This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/2026d3-9f33-463e-8410-726da4e9386b/1/4RBBIEq9SX0n6pAN9szsp_dkFpU.roa
File:                     4RBBIEq9SX0n6pAN9szsp_dkFpU.roa (raw, json)
Hash identifier:          /UqGgS/nppAAB3dfGKXE/+EKK3kIYuFP60mRNMVj2K0=
Subject key identifier:   E1:10:41:20:4A:BD:49:7D:27:EA:90:0D:F6:CC:EC:A7:F7:64:16:95
Certificate issuer:       /CN=f17f6957fc23b8d46b9d3dc8bc7db122859876f0
Certificate serial:       019B281D0993F728336B8E9E465FA4A5C10E
Authority key identifier: F1:7F:69:57:FC:23:B8:D4:6B:9D:3D:C8:BC:7D:B1:22:85:98:76:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8X9pV_wjuNRrnT3IvH2xIoWYdvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/2026d3-9f33-463e-8410-726da4e9386b/1/4RBBIEq9SX0n6pAN9szsp_dkFpU.roa
Signing time:             Tue 16 Dec 2025 17:02:30 +0000
ROA not before:           Tue 16 Dec 2025 17:02:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49367
IP address blocks:        91.199.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/2026d3-9f33-463e-8410-726da4e9386b/1/8X9pV_wjuNRrnT3IvH2xIoWYdvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/2026d3-9f33-463e-8410-726da4e9386b/1/8X9pV_wjuNRrnT3IvH2xIoWYdvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8X9pV_wjuNRrnT3IvH2xIoWYdvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Dec 2025 10:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:28:1d:09:93:f7:28:33:6b:8e:9e:46:5f:a4:a5:c1:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f17f6957fc23b8d46b9d3dc8bc7db122859876f0
        Validity
            Not Before: Dec 16 17:02:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e11041204abd497d27ea900df6cceca7f7641695
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:2f:9e:e0:86:52:74:4b:7a:42:a5:55:79:f8:
                    18:0a:11:14:ac:12:da:44:25:86:55:bd:9d:0a:58:
                    3c:92:fe:ec:53:57:09:b4:97:17:8c:ed:86:2e:82:
                    cc:24:c8:67:c8:fc:31:45:8d:9b:b0:fc:55:cc:08:
                    80:27:0d:04:d9:6e:59:8f:07:bd:86:6b:bf:0b:b8:
                    a7:93:e9:1e:bd:c5:30:ac:b6:6a:53:09:e2:b6:3c:
                    43:d6:7e:9d:4e:cc:9a:83:29:f2:97:27:75:e4:ec:
                    78:f3:85:af:3f:97:bf:ee:49:10:a7:0a:f5:8d:f8:
                    d4:9f:bb:67:66:4a:a1:c3:5d:72:d3:c3:8a:1c:6e:
                    20:03:88:5b:85:b9:e4:75:1b:2e:5a:17:25:1f:2a:
                    5a:95:4a:47:81:a3:54:69:2c:c8:f3:f3:78:40:d9:
                    b6:bd:d7:aa:1a:26:90:08:a6:76:b0:bb:3a:f0:5d:
                    f7:fd:77:22:79:0d:14:a2:52:56:6d:71:dd:3e:ef:
                    b6:75:4b:4d:ad:77:df:8e:d4:74:ce:0d:65:97:9c:
                    39:eb:0e:e3:d4:e4:47:73:82:5c:ae:42:3c:5a:d5:
                    a3:23:9b:7d:4c:dd:b5:5b:59:d7:b0:a2:c0:65:8c:
                    2d:b3:b6:27:32:11:05:97:da:f4:04:c8:28:d2:59:
                    33:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:10:41:20:4A:BD:49:7D:27:EA:90:0D:F6:CC:EC:A7:F7:64:16:95
            X509v3 Authority Key Identifier:
                keyid:F1:7F:69:57:FC:23:B8:D4:6B:9D:3D:C8:BC:7D:B1:22:85:98:76:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8X9pV_wjuNRrnT3IvH2xIoWYdvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/2026d3-9f33-463e-8410-726da4e9386b/1/4RBBIEq9SX0n6pAN9szsp_dkFpU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/2026d3-9f33-463e-8410-726da4e9386b/1/8X9pV_wjuNRrnT3IvH2xIoWYdvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:26:70:8d:6d:52:d8:a2:60:fc:81:80:0c:ba:c5:70:f5:ba:
         e9:3c:54:ba:23:60:ba:5d:a6:89:77:67:a7:f0:42:f1:93:18:
         dc:bc:bd:be:65:2e:74:b5:44:21:38:c1:20:11:0d:27:3d:41:
         46:d2:4f:23:91:74:b0:82:65:e8:77:e8:18:6a:98:2c:70:9f:
         fd:aa:e4:75:d9:30:92:82:b9:aa:83:67:47:20:42:d8:27:a0:
         a9:b3:d7:e4:92:e4:64:aa:51:72:45:fc:34:17:01:33:e4:24:
         a0:df:00:64:be:5e:23:00:25:2e:ec:ce:3f:e3:9f:32:ad:dd:
         bd:5b:de:0d:1f:88:0c:a1:8c:04:02:aa:1a:d3:d4:94:21:08:
         6b:ad:83:ee:28:df:e1:ba:e5:70:f9:24:06:73:de:26:16:7c:
         17:a7:94:95:0e:9f:34:1c:d1:f1:ee:e0:cf:d2:f4:fe:bf:9f:
         ba:a7:de:f1:cd:e9:72:58:d5:42:7b:e6:d2:25:15:86:ed:cc:
         e6:c1:82:6b:7d:49:0f:e8:15:f8:5a:f7:07:c2:ee:c0:cd:e4:
         4b:f0:f8:cc:37:f3:83:09:f2:b0:78:cc:56:3c:ac:87:a8:8d:
         28:24:ce:1e:94:55:3f:25:3d:87:09:06:73:ac:3b:e4:6f:6a:
         dc:ae:ef:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZsoHQmT9ygza46eRl+kpcEOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxN2Y2OTU3ZmMyM2I4ZDQ2YjlkM2RjOGJjN2RiMTIyODU5
ODc2ZjAwHhcNMjUxMjE2MTcwMjMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTEwNDEyMDRhYmQ0OTdkMjdlYTkwMGRmNmNjZWNhN2Y3NjQxNjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiy+e4IZSdEt6QqVVefgYChEUrBLa
RCWGVb2dClg8kv7sU1cJtJcXjO2GLoLMJMhnyPwxRY2bsPxVzAiAJw0E2W5Zjwe9
hmu/C7ink+kevcUwrLZqUwnitjxD1n6dTsyagynylyd15Ox484WvP5e/7kkQpwr1
jfjUn7tnZkqhw11y08OKHG4gA4hbhbnkdRsuWhclHypalUpHgaNUaSzI8/N4QNm2
vdeqGiaQCKZ2sLs68F33/XcieQ0UolJWbXHdPu+2dUtNrXffjtR0zg1ll5w56w7j
1ORHc4JcrkI8WtWjI5t9TN21W1nXsKLAZYwts7YnMhEFl9r0BMgo0lkzSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOEQQSBKvUl9J+qQDfbM7Kf3ZBaVMB8GA1UdIwQY
MBaAFPF/aVf8I7jUa509yLx9sSKFmHbwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFg5cFZfd2p1TlJyblQzSXZIMnhJb1dZZHZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny8yMDI2ZDMtOWYzMy00NjNlLTg0MTAt
NzI2ZGE0ZTkzODZiLzEvNFJCQklFcTlTWDBuNnBBTjlzenNwX2RrRnBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny8yMDI2ZDMtOWYzMy00NjNlLTg0MTAtNzI2ZGE0ZTkzODZi
LzEvOFg5cFZfd2p1TlJyblQzSXZIMnhJb1dZZHZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8ffMA0G
CSqGSIb3DQEBCwUAA4IBAQBOJnCNbVLYomD8gYAMusVw9brpPFS6I2C6XaaJd2en
8ELxkxjcvL2+ZS50tUQhOMEgEQ0nPUFG0k8jkXSwgmXod+gYapgscJ/9quR12TCS
grmqg2dHIELYJ6Cps9fkkuRkqlFyRfw0FwEz5CSg3wBkvl4jACUu7M4/458yrd29
W94NH4gMoYwEAqoa09SUIQhrrYPuKN/huuVw+SQGc94mFnwXp5SVDp80HNHx7uDP
0vT+v5+6p97xzelyWNVCe+bSJRWG7czmwYJrfUkP6BX4WvcHwu7AzeRL8PjMN/OD
CfKweMxWPKyHqI0oJM4elFU/JT2HCQZzrDvkb2rcru+H
-----END CERTIFICATE-----