This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/oFjLnFx0PgjFBuwtiF_MYSFpqmA.roa
File:                     oFjLnFx0PgjFBuwtiF_MYSFpqmA.roa (raw, json)
Hash identifier:          VK+JXOgRMBfH6LlIiFROL5a7HEYqeypevfrTL4MJN2k=
Subject key identifier:   A0:58:CB:9C:5C:74:3E:08:C5:06:EC:2D:88:5F:CC:61:21:69:AA:60
Certificate issuer:       /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial:       019B7B36312E539F8B27C698C4FAD8B7D5C3
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/oFjLnFx0PgjFBuwtiF_MYSFpqmA.roa
Signing time:             Thu 01 Jan 2026 20:18:27 +0000
ROA not before:           Thu 01 Jan 2026 20:18:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215355
IP address blocks:        91.103.120.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:31:2e:53:9f:8b:27:c6:98:c4:fa:d8:b7:d5:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
        Validity
            Not Before: Jan  1 20:18:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a058cb9c5c743e08c506ec2d885fcc612169aa60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:22:1a:02:88:46:75:31:db:8d:6c:60:24:5e:
                    db:e5:91:6b:aa:5c:36:16:8c:38:95:55:db:9d:60:
                    0e:f9:9c:7a:4b:51:00:a7:a5:da:e2:65:bc:8b:a3:
                    8c:ac:63:07:97:8e:d4:9e:20:29:d8:c2:e7:54:88:
                    a6:48:86:f7:8f:98:cb:48:20:b4:88:a2:bd:71:57:
                    c9:9a:3b:4c:37:d4:49:71:7c:ba:b8:f3:16:9b:8b:
                    c1:b0:8b:b3:5f:37:4c:f6:38:e1:d7:0c:e6:00:ab:
                    0f:c8:e5:56:96:62:c3:ac:08:ed:98:86:f1:f7:35:
                    84:36:a7:95:c8:d5:c9:5c:95:3d:2b:c8:3c:14:c8:
                    2e:18:f2:9d:68:83:e8:fd:f3:05:ae:53:53:86:e4:
                    5b:d8:42:38:42:6e:0e:53:ca:5d:54:3c:32:9d:05:
                    72:cd:ea:8a:aa:0f:18:fa:83:14:b9:21:d2:fb:a4:
                    bf:45:05:ff:51:40:f2:c2:e6:41:5d:9d:7a:bf:b7:
                    02:a9:ff:88:c3:2e:cb:6a:99:f0:e9:ae:2b:36:1c:
                    31:41:d7:53:dd:8e:bd:f8:ec:49:59:33:29:94:63:
                    3c:01:c4:d3:ec:4a:2c:26:9f:c5:82:b4:34:23:5c:
                    a1:2f:18:4b:e8:7e:60:75:b2:90:e3:76:32:cb:1a:
                    46:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:58:CB:9C:5C:74:3E:08:C5:06:EC:2D:88:5F:CC:61:21:69:AA:60
            X509v3 Authority Key Identifier:
                keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/oFjLnFx0PgjFBuwtiF_MYSFpqmA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.103.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         12:37:88:ce:eb:1f:ba:ec:07:55:e9:61:08:ae:37:29:0a:ca:
         cb:0c:09:99:83:3f:0e:07:c0:0d:52:1b:43:60:5e:1d:13:aa:
         f6:93:d4:87:55:53:30:51:1d:ed:b1:f2:a3:0b:22:b8:6e:98:
         48:55:5b:f8:ca:56:d2:20:aa:99:25:5c:c3:04:2d:66:3d:bd:
         43:b2:04:22:b9:8c:0b:14:63:58:d2:be:d3:d3:05:d4:30:28:
         f2:c6:7b:1a:51:ff:8d:55:dc:3e:22:9f:55:97:aa:cc:a4:dd:
         c9:7b:86:ee:a8:d8:3e:7e:a7:51:17:39:1d:f3:9b:eb:fc:5f:
         2b:c7:52:62:87:44:41:28:80:0a:43:94:b8:56:cc:bc:cb:0e:
         1a:4e:c4:60:a9:bd:73:43:96:2f:c8:00:29:ea:df:5b:9a:cc:
         24:93:8a:0a:e7:52:3a:7a:14:6b:03:fd:57:ec:38:68:e7:aa:
         71:f2:fb:ac:64:e9:53:dd:63:1d:82:8f:88:af:49:05:03:40:
         c3:d5:f7:39:07:78:f9:9a:6f:8a:26:72:86:40:96:49:87:e8:
         75:4b:15:7e:b0:1e:63:d9:8f:69:ef:71:0d:6f:ce:ce:43:1b:
         53:9a:b4:7f:62:29:92:eb:e5:bc:49:4e:ee:73:24:fe:2e:c5:
         1b:2b:d4:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NjEuU5+LJ8aYxPrYt9XDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjYwMTAxMjAxODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDU4Y2I5YzVjNzQzZTA4YzUwNmVjMmQ4ODVmY2M2MTIxNjlhYTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyIaAohGdTHbjWxgJF7b5ZFrqlw2
Fow4lVXbnWAO+Zx6S1EAp6Xa4mW8i6OMrGMHl47UniAp2MLnVIimSIb3j5jLSCC0
iKK9cVfJmjtMN9RJcXy6uPMWm4vBsIuzXzdM9jjh1wzmAKsPyOVWlmLDrAjtmIbx
9zWENqeVyNXJXJU9K8g8FMguGPKdaIPo/fMFrlNThuRb2EI4Qm4OU8pdVDwynQVy
zeqKqg8Y+oMUuSHS+6S/RQX/UUDywuZBXZ16v7cCqf+Iwy7Lapnw6a4rNhwxQddT
3Y69+OxJWTMplGM8AcTT7EosJp/FgrQ0I1yhLxhL6H5gdbKQ43YyyxpG7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKBYy5xcdD4IxQbsLYhfzGEhaapgMB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEvb0ZqTG5GeDBQZ2pGQnV3dGlGX01ZU0ZwcW1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW2d4MA0G
CSqGSIb3DQEBCwUAA4IBAQASN4jO6x+67AdV6WEIrjcpCsrLDAmZgz8OB8ANUhtD
YF4dE6r2k9SHVVMwUR3tsfKjCyK4bphIVVv4ylbSIKqZJVzDBC1mPb1DsgQiuYwL
FGNY0r7T0wXUMCjyxnsaUf+NVdw+Ip9Vl6rMpN3Je4buqNg+fqdRFzkd85vr/F8r
x1Jih0RBKIAKQ5S4Vsy8yw4aTsRgqb1zQ5YvyAAp6t9bmswkk4oK51I6ehRrA/1X
7Dho56px8vusZOlT3WMdgo+Ir0kFA0DD1fc5B3j5mm+KJnKGQJZJh+h1SxV+sB5j
2Y9p73ENb87OQxtTmrR/YimS6+W8SU7ucyT+LsUbK9TU
-----END CERTIFICATE-----