This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/feaa1b-b7c1-4b48-9594-baf24dd5839f/1/CXrIvb9m88q-TS49THuUPClhYR0.roa
File:                     CXrIvb9m88q-TS49THuUPClhYR0.roa (raw, json)
Hash identifier:          xgXK7vEW2/Cmim2d4EiMIKxK9YtLKnHTxncTpuXS9bs=
Subject key identifier:   09:7A:C8:BD:BF:66:F3:CA:BE:4D:2E:3D:4C:7B:94:3C:29:61:61:1D
Certificate issuer:       /CN=331ed3d7ba511ca6002d845b3c0aa8111a3559cf
Certificate serial:       019B7834D8D520FDE379DA8A67D27DF96C96
Authority key identifier: 33:1E:D3:D7:BA:51:1C:A6:00:2D:84:5B:3C:0A:A8:11:1A:35:59:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mx7T17pRHKYALYRbPAqoERo1Wc8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/feaa1b-b7c1-4b48-9594-baf24dd5839f/1/CXrIvb9m88q-TS49THuUPClhYR0.roa
Signing time:             Thu 01 Jan 2026 06:18:07 +0000
ROA not before:           Thu 01 Jan 2026 06:18:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213134
IP address blocks:        91.201.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/feaa1b-b7c1-4b48-9594-baf24dd5839f/1/Mx7T17pRHKYALYRbPAqoERo1Wc8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/feaa1b-b7c1-4b48-9594-baf24dd5839f/1/Mx7T17pRHKYALYRbPAqoERo1Wc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mx7T17pRHKYALYRbPAqoERo1Wc8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 05:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:d8:d5:20:fd:e3:79:da:8a:67:d2:7d:f9:6c:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=331ed3d7ba511ca6002d845b3c0aa8111a3559cf
        Validity
            Not Before: Jan  1 06:18:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=097ac8bdbf66f3cabe4d2e3d4c7b943c2961611d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:00:57:51:98:99:9f:dc:fd:9c:dd:3a:ed:06:
                    da:6c:b2:4d:4b:ef:24:30:5c:dc:72:19:a4:c9:1c:
                    f5:20:78:e4:39:88:2b:a3:66:7b:85:01:5d:99:e2:
                    17:a9:a2:75:c0:aa:b2:04:a1:b6:fb:3a:6e:d7:d4:
                    fa:bf:f9:d7:fe:ef:d4:7a:d1:28:38:21:4d:1f:a3:
                    63:be:d0:51:69:c1:56:ac:94:cb:38:ec:65:1d:6c:
                    7d:8e:57:52:06:d4:55:d2:e8:0f:78:1f:f9:d4:cf:
                    39:42:ba:18:9e:0a:1a:58:d3:1d:90:e3:74:a1:c2:
                    e7:c1:37:5e:96:ac:58:c6:e9:97:40:e2:f7:90:d7:
                    70:6d:d5:84:a8:30:67:91:87:f4:e4:c7:b2:b0:01:
                    01:2e:1c:a3:ef:2a:1f:15:8d:c5:5c:0a:0d:23:e5:
                    47:ca:51:96:b4:ba:7c:cb:57:c6:2d:d9:6a:21:6b:
                    d2:38:89:aa:bb:e9:20:57:fa:53:b7:25:61:a0:b8:
                    f7:b3:e7:66:f9:ba:b3:3e:7c:02:56:ee:37:3a:3c:
                    2f:95:ef:c4:0e:c4:ed:35:f0:b7:8b:19:18:ca:6f:
                    de:22:03:95:57:ee:76:19:93:0e:8f:49:5f:19:2a:
                    19:aa:58:b8:60:7e:c2:f0:62:1c:ff:b9:e4:8d:35:
                    40:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:7A:C8:BD:BF:66:F3:CA:BE:4D:2E:3D:4C:7B:94:3C:29:61:61:1D
            X509v3 Authority Key Identifier:
                keyid:33:1E:D3:D7:BA:51:1C:A6:00:2D:84:5B:3C:0A:A8:11:1A:35:59:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mx7T17pRHKYALYRbPAqoERo1Wc8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/feaa1b-b7c1-4b48-9594-baf24dd5839f/1/CXrIvb9m88q-TS49THuUPClhYR0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/feaa1b-b7c1-4b48-9594-baf24dd5839f/1/Mx7T17pRHKYALYRbPAqoERo1Wc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.201.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ce:2d:4f:b1:8f:fb:0e:3a:60:80:d7:96:41:a3:f6:ba:59:c9:
         0a:ad:e6:d2:99:a9:f1:7f:a8:e8:0a:8f:aa:e9:6b:73:6d:91:
         d8:1a:37:71:c2:a7:b5:84:82:77:48:97:b7:f8:56:04:9c:eb:
         51:a6:cf:15:bf:cc:46:4e:2a:a6:db:a6:80:bc:2f:48:06:4c:
         d4:41:1c:15:ce:49:1d:c3:b5:ae:c0:d4:f8:50:7f:16:07:52:
         73:a0:ff:93:3d:4e:da:de:33:2c:c6:c8:3e:30:e0:98:4d:20:
         d4:19:b5:7b:99:0d:0f:10:2c:04:38:ba:6c:4f:4a:6f:2e:08:
         be:ea:09:f4:ba:79:19:d4:f4:b0:46:04:87:e4:f3:00:3d:5a:
         11:ae:e1:ed:a4:a5:6c:e4:e0:5d:2e:6d:6b:ca:54:cf:b0:91:
         46:b7:67:ed:07:17:01:57:50:e6:59:eb:cb:7a:c9:a6:40:5c:
         5b:e9:73:03:58:b0:01:36:03:af:8c:26:17:f6:75:13:4a:ad:
         19:f5:df:3f:b0:1a:fa:3f:aa:9b:c5:a0:cf:94:b9:01:83:8f:
         7d:63:1c:f1:34:f1:76:8c:04:67:1b:a1:60:d7:82:c7:87:62:
         56:f0:4a:fd:e1:b8:28:c2:d1:71:1c:fd:21:a8:1c:c6:4c:56:
         17:f8:69:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NNjVIP3jedqKZ9J9+WyWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMWVkM2Q3YmE1MTFjYTYwMDJkODQ1YjNjMGFhODExMWEz
NTU5Y2YwHhcNMjYwMTAxMDYxODA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTdhYzhiZGJmNjZmM2NhYmU0ZDJlM2Q0YzdiOTQzYzI5NjE2MTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyABXUZiZn9z9nN067QbabLJNS+8k
MFzcchmkyRz1IHjkOYgro2Z7hQFdmeIXqaJ1wKqyBKG2+zpu19T6v/nX/u/UetEo
OCFNH6NjvtBRacFWrJTLOOxlHWx9jldSBtRV0ugPeB/51M85QroYngoaWNMdkON0
ocLnwTdelqxYxumXQOL3kNdwbdWEqDBnkYf05MeysAEBLhyj7yofFY3FXAoNI+VH
ylGWtLp8y1fGLdlqIWvSOImqu+kgV/pTtyVhoLj3s+dm+bqzPnwCVu43Ojwvle/E
DsTtNfC3ixkYym/eIgOVV+52GZMOj0lfGSoZqli4YH7C8GIc/7nkjTVALwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAl6yL2/ZvPKvk0uPUx7lDwpYWEdMB8GA1UdIwQY
MBaAFDMe09e6URymAC2EWzwKqBEaNVnPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXg3VDE3cFJIS1lBTFlSYlBBcW9FUm8xV2M4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9mZWFhMWItYjdjMS00YjQ4LTk1OTQt
YmFmMjRkZDU4MzlmLzEvQ1hySXZiOW04OHEtVFM0OVRIdVVQQ2xoWVIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9mZWFhMWItYjdjMS00YjQ4LTk1OTQtYmFmMjRkZDU4Mzlm
LzEvTXg3VDE3cFJIS1lBTFlSYlBBcW9FUm8xV2M4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8nEMA0G
CSqGSIb3DQEBCwUAA4IBAQDOLU+xj/sOOmCA15ZBo/a6WckKrebSmanxf6joCo+q
6WtzbZHYGjdxwqe1hIJ3SJe3+FYEnOtRps8Vv8xGTiqm26aAvC9IBkzUQRwVzkkd
w7WuwNT4UH8WB1JzoP+TPU7a3jMsxsg+MOCYTSDUGbV7mQ0PECwEOLpsT0pvLgi+
6gn0unkZ1PSwRgSH5PMAPVoRruHtpKVs5OBdLm1rylTPsJFGt2ftBxcBV1DmWevL
esmmQFxb6XMDWLABNgOvjCYX9nUTSq0Z9d8/sBr6P6qbxaDPlLkBg499YxzxNPF2
jARnG6Fg14LHh2JW8Er94bgowtFxHP0hqBzGTFYX+Gmo
-----END CERTIFICATE-----