This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/2a6df5-8236-412d-ad79-e29589e8964a/1/fXNtDKuxKl9PcIOvEE_JPpC6Emk.roa
File:                     fXNtDKuxKl9PcIOvEE_JPpC6Emk.roa (raw, json)
Hash identifier:          d9XcOkmKMoLj3DydzQnJz/zsoCrdK+ingQkEPwtmOSU=
Subject key identifier:   7D:73:6D:0C:AB:B1:2A:5F:4F:70:83:AF:10:4F:C9:3E:90:BA:12:69
Certificate issuer:       /CN=ec65d31440bf75d25c606f7915c236ca614464a2
Certificate serial:       019B7A5A1864C8F88352BCB5B2F6A93368DE
Authority key identifier: EC:65:D3:14:40:BF:75:D2:5C:60:6F:79:15:C2:36:CA:61:44:64:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7GXTFEC_ddJcYG95FcI2ymFEZKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/2a6df5-8236-412d-ad79-e29589e8964a/1/fXNtDKuxKl9PcIOvEE_JPpC6Emk.roa
Signing time:             Thu 01 Jan 2026 16:18:03 +0000
ROA not before:           Thu 01 Jan 2026 16:18:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203086
IP address blocks:        91.150.190.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/2a6df5-8236-412d-ad79-e29589e8964a/1/7GXTFEC_ddJcYG95FcI2ymFEZKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/2a6df5-8236-412d-ad79-e29589e8964a/1/7GXTFEC_ddJcYG95FcI2ymFEZKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7GXTFEC_ddJcYG95FcI2ymFEZKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:18:64:c8:f8:83:52:bc:b5:b2:f6:a9:33:68:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec65d31440bf75d25c606f7915c236ca614464a2
        Validity
            Not Before: Jan  1 16:18:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7d736d0cabb12a5f4f7083af104fc93e90ba1269
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:26:0f:5c:05:57:9e:6f:b4:bc:49:37:99:ff:
                    b6:9c:1a:d6:ac:2a:9f:da:24:d0:41:4a:41:07:a8:
                    d7:8d:40:95:50:65:74:7f:c4:c6:f0:1e:9d:db:9e:
                    c9:77:07:b9:1b:89:37:ca:7c:32:a4:0a:bf:a0:a7:
                    2d:75:22:c8:c8:45:00:2c:40:95:d7:20:27:21:4b:
                    f5:b3:db:a3:21:9d:39:c8:96:71:cc:ed:10:5f:11:
                    0c:84:8a:b6:0d:41:c4:cd:14:a3:ea:26:8d:fd:6c:
                    f8:f6:0f:29:aa:4c:f9:7d:5f:25:4c:71:e8:1d:9a:
                    dd:60:48:55:4e:35:07:64:aa:c0:d5:c4:82:05:58:
                    75:d4:33:5b:50:6c:5e:9a:69:f6:a1:f0:37:3f:3d:
                    3a:16:05:11:d3:b3:5c:99:30:fc:c3:26:c4:f9:49:
                    55:3c:40:c9:8a:78:7b:75:09:19:bc:9f:c0:10:dc:
                    d3:1a:21:50:58:85:37:e3:6b:b8:ca:ae:79:33:a3:
                    19:cd:2b:0e:5a:07:0c:02:99:c9:0e:45:98:f6:e2:
                    84:05:9f:6d:1b:d4:33:da:3b:b6:3c:53:60:4b:4a:
                    db:20:33:6b:75:10:39:c5:bf:49:1e:03:28:3c:63:
                    0c:de:07:f7:3f:26:3e:32:10:29:ce:3d:13:1c:02:
                    3a:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:73:6D:0C:AB:B1:2A:5F:4F:70:83:AF:10:4F:C9:3E:90:BA:12:69
            X509v3 Authority Key Identifier:
                keyid:EC:65:D3:14:40:BF:75:D2:5C:60:6F:79:15:C2:36:CA:61:44:64:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7GXTFEC_ddJcYG95FcI2ymFEZKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/2a6df5-8236-412d-ad79-e29589e8964a/1/fXNtDKuxKl9PcIOvEE_JPpC6Emk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/2a6df5-8236-412d-ad79-e29589e8964a/1/7GXTFEC_ddJcYG95FcI2ymFEZKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.150.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:56:c2:02:71:21:24:06:06:3d:2a:4f:d5:d7:6c:e1:df:57:
         a6:1c:ae:2f:9b:4e:60:87:4d:00:90:de:2b:e9:61:3a:30:b7:
         27:f9:63:b3:46:51:e0:1f:e2:d6:9e:81:b7:42:9f:9a:92:31:
         62:db:67:2d:e3:60:ed:ee:0b:a8:fc:bd:f7:b8:b9:26:37:b1:
         d2:87:6a:48:28:cd:14:2e:03:c1:b6:78:fa:05:ee:e3:2e:fb:
         a4:c7:c2:71:47:91:ac:53:53:c5:11:f0:e6:dc:17:cb:67:f2:
         45:79:8d:ca:34:48:ce:d6:97:a7:d7:ee:27:67:02:ff:69:4f:
         4f:cd:19:c5:78:58:34:ad:30:1f:a0:2c:75:c4:29:cd:64:fd:
         36:ec:db:16:e5:56:fc:d0:e2:6b:f5:48:c7:b8:4e:ba:8e:f8:
         d1:df:70:48:d7:ad:ad:05:a6:0b:af:f8:a6:73:8a:67:01:e2:
         ac:1d:8d:f0:82:8c:0f:5f:f8:d4:47:ed:f1:8c:19:94:80:ab:
         d3:d2:26:7d:47:42:22:13:06:4f:a6:b7:80:fc:27:e6:fa:a5:
         1f:1c:2e:29:5c:e1:ab:3a:ad:fd:4a:02:a6:eb:3c:f6:1b:13:
         11:f8:8b:4b:67:85:64:4a:05:f4:70:61:9b:1e:7e:a8:ac:b3:
         08:21:0e:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WhhkyPiDUry1svapM2jeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNjVkMzE0NDBiZjc1ZDI1YzYwNmY3OTE1YzIzNmNhNjE0
NDY0YTIwHhcNMjYwMTAxMTYxODAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDczNmQwY2FiYjEyYTVmNGY3MDgzYWYxMDRmYzkzZTkwYmExMjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuSYPXAVXnm+0vEk3mf+2nBrWrCqf
2iTQQUpBB6jXjUCVUGV0f8TG8B6d257Jdwe5G4k3ynwypAq/oKctdSLIyEUALECV
1yAnIUv1s9ujIZ05yJZxzO0QXxEMhIq2DUHEzRSj6iaN/Wz49g8pqkz5fV8lTHHo
HZrdYEhVTjUHZKrA1cSCBVh11DNbUGxemmn2ofA3Pz06FgUR07NcmTD8wybE+UlV
PEDJinh7dQkZvJ/AENzTGiFQWIU342u4yq55M6MZzSsOWgcMApnJDkWY9uKEBZ9t
G9Qz2ju2PFNgS0rbIDNrdRA5xb9JHgMoPGMM3gf3PyY+MhApzj0THAI6NQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH1zbQyrsSpfT3CDrxBPyT6QuhJpMB8GA1UdIwQY
MBaAFOxl0xRAv3XSXGBveRXCNsphRGSiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0dYVEZFQ19kZEpjWUc5NUZjSTJ5bUZFWktJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8yYTZkZjUtODIzNi00MTJkLWFkNzkt
ZTI5NTg5ZTg5NjRhLzEvZlhOdERLdXhLbDlQY0lPdkVFX0pQcEM2RW1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8yYTZkZjUtODIzNi00MTJkLWFkNzktZTI5NTg5ZTg5NjRh
LzEvN0dYVEZFQ19kZEpjWUc5NUZjSTJ5bUZFWktJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW5a+MA0G
CSqGSIb3DQEBCwUAA4IBAQBHVsICcSEkBgY9Kk/V12zh31emHK4vm05gh00AkN4r
6WE6MLcn+WOzRlHgH+LWnoG3Qp+akjFi22ct42Dt7guo/L33uLkmN7HSh2pIKM0U
LgPBtnj6Be7jLvukx8JxR5GsU1PFEfDm3BfLZ/JFeY3KNEjO1pen1+4nZwL/aU9P
zRnFeFg0rTAfoCx1xCnNZP027NsW5Vb80OJr9UjHuE66jvjR33BI162tBaYLr/im
c4pnAeKsHY3wgowPX/jUR+3xjBmUgKvT0iZ9R0IiEwZPpreA/Cfm+qUfHC4pXOGr
Oq39SgKm6zz2GxMR+ItLZ4VkSgX0cGGbHn6orLMIIQ4n
-----END CERTIFICATE-----