This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/1e7f96-e936-42c8-ac62-40669ad19fb9/1/0UIBS5-yp_HgF3ul5V_8sUFbmJ8.roa
File:                     0UIBS5-yp_HgF3ul5V_8sUFbmJ8.roa (raw, json)
Hash identifier:          X8gXM4Et7DwBL6n3MCxosMtMRa/fbXbSkj6ESSoWPTQ=
Subject key identifier:   D1:42:01:4B:9F:B2:A7:F1:E0:17:7B:A5:E5:5F:FC:B1:41:5B:98:9F
Certificate issuer:       /CN=3613022dedc1f8f013aa6e390fa23bd22f1fe392
Certificate serial:       019B79102E600992DA231DBC833BFA3A074D
Authority key identifier: 36:13:02:2D:ED:C1:F8:F0:13:AA:6E:39:0F:A2:3B:D2:2F:1F:E3:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NhMCLe3B-PATqm45D6I70i8f45I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/1e7f96-e936-42c8-ac62-40669ad19fb9/1/0UIBS5-yp_HgF3ul5V_8sUFbmJ8.roa
Signing time:             Thu 01 Jan 2026 10:17:42 +0000
ROA not before:           Thu 01 Jan 2026 10:17:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200200
IP address blocks:        91.220.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/1e7f96-e936-42c8-ac62-40669ad19fb9/1/NhMCLe3B-PATqm45D6I70i8f45I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/1e7f96-e936-42c8-ac62-40669ad19fb9/1/NhMCLe3B-PATqm45D6I70i8f45I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NhMCLe3B-PATqm45D6I70i8f45I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:2e:60:09:92:da:23:1d:bc:83:3b:fa:3a:07:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3613022dedc1f8f013aa6e390fa23bd22f1fe392
        Validity
            Not Before: Jan  1 10:17:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d142014b9fb2a7f1e0177ba5e55ffcb1415b989f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:e7:84:b3:c2:06:db:ce:14:94:d8:c4:d4:b7:
                    72:90:91:63:6f:f8:06:c4:e8:9e:3c:52:20:b0:87:
                    81:54:38:ae:64:ac:dd:a1:75:b0:5b:23:e2:99:80:
                    10:bd:47:97:ab:c6:6d:a6:53:14:07:34:1f:91:33:
                    7f:97:94:ae:cf:50:c6:a8:fa:bd:2f:3f:90:6b:9a:
                    e0:e8:f9:49:16:27:0a:3b:d3:01:d2:59:73:19:68:
                    aa:e0:11:25:b8:5a:8a:e6:8d:f5:bc:aa:ca:f0:3c:
                    09:34:96:62:63:33:28:72:8a:1c:26:d9:97:f2:16:
                    1f:3d:16:30:76:7d:57:94:75:b3:ce:f6:4a:1b:06:
                    80:8b:b4:a1:80:e5:9a:df:c7:1a:e7:45:51:8a:b7:
                    da:07:00:aa:a9:d9:4a:12:35:4a:61:15:5d:aa:20:
                    76:56:de:6c:3c:cf:36:54:08:a4:96:0b:69:82:de:
                    66:55:ee:22:99:09:9a:6b:03:74:9a:8a:f6:aa:fd:
                    a2:49:4c:1e:69:52:83:f3:a4:69:f3:ab:8a:90:a8:
                    38:02:0a:35:71:be:ca:a7:f5:5d:97:fc:81:8d:79:
                    75:1b:7c:67:41:d9:dc:55:8c:26:0e:c4:c2:d8:0c:
                    64:d2:f6:0a:17:2d:b8:69:e2:76:75:0e:ed:11:ce:
                    7c:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:42:01:4B:9F:B2:A7:F1:E0:17:7B:A5:E5:5F:FC:B1:41:5B:98:9F
            X509v3 Authority Key Identifier:
                keyid:36:13:02:2D:ED:C1:F8:F0:13:AA:6E:39:0F:A2:3B:D2:2F:1F:E3:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NhMCLe3B-PATqm45D6I70i8f45I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/1e7f96-e936-42c8-ac62-40669ad19fb9/1/0UIBS5-yp_HgF3ul5V_8sUFbmJ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/1e7f96-e936-42c8-ac62-40669ad19fb9/1/NhMCLe3B-PATqm45D6I70i8f45I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:1d:d1:dd:ed:e0:d0:09:f5:dc:e5:34:2d:dc:fb:d2:9c:b4:
         74:62:57:5e:93:09:12:b9:92:16:f4:f0:d5:71:e4:f3:c4:7a:
         11:e3:fa:6d:83:ee:9f:36:b3:90:5f:82:2b:27:e1:62:11:f3:
         2a:7b:08:76:f7:e9:4f:39:46:07:ed:e2:35:32:fe:e7:16:de:
         ba:41:12:81:9f:18:c3:65:ef:92:d1:d5:bb:0d:be:6f:6f:f0:
         19:bf:3e:5c:8f:3c:ae:41:62:aa:dc:ab:ce:a3:de:79:bf:b4:
         a4:bf:c5:8e:5f:ef:2c:92:3c:61:46:e4:8a:3a:89:94:e3:e8:
         aa:28:72:b2:b2:c2:4c:5c:eb:6c:58:c3:af:4d:f5:5d:0a:97:
         56:51:25:06:96:57:7c:e5:4d:41:33:16:5a:46:83:3b:94:d2:
         9e:f6:42:19:18:7f:c3:9e:b8:7c:41:be:96:9a:bc:06:80:d5:
         5e:29:dd:0b:10:09:e4:a2:40:0b:2c:e0:cd:be:c3:c8:1d:2e:
         b0:91:09:d1:3d:d2:83:9a:c2:35:d5:cc:36:53:d2:2f:e1:51:
         42:a9:2e:1f:bf:f6:9c:60:1c:8b:7a:19:55:4e:9b:5a:66:7c:
         e4:de:22:20:01:9f:9d:f2:c0:f8:64:2c:f6:73:b6:2f:d9:d7:
         06:ce:8b:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EC5gCZLaIx28gzv6OgdNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2MTMwMjJkZWRjMWY4ZjAxM2FhNmUzOTBmYTIzYmQyMmYx
ZmUzOTIwHhcNMjYwMTAxMTAxNzQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTQyMDE0YjlmYjJhN2YxZTAxNzdiYTVlNTVmZmNiMTQxNWI5ODlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8eeEs8IG284UlNjE1LdykJFjb/gG
xOiePFIgsIeBVDiuZKzdoXWwWyPimYAQvUeXq8ZtplMUBzQfkTN/l5Suz1DGqPq9
Lz+Qa5rg6PlJFicKO9MB0llzGWiq4BEluFqK5o31vKrK8DwJNJZiYzMocoocJtmX
8hYfPRYwdn1XlHWzzvZKGwaAi7ShgOWa38ca50VRirfaBwCqqdlKEjVKYRVdqiB2
Vt5sPM82VAiklgtpgt5mVe4imQmaawN0mor2qv2iSUweaVKD86Rp86uKkKg4Ago1
cb7Kp/Vdl/yBjXl1G3xnQdncVYwmDsTC2Axk0vYKFy24aeJ2dQ7tEc58TwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNFCAUufsqfx4Bd7peVf/LFBW5ifMB8GA1UdIwQY
MBaAFDYTAi3twfjwE6puOQ+iO9IvH+OSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmhNQ0xlM0ItUEFUcW00NUQ2STcwaThmNDVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8xZTdmOTYtZTkzNi00MmM4LWFjNjIt
NDA2NjlhZDE5ZmI5LzEvMFVJQlM1LXlwX0hnRjN1bDVWXzhzVUZibUo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8xZTdmOTYtZTkzNi00MmM4LWFjNjItNDA2NjlhZDE5ZmI5
LzEvTmhNQ0xlM0ItUEFUcW00NUQ2STcwaThmNDVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9wpMA0G
CSqGSIb3DQEBCwUAA4IBAQC4HdHd7eDQCfXc5TQt3PvSnLR0YldekwkSuZIW9PDV
ceTzxHoR4/ptg+6fNrOQX4IrJ+FiEfMqewh29+lPOUYH7eI1Mv7nFt66QRKBnxjD
Ze+S0dW7Db5vb/AZvz5cjzyuQWKq3KvOo955v7Skv8WOX+8skjxhRuSKOomU4+iq
KHKyssJMXOtsWMOvTfVdCpdWUSUGlld85U1BMxZaRoM7lNKe9kIZGH/Dnrh8Qb6W
mrwGgNVeKd0LEAnkokALLODNvsPIHS6wkQnRPdKDmsI11cw2U9Iv4VFCqS4fv/ac
YByLehlVTptaZnzk3iIgAZ+d8sD4ZCz2c7Yv2dcGzotA
-----END CERTIFICATE-----