This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/05257e-1e67-4158-8adb-47d6e4bae2cf/1/KuWWtknOGKLAtEUJQ2qfl_jNlmg.roa
File:                     KuWWtknOGKLAtEUJQ2qfl_jNlmg.roa (raw, json)
Hash identifier:          W5TqBGi3Id1AxwKzwqUslwR28wws2MIYj5VeG6wq05Q=
Subject key identifier:   2A:E5:96:B6:49:CE:18:A2:C0:B4:45:09:43:6A:9F:97:F8:CD:96:68
Certificate issuer:       /CN=3c3f45021d6eb340a42b2e5dd1fbf721a1a66d61
Certificate serial:       019B7A5B24158E02E85FD97A3643D56B1F3C
Authority key identifier: 3C:3F:45:02:1D:6E:B3:40:A4:2B:2E:5D:D1:FB:F7:21:A1:A6:6D:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PD9FAh1us0CkKy5d0fv3IaGmbWE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/05257e-1e67-4158-8adb-47d6e4bae2cf/1/KuWWtknOGKLAtEUJQ2qfl_jNlmg.roa
Signing time:             Thu 01 Jan 2026 16:19:11 +0000
ROA not before:           Thu 01 Jan 2026 16:19:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3303
IP address blocks:        91.212.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/05257e-1e67-4158-8adb-47d6e4bae2cf/1/PD9FAh1us0CkKy5d0fv3IaGmbWE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/05257e-1e67-4158-8adb-47d6e4bae2cf/1/PD9FAh1us0CkKy5d0fv3IaGmbWE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PD9FAh1us0CkKy5d0fv3IaGmbWE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:24:15:8e:02:e8:5f:d9:7a:36:43:d5:6b:1f:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3c3f45021d6eb340a42b2e5dd1fbf721a1a66d61
        Validity
            Not Before: Jan  1 16:19:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2ae596b649ce18a2c0b44509436a9f97f8cd9668
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:da:84:39:e9:4f:3f:ce:b5:3d:f6:2c:b4:e5:
                    22:82:5c:34:f8:b5:af:d1:60:7c:81:ba:66:ea:c3:
                    c4:d8:b4:53:ce:8d:18:bf:08:d7:95:04:58:5f:7a:
                    68:b7:93:89:f9:1a:6a:5e:bc:6e:66:9e:bf:d3:97:
                    8c:31:f4:99:2e:0b:86:3b:f0:65:b4:e6:59:cf:b3:
                    31:33:65:e3:44:28:79:89:bf:b2:ca:62:01:82:7c:
                    58:8e:72:67:0b:1f:03:b0:23:6b:a1:10:e0:30:fe:
                    5d:d4:bc:e0:44:75:e1:38:a2:e7:ec:35:4e:b8:ae:
                    9f:a7:5f:e2:bd:bd:99:b2:b4:dc:24:ec:0d:c1:23:
                    ed:d4:c3:b6:86:85:e0:30:0b:dd:4b:24:8b:c9:9c:
                    06:9e:cb:1e:05:4e:0b:56:ef:1c:49:b0:db:d2:8e:
                    b8:0e:f1:55:97:fb:3b:1d:cd:48:c6:c8:1d:99:f8:
                    6f:d8:72:97:9c:04:df:60:26:10:db:d4:6b:59:b0:
                    29:0a:8d:80:8c:fe:cc:e1:6a:9e:3b:b0:65:bb:07:
                    48:31:d7:41:d0:fa:25:34:61:23:f9:a2:15:d3:1d:
                    a4:4a:e9:32:fb:9d:7a:e1:b6:29:06:15:c9:c7:4a:
                    ad:6a:cd:76:cd:98:84:da:0e:fc:b9:a0:04:bc:1d:
                    0c:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:E5:96:B6:49:CE:18:A2:C0:B4:45:09:43:6A:9F:97:F8:CD:96:68
            X509v3 Authority Key Identifier:
                keyid:3C:3F:45:02:1D:6E:B3:40:A4:2B:2E:5D:D1:FB:F7:21:A1:A6:6D:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PD9FAh1us0CkKy5d0fv3IaGmbWE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/05257e-1e67-4158-8adb-47d6e4bae2cf/1/KuWWtknOGKLAtEUJQ2qfl_jNlmg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/05257e-1e67-4158-8adb-47d6e4bae2cf/1/PD9FAh1us0CkKy5d0fv3IaGmbWE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:11:03:f3:f6:0c:61:8a:f3:c2:7a:c0:6f:8e:0d:03:ae:28:
         fa:08:02:78:4e:f1:5c:4a:d9:7c:aa:ae:10:ae:b7:ad:53:18:
         0e:07:e7:35:d5:10:91:3f:9b:36:aa:47:c7:54:e4:3e:4a:ed:
         7c:1a:aa:8a:5b:63:b3:28:35:34:db:e9:ef:3d:c8:ea:06:e4:
         80:a9:c8:0c:8f:87:56:d7:ac:e2:80:1a:21:f3:0f:75:48:eb:
         c8:06:4b:73:33:a1:54:2a:08:56:c0:94:73:7d:e3:c7:bd:81:
         94:e6:c2:bb:46:ea:ff:33:79:82:29:d2:08:56:29:fb:0b:fd:
         1d:36:ca:58:ce:73:51:58:e8:e3:eb:36:40:30:4c:31:bd:07:
         5a:50:a1:ec:72:a2:10:8e:bf:8b:e6:7c:5d:45:0f:d1:2d:39:
         db:c6:02:86:58:c5:d6:71:39:31:46:0b:04:92:4f:d7:60:bf:
         a2:41:73:81:a0:cd:e3:c2:54:10:ab:00:48:a5:76:7e:f1:7e:
         85:4d:d5:22:9f:88:8f:38:12:cb:ec:ec:63:94:27:a0:b3:9d:
         ae:c6:21:5d:eb:81:43:4f:1b:31:72:fe:f4:95:18:fb:60:5f:
         c3:f2:7a:65:f5:56:60:94:9d:4f:1f:8d:27:e4:8f:33:ca:fd:
         af:c4:44:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WyQVjgLoX9l6NkPVax88MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjM2Y0NTAyMWQ2ZWIzNDBhNDJiMmU1ZGQxZmJmNzIxYTFh
NjZkNjEwHhcNMjYwMTAxMTYxOTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWU1OTZiNjQ5Y2UxOGEyYzBiNDQ1MDk0MzZhOWY5N2Y4Y2Q5NjY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9qEOelPP861PfYstOUiglw0+LWv
0WB8gbpm6sPE2LRTzo0YvwjXlQRYX3pot5OJ+RpqXrxuZp6/05eMMfSZLguGO/Bl
tOZZz7MxM2XjRCh5ib+yymIBgnxYjnJnCx8DsCNroRDgMP5d1LzgRHXhOKLn7DVO
uK6fp1/ivb2ZsrTcJOwNwSPt1MO2hoXgMAvdSySLyZwGnsseBU4LVu8cSbDb0o64
DvFVl/s7Hc1Ixsgdmfhv2HKXnATfYCYQ29RrWbApCo2AjP7M4WqeO7BluwdIMddB
0PolNGEj+aIV0x2kSuky+5164bYpBhXJx0qtas12zZiE2g78uaAEvB0MrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCrllrZJzhiiwLRFCUNqn5f4zZZoMB8GA1UdIwQY
MBaAFDw/RQIdbrNApCsuXdH79yGhpm1hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEQ5RkFoMXVzMENrS3k1ZDBmdjNJYUdtYldFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My8wNTI1N2UtMWU2Ny00MTU4LThhZGIt
NDdkNmU0YmFlMmNmLzEvS3VXV3Rrbk9HS0xBdEVVSlEycWZsX2pObG1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My8wNTI1N2UtMWU2Ny00MTU4LThhZGItNDdkNmU0YmFlMmNm
LzEvUEQ5RkFoMXVzMENrS3k1ZDBmdjNJYUdtYldFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9RbMA0G
CSqGSIb3DQEBCwUAA4IBAQBOEQPz9gxhivPCesBvjg0Drij6CAJ4TvFcStl8qq4Q
rretUxgOB+c11RCRP5s2qkfHVOQ+Su18GqqKW2OzKDU02+nvPcjqBuSAqcgMj4dW
16zigBoh8w91SOvIBktzM6FUKghWwJRzfePHvYGU5sK7Rur/M3mCKdIIVin7C/0d
NspYznNRWOjj6zZAMEwxvQdaUKHscqIQjr+L5nxdRQ/RLTnbxgKGWMXWcTkxRgsE
kk/XYL+iQXOBoM3jwlQQqwBIpXZ+8X6FTdUin4iPOBLL7OxjlCegs52uxiFd64FD
Txsxcv70lRj7YF/D8npl9VZglJ1PH40n5I8zyv2vxEQU
-----END CERTIFICATE-----