This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/2a6df5-8236-412d-ad79-e29589e8964a/1/OLd3XQLlCLw9LdNyxml8_t8xuEg.roa
File:                     OLd3XQLlCLw9LdNyxml8_t8xuEg.roa (raw, json)
Hash identifier:          CeqIhEYWVzjJk4bpmS5ELgvmNglk0SZVe+OxNRFsLsg=
Subject key identifier:   38:B7:77:5D:02:E5:08:BC:3D:2D:D3:72:C6:69:7C:FE:DF:31:B8:48
Certificate issuer:       /CN=ec65d31440bf75d25c606f7915c236ca614464a2
Certificate serial:       019B7A5A161666405D37E66468C0D0DE50D1
Authority key identifier: EC:65:D3:14:40:BF:75:D2:5C:60:6F:79:15:C2:36:CA:61:44:64:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7GXTFEC_ddJcYG95FcI2ymFEZKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/2a6df5-8236-412d-ad79-e29589e8964a/1/OLd3XQLlCLw9LdNyxml8_t8xuEg.roa
Signing time:             Thu 01 Jan 2026 16:18:02 +0000
ROA not before:           Thu 01 Jan 2026 16:18:02 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57367
IP address blocks:        91.150.187.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/2a6df5-8236-412d-ad79-e29589e8964a/1/7GXTFEC_ddJcYG95FcI2ymFEZKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/2a6df5-8236-412d-ad79-e29589e8964a/1/7GXTFEC_ddJcYG95FcI2ymFEZKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7GXTFEC_ddJcYG95FcI2ymFEZKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:16:16:66:40:5d:37:e6:64:68:c0:d0:de:50:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec65d31440bf75d25c606f7915c236ca614464a2
        Validity
            Not Before: Jan  1 16:18:02 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=38b7775d02e508bc3d2dd372c6697cfedf31b848
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:e9:ed:ec:5a:af:2b:fb:bb:4a:59:c7:38:4f:
                    1b:4e:73:55:9f:8c:17:6b:87:ab:c5:a8:53:02:43:
                    b7:03:2f:1c:8e:78:df:58:59:82:3a:4e:a7:2f:ec:
                    af:da:e4:24:94:2f:7d:78:d1:df:f6:48:2f:95:61:
                    96:fc:ab:06:46:5c:09:03:be:94:3e:c3:4c:74:f4:
                    c6:f3:71:a4:81:9e:09:87:dc:fc:ab:c2:3a:bb:b4:
                    9a:51:2a:44:c9:cd:2f:fb:08:94:e3:b5:59:ec:a0:
                    39:55:c5:79:88:cf:02:e1:02:01:b5:c1:65:e7:cb:
                    58:b1:f2:f5:29:88:72:73:d3:79:0f:e4:66:ee:5e:
                    1e:82:a3:4d:c1:31:1b:d5:56:1a:6d:a0:17:73:c0:
                    1d:2b:b3:24:f4:24:98:5a:1e:3a:bc:87:c5:54:e5:
                    38:a9:d9:a9:6e:74:fe:d1:48:55:3f:c7:21:a9:88:
                    4a:6d:7b:cf:8b:ff:dc:f2:8d:ee:30:59:90:9c:bf:
                    6c:52:3c:af:2b:f3:99:31:1e:55:41:2a:86:be:c4:
                    25:7b:e8:82:b0:f7:59:f2:8d:5f:8a:32:c2:f9:3c:
                    f5:4b:b9:44:65:eb:aa:96:bc:ce:5f:49:b4:63:da:
                    7c:ff:1c:17:17:77:bf:cf:a2:d1:30:d8:38:af:f1:
                    e1:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:B7:77:5D:02:E5:08:BC:3D:2D:D3:72:C6:69:7C:FE:DF:31:B8:48
            X509v3 Authority Key Identifier:
                keyid:EC:65:D3:14:40:BF:75:D2:5C:60:6F:79:15:C2:36:CA:61:44:64:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7GXTFEC_ddJcYG95FcI2ymFEZKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/2a6df5-8236-412d-ad79-e29589e8964a/1/OLd3XQLlCLw9LdNyxml8_t8xuEg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/2a6df5-8236-412d-ad79-e29589e8964a/1/7GXTFEC_ddJcYG95FcI2ymFEZKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.150.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:c4:9b:18:79:12:1b:b6:0f:27:fd:00:fa:4f:37:d5:15:44:
         ce:a1:d9:59:fc:aa:13:4a:69:21:c8:0a:a8:cc:c7:b3:96:05:
         1f:5a:89:e0:22:9a:91:ef:3e:6e:ba:85:e7:59:66:d2:88:67:
         51:08:5d:90:47:d7:2c:dd:d6:95:a8:5e:53:b1:6a:bb:45:ba:
         76:1f:9b:69:81:f1:d8:73:be:fe:4d:a4:50:b8:b1:dc:37:c9:
         7d:1b:84:ac:41:aa:0d:c5:02:53:f8:26:23:f3:bb:2b:3e:71:
         26:77:ff:da:09:38:d1:a1:cf:83:0d:94:e7:4e:6f:2a:f9:5f:
         9c:4b:28:e9:90:d6:7c:23:be:ea:fe:37:c3:51:d9:6a:b5:14:
         ed:a0:bb:a4:6f:7e:c9:fb:ee:68:1f:6b:49:5f:7b:64:44:0e:
         b1:f9:6c:3c:c7:a2:80:22:13:47:36:94:9e:ec:5c:92:5a:75:
         ee:68:e3:b0:e4:da:cd:5b:fc:9f:47:97:d8:9c:08:0e:92:55:
         2c:b8:ef:c6:ed:6a:ae:6a:46:96:44:31:c5:a3:2f:d3:93:d6:
         2b:f4:28:ba:46:34:b6:52:46:04:b1:9a:1c:45:68:d0:53:c2:
         40:95:f7:86:2c:42:6a:95:cf:84:32:82:c3:47:c9:dc:78:cb:
         82:8d:62:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WhYWZkBdN+ZkaMDQ3lDRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNjVkMzE0NDBiZjc1ZDI1YzYwNmY3OTE1YzIzNmNhNjE0
NDY0YTIwHhcNMjYwMTAxMTYxODAyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGI3Nzc1ZDAyZTUwOGJjM2QyZGQzNzJjNjY5N2NmZWRmMzFiODQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtent7FqvK/u7SlnHOE8bTnNVn4wX
a4erxahTAkO3Ay8cjnjfWFmCOk6nL+yv2uQklC99eNHf9kgvlWGW/KsGRlwJA76U
PsNMdPTG83GkgZ4Jh9z8q8I6u7SaUSpEyc0v+wiU47VZ7KA5VcV5iM8C4QIBtcFl
58tYsfL1KYhyc9N5D+Rm7l4egqNNwTEb1VYabaAXc8AdK7Mk9CSYWh46vIfFVOU4
qdmpbnT+0UhVP8chqYhKbXvPi//c8o3uMFmQnL9sUjyvK/OZMR5VQSqGvsQle+iC
sPdZ8o1fijLC+Tz1S7lEZeuqlrzOX0m0Y9p8/xwXF3e/z6LRMNg4r/HhPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDi3d10C5Qi8PS3TcsZpfP7fMbhIMB8GA1UdIwQY
MBaAFOxl0xRAv3XSXGBveRXCNsphRGSiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0dYVEZFQ19kZEpjWUc5NUZjSTJ5bUZFWktJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8yYTZkZjUtODIzNi00MTJkLWFkNzkt
ZTI5NTg5ZTg5NjRhLzEvT0xkM1hRTGxDTHc5TGROeXhtbDhfdDh4dUVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8yYTZkZjUtODIzNi00MTJkLWFkNzktZTI5NTg5ZTg5NjRh
LzEvN0dYVEZFQ19kZEpjWUc5NUZjSTJ5bUZFWktJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW5a7MA0G
CSqGSIb3DQEBCwUAA4IBAQBhxJsYeRIbtg8n/QD6TzfVFUTOodlZ/KoTSmkhyAqo
zMezlgUfWongIpqR7z5uuoXnWWbSiGdRCF2QR9cs3daVqF5TsWq7Rbp2H5tpgfHY
c77+TaRQuLHcN8l9G4SsQaoNxQJT+CYj87srPnEmd//aCTjRoc+DDZTnTm8q+V+c
SyjpkNZ8I77q/jfDUdlqtRTtoLukb37J++5oH2tJX3tkRA6x+Ww8x6KAIhNHNpSe
7FySWnXuaOOw5NrNW/yfR5fYnAgOklUsuO/G7WquakaWRDHFoy/Tk9Yr9Ci6RjS2
UkYEsZocRWjQU8JAlfeGLEJqlc+EMoLDR8nceMuCjWJ2
-----END CERTIFICATE-----