This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/feaa1b-b7c1-4b48-9594-baf24dd5839f/1/cNi5P1_5kCyHjCiA1lBWda5OskI.roa
File:                     cNi5P1_5kCyHjCiA1lBWda5OskI.roa (raw, json)
Hash identifier:          QA5Z792FeAnPiQuQUOUfyrpO04ALKUWWRVfrxiWDTzM=
Subject key identifier:   70:D8:B9:3F:5F:F9:90:2C:87:8C:28:80:D6:50:56:75:AE:4E:B2:42
Certificate issuer:       /CN=331ed3d7ba511ca6002d845b3c0aa8111a3559cf
Certificate serial:       019BD69F4985ACB3FC24104131E5E9637A84
Authority key identifier: 33:1E:D3:D7:BA:51:1C:A6:00:2D:84:5B:3C:0A:A8:11:1A:35:59:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mx7T17pRHKYALYRbPAqoERo1Wc8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/feaa1b-b7c1-4b48-9594-baf24dd5839f/1/cNi5P1_5kCyHjCiA1lBWda5OskI.roa
Signing time:             Mon 19 Jan 2026 14:18:41 +0000
ROA not before:           Mon 19 Jan 2026 14:18:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13335
IP address blocks:        91.195.110.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/feaa1b-b7c1-4b48-9594-baf24dd5839f/1/Mx7T17pRHKYALYRbPAqoERo1Wc8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/feaa1b-b7c1-4b48-9594-baf24dd5839f/1/Mx7T17pRHKYALYRbPAqoERo1Wc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mx7T17pRHKYALYRbPAqoERo1Wc8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:d6:9f:49:85:ac:b3:fc:24:10:41:31:e5:e9:63:7a:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=331ed3d7ba511ca6002d845b3c0aa8111a3559cf
        Validity
            Not Before: Jan 19 14:18:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=70d8b93f5ff9902c878c2880d6505675ae4eb242
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:b2:af:6c:fa:52:ee:1f:a8:f4:a3:15:37:5e:
                    07:e7:54:c3:6b:0b:74:47:e6:4c:9c:e7:e4:87:4c:
                    c4:18:40:7b:e1:a2:f4:47:46:a7:3a:94:a4:1a:27:
                    e1:1d:4c:62:21:76:62:fa:34:0b:70:bc:ec:71:f0:
                    52:2b:bd:a1:b0:45:4f:50:11:ba:56:6e:b3:36:a6:
                    98:72:62:d1:1f:42:81:3e:0d:da:69:ef:4f:d5:e0:
                    08:9d:0d:ef:59:d0:dd:69:9c:48:64:a5:e1:19:3c:
                    b9:ed:45:f2:06:24:e9:a7:3e:3d:09:2a:bc:a4:2e:
                    d5:65:26:2b:a7:12:e5:e8:e3:8d:f6:9e:9b:b0:da:
                    b4:85:7a:40:6f:c1:2f:9b:fa:ea:49:93:6e:10:bb:
                    9a:ba:98:84:ff:a7:5a:b5:c9:31:11:a2:8a:5f:ee:
                    e9:cf:7e:cc:c0:a5:66:bf:be:68:41:ce:9b:73:3c:
                    1f:6f:86:15:49:b1:35:9e:7b:1c:d6:8b:3b:84:ae:
                    0b:e6:03:a9:69:c0:c0:1a:d8:f2:d2:cb:0d:c6:14:
                    40:56:72:40:12:9b:3a:11:2f:1a:f9:7f:7f:3f:fb:
                    a1:d3:02:ac:65:7c:e3:64:53:37:67:89:5b:e0:9f:
                    0e:83:4c:8a:98:df:1c:84:80:64:b3:00:a8:7b:1d:
                    2b:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:D8:B9:3F:5F:F9:90:2C:87:8C:28:80:D6:50:56:75:AE:4E:B2:42
            X509v3 Authority Key Identifier:
                keyid:33:1E:D3:D7:BA:51:1C:A6:00:2D:84:5B:3C:0A:A8:11:1A:35:59:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mx7T17pRHKYALYRbPAqoERo1Wc8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/feaa1b-b7c1-4b48-9594-baf24dd5839f/1/cNi5P1_5kCyHjCiA1lBWda5OskI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/feaa1b-b7c1-4b48-9594-baf24dd5839f/1/Mx7T17pRHKYALYRbPAqoERo1Wc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.195.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:89:04:5a:48:25:a8:c8:f3:7f:75:aa:07:1b:98:9b:f9:c8:
         51:c8:87:71:02:d4:25:81:2b:8a:4a:70:1b:80:e3:2e:f0:cf:
         eb:0f:70:1a:36:91:a6:ac:9f:83:14:cb:8c:1f:56:f8:95:44:
         49:8a:99:4d:39:e6:a0:ab:cb:f4:1b:b7:cf:ba:1a:f8:d9:22:
         76:7b:1e:dc:d3:96:08:2e:6a:ad:8d:e2:be:1a:bf:4c:21:8c:
         67:49:37:a3:25:64:10:60:47:0c:98:2f:cb:47:c4:0a:9a:4d:
         54:9d:e1:c6:b7:14:44:9d:30:3f:19:2e:57:af:08:5a:19:6b:
         e7:e6:28:c3:75:47:54:7a:4f:bd:53:16:29:e8:97:f0:5b:3f:
         cd:d8:f2:7d:ed:11:59:67:56:b1:65:7b:45:43:c9:57:b9:8c:
         a9:1d:d7:8c:bc:38:89:bd:a1:c8:ce:32:7e:9d:36:39:ee:5a:
         75:97:ea:52:39:4a:bc:bc:ea:93:a6:28:29:ca:27:03:d4:1c:
         c7:16:60:95:18:a3:f4:6c:53:2e:b8:7b:ce:31:40:69:e6:dc:
         99:4d:60:f7:44:51:70:35:95:61:5f:fb:25:dd:20:ba:46:56:
         6f:5b:80:01:78:69:67:06:7c:06:55:6a:21:ec:9e:ad:72:66:
         65:9a:94:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZvWn0mFrLP8JBBBMeXpY3qEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMWVkM2Q3YmE1MTFjYTYwMDJkODQ1YjNjMGFhODExMWEz
NTU5Y2YwHhcNMjYwMTE5MTQxODQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGQ4YjkzZjVmZjk5MDJjODc4YzI4ODBkNjUwNTY3NWFlNGViMjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0rKvbPpS7h+o9KMVN14H51TDawt0
R+ZMnOfkh0zEGEB74aL0R0anOpSkGifhHUxiIXZi+jQLcLzscfBSK72hsEVPUBG6
Vm6zNqaYcmLRH0KBPg3aae9P1eAInQ3vWdDdaZxIZKXhGTy57UXyBiTppz49CSq8
pC7VZSYrpxLl6OON9p6bsNq0hXpAb8Evm/rqSZNuELuaupiE/6datckxEaKKX+7p
z37MwKVmv75oQc6bczwfb4YVSbE1nnsc1os7hK4L5gOpacDAGtjy0ssNxhRAVnJA
Eps6ES8a+X9/P/uh0wKsZXzjZFM3Z4lb4J8Og0yKmN8chIBkswCoex0rSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHDYuT9f+ZAsh4wogNZQVnWuTrJCMB8GA1UdIwQY
MBaAFDMe09e6URymAC2EWzwKqBEaNVnPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXg3VDE3cFJIS1lBTFlSYlBBcW9FUm8xV2M4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9mZWFhMWItYjdjMS00YjQ4LTk1OTQt
YmFmMjRkZDU4MzlmLzEvY05pNVAxXzVrQ3lIakNpQTFsQldkYTVPc2tJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9mZWFhMWItYjdjMS00YjQ4LTk1OTQtYmFmMjRkZDU4Mzlm
LzEvTXg3VDE3cFJIS1lBTFlSYlBBcW9FUm8xV2M4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8NuMA0G
CSqGSIb3DQEBCwUAA4IBAQACiQRaSCWoyPN/daoHG5ib+chRyIdxAtQlgSuKSnAb
gOMu8M/rD3AaNpGmrJ+DFMuMH1b4lURJiplNOeagq8v0G7fPuhr42SJ2ex7c05YI
LmqtjeK+Gr9MIYxnSTejJWQQYEcMmC/LR8QKmk1UneHGtxREnTA/GS5XrwhaGWvn
5ijDdUdUek+9UxYp6JfwWz/N2PJ97RFZZ1axZXtFQ8lXuYypHdeMvDiJvaHIzjJ+
nTY57lp1l+pSOUq8vOqTpigpyicD1BzHFmCVGKP0bFMuuHvOMUBp5tyZTWD3RFFw
NZVhX/sl3SC6RlZvW4ABeGlnBnwGVWoh7J6tcmZlmpQw
-----END CERTIFICATE-----