This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/9b893e-7b0c-41aa-a951-90c3afc7c947/1/1-nsaGOYJDQs8nE83JBsjbwYRoPA.roa
File:                     1-nsaGOYJDQs8nE83JBsjbwYRoPA.roa (raw, json)
Hash identifier:          ZorqeuTKQ8BzMES+IbO5PhiAMx62C25+2z4OV8xpzBs=
Subject key identifier:   FA:7B:1A:18:E6:09:0D:0B:3C:9C:4F:37:24:1B:23:6F:06:11:A0:F0
Certificate issuer:       /CN=5ed99d49c4b0e46b2786842731e153485c8ac48b
Certificate serial:       019B7911085AA922B6DB3A4A3D17FAB95B65
Authority key identifier: 5E:D9:9D:49:C4:B0:E4:6B:27:86:84:27:31:E1:53:48:5C:8A:C4:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XtmdScSw5GsnhoQnMeFTSFyKxIs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/9b893e-7b0c-41aa-a951-90c3afc7c947/1/1-nsaGOYJDQs8nE83JBsjbwYRoPA.roa
Signing time:             Thu 01 Jan 2026 10:18:37 +0000
ROA not before:           Thu 01 Jan 2026 10:18:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3303
IP address blocks:        91.209.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/9b893e-7b0c-41aa-a951-90c3afc7c947/1/XtmdScSw5GsnhoQnMeFTSFyKxIs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/9b893e-7b0c-41aa-a951-90c3afc7c947/1/XtmdScSw5GsnhoQnMeFTSFyKxIs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XtmdScSw5GsnhoQnMeFTSFyKxIs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:11:08:5a:a9:22:b6:db:3a:4a:3d:17:fa:b9:5b:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ed99d49c4b0e46b2786842731e153485c8ac48b
        Validity
            Not Before: Jan  1 10:18:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fa7b1a18e6090d0b3c9c4f37241b236f0611a0f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:96:9e:7a:27:75:c8:7c:2e:26:02:ab:b0:65:
                    1c:d3:35:7c:97:28:dd:ce:55:3a:a0:2e:47:d2:ac:
                    a0:6c:63:b6:1b:8b:6e:5e:9e:ce:e3:cb:e6:5b:01:
                    a7:92:8b:45:d1:6d:1c:c5:6a:4a:c9:dc:4d:63:f6:
                    c5:e1:85:0f:3f:54:8f:0f:aa:47:9f:ce:fd:7c:e2:
                    06:81:7a:c7:ad:9c:18:d8:bf:09:52:01:3e:31:85:
                    dc:d5:f1:a5:d5:42:ec:b7:41:8e:be:1a:75:43:f5:
                    e8:ce:4c:da:28:92:9c:15:1d:36:48:5f:7f:3e:f5:
                    6f:7d:b2:87:e0:db:89:98:b8:14:fb:ae:c7:6d:95:
                    61:8c:fe:17:2d:b9:8e:32:90:cd:28:49:85:fe:73:
                    96:2d:0b:29:fe:fc:98:3c:d7:18:40:6c:0d:9e:6a:
                    1d:5b:ed:45:21:7f:94:aa:65:dc:34:2b:d9:fc:16:
                    45:9d:69:76:40:8b:c7:40:e7:fc:3e:82:27:02:98:
                    e0:b7:07:27:42:39:62:e0:fa:75:ab:7e:15:48:82:
                    29:0e:5a:08:cb:56:9a:24:c3:c6:36:15:e5:b7:92:
                    56:f5:6d:b8:73:fd:63:0e:26:bf:91:6c:28:64:61:
                    42:3e:a3:18:97:e9:78:46:14:fb:68:18:e4:05:15:
                    78:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:7B:1A:18:E6:09:0D:0B:3C:9C:4F:37:24:1B:23:6F:06:11:A0:F0
            X509v3 Authority Key Identifier:
                keyid:5E:D9:9D:49:C4:B0:E4:6B:27:86:84:27:31:E1:53:48:5C:8A:C4:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XtmdScSw5GsnhoQnMeFTSFyKxIs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/9b893e-7b0c-41aa-a951-90c3afc7c947/1/1-nsaGOYJDQs8nE83JBsjbwYRoPA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/9b893e-7b0c-41aa-a951-90c3afc7c947/1/XtmdScSw5GsnhoQnMeFTSFyKxIs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:bc:02:12:51:a3:3e:2e:17:29:4a:cf:75:fb:1b:57:36:4f:
         9d:f1:1a:a3:8b:c9:2e:a1:b5:9f:e8:e4:f0:49:3b:d6:51:18:
         63:26:40:5c:2a:a6:29:59:43:3e:f0:bb:bf:f5:b7:e0:8c:7d:
         19:c8:59:77:0a:dd:12:a9:2a:9b:77:6c:a4:54:fc:82:3c:1e:
         16:67:01:6a:df:27:67:a8:7b:19:38:27:7f:8e:c4:cb:b2:19:
         b8:1c:dc:07:d1:0f:62:17:ec:18:52:e7:e5:84:72:ac:e0:e7:
         60:4a:e0:34:6f:50:e4:73:88:3a:3d:29:3c:d1:41:bb:44:1f:
         4a:43:24:55:a8:5d:e7:14:70:37:ff:d8:37:6b:b6:e6:50:ce:
         d9:cd:47:75:15:ee:76:b9:f8:11:3b:fb:6f:12:09:9c:a6:9b:
         16:3c:1a:03:cf:4f:41:34:ea:c3:18:dd:49:6d:3d:5b:aa:7a:
         b3:de:8b:ee:e8:fc:3c:82:5c:e8:60:12:f1:fb:91:4b:10:66:
         8a:47:93:4b:9f:5b:48:44:32:9a:78:28:46:4e:a5:b9:15:1f:
         b6:0c:a5:65:21:29:b2:b4:cb:21:29:75:61:be:96:9b:f5:4a:
         d9:ef:aa:9a:43:45:a1:95:ae:63:fd:fe:0b:17:fe:35:4d:a0:
         85:40:bd:f2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt5EQhaqSK22zpKPRf6uVtlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZDk5ZDQ5YzRiMGU0NmIyNzg2ODQyNzMxZTE1MzQ4NWM4
YWM0OGIwHhcNMjYwMTAxMTAxODM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTdiMWExOGU2MDkwZDBiM2M5YzRmMzcyNDFiMjM2ZjA2MTFhMGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Zaeeid1yHwuJgKrsGUc0zV8lyjd
zlU6oC5H0qygbGO2G4tuXp7O48vmWwGnkotF0W0cxWpKydxNY/bF4YUPP1SPD6pH
n879fOIGgXrHrZwY2L8JUgE+MYXc1fGl1ULst0GOvhp1Q/XozkzaKJKcFR02SF9/
PvVvfbKH4NuJmLgU+67HbZVhjP4XLbmOMpDNKEmF/nOWLQsp/vyYPNcYQGwNnmod
W+1FIX+UqmXcNCvZ/BZFnWl2QIvHQOf8PoInApjgtwcnQjli4Pp1q34VSIIpDloI
y1aaJMPGNhXlt5JW9W24c/1jDia/kWwoZGFCPqMYl+l4RhT7aBjkBRV4YwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPp7GhjmCQ0LPJxPNyQbI28GEaDwMB8GA1UdIwQY
MBaAFF7ZnUnEsORrJ4aEJzHhU0hcisSLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHRtZFNjU3c1R3NuaG9Rbk1lRlRTRnlLeElzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS85Yjg5M2UtN2IwYy00MWFhLWE5NTEt
OTBjM2FmYzdjOTQ3LzEvMS1uc2FHT1lKRFFzOG5FODNKQnNqYndZUm9QQS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNWUvOWI4OTNlLTdiMGMtNDFhYS1hOTUxLTkwYzNhZmM3Yzk0
Ny8xL1h0bWRTY1N3NUdzbmhvUW5NZUZUU0Z5S3hJcy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvRqjAN
BgkqhkiG9w0BAQsFAAOCAQEAa7wCElGjPi4XKUrPdfsbVzZPnfEao4vJLqG1n+jk
8Ek71lEYYyZAXCqmKVlDPvC7v/W34Ix9GchZdwrdEqkqm3dspFT8gjweFmcBat8n
Z6h7GTgnf47Ey7IZuBzcB9EPYhfsGFLn5YRyrODnYErgNG9Q5HOIOj0pPNFBu0Qf
SkMkVahd5xRwN//YN2u25lDO2c1HdRXudrn4ETv7bxIJnKabFjwaA89PQTTqwxjd
SW09W6p6s96L7uj8PIJc6GAS8fuRSxBmikeTS59bSEQymngoRk6luRUftgylZSEp
srTLISl1Yb6Wm/VK2e+qmkNFoZWuY/3+Cxf+NU2ghUC98g==
-----END CERTIFICATE-----