This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/31aaba-ac7e-489f-877c-28d5b607a47f/1/mK3OtIQBuc5E_Igw6gzRMSv2d3c.roa
File:                     mK3OtIQBuc5E_Igw6gzRMSv2d3c.roa (raw, json)
Hash identifier:          DMwAvTUmsGM0zrMHUTJobXjFU2+cLUzH4tvhaMwkiwc=
Subject key identifier:   98:AD:CE:B4:84:01:B9:CE:44:FC:88:30:EA:0C:D1:31:2B:F6:77:77
Certificate issuer:       /CN=a7d78de0234e6f99701592f536e45f5f5594eec3
Certificate serial:       019B7F843A6CA2096831E22CE14A707DD021
Authority key identifier: A7:D7:8D:E0:23:4E:6F:99:70:15:92:F5:36:E4:5F:5F:55:94:EE:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p9eN4CNOb5lwFZL1NuRfX1WU7sM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/31aaba-ac7e-489f-877c-28d5b607a47f/1/mK3OtIQBuc5E_Igw6gzRMSv2d3c.roa
Signing time:             Fri 02 Jan 2026 16:22:10 +0000
ROA not before:           Fri 02 Jan 2026 16:22:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205774
IP address blocks:        91.233.36.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/31aaba-ac7e-489f-877c-28d5b607a47f/1/p9eN4CNOb5lwFZL1NuRfX1WU7sM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/31aaba-ac7e-489f-877c-28d5b607a47f/1/p9eN4CNOb5lwFZL1NuRfX1WU7sM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p9eN4CNOb5lwFZL1NuRfX1WU7sM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:3a:6c:a2:09:68:31:e2:2c:e1:4a:70:7d:d0:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7d78de0234e6f99701592f536e45f5f5594eec3
        Validity
            Not Before: Jan  2 16:22:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=98adceb48401b9ce44fc8830ea0cd1312bf67777
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:13:03:4d:86:a8:a6:78:35:c9:5f:d6:88:60:
                    cd:ce:83:a9:e6:6d:dd:2b:34:7f:d9:aa:06:0b:5c:
                    d1:08:c5:54:99:db:4e:c0:2e:39:97:65:b3:f7:48:
                    c0:dc:ba:8f:14:e2:cc:4d:a0:19:6e:4c:96:14:02:
                    3b:af:b2:2d:73:18:98:ac:78:63:38:42:00:eb:b4:
                    08:14:8b:eb:a1:f4:38:87:e5:78:4f:42:08:62:2d:
                    86:54:cb:b0:46:15:86:cd:a3:3e:5d:56:32:0c:6b:
                    75:0d:be:3f:ba:14:36:44:16:f4:b9:bf:92:c0:6a:
                    ab:f4:76:05:c3:b4:1d:af:36:72:08:34:69:d0:c5:
                    fa:06:d2:f6:fa:bf:29:03:ae:68:04:d4:5a:1d:0a:
                    b8:2b:55:9f:06:e5:db:41:6d:b5:e5:4a:cb:a9:d9:
                    ae:f5:ca:ea:03:d9:91:40:9f:16:3f:79:c8:28:10:
                    67:62:42:07:36:f4:d4:20:35:64:ee:20:df:20:c5:
                    80:53:4f:87:0e:70:a5:d0:73:54:88:c8:83:bf:80:
                    4f:12:5b:5e:0f:c4:00:42:1c:f2:23:e5:5f:3f:3c:
                    79:bb:45:32:14:c6:ff:50:74:22:78:eb:8b:d8:47:
                    bd:cb:87:19:ea:50:eb:00:1f:1c:d5:8a:68:82:46:
                    80:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:AD:CE:B4:84:01:B9:CE:44:FC:88:30:EA:0C:D1:31:2B:F6:77:77
            X509v3 Authority Key Identifier:
                keyid:A7:D7:8D:E0:23:4E:6F:99:70:15:92:F5:36:E4:5F:5F:55:94:EE:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p9eN4CNOb5lwFZL1NuRfX1WU7sM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/31aaba-ac7e-489f-877c-28d5b607a47f/1/mK3OtIQBuc5E_Igw6gzRMSv2d3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/31aaba-ac7e-489f-877c-28d5b607a47f/1/p9eN4CNOb5lwFZL1NuRfX1WU7sM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.233.36.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6a:c9:36:83:f4:8d:e0:0e:d4:93:b7:5c:95:fc:80:be:3b:80:
         b8:24:bf:99:06:24:69:9a:2c:31:8e:65:ee:af:96:af:93:0e:
         4a:a4:a2:c4:c2:47:ca:02:f1:5c:92:3b:c1:bb:f8:77:fc:79:
         fa:91:89:b8:f1:c4:43:5b:f2:69:9c:af:37:9a:1c:e5:44:64:
         3b:e8:85:34:13:15:57:7f:e1:ce:b8:17:87:53:63:8c:ab:b2:
         3e:8b:a8:33:c5:c0:7e:1e:7b:5f:18:b4:e6:c1:5d:df:7d:2a:
         a6:93:01:6c:5e:18:1e:9f:33:14:f1:c1:fe:87:03:b7:d5:24:
         16:86:f0:45:b8:0d:1d:8d:d9:94:96:e3:ce:36:cb:7b:8d:d4:
         66:cb:6f:1f:76:87:7d:59:4c:4d:e7:1b:7c:61:79:48:5b:e1:
         d7:5e:8b:c3:27:6b:36:b1:48:9a:55:d3:ac:43:58:f3:9b:73:
         64:93:e2:67:95:c6:03:89:d3:99:55:f6:a2:bf:e5:88:84:b2:
         1e:8d:b2:36:24:c2:c6:56:bd:da:83:f4:e6:d8:86:3b:cc:29:
         d5:be:1b:fd:03:8e:93:f3:82:43:fa:85:eb:77:bd:18:ea:89:
         c9:61:75:ed:9f:13:6f:6f:c5:57:54:ba:52:38:f4:e3:04:87:
         b9:be:9c:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hDpsogloMeIs4UpwfdAhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3ZDc4ZGUwMjM0ZTZmOTk3MDE1OTJmNTM2ZTQ1ZjVmNTU5
NGVlYzMwHhcNMjYwMTAyMTYyMjEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGFkY2ViNDg0MDFiOWNlNDRmYzg4MzBlYTBjZDEzMTJiZjY3Nzc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxhMDTYaopng1yV/WiGDNzoOp5m3d
KzR/2aoGC1zRCMVUmdtOwC45l2Wz90jA3LqPFOLMTaAZbkyWFAI7r7ItcxiYrHhj
OEIA67QIFIvrofQ4h+V4T0IIYi2GVMuwRhWGzaM+XVYyDGt1Db4/uhQ2RBb0ub+S
wGqr9HYFw7QdrzZyCDRp0MX6BtL2+r8pA65oBNRaHQq4K1WfBuXbQW215UrLqdmu
9crqA9mRQJ8WP3nIKBBnYkIHNvTUIDVk7iDfIMWAU0+HDnCl0HNUiMiDv4BPElte
D8QAQhzyI+VfPzx5u0UyFMb/UHQieOuL2Ee9y4cZ6lDrAB8c1YpogkaA8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJitzrSEAbnORPyIMOoM0TEr9nd3MB8GA1UdIwQY
MBaAFKfXjeAjTm+ZcBWS9TbkX19VlO7DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDllTjRDTk9iNWx3RlpMMU51UmZYMVdVN3NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My8zMWFhYmEtYWM3ZS00ODlmLTg3N2Mt
MjhkNWI2MDdhNDdmLzEvbUszT3RJUUJ1YzVFX0lndzZnelJNU3YyZDNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My8zMWFhYmEtYWM3ZS00ODlmLTg3N2MtMjhkNWI2MDdhNDdm
LzEvcDllTjRDTk9iNWx3RlpMMU51UmZYMVdVN3NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+kkMA0G
CSqGSIb3DQEBCwUAA4IBAQBqyTaD9I3gDtSTt1yV/IC+O4C4JL+ZBiRpmiwxjmXu
r5avkw5KpKLEwkfKAvFckjvBu/h3/Hn6kYm48cRDW/JpnK83mhzlRGQ76IU0ExVX
f+HOuBeHU2OMq7I+i6gzxcB+HntfGLTmwV3ffSqmkwFsXhgenzMU8cH+hwO31SQW
hvBFuA0djdmUluPONst7jdRmy28fdod9WUxN5xt8YXlIW+HXXovDJ2s2sUiaVdOs
Q1jzm3Nkk+JnlcYDidOZVfaiv+WIhLIejbI2JMLGVr3ag/Tm2IY7zCnVvhv9A46T
84JD+oXrd70Y6onJYXXtnxNvb8VXVLpSOPTjBIe5vpw1
-----END CERTIFICATE-----