This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/09db8c-6df0-4cee-ae07-a1e24aaf610f/1/tFxvsrCqJ_cpCZ3yrGcf9YiNSVg.roa
File:                     tFxvsrCqJ_cpCZ3yrGcf9YiNSVg.roa (raw, json)
Hash identifier:          he9pYZaiWZg80bEFSYp2yYFaMXPObGV75JnhpVutWqo=
Subject key identifier:   B4:5C:6F:B2:B0:AA:27:F7:29:09:9D:F2:AC:67:1F:F5:88:8D:49:58
Certificate issuer:       /CN=887fa37371d7d4593ba290ef45669ea0de293782
Certificate serial:       019B783513237D04C1A0F7AA7C3DF5DC28CD
Authority key identifier: 88:7F:A3:73:71:D7:D4:59:3B:A2:90:EF:45:66:9E:A0:DE:29:37:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iH-jc3HX1Fk7opDvRWaeoN4pN4I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/09db8c-6df0-4cee-ae07-a1e24aaf610f/1/tFxvsrCqJ_cpCZ3yrGcf9YiNSVg.roa
Signing time:             Thu 01 Jan 2026 06:18:22 +0000
ROA not before:           Thu 01 Jan 2026 06:18:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31027
IP address blocks:        91.231.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/09db8c-6df0-4cee-ae07-a1e24aaf610f/1/iH-jc3HX1Fk7opDvRWaeoN4pN4I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/09db8c-6df0-4cee-ae07-a1e24aaf610f/1/iH-jc3HX1Fk7opDvRWaeoN4pN4I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iH-jc3HX1Fk7opDvRWaeoN4pN4I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 15:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:35:13:23:7d:04:c1:a0:f7:aa:7c:3d:f5:dc:28:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=887fa37371d7d4593ba290ef45669ea0de293782
        Validity
            Not Before: Jan  1 06:18:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b45c6fb2b0aa27f729099df2ac671ff5888d4958
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:b3:11:e6:2b:b8:ac:0a:71:ec:77:11:88:80:
                    fb:4d:ca:48:19:e7:14:f5:6c:aa:d4:e8:ad:fd:97:
                    9d:b1:36:4b:47:54:7c:3b:b6:68:f3:69:29:65:a0:
                    e9:4f:ac:38:ff:d7:f1:60:32:e7:2b:23:e2:dd:ba:
                    54:07:34:40:c2:7a:0e:42:a4:ee:27:d6:61:aa:6b:
                    de:c9:db:0d:aa:ef:f6:d3:0f:d6:87:9e:de:16:2a:
                    1f:97:f4:66:af:13:eb:91:e0:0d:6a:de:3f:39:4f:
                    ee:06:40:33:74:09:6d:2c:67:7e:38:8f:46:b0:06:
                    6c:ea:14:44:b5:f9:41:b7:ac:57:31:7e:39:93:90:
                    3f:4e:8f:be:03:f2:71:89:bb:60:98:ca:2d:22:a4:
                    4b:15:d2:bf:9a:56:54:8e:f1:0e:94:a5:07:85:b4:
                    7f:9e:84:e3:ec:28:a9:c4:f3:3c:af:0f:78:2b:88:
                    ca:12:18:4b:19:63:e7:f7:9d:1e:26:c7:e3:35:96:
                    23:54:ec:d9:6b:83:a6:cb:d8:06:bd:40:25:86:1d:
                    10:77:d2:b2:39:20:64:62:ff:b2:3e:d7:24:76:34:
                    dd:97:ff:fd:9f:ec:f4:32:c3:9a:5f:18:3f:06:d8:
                    89:93:82:50:3c:34:40:69:ff:47:82:2b:8b:53:f2:
                    47:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:5C:6F:B2:B0:AA:27:F7:29:09:9D:F2:AC:67:1F:F5:88:8D:49:58
            X509v3 Authority Key Identifier:
                keyid:88:7F:A3:73:71:D7:D4:59:3B:A2:90:EF:45:66:9E:A0:DE:29:37:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iH-jc3HX1Fk7opDvRWaeoN4pN4I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/09db8c-6df0-4cee-ae07-a1e24aaf610f/1/tFxvsrCqJ_cpCZ3yrGcf9YiNSVg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/09db8c-6df0-4cee-ae07-a1e24aaf610f/1/iH-jc3HX1Fk7opDvRWaeoN4pN4I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:7d:6b:6a:c5:42:f4:e9:ca:50:3c:52:cf:71:b8:49:c1:dd:
         ff:74:34:9b:f1:a8:a8:fa:6f:fc:12:65:8a:3e:31:df:71:aa:
         78:2b:ef:43:a7:14:56:9b:84:03:b2:76:03:e8:c1:47:11:35:
         12:4a:db:b4:d8:f0:d9:57:44:91:01:ba:d7:79:4a:89:41:fe:
         6f:07:1c:28:db:51:0a:f2:87:d9:7e:e7:fe:81:55:8e:a4:ec:
         69:59:3c:66:5c:cb:f9:86:b5:8a:e3:23:5d:a8:64:dc:95:50:
         29:e9:36:df:78:a4:62:07:86:b9:28:42:f9:c1:0d:a1:b0:2c:
         be:a8:fb:43:98:9d:4c:5b:06:79:72:2d:2c:9c:c8:f9:2e:e4:
         69:dc:2f:ac:fa:5c:3b:e4:4d:25:1c:17:e6:29:87:2d:1f:7a:
         a6:69:02:92:4d:9b:97:3e:be:32:3a:6e:11:84:66:af:c0:ca:
         0e:5b:35:c1:ee:24:a5:10:5f:2d:8f:c5:fe:0b:45:3f:e9:da:
         25:9b:ff:c0:ae:c0:28:b9:37:8a:07:c0:e1:86:c7:0d:2d:a1:
         3e:7d:3d:0c:3a:db:eb:b9:55:81:dd:20:14:17:15:bf:14:33:
         52:56:05:40:01:71:96:86:c5:c0:1a:4f:03:c0:8f:14:28:6f:
         5b:7e:ad:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NRMjfQTBoPeqfD313CjNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4N2ZhMzczNzFkN2Q0NTkzYmEyOTBlZjQ1NjY5ZWEwZGUy
OTM3ODIwHhcNMjYwMTAxMDYxODIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDVjNmZiMmIwYWEyN2Y3MjkwOTlkZjJhYzY3MWZmNTg4OGQ0OTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLMR5iu4rApx7HcRiID7TcpIGecU
9Wyq1Oit/ZedsTZLR1R8O7Zo82kpZaDpT6w4/9fxYDLnKyPi3bpUBzRAwnoOQqTu
J9ZhqmveydsNqu/20w/Wh57eFiofl/RmrxPrkeANat4/OU/uBkAzdAltLGd+OI9G
sAZs6hREtflBt6xXMX45k5A/To++A/JxibtgmMotIqRLFdK/mlZUjvEOlKUHhbR/
noTj7CipxPM8rw94K4jKEhhLGWPn950eJsfjNZYjVOzZa4Omy9gGvUAlhh0Qd9Ky
OSBkYv+yPtckdjTdl//9n+z0MsOaXxg/BtiJk4JQPDRAaf9HgiuLU/JHuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLRcb7Kwqif3KQmd8qxnH/WIjUlYMB8GA1UdIwQY
MBaAFIh/o3Nx19RZO6KQ70VmnqDeKTeCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUgtamMzSFgxRms3b3BEdlJXYWVvTjRwTjRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi8wOWRiOGMtNmRmMC00Y2VlLWFlMDct
YTFlMjRhYWY2MTBmLzEvdEZ4dnNyQ3FKX2NwQ1ozeXJHY2Y5WWlOU1ZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi8wOWRiOGMtNmRmMC00Y2VlLWFlMDctYTFlMjRhYWY2MTBm
LzEvaUgtamMzSFgxRms3b3BEdlJXYWVvTjRwTjRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+eTMA0G
CSqGSIb3DQEBCwUAA4IBAQCPfWtqxUL06cpQPFLPcbhJwd3/dDSb8aio+m/8EmWK
PjHfcap4K+9DpxRWm4QDsnYD6MFHETUSStu02PDZV0SRAbrXeUqJQf5vBxwo21EK
8ofZfuf+gVWOpOxpWTxmXMv5hrWK4yNdqGTclVAp6TbfeKRiB4a5KEL5wQ2hsCy+
qPtDmJ1MWwZ5ci0snMj5LuRp3C+s+lw75E0lHBfmKYctH3qmaQKSTZuXPr4yOm4R
hGavwMoOWzXB7iSlEF8tj8X+C0U/6dolm//ArsAouTeKB8DhhscNLaE+fT0MOtvr
uVWB3SAUFxW/FDNSVgVAAXGWhsXAGk8DwI8UKG9bfq2V
-----END CERTIFICATE-----