This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/b6612b-953e-4c6c-aad0-3af9a4b0a873/1/Y2VJeHf8rSYFPkGAH0xVhAWSCxQ.roa
File:                     Y2VJeHf8rSYFPkGAH0xVhAWSCxQ.roa (raw, json)
Hash identifier:          3d5t3srO9iC/BdcE17sy3EhUqKaNXX1Bje+/wHHOx3M=
Subject key identifier:   63:65:49:78:77:FC:AD:26:05:3E:41:80:1F:4C:55:84:05:92:0B:14
Certificate issuer:       /CN=f8648082f888d4097ac4cdba84660b930f75035f
Certificate serial:       019AC95E3ECE44C0E0A6C9AC5F980FC953DF
Authority key identifier: F8:64:80:82:F8:88:D4:09:7A:C4:CD:BA:84:66:0B:93:0F:75:03:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-GSAgviI1Al6xM26hGYLkw91A18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/b6612b-953e-4c6c-aad0-3af9a4b0a873/1/Y2VJeHf8rSYFPkGAH0xVhAWSCxQ.roa
Signing time:             Fri 28 Nov 2025 07:29:48 +0000
ROA not before:           Fri 28 Nov 2025 07:29:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15830
IP address blocks:        91.241.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/b6612b-953e-4c6c-aad0-3af9a4b0a873/1/1-GSAgviI1Al6xM26hGYLkw91A18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/b6612b-953e-4c6c-aad0-3af9a4b0a873/1/1-GSAgviI1Al6xM26hGYLkw91A18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-GSAgviI1Al6xM26hGYLkw91A18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 04:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:c9:5e:3e:ce:44:c0:e0:a6:c9:ac:5f:98:0f:c9:53:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8648082f888d4097ac4cdba84660b930f75035f
        Validity
            Not Before: Nov 28 07:29:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6365497877fcad26053e41801f4c558405920b14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:1a:44:b6:1d:1f:e8:12:2d:07:a7:0e:70:59:
                    9b:33:ac:98:21:ae:82:0f:8a:69:2d:6c:56:cc:3f:
                    e2:a0:54:0d:14:5c:28:ed:2a:b1:a3:c5:99:82:ae:
                    b4:c3:4f:2e:f1:a9:5f:eb:18:47:cb:84:0d:14:d0:
                    f9:b3:93:df:68:09:d1:7c:d8:56:9a:12:fe:f4:64:
                    a0:5a:6a:42:73:18:39:74:5f:13:8d:ed:e2:e9:fc:
                    27:38:ec:d8:42:51:90:e7:56:22:16:5f:12:1a:cd:
                    7b:1a:c3:20:37:b4:1e:62:4a:8c:2e:25:69:dd:15:
                    0a:4c:70:9b:96:4d:1e:90:6a:d1:5c:8c:a7:04:99:
                    7e:5b:06:06:0d:e5:ac:00:28:57:1e:cf:3d:3b:57:
                    d0:d8:03:f3:6d:3f:36:b6:f9:3f:62:c9:5e:e0:32:
                    73:3a:0f:95:17:12:bd:a4:1d:b3:0c:dd:4d:4c:8d:
                    be:ae:11:7e:97:db:7d:ff:1a:40:29:a9:01:49:80:
                    70:85:93:00:52:dc:29:02:e7:6f:fb:fd:5a:ff:d1:
                    b6:ba:05:a5:c1:98:24:15:80:18:83:14:4e:cd:5a:
                    9d:88:ee:ad:08:3a:a3:3d:5d:44:0b:4a:3b:ac:37:
                    62:db:56:cd:93:fc:a0:ed:06:31:5d:61:1d:a0:60:
                    95:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:65:49:78:77:FC:AD:26:05:3E:41:80:1F:4C:55:84:05:92:0B:14
            X509v3 Authority Key Identifier:
                keyid:F8:64:80:82:F8:88:D4:09:7A:C4:CD:BA:84:66:0B:93:0F:75:03:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-GSAgviI1Al6xM26hGYLkw91A18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/b6612b-953e-4c6c-aad0-3af9a4b0a873/1/Y2VJeHf8rSYFPkGAH0xVhAWSCxQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/b6612b-953e-4c6c-aad0-3af9a4b0a873/1/1-GSAgviI1Al6xM26hGYLkw91A18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.241.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:11:f3:01:bf:54:d7:3b:93:53:db:6b:43:9c:6d:d3:61:34:
         70:d1:01:1e:84:e4:ac:99:92:fc:72:fa:37:65:97:1b:5c:56:
         8d:9e:92:c1:84:fd:67:d1:37:db:6e:3c:9e:47:79:15:4b:5d:
         08:a4:44:e9:88:68:c9:34:df:6f:2a:13:14:05:86:18:2a:c5:
         8f:7a:68:c1:04:1a:c3:99:8b:aa:6b:2b:96:49:4e:2f:f9:93:
         49:af:77:ab:51:63:3f:0c:8e:12:09:8e:8b:98:e5:ce:a8:8d:
         d3:c8:0f:9a:89:94:05:23:ca:e4:de:87:f1:a3:d1:de:e0:b6:
         2b:6f:c7:81:ea:01:3f:2f:14:41:18:a4:48:2a:a0:f5:77:55:
         19:03:d6:0a:bf:6a:8e:4f:f7:69:1b:4f:ce:4f:2f:08:04:f3:
         66:ec:90:89:c0:d3:80:d8:eb:23:03:17:99:e8:6f:84:46:25:
         9a:2c:4b:8f:d2:bd:84:7f:8f:d4:be:0c:84:7d:9d:98:5a:bb:
         54:3f:ec:31:d4:68:71:ec:64:a9:88:d8:5f:08:c7:91:1a:a8:
         c2:55:aa:22:30:63:bd:48:98:8c:08:39:24:3e:47:6e:c6:9e:
         1f:bd:31:c6:ce:6b:c4:61:53:0e:9b:09:c1:6f:4a:55:87:73:
         dd:d1:29:d0
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZrJXj7ORMDgpsmsX5gPyVPfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4NjQ4MDgyZjg4OGQ0MDk3YWM0Y2RiYTg0NjYwYjkzMGY3
NTAzNWYwHhcNMjUxMTI4MDcyOTQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzY1NDk3ODc3ZmNhZDI2MDUzZTQxODAxZjRjNTU4NDA1OTIwYjE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAthpEth0f6BItB6cOcFmbM6yYIa6C
D4ppLWxWzD/ioFQNFFwo7Sqxo8WZgq60w08u8alf6xhHy4QNFND5s5PfaAnRfNhW
mhL+9GSgWmpCcxg5dF8Tje3i6fwnOOzYQlGQ51YiFl8SGs17GsMgN7QeYkqMLiVp
3RUKTHCblk0ekGrRXIynBJl+WwYGDeWsAChXHs89O1fQ2APzbT82tvk/Ysle4DJz
Og+VFxK9pB2zDN1NTI2+rhF+l9t9/xpAKakBSYBwhZMAUtwpAudv+/1a/9G2ugWl
wZgkFYAYgxROzVqdiO6tCDqjPV1EC0o7rDdi21bNk/yg7QYxXWEdoGCVzQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGNlSXh3/K0mBT5BgB9MVYQFkgsUMB8GA1UdIwQY
MBaAFPhkgIL4iNQJesTNuoRmC5MPdQNfMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1HU0FndmlJMUFsNnhNMjZoR1lMa3c5MUExOC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGYvYjY2MTJiLTk1M2UtNGM2Yy1hYWQw
LTNhZjlhNGIwYTg3My8xL1kyVkplSGY4clNZRlBrR0FIMHhWaEFXU0N4US5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGYvYjY2MTJiLTk1M2UtNGM2Yy1hYWQwLTNhZjlhNGIwYTg3
My8xLzEtR1NBZ3ZpSTFBbDZ4TTI2aEdZTGt3OTFBMTguY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABb8R0w
DQYJKoZIhvcNAQELBQADggEBAGgR8wG/VNc7k1Pba0OcbdNhNHDRAR6E5KyZkvxy
+jdllxtcVo2eksGE/WfRN9tuPJ5HeRVLXQikROmIaMk0328qExQFhhgqxY96aMEE
GsOZi6prK5ZJTi/5k0mvd6tRYz8MjhIJjouY5c6ojdPID5qJlAUjyuTeh/Gj0d7g
titvx4HqAT8vFEEYpEgqoPV3VRkD1gq/ao5P92kbT85PLwgE82bskInA04DY6yMD
F5nob4RGJZosS4/SvYR/j9S+DIR9nZhau1Q/7DHUaHHsZKmI2F8Ix5EaqMJVqiIw
Y71ImIwIOSQ+R27Gnh+9McbOa8RhUw6bCcFvSlWHc93RKdA=
-----END CERTIFICATE-----