This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/92c1cf-5a22-453c-907f-eb1f8715eec0/1/5pbnClUh_kjLeLo2LMo1Y3vUlB0.roa
File:                     5pbnClUh_kjLeLo2LMo1Y3vUlB0.roa (raw, json)
Hash identifier:          Df2su1WC1f8Y96ErLqJKLUxdchUeDa/xX3IGKu6zDvE=
Subject key identifier:   E6:96:E7:0A:55:21:FE:48:CB:78:BA:36:2C:CA:35:63:7B:D4:94:1D
Certificate issuer:       /CN=b3d66297c5cdbd36d86849ddeae7985979f450ca
Certificate serial:       019B7F15EC0140914DA0392F8352581F9566
Authority key identifier: B3:D6:62:97:C5:CD:BD:36:D8:68:49:DD:EA:E7:98:59:79:F4:50:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s9Zil8XNvTbYaEnd6ueYWXn0UMo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/92c1cf-5a22-453c-907f-eb1f8715eec0/1/5pbnClUh_kjLeLo2LMo1Y3vUlB0.roa
Signing time:             Fri 02 Jan 2026 14:21:41 +0000
ROA not before:           Fri 02 Jan 2026 14:21:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20473
IP address blocks:        91.241.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/92c1cf-5a22-453c-907f-eb1f8715eec0/1/s9Zil8XNvTbYaEnd6ueYWXn0UMo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/92c1cf-5a22-453c-907f-eb1f8715eec0/1/s9Zil8XNvTbYaEnd6ueYWXn0UMo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s9Zil8XNvTbYaEnd6ueYWXn0UMo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:ec:01:40:91:4d:a0:39:2f:83:52:58:1f:95:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3d66297c5cdbd36d86849ddeae7985979f450ca
        Validity
            Not Before: Jan  2 14:21:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e696e70a5521fe48cb78ba362cca35637bd4941d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:26:ba:4f:b6:ec:6a:c8:43:94:4d:3f:f8:08:
                    86:bf:6c:73:fa:25:4b:db:b2:b4:e1:af:c8:c9:c2:
                    59:61:16:92:d1:9e:0e:d9:3a:28:db:da:0d:18:f1:
                    d8:5f:0f:57:d4:2d:81:2f:97:fe:29:d5:89:4b:9b:
                    48:b6:27:d5:b5:9e:74:2d:fd:a0:b2:59:70:86:68:
                    8d:7b:df:03:79:44:3d:e5:1b:e8:68:ae:9c:6c:26:
                    76:9d:7c:fb:86:2a:9c:09:49:34:94:dc:7b:9e:21:
                    6b:c6:83:7d:64:87:4b:63:bc:01:47:f4:ae:b3:e3:
                    72:63:10:90:6a:6a:a2:bb:de:90:94:3d:d0:39:63:
                    0d:3d:f2:bf:ca:6a:94:d6:68:78:e2:3e:8d:20:eb:
                    17:00:f5:f9:fe:dc:1d:20:ac:1c:85:9c:9e:d0:0f:
                    56:8a:35:99:39:dd:9f:71:fb:f0:12:ef:b9:2d:ad:
                    6b:6b:c6:bf:35:9e:1f:5e:70:92:e2:40:5c:e0:ef:
                    e0:1f:41:b5:98:d5:69:0a:01:d3:7d:c7:80:da:6d:
                    97:e5:1a:2e:58:b8:05:63:09:a0:22:81:c1:38:5d:
                    9b:5c:72:ff:56:4e:8f:73:d1:b2:a5:b4:04:8a:10:
                    5d:62:b1:c1:66:29:dd:30:0d:72:53:9b:84:85:53:
                    16:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:96:E7:0A:55:21:FE:48:CB:78:BA:36:2C:CA:35:63:7B:D4:94:1D
            X509v3 Authority Key Identifier:
                keyid:B3:D6:62:97:C5:CD:BD:36:D8:68:49:DD:EA:E7:98:59:79:F4:50:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s9Zil8XNvTbYaEnd6ueYWXn0UMo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/92c1cf-5a22-453c-907f-eb1f8715eec0/1/5pbnClUh_kjLeLo2LMo1Y3vUlB0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/92c1cf-5a22-453c-907f-eb1f8715eec0/1/s9Zil8XNvTbYaEnd6ueYWXn0UMo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.241.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:c1:85:7a:b5:1f:cf:d7:f6:70:a8:75:25:a8:ca:e1:f6:eb:
         2d:8a:74:d6:13:66:20:bc:e8:fd:4e:40:a1:92:a9:89:08:49:
         61:09:e7:5a:a5:79:55:b9:f7:30:f0:ab:61:f0:00:49:4e:88:
         e2:00:f1:bf:31:41:38:14:15:f3:4f:fe:3e:07:34:db:8f:f3:
         e4:c7:63:ab:1f:4d:6e:0e:aa:29:4f:c1:53:91:35:5b:ea:00:
         29:f2:4c:5e:ee:cf:65:55:77:a3:94:c8:6b:79:83:7b:64:58:
         69:c5:4f:f8:8c:b0:4a:90:20:e5:d9:2d:2c:7e:13:94:97:86:
         bd:8c:47:40:7d:f6:16:af:90:de:81:2a:b3:13:a1:93:1c:f8:
         0c:14:0e:88:41:b2:1a:9b:c8:a4:1a:e4:e3:32:8e:36:29:63:
         9f:13:04:e5:d3:83:55:ae:77:f0:16:d0:9b:a5:4f:17:6e:d3:
         81:47:65:b6:d4:ab:8f:be:42:1f:03:dd:57:72:9f:9b:d2:dd:
         33:34:14:cc:3f:1f:07:92:dc:9a:37:17:9b:63:ac:70:15:f2:
         d4:a4:56:f2:e3:7d:2c:ae:63:bc:c1:e9:c4:c3:30:a2:68:7c:
         fb:8d:59:00:63:c1:4a:17:a1:2a:b1:17:b1:b8:1f:c3:53:1d:
         a7:a2:29:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FewBQJFNoDkvg1JYH5VmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzZDY2Mjk3YzVjZGJkMzZkODY4NDlkZGVhZTc5ODU5Nzlm
NDUwY2EwHhcNMjYwMTAyMTQyMTQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjk2ZTcwYTU1MjFmZTQ4Y2I3OGJhMzYyY2NhMzU2MzdiZDQ5NDFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoSa6T7bsashDlE0/+AiGv2xz+iVL
27K04a/IycJZYRaS0Z4O2Too29oNGPHYXw9X1C2BL5f+KdWJS5tItifVtZ50Lf2g
sllwhmiNe98DeUQ95RvoaK6cbCZ2nXz7hiqcCUk0lNx7niFrxoN9ZIdLY7wBR/Su
s+NyYxCQamqiu96QlD3QOWMNPfK/ymqU1mh44j6NIOsXAPX5/twdIKwchZye0A9W
ijWZOd2fcfvwEu+5La1ra8a/NZ4fXnCS4kBc4O/gH0G1mNVpCgHTfceA2m2X5Rou
WLgFYwmgIoHBOF2bXHL/Vk6Pc9GypbQEihBdYrHBZindMA1yU5uEhVMWmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOaW5wpVIf5Iy3i6NizKNWN71JQdMB8GA1UdIwQY
MBaAFLPWYpfFzb022GhJ3ernmFl59FDKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczlaaWw4WE52VGJZYUVuZDZ1ZVlXWG4wVU1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS85MmMxY2YtNWEyMi00NTNjLTkwN2Yt
ZWIxZjg3MTVlZWMwLzEvNXBibkNsVWhfa2pMZUxvMkxNbzFZM3ZVbEIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS85MmMxY2YtNWEyMi00NTNjLTkwN2YtZWIxZjg3MTVlZWMw
LzEvczlaaWw4WE52VGJZYUVuZDZ1ZVlXWG4wVU1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/EPMA0G
CSqGSIb3DQEBCwUAA4IBAQBPwYV6tR/P1/ZwqHUlqMrh9ustinTWE2YgvOj9TkCh
kqmJCElhCedapXlVufcw8Kth8ABJTojiAPG/MUE4FBXzT/4+BzTbj/Pkx2OrH01u
DqopT8FTkTVb6gAp8kxe7s9lVXejlMhreYN7ZFhpxU/4jLBKkCDl2S0sfhOUl4a9
jEdAffYWr5DegSqzE6GTHPgMFA6IQbIam8ikGuTjMo42KWOfEwTl04NVrnfwFtCb
pU8XbtOBR2W21KuPvkIfA91Xcp+b0t0zNBTMPx8HktyaNxebY6xwFfLUpFby430s
rmO8wenEwzCiaHz7jVkAY8FKF6EqsRexuB/DUx2noimR
-----END CERTIFICATE-----