This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/1f5e07-32b6-4114-8b0d-d3b58f698148/1/5nLmGO9o1yeUZs11mvWebCnUxX4.roa
File:                     5nLmGO9o1yeUZs11mvWebCnUxX4.roa (raw, json)
Hash identifier:          rgnxJSn52ETSO79zK4LhZN7LYEGLk/qAnnnXBLyYFOU=
Subject key identifier:   E6:72:E6:18:EF:68:D7:27:94:66:CD:75:9A:F5:9E:6C:29:D4:C5:7E
Certificate issuer:       /CN=acf910f36291c3c224ddb596d956543197f163de
Certificate serial:       019B07B659DE76B58BFA1C18AEF5F2988662
Authority key identifier: AC:F9:10:F3:62:91:C3:C2:24:DD:B5:96:D9:56:54:31:97:F1:63:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rPkQ82KRw8Ik3bWW2VZUMZfxY94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/1f5e07-32b6-4114-8b0d-d3b58f698148/1/5nLmGO9o1yeUZs11mvWebCnUxX4.roa
Signing time:             Wed 10 Dec 2025 10:02:29 +0000
ROA not before:           Wed 10 Dec 2025 10:02:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15830
IP address blocks:        91.109.248.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/1f5e07-32b6-4114-8b0d-d3b58f698148/1/rPkQ82KRw8Ik3bWW2VZUMZfxY94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/1f5e07-32b6-4114-8b0d-d3b58f698148/1/rPkQ82KRw8Ik3bWW2VZUMZfxY94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rPkQ82KRw8Ik3bWW2VZUMZfxY94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Dec 2025 19:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:07:b6:59:de:76:b5:8b:fa:1c:18:ae:f5:f2:98:86:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=acf910f36291c3c224ddb596d956543197f163de
        Validity
            Not Before: Dec 10 10:02:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e672e618ef68d7279466cd759af59e6c29d4c57e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:52:5e:43:b0:6b:5a:1a:92:5a:9d:54:cc:92:
                    53:e5:c7:dd:60:97:9f:46:73:50:8a:6c:37:b6:b9:
                    ba:5b:cb:84:21:ff:68:ee:e9:98:69:63:bd:a6:68:
                    8c:18:f2:db:a9:cf:8d:e8:8c:77:67:34:f8:03:a9:
                    ac:6e:d6:0b:63:4c:b3:43:e7:95:e9:72:45:df:1d:
                    fb:71:23:1f:ec:93:11:f3:a5:80:64:76:be:b6:b3:
                    67:51:55:50:58:2d:61:92:f7:9b:cf:0a:8d:cb:8f:
                    5e:40:7e:1a:19:23:22:c7:44:bc:86:b0:5f:c9:bf:
                    53:d2:9c:11:24:72:e8:9c:f8:8c:19:a1:fa:13:81:
                    a7:90:24:d0:37:cf:e1:38:1c:03:97:64:52:e8:c9:
                    c5:c9:bc:67:ea:4f:ac:ba:12:63:bc:af:d0:83:13:
                    c2:16:f0:da:23:fd:78:3c:70:49:ab:46:6c:a7:12:
                    35:76:d2:99:0f:bc:41:f0:b7:c0:1b:df:e7:26:16:
                    c4:27:b8:63:2e:e0:77:14:a7:80:7e:60:41:48:96:
                    4f:00:3a:65:c8:f0:6e:53:eb:4f:2e:80:11:c3:d2:
                    61:80:a8:b9:56:0b:78:a8:70:60:a6:ee:26:8c:1d:
                    70:aa:55:2e:d5:97:35:a0:77:97:be:66:fd:f2:af:
                    bc:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:72:E6:18:EF:68:D7:27:94:66:CD:75:9A:F5:9E:6C:29:D4:C5:7E
            X509v3 Authority Key Identifier:
                keyid:AC:F9:10:F3:62:91:C3:C2:24:DD:B5:96:D9:56:54:31:97:F1:63:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rPkQ82KRw8Ik3bWW2VZUMZfxY94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/1f5e07-32b6-4114-8b0d-d3b58f698148/1/5nLmGO9o1yeUZs11mvWebCnUxX4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/1f5e07-32b6-4114-8b0d-d3b58f698148/1/rPkQ82KRw8Ik3bWW2VZUMZfxY94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.109.248.0/21

    Signature Algorithm: sha256WithRSAEncryption
         74:87:17:34:f1:56:4a:14:23:0e:50:98:ae:61:97:f9:32:67:
         2d:2e:af:14:b2:60:15:30:b8:17:80:e5:32:9e:48:9d:a6:c2:
         8f:a3:b9:f9:c8:66:80:51:1a:0c:b3:06:ea:42:32:bc:6e:e5:
         bd:ae:e3:53:54:b1:2d:51:4b:0a:6b:11:44:be:20:ad:b7:f1:
         be:79:35:f5:48:37:3a:01:b5:b6:0d:e8:c4:0e:d5:70:5a:ba:
         42:44:70:ad:71:bb:f1:b6:38:14:3b:33:33:99:34:06:7c:79:
         3b:e0:d7:c3:5d:a7:c6:22:9f:a2:27:c5:09:71:8f:0c:1f:07:
         8b:44:76:c1:85:bb:f1:95:98:66:8f:59:a6:9b:47:7e:72:26:
         ed:2f:03:7d:e4:f5:21:7a:50:40:38:70:03:c7:be:d0:c6:37:
         cd:fc:9c:cc:0b:9c:f3:53:19:cb:08:ae:ba:cc:cc:6d:6f:02:
         7f:50:bb:0a:f1:2d:22:ab:44:35:cd:2f:63:57:98:92:d0:38:
         6f:40:20:cc:9f:cd:0f:8b:8d:c5:9a:f7:a3:b4:13:5a:df:54:
         ee:06:55:fd:d2:90:b7:07:2b:df:83:e5:c3:ff:72:b6:ca:a0:
         e4:7d:82:34:d7:d7:29:95:8b:32:ca:39:4c:45:8e:a9:16:37:
         c4:2f:fc:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZsHtlnedrWL+hwYrvXymIZiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjZjkxMGYzNjI5MWMzYzIyNGRkYjU5NmQ5NTY1NDMxOTdm
MTYzZGUwHhcNMjUxMjEwMTAwMjI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjcyZTYxOGVmNjhkNzI3OTQ2NmNkNzU5YWY1OWU2YzI5ZDRjNTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA51JeQ7BrWhqSWp1UzJJT5cfdYJef
RnNQimw3trm6W8uEIf9o7umYaWO9pmiMGPLbqc+N6Ix3ZzT4A6msbtYLY0yzQ+eV
6XJF3x37cSMf7JMR86WAZHa+trNnUVVQWC1hkvebzwqNy49eQH4aGSMix0S8hrBf
yb9T0pwRJHLonPiMGaH6E4GnkCTQN8/hOBwDl2RS6MnFybxn6k+suhJjvK/QgxPC
FvDaI/14PHBJq0ZspxI1dtKZD7xB8LfAG9/nJhbEJ7hjLuB3FKeAfmBBSJZPADpl
yPBuU+tPLoARw9JhgKi5Vgt4qHBgpu4mjB1wqlUu1Zc1oHeXvmb98q+8LwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOZy5hjvaNcnlGbNdZr1nmwp1MV+MB8GA1UdIwQY
MBaAFKz5EPNikcPCJN21ltlWVDGX8WPeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclBrUTgyS1J3OElrM2JXVzJWWlVNWmZ4WTk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8xZjVlMDctMzJiNi00MTE0LThiMGQt
ZDNiNThmNjk4MTQ4LzEvNW5MbUdPOW8xeWVVWnMxMW12V2ViQ25VeFg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8xZjVlMDctMzJiNi00MTE0LThiMGQtZDNiNThmNjk4MTQ4
LzEvclBrUTgyS1J3OElrM2JXVzJWWlVNWmZ4WTk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDW234MA0G
CSqGSIb3DQEBCwUAA4IBAQB0hxc08VZKFCMOUJiuYZf5MmctLq8UsmAVMLgXgOUy
nkidpsKPo7n5yGaAURoMswbqQjK8buW9ruNTVLEtUUsKaxFEviCtt/G+eTX1SDc6
AbW2DejEDtVwWrpCRHCtcbvxtjgUOzMzmTQGfHk74NfDXafGIp+iJ8UJcY8MHweL
RHbBhbvxlZhmj1mmm0d+cibtLwN95PUhelBAOHADx77QxjfN/JzMC5zzUxnLCK66
zMxtbwJ/ULsK8S0iq0Q1zS9jV5iS0DhvQCDMn80Pi43FmvejtBNa31TuBlX90pC3
Byvfg+XD/3K2yqDkfYI019cplYsyyjlMRY6pFjfEL/wv
-----END CERTIFICATE-----