This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/b5c810-9109-4729-b41d-b491f5b39ef2/1/ijhZTYk9DGModkCajt66p72oFJI.roa
File:                     ijhZTYk9DGModkCajt66p72oFJI.roa (raw, json)
Hash identifier:          cJaDIFdktjTkViIcpy9eK9vMB54QBt7lF7b2FQyxIpA=
Subject key identifier:   8A:38:59:4D:89:3D:0C:63:28:76:40:9A:8E:DE:BA:A7:BD:A8:14:92
Certificate issuer:       /CN=bfd76a7458b19d165f32f0ec33d71569e5f4fef9
Certificate serial:       019AD04BA02A1AD5AC3FD9A2F012F41850E5
Authority key identifier: BF:D7:6A:74:58:B1:9D:16:5F:32:F0:EC:33:D7:15:69:E5:F4:FE:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v9dqdFixnRZfMvDsM9cVaeX0_vk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/b5c810-9109-4729-b41d-b491f5b39ef2/1/ijhZTYk9DGModkCajt66p72oFJI.roa
Signing time:             Sat 29 Nov 2025 15:46:48 +0000
ROA not before:           Sat 29 Nov 2025 15:46:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206411
IP address blocks:        91.227.186.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/b5c810-9109-4729-b41d-b491f5b39ef2/1/v9dqdFixnRZfMvDsM9cVaeX0_vk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/b5c810-9109-4729-b41d-b491f5b39ef2/1/v9dqdFixnRZfMvDsM9cVaeX0_vk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v9dqdFixnRZfMvDsM9cVaeX0_vk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 05:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:d0:4b:a0:2a:1a:d5:ac:3f:d9:a2:f0:12:f4:18:50:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfd76a7458b19d165f32f0ec33d71569e5f4fef9
        Validity
            Not Before: Nov 29 15:46:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8a38594d893d0c632876409a8edebaa7bda81492
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:3c:1b:23:34:bf:39:c1:82:70:9f:2a:15:a0:
                    28:70:bf:7e:61:ab:94:97:17:44:fb:f4:e8:7c:61:
                    16:19:1a:f8:1c:6e:b9:b1:84:de:29:d9:0d:fe:b8:
                    5b:d9:f5:76:46:9e:b6:ca:ff:d3:cc:2a:5f:5d:86:
                    35:4c:eb:bf:73:eb:3c:de:d2:20:a9:58:b1:13:ce:
                    b0:f7:cd:17:e5:3b:41:8c:57:d4:24:cc:21:19:4a:
                    41:f8:45:b9:41:77:70:10:0f:51:5f:4a:03:5f:dc:
                    50:5e:1b:5e:f2:16:77:d4:9d:7f:c5:3a:2f:59:ae:
                    22:dd:57:1d:fa:f1:0e:e7:18:53:33:6a:46:6e:e1:
                    bd:0f:d3:e6:84:4a:cd:d1:b8:61:dc:57:32:1f:00:
                    c4:13:15:4a:d0:45:36:b4:8e:26:ca:6f:82:ef:29:
                    e6:40:aa:31:cf:1f:7a:5d:60:70:ea:8f:4a:e0:fc:
                    64:74:43:4e:fb:dc:d7:f1:1f:9a:60:a0:0a:9b:12:
                    4f:96:24:8a:44:e5:57:18:73:93:5d:0d:c1:12:53:
                    ac:2f:eb:f8:49:3a:88:f7:fa:92:bf:ec:df:18:d6:
                    6b:4c:43:bf:c5:05:64:9e:47:d5:97:27:39:e3:48:
                    41:9c:a1:58:d6:7b:5d:71:1e:bb:b8:df:7b:48:f5:
                    b8:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:38:59:4D:89:3D:0C:63:28:76:40:9A:8E:DE:BA:A7:BD:A8:14:92
            X509v3 Authority Key Identifier:
                keyid:BF:D7:6A:74:58:B1:9D:16:5F:32:F0:EC:33:D7:15:69:E5:F4:FE:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v9dqdFixnRZfMvDsM9cVaeX0_vk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/b5c810-9109-4729-b41d-b491f5b39ef2/1/ijhZTYk9DGModkCajt66p72oFJI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/b5c810-9109-4729-b41d-b491f5b39ef2/1/v9dqdFixnRZfMvDsM9cVaeX0_vk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:5d:45:87:ba:02:e9:d0:93:f1:07:a8:be:c1:09:fc:b5:e1:
         96:6d:48:d6:76:49:34:07:2f:05:d4:1e:7a:fe:17:fb:2e:f0:
         3c:fa:12:db:c5:b5:26:a7:30:a5:2e:20:0b:0f:6a:6d:72:40:
         75:d6:14:6a:07:fb:3b:3c:9f:90:a7:1e:a9:9e:a7:26:3a:04:
         5f:2f:d1:89:14:5a:87:a1:a7:4c:20:a9:a3:dc:93:a1:31:53:
         b2:4c:1b:7c:8d:92:93:ba:a6:ce:e4:ca:c6:91:80:65:8a:e0:
         e1:5c:a3:9c:ac:a6:e2:75:47:1f:2e:8a:51:ea:45:9f:66:1f:
         81:60:99:41:61:02:26:1b:41:21:d1:52:23:01:20:49:1a:dc:
         21:1b:5f:1f:b5:8b:6f:1b:30:63:0b:b7:b7:32:dc:b2:45:1d:
         7e:0a:4c:92:41:46:0d:13:8d:32:9c:54:1b:38:3d:bc:21:1d:
         41:7a:3a:cb:16:53:e8:52:12:6d:c8:36:9f:e7:54:ad:8f:1a:
         db:17:58:16:b3:56:b1:27:99:7a:6c:f1:80:36:61:47:9a:25:
         dc:f7:16:91:33:b7:80:9f:1f:63:82:ca:7a:14:b8:8a:30:93:
         ab:40:38:46:52:7e:95:a7:09:40:d8:f0:03:f8:19:7e:40:38:
         8d:85:d9:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZrQS6AqGtWsP9mi8BL0GFDlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmZDc2YTc0NThiMTlkMTY1ZjMyZjBlYzMzZDcxNTY5ZTVm
NGZlZjkwHhcNMjUxMTI5MTU0NjQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTM4NTk0ZDg5M2QwYzYzMjg3NjQwOWE4ZWRlYmFhN2JkYTgxNDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzwbIzS/OcGCcJ8qFaAocL9+YauU
lxdE+/TofGEWGRr4HG65sYTeKdkN/rhb2fV2Rp62yv/TzCpfXYY1TOu/c+s83tIg
qVixE86w980X5TtBjFfUJMwhGUpB+EW5QXdwEA9RX0oDX9xQXhte8hZ31J1/xTov
Wa4i3Vcd+vEO5xhTM2pGbuG9D9PmhErN0bhh3FcyHwDEExVK0EU2tI4mym+C7ynm
QKoxzx96XWBw6o9K4PxkdENO+9zX8R+aYKAKmxJPliSKROVXGHOTXQ3BElOsL+v4
STqI9/qSv+zfGNZrTEO/xQVknkfVlyc540hBnKFY1ntdcR67uN97SPW4SwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIo4WU2JPQxjKHZAmo7euqe9qBSSMB8GA1UdIwQY
MBaAFL/XanRYsZ0WXzLw7DPXFWnl9P75MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjlkcWRGaXhuUlpmTXZEc005Y1ZhZVgwX3ZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9iNWM4MTAtOTEwOS00NzI5LWI0MWQt
YjQ5MWY1YjM5ZWYyLzEvaWpoWlRZazlER01vZGtDYWp0NjZwNzJvRkpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9iNWM4MTAtOTEwOS00NzI5LWI0MWQtYjQ5MWY1YjM5ZWYy
LzEvdjlkcWRGaXhuUlpmTXZEc005Y1ZhZVgwX3ZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+O6MA0G
CSqGSIb3DQEBCwUAA4IBAQAZXUWHugLp0JPxB6i+wQn8teGWbUjWdkk0By8F1B56
/hf7LvA8+hLbxbUmpzClLiALD2ptckB11hRqB/s7PJ+Qpx6pnqcmOgRfL9GJFFqH
oadMIKmj3JOhMVOyTBt8jZKTuqbO5MrGkYBliuDhXKOcrKbidUcfLopR6kWfZh+B
YJlBYQImG0Eh0VIjASBJGtwhG18ftYtvGzBjC7e3MtyyRR1+CkySQUYNE40ynFQb
OD28IR1BejrLFlPoUhJtyDaf51StjxrbF1gWs1axJ5l6bPGANmFHmiXc9xaRM7eA
nx9jgsp6FLiKMJOrQDhGUn6VpwlA2PAD+Bl+QDiNhdlk
-----END CERTIFICATE-----