This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/d86fc4-175f-423d-984e-859f7face695/1/WJ4tfO6kiSMSkG1grDmRdHg6U_4.roa
File:                     WJ4tfO6kiSMSkG1grDmRdHg6U_4.roa (raw, json)
Hash identifier:          Eb3yXv0Sg6PPztcKbZR4VGFXGGjS4jiVBjwDazfbRcs=
Subject key identifier:   58:9E:2D:7C:EE:A4:89:23:12:90:6D:60:AC:39:91:74:78:3A:53:FE
Certificate issuer:       /CN=88d129a7c78fb66d0773bc99008357e507c1e7be
Certificate serial:       019B7AC92A31AFC305AE955963E55781A86F
Authority key identifier: 88:D1:29:A7:C7:8F:B6:6D:07:73:BC:99:00:83:57:E5:07:C1:E7:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iNEpp8ePtm0Hc7yZAINX5QfB574.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/d86fc4-175f-423d-984e-859f7face695/1/WJ4tfO6kiSMSkG1grDmRdHg6U_4.roa
Signing time:             Thu 01 Jan 2026 18:19:22 +0000
ROA not before:           Thu 01 Jan 2026 18:19:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210579
IP address blocks:        91.214.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/d86fc4-175f-423d-984e-859f7face695/1/iNEpp8ePtm0Hc7yZAINX5QfB574.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/d86fc4-175f-423d-984e-859f7face695/1/iNEpp8ePtm0Hc7yZAINX5QfB574.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iNEpp8ePtm0Hc7yZAINX5QfB574.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c9:2a:31:af:c3:05:ae:95:59:63:e5:57:81:a8:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88d129a7c78fb66d0773bc99008357e507c1e7be
        Validity
            Not Before: Jan  1 18:19:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=589e2d7ceea4892312906d60ac399174783a53fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:af:6a:ec:a2:c6:36:b2:d0:d7:b0:a2:ec:55:
                    76:92:d3:01:db:81:c3:f0:2c:04:fe:56:cc:64:22:
                    25:76:a5:59:c7:7d:cc:7f:78:42:10:9b:93:91:8b:
                    6f:32:77:c6:9f:3c:8e:0a:58:e0:22:1e:51:f8:27:
                    a0:7f:d1:31:81:d0:50:96:eb:74:46:67:3d:06:83:
                    2f:02:1a:e6:58:69:fb:5a:ff:6b:e0:01:0e:00:98:
                    57:74:8b:a1:ce:86:b8:1f:2a:66:2d:8b:de:6f:8d:
                    be:de:d6:61:dc:9b:ec:f2:b9:b4:ff:c6:d0:c0:91:
                    19:d0:db:a4:d5:55:bb:89:29:4d:bb:8d:7a:0a:cb:
                    20:b2:d7:95:25:cf:6a:68:35:b4:4d:b4:9e:2b:d4:
                    1d:28:82:b0:3f:53:48:5b:d9:aa:8f:e0:39:c0:ad:
                    31:3d:ed:d2:d1:6d:cb:16:1c:98:34:9a:98:af:e7:
                    1c:3e:e5:91:eb:1c:12:4c:e0:dd:03:5d:f2:91:c4:
                    29:5f:c0:66:06:5d:25:bf:75:23:a7:7c:46:6b:af:
                    b7:1d:7f:e3:9f:42:9e:4c:52:e8:5e:92:11:42:de:
                    21:fd:a2:0f:e5:f4:5c:05:2b:ad:f0:63:b4:c1:90:
                    50:85:2b:07:9f:a6:02:4e:e4:9f:e6:55:48:e4:bc:
                    16:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:9E:2D:7C:EE:A4:89:23:12:90:6D:60:AC:39:91:74:78:3A:53:FE
            X509v3 Authority Key Identifier:
                keyid:88:D1:29:A7:C7:8F:B6:6D:07:73:BC:99:00:83:57:E5:07:C1:E7:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iNEpp8ePtm0Hc7yZAINX5QfB574.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/d86fc4-175f-423d-984e-859f7face695/1/WJ4tfO6kiSMSkG1grDmRdHg6U_4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/d86fc4-175f-423d-984e-859f7face695/1/iNEpp8ePtm0Hc7yZAINX5QfB574.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.214.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:d2:55:1f:73:b3:0b:d7:12:88:92:47:a2:fe:25:78:72:aa:
         0d:e2:bb:01:55:c3:da:2a:c9:85:cb:e1:b6:d0:92:e3:c6:b3:
         ec:c7:d6:a4:4e:33:a4:34:14:31:b1:71:94:f1:d2:f0:83:90:
         83:a9:8a:87:5d:ec:b7:80:d4:69:84:bb:95:18:53:a5:41:90:
         a3:ac:2d:e7:1d:5a:15:b8:80:ea:76:f0:bb:24:15:8d:3d:d0:
         94:b5:4c:b3:34:69:4c:a0:7d:62:d2:84:0e:54:2b:f5:85:87:
         6d:c6:34:6e:b6:b3:1d:d8:03:6a:41:3c:2f:4e:35:64:97:5a:
         21:7c:6c:23:71:ea:f8:43:39:94:34:ab:de:87:6c:7b:39:87:
         16:e3:ca:28:4a:ec:5b:63:0f:1c:b9:0b:71:58:08:d9:fb:34:
         ea:1a:89:31:c8:04:1d:49:35:d7:a6:4f:96:e3:e7:7c:fd:17:
         e3:3e:74:98:09:ba:fe:02:57:b3:5c:d5:94:6f:58:c2:0d:b1:
         bf:6d:f2:7a:26:ef:32:f9:d5:50:0d:05:72:cf:f6:72:e4:dc:
         dc:a3:45:88:97:95:64:5b:4a:a0:75:41:a5:7e:df:28:03:9f:
         c3:73:ce:16:fa:66:93:44:43:ef:32:b5:77:1f:ff:5b:db:60:
         f1:8f:b9:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6ySoxr8MFrpVZY+VXgahvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4ZDEyOWE3Yzc4ZmI2NmQwNzczYmM5OTAwODM1N2U1MDdj
MWU3YmUwHhcNMjYwMTAxMTgxOTIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODllMmQ3Y2VlYTQ4OTIzMTI5MDZkNjBhYzM5OTE3NDc4M2E1M2ZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq69q7KLGNrLQ17Ci7FV2ktMB24HD
8CwE/lbMZCIldqVZx33Mf3hCEJuTkYtvMnfGnzyOCljgIh5R+Cegf9ExgdBQlut0
Rmc9BoMvAhrmWGn7Wv9r4AEOAJhXdIuhzoa4HypmLYveb42+3tZh3Jvs8rm0/8bQ
wJEZ0Nuk1VW7iSlNu416CssgsteVJc9qaDW0TbSeK9QdKIKwP1NIW9mqj+A5wK0x
Pe3S0W3LFhyYNJqYr+ccPuWR6xwSTODdA13ykcQpX8BmBl0lv3Ujp3xGa6+3HX/j
n0KeTFLoXpIRQt4h/aIP5fRcBSut8GO0wZBQhSsHn6YCTuSf5lVI5LwWiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFieLXzupIkjEpBtYKw5kXR4OlP+MB8GA1UdIwQY
MBaAFIjRKafHj7ZtB3O8mQCDV+UHwee+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaU5FcHA4ZVB0bTBIYzd5WkFJTlg1UWZCNTc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny9kODZmYzQtMTc1Zi00MjNkLTk4NGUt
ODU5ZjdmYWNlNjk1LzEvV0o0dGZPNmtpU01Ta0cxZ3JEbVJkSGc2VV80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny9kODZmYzQtMTc1Zi00MjNkLTk4NGUtODU5ZjdmYWNlNjk1
LzEvaU5FcHA4ZVB0bTBIYzd5WkFJTlg1UWZCNTc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9ZwMA0G
CSqGSIb3DQEBCwUAA4IBAQAr0lUfc7ML1xKIkkei/iV4cqoN4rsBVcPaKsmFy+G2
0JLjxrPsx9akTjOkNBQxsXGU8dLwg5CDqYqHXey3gNRphLuVGFOlQZCjrC3nHVoV
uIDqdvC7JBWNPdCUtUyzNGlMoH1i0oQOVCv1hYdtxjRutrMd2ANqQTwvTjVkl1oh
fGwjcer4QzmUNKveh2x7OYcW48ooSuxbYw8cuQtxWAjZ+zTqGokxyAQdSTXXpk+W
4+d8/RfjPnSYCbr+AlezXNWUb1jCDbG/bfJ6Ju8y+dVQDQVyz/Zy5Nzco0WIl5Vk
W0qgdUGlft8oA5/Dc84W+maTREPvMrV3H/9b22Dxj7nU
-----END CERTIFICATE-----