This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/b5c810-9109-4729-b41d-b491f5b39ef2/1/CdSBrOUKTuPZdHo1rhDRbIWCZVk.roa
File:                     CdSBrOUKTuPZdHo1rhDRbIWCZVk.roa (raw, json)
Hash identifier:          vomX7/L5tiX3Xm3yDlRhzTvRbnk/SDC+k2Z0lNB/FvE=
Subject key identifier:   09:D4:81:AC:E5:0A:4E:E3:D9:74:7A:35:AE:10:D1:6C:85:82:65:59
Certificate issuer:       /CN=bfd76a7458b19d165f32f0ec33d71569e5f4fef9
Certificate serial:       019B7FF2210EDFFDDD53031A58D36314ADA3
Authority key identifier: BF:D7:6A:74:58:B1:9D:16:5F:32:F0:EC:33:D7:15:69:E5:F4:FE:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v9dqdFixnRZfMvDsM9cVaeX0_vk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/b5c810-9109-4729-b41d-b491f5b39ef2/1/CdSBrOUKTuPZdHo1rhDRbIWCZVk.roa
Signing time:             Fri 02 Jan 2026 18:22:13 +0000
ROA not before:           Fri 02 Jan 2026 18:22:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206411
IP address blocks:        91.227.186.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/b5c810-9109-4729-b41d-b491f5b39ef2/1/v9dqdFixnRZfMvDsM9cVaeX0_vk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/b5c810-9109-4729-b41d-b491f5b39ef2/1/v9dqdFixnRZfMvDsM9cVaeX0_vk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v9dqdFixnRZfMvDsM9cVaeX0_vk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f2:21:0e:df:fd:dd:53:03:1a:58:d3:63:14:ad:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfd76a7458b19d165f32f0ec33d71569e5f4fef9
        Validity
            Not Before: Jan  2 18:22:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=09d481ace50a4ee3d9747a35ae10d16c85826559
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:ef:e5:fc:11:e8:cc:b7:46:f5:9b:f8:b0:a3:
                    07:32:68:80:d6:39:6b:5b:08:c6:cf:0a:9c:75:3d:
                    ec:9d:a4:fb:a5:2b:df:00:0a:b1:9a:f4:66:a8:48:
                    8d:35:04:5f:35:3d:74:bd:9d:db:ae:ae:10:f9:0a:
                    40:fc:1c:c6:f0:56:7c:f7:54:cd:3e:fc:3c:42:67:
                    29:fc:8d:ff:22:86:0b:8b:88:dc:31:3a:11:ca:8f:
                    b5:e3:ae:83:e9:48:6f:71:0b:40:da:18:3f:a9:6e:
                    72:c8:f0:df:f7:a8:77:39:00:1f:e7:49:a4:40:68:
                    1b:f0:b5:7d:6a:da:d5:e4:ec:20:88:c1:36:a1:d5:
                    ed:ff:df:b3:80:ce:3a:86:72:4b:09:21:16:11:86:
                    bc:8e:87:b4:41:aa:bb:d1:32:25:ce:6b:d5:fa:77:
                    1d:1b:e4:9d:f1:86:fc:30:4b:5b:af:25:40:a4:2f:
                    83:89:ad:ee:84:40:70:f0:f3:79:99:e2:91:b5:17:
                    32:01:d0:27:e7:db:b6:4e:0a:fc:84:be:7b:af:24:
                    66:8f:37:62:13:d3:14:8d:ac:ff:c5:46:73:07:bc:
                    1b:3b:3d:d4:90:d1:a7:1b:7a:55:1c:ae:a9:7a:6b:
                    e3:05:16:f6:5c:62:1d:f0:87:7b:c0:18:cf:e0:75:
                    42:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:D4:81:AC:E5:0A:4E:E3:D9:74:7A:35:AE:10:D1:6C:85:82:65:59
            X509v3 Authority Key Identifier:
                keyid:BF:D7:6A:74:58:B1:9D:16:5F:32:F0:EC:33:D7:15:69:E5:F4:FE:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v9dqdFixnRZfMvDsM9cVaeX0_vk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/b5c810-9109-4729-b41d-b491f5b39ef2/1/CdSBrOUKTuPZdHo1rhDRbIWCZVk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/b5c810-9109-4729-b41d-b491f5b39ef2/1/v9dqdFixnRZfMvDsM9cVaeX0_vk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:e5:51:4f:22:4e:4d:19:9f:78:34:19:85:45:9a:6f:c4:17:
         fc:5b:ad:d2:f8:b4:0f:c2:e2:e2:e7:65:dc:51:9f:e7:39:34:
         8c:ae:40:0e:b9:13:2d:36:c9:8f:cd:c4:f9:f3:6e:05:ce:60:
         b7:a1:85:74:1e:b5:7b:8f:c2:f0:b1:4c:f6:90:af:96:a2:62:
         ad:9d:73:90:3a:dc:20:96:53:50:69:48:3f:f2:06:86:c2:c6:
         a1:ab:a9:e3:8b:a3:e7:9f:76:f0:9f:0d:d3:75:d0:a6:e5:9c:
         83:63:18:b2:e4:25:56:fc:9f:18:5a:2f:f1:2c:15:cd:46:15:
         57:d9:5d:c2:0f:2a:ac:bb:e4:f7:8f:2c:e6:3f:f4:b2:e1:2b:
         2d:e4:95:b9:3b:0d:74:6a:c3:90:7b:ac:67:cf:50:c6:19:35:
         67:33:3c:ec:57:3c:ec:50:61:96:a7:79:a8:ef:37:44:86:d2:
         43:59:fe:5f:42:a6:b1:ad:3c:87:73:af:34:4c:a1:90:d2:70:
         3a:06:98:4e:b6:dc:c3:30:79:6b:2b:0e:77:f3:f5:14:95:b7:
         c6:f0:ba:61:5a:38:ef:86:ea:c6:59:5c:6a:5e:dc:2a:a6:96:
         f0:fe:ce:6d:41:34:ce:3f:c6:b1:76:9e:5e:0d:8a:72:2a:90:
         76:11:6b:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/8iEO3/3dUwMaWNNjFK2jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmZDc2YTc0NThiMTlkMTY1ZjMyZjBlYzMzZDcxNTY5ZTVm
NGZlZjkwHhcNMjYwMTAyMTgyMjEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWQ0ODFhY2U1MGE0ZWUzZDk3NDdhMzVhZTEwZDE2Yzg1ODI2NTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn+/l/BHozLdG9Zv4sKMHMmiA1jlr
WwjGzwqcdT3snaT7pSvfAAqxmvRmqEiNNQRfNT10vZ3brq4Q+QpA/BzG8FZ891TN
Pvw8Qmcp/I3/IoYLi4jcMToRyo+1466D6UhvcQtA2hg/qW5yyPDf96h3OQAf50mk
QGgb8LV9atrV5OwgiME2odXt/9+zgM46hnJLCSEWEYa8joe0Qaq70TIlzmvV+ncd
G+Sd8Yb8MEtbryVApC+Dia3uhEBw8PN5meKRtRcyAdAn59u2Tgr8hL57ryRmjzdi
E9MUjaz/xUZzB7wbOz3UkNGnG3pVHK6pemvjBRb2XGId8Id7wBjP4HVCGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAnUgazlCk7j2XR6Na4Q0WyFgmVZMB8GA1UdIwQY
MBaAFL/XanRYsZ0WXzLw7DPXFWnl9P75MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjlkcWRGaXhuUlpmTXZEc005Y1ZhZVgwX3ZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9iNWM4MTAtOTEwOS00NzI5LWI0MWQt
YjQ5MWY1YjM5ZWYyLzEvQ2RTQnJPVUtUdVBaZEhvMXJoRFJiSVdDWlZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9iNWM4MTAtOTEwOS00NzI5LWI0MWQtYjQ5MWY1YjM5ZWYy
LzEvdjlkcWRGaXhuUlpmTXZEc005Y1ZhZVgwX3ZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+O6MA0G
CSqGSIb3DQEBCwUAA4IBAQBa5VFPIk5NGZ94NBmFRZpvxBf8W63S+LQPwuLi52Xc
UZ/nOTSMrkAOuRMtNsmPzcT5824FzmC3oYV0HrV7j8LwsUz2kK+WomKtnXOQOtwg
llNQaUg/8gaGwsahq6nji6Pnn3bwnw3TddCm5ZyDYxiy5CVW/J8YWi/xLBXNRhVX
2V3CDyqsu+T3jyzmP/Sy4Sst5JW5Ow10asOQe6xnz1DGGTVnMzzsVzzsUGGWp3mo
7zdEhtJDWf5fQqaxrTyHc680TKGQ0nA6BphOttzDMHlrKw538/UUlbfG8LphWjjv
hurGWVxqXtwqppbw/s5tQTTOP8axdp5eDYpyKpB2EWuI
-----END CERTIFICATE-----