4b66-adee-d52325de6b08/1/01Cgds5KjOb7afH9pKGUYUqUGvo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/3cac6b-2c2a-4b66-adee-d52325de6b08/1/01Cgds5KjOb7afH9pKGUYUqUGvo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/01Cgds5KjOb7afH9pKGUYUqUGvo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a4:7d:b8:6b:ec:fb:de:26:a3:aa:36:3a:cf:52:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d350a076ce4a8ce6fb69f1fda4a194614a941afa
        Validity
            Not Before: Jan  2 12:17:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=124cac0f59ee498c838a76e70da85f1fe5724f49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:90:b9:80:3a:7e:0e:3e:23:14:26:4e:b4:42:
                    ab:f0:50:8c:c3:e9:89:cf:9a:fb:f0:47:20:62:ab:
                    94:77:cd:0c:37:0d:6c:28:24:dd:ee:73:a7:2e:03:
                    95:df:fb:5d:19:b6:05:2e:d3:bd:4a:2f:00:df:14:
                    75:99:05:c7:ef:ad:74:bb:e2:48:42:85:25:7c:de:
                    25:d9:b9:6c:3d:f6:3d:44:26:9f:49:2e:4d:eb:ec:
                    7b:32:37:9d:51:0f:90:4b:6a:08:91:b6:72:c5:d4:
                    19:9d:af:36:cf:bb:e8:86:69:33:6a:a3:48:1f:5d:
                    00:c2:0a:b6:84:3d:87:3d:36:d2:b5:57:54:7a:da:
                    c1:61:c3:08:43:00:c7:ec:5c:60:3e:c3:83:01:54:
                    da:9b:d3:b9:82:cc:fa:c5:f9:2b:63:0d:5d:cc:7a:
                    71:67:e9:06:54:d9:9c:c1:cd:da:78:59:c2:41:71:
                    ec:5f:23:7f:ef:20:37:3f:96:0b:b6:a9:db:a8:ca:
                    59:56:76:b3:0f:e7:e6:d2:ae:92:17:e6:54:55:4c:
                    10:80:92:09:e6:bf:ab:f5:81:1f:8b:db:c6:08:55:
                    47:a6:6f:6e:8d:6f:82:d7:04:10:3d:20:04:4b:35:
                    eb:9c:f0:68:00:56:8f:fb:da:40:ae:9f:2c:cb:61:
                    9b:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:4C:AC:0F:59:EE:49:8C:83:8A:76:E7:0D:A8:5F:1F:E5:72:4F:49
            X509v3 Authority Key Identifier:
                keyid:D3:50:A0:76:CE:4A:8C:E6:FB:69:F1:FD:A4:A1:94:61:4A:94:1A:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/01Cgds5KjOb7afH9pKGUYUqUGvo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/3cac6b-2c2a-4b66-adee-d52325de6b08/1/EkysD1nuSYyDinbnDahfH-VyT0k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/3cac6b-2c2a-4b66-adee-d52325de6b08/1/01Cgds5KjOb7afH9pKGUYUqUGvo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:7f:80:fe:59:c3:e6:a4:07:6e:51:b6:6c:be:c4:9b:d1:65:
         57:3b:2d:ea:ab:df:25:0f:57:d2:47:82:a3:84:97:94:fe:57:
         c3:91:ef:d0:d4:1b:7c:d4:ba:98:42:d5:47:a5:ee:54:d7:48:
         42:3a:34:96:99:c9:9f:cf:7e:4f:3e:69:aa:26:34:33:5d:e0:
         f7:90:d8:85:43:21:dc:d1:ee:d5:85:1c:e3:30:3e:bd:76:0e:
         83:06:25:69:b2:99:3b:2b:55:ef:c6:98:80:b7:cf:42:1e:03:
         31:7f:0e:0f:d2:40:73:51:d7:de:66:92:97:c7:94:d9:2e:c5:
         8d:83:8a:7d:89:68:56:c4:4f:c4:64:d3:f9:66:f7:5c:a4:7b:
         da:77:34:ac:4b:ef:22:45:0d:df:17:ae:6f:df:be:23:2c:66:
         72:52:22:f3:87:54:16:59:3e:fb:39:b7:50:25:f6:61:d0:6a:
         14:3d:9f:57:21:89:8b:84:48:ce:db:a6:ed:0a:f3:73:d3:df:
         ca:22:96:ff:cf:2b:31:61:54:f3:0c:58:b0:8b:02:51:64:60:
         eb:c2:da:fa:c0:f2:1c:05:8d:02:51:d9:d2:21:fc:32:b1:ba:
         94:8b:eb:10:11:0f:ae:02:8b:19:8e:c6:cd:11:bb:4f:01:63:
         5f:83:96:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pH24a+z73iajqjY6z1ITMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzNTBhMDc2Y2U0YThjZTZmYjY5ZjFmZGE0YTE5NDYxNGE5
NDFhZmEwHhcNMjYwMTAyMTIxNzQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjRjYWMwZjU5ZWU0OThjODM4YTc2ZTcwZGE4NWYxZmU1NzI0ZjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw5C5gDp+Dj4jFCZOtEKr8FCMw+mJ
z5r78EcgYquUd80MNw1sKCTd7nOnLgOV3/tdGbYFLtO9Si8A3xR1mQXH7610u+JI
QoUlfN4l2blsPfY9RCafSS5N6+x7MjedUQ+QS2oIkbZyxdQZna82z7vohmkzaqNI
H10Awgq2hD2HPTbStVdUetrBYcMIQwDH7FxgPsODAVTam9O5gsz6xfkrYw1dzHpx
Z+kGVNmcwc3aeFnCQXHsXyN/7yA3P5YLtqnbqMpZVnazD+fm0q6SF+ZUVUwQgJIJ
5r+r9YEfi9vGCFVHpm9ujW+C1wQQPSAESzXrnPBoAFaP+9pArp8sy2GbLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBJMrA9Z7kmMg4p25w2oXx/lck9JMB8GA1UdIwQY
MBaAFNNQoHbOSozm+2nx/aShlGFKlBr6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDFDZ2RzNUtqT2I3YWZIOXBLR1VZVXFVR3ZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8zY2FjNmItMmMyYS00YjY2LWFkZWUt
ZDUyMzI1ZGU2YjA4LzEvRWt5c0QxbnVTWXlEaW5ibkRhaGZILVZ5VDBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8zY2FjNmItMmMyYS00YjY2LWFkZWUtZDUyMzI1ZGU2YjA4
LzEvMDFDZ2RzNUtqT2I3YWZIOXBLR1VZVXFVR3ZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+VIMA0G
CSqGSIb3DQEBCwUAA4IBAQBTf4D+WcPmpAduUbZsvsSb0WVXOy3qq98lD1fSR4Kj
hJeU/lfDke/Q1Bt81LqYQtVHpe5U10hCOjSWmcmfz35PPmmqJjQzXeD3kNiFQyHc
0e7VhRzjMD69dg6DBiVpspk7K1XvxpiAt89CHgMxfw4P0kBzUdfeZpKXx5TZLsWN
g4p9iWhWxE/EZNP5ZvdcpHvadzSsS+8iRQ3fF65v374jLGZyUiLzh1QWWT77ObdQ
JfZh0GoUPZ9XIYmLhEjO26btCvNz09/KIpb/zysxYVTzDFiwiwJRZGDrwtr6wPIc
BY0CUdnSIfwysbqUi+sQEQ+uAosZjsbNEbtPAWNfg5Z0
-----END CERTIFICATE-----