This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/ba9003-d433-4095-84b7-2f933d9896e0/1/Iria4wIw1fU8cA4sqt1elN464-4.roa
File:                     Iria4wIw1fU8cA4sqt1elN464-4.roa (raw, json)
Hash identifier:          ISbIWO425ImSYvAJvg4vsV9/XdUj9FmYfNuddwC0P7Y=
Subject key identifier:   22:B8:9A:E3:02:30:D5:F5:3C:70:0E:2C:AA:DD:5E:94:DE:3A:E3:EE
Certificate issuer:       /CN=9098153bde0e34584bac91fa1868d7ef24d68bcf
Certificate serial:       019B7BA54272F4A40B58EFDF95BD624D43D3
Authority key identifier: 90:98:15:3B:DE:0E:34:58:4B:AC:91:FA:18:68:D7:EF:24:D6:8B:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kJgVO94ONFhLrJH6GGjX7yTWi88.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/ba9003-d433-4095-84b7-2f933d9896e0/1/Iria4wIw1fU8cA4sqt1elN464-4.roa
Signing time:             Thu 01 Jan 2026 22:19:46 +0000
ROA not before:           Thu 01 Jan 2026 22:19:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43317
IP address blocks:        91.209.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/ba9003-d433-4095-84b7-2f933d9896e0/1/kJgVO94ONFhLrJH6GGjX7yTWi88.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/ba9003-d433-4095-84b7-2f933d9896e0/1/kJgVO94ONFhLrJH6GGjX7yTWi88.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kJgVO94ONFhLrJH6GGjX7yTWi88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:42:72:f4:a4:0b:58:ef:df:95:bd:62:4d:43:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9098153bde0e34584bac91fa1868d7ef24d68bcf
        Validity
            Not Before: Jan  1 22:19:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=22b89ae30230d5f53c700e2caadd5e94de3ae3ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:80:76:a6:0e:be:5f:e2:bc:4e:a1:c1:4a:aa:
                    15:4a:8a:d9:be:9e:63:0b:42:14:c5:0d:51:0a:fd:
                    46:ed:de:1a:5d:f5:8d:fc:58:48:bf:3a:26:4b:9e:
                    49:d4:75:e9:8f:44:c7:2f:db:63:49:74:f0:b6:00:
                    86:92:b4:87:42:59:3f:1a:44:25:2e:ef:55:89:9b:
                    8e:51:51:b2:39:cd:90:f2:39:4c:9f:d2:95:5f:e4:
                    2b:11:51:eb:55:ce:8c:bb:cd:e9:8b:72:85:b7:3e:
                    ea:4d:04:52:63:f2:06:f2:3f:3c:7a:8d:e6:cf:f2:
                    a4:73:32:ba:75:47:9d:ac:0a:f6:d7:39:1e:6b:e5:
                    d3:95:f7:4c:91:3c:0c:22:c7:45:1d:ee:63:4d:5c:
                    98:6f:fa:2b:79:30:84:b9:c3:62:39:57:b9:0f:40:
                    b1:6f:01:fb:e4:d2:c7:8c:7e:7e:9a:53:f8:7e:6e:
                    17:fa:4d:d4:a9:b6:1d:79:a5:b7:8f:96:49:23:3a:
                    de:5a:18:8e:09:bd:59:47:5a:6a:7a:81:ac:37:e8:
                    0a:02:db:20:f9:03:78:ef:75:f6:e4:d1:b7:3e:63:
                    31:32:cb:82:0a:ff:0a:83:93:85:75:dd:04:78:43:
                    dc:56:7f:6d:81:23:43:c6:67:d0:92:91:5e:a3:40:
                    18:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:B8:9A:E3:02:30:D5:F5:3C:70:0E:2C:AA:DD:5E:94:DE:3A:E3:EE
            X509v3 Authority Key Identifier:
                keyid:90:98:15:3B:DE:0E:34:58:4B:AC:91:FA:18:68:D7:EF:24:D6:8B:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kJgVO94ONFhLrJH6GGjX7yTWi88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/ba9003-d433-4095-84b7-2f933d9896e0/1/Iria4wIw1fU8cA4sqt1elN464-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/ba9003-d433-4095-84b7-2f933d9896e0/1/kJgVO94ONFhLrJH6GGjX7yTWi88.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:62:1b:26:a6:99:c7:06:84:6d:9c:fa:90:0f:22:7c:2a:76:
         dc:85:df:87:90:53:a0:01:47:ce:52:a5:0f:88:77:e8:3a:b2:
         5b:9f:dd:de:84:64:f9:c7:f9:80:32:a0:22:46:af:1b:de:fb:
         a5:76:13:13:38:56:07:d5:ae:e0:09:80:2c:b3:c7:cf:37:02:
         69:d2:3a:b6:99:81:4e:13:c2:f3:1b:c5:6e:4a:a9:ec:fd:1b:
         52:6e:5e:49:6b:23:1f:1d:e4:62:11:5a:35:24:69:3b:3c:82:
         4f:b1:81:d1:e3:07:34:10:25:77:6f:a0:1c:f2:38:e2:4a:f7:
         61:4b:3d:83:4d:8c:23:e0:ba:1d:85:c6:41:2f:4b:fa:5e:e2:
         93:c3:0f:f0:dc:46:dd:18:e9:84:43:ae:8d:20:67:95:c7:a0:
         f5:b4:19:49:a3:6d:28:21:d8:27:00:bd:a4:e2:f6:92:2c:fd:
         a5:d5:fa:08:5e:76:07:4e:d3:7d:27:76:01:4e:08:da:74:57:
         89:44:48:57:1f:99:33:ce:7b:69:8e:69:c8:98:a1:2d:81:24:
         9a:ea:61:35:a7:1a:d1:57:65:f0:cc:61:32:d0:bf:12:96:67:
         15:cd:22:6f:9c:cc:d1:12:df:98:b5:2f:6e:e2:75:29:13:ba:
         74:ba:06:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pUJy9KQLWO/flb1iTUPTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwOTgxNTNiZGUwZTM0NTg0YmFjOTFmYTE4NjhkN2VmMjRk
NjhiY2YwHhcNMjYwMTAxMjIxOTQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmI4OWFlMzAyMzBkNWY1M2M3MDBlMmNhYWRkNWU5NGRlM2FlM2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzoB2pg6+X+K8TqHBSqoVSorZvp5j
C0IUxQ1RCv1G7d4aXfWN/FhIvzomS55J1HXpj0THL9tjSXTwtgCGkrSHQlk/GkQl
Lu9ViZuOUVGyOc2Q8jlMn9KVX+QrEVHrVc6Mu83pi3KFtz7qTQRSY/IG8j88eo3m
z/KkczK6dUedrAr21zkea+XTlfdMkTwMIsdFHe5jTVyYb/oreTCEucNiOVe5D0Cx
bwH75NLHjH5+mlP4fm4X+k3UqbYdeaW3j5ZJIzreWhiOCb1ZR1pqeoGsN+gKAtsg
+QN473X25NG3PmMxMsuCCv8Kg5OFdd0EeEPcVn9tgSNDxmfQkpFeo0AYRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCK4muMCMNX1PHAOLKrdXpTeOuPuMB8GA1UdIwQY
MBaAFJCYFTveDjRYS6yR+hho1+8k1ovPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0pnVk85NE9ORmhMckpINkdHalg3eVRXaTg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9iYTkwMDMtZDQzMy00MDk1LTg0Yjct
MmY5MzNkOTg5NmUwLzEvSXJpYTR3SXcxZlU4Y0E0c3F0MWVsTjQ2NC00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9iYTkwMDMtZDQzMy00MDk1LTg0YjctMmY5MzNkOTg5NmUw
LzEva0pnVk85NE9ORmhMckpINkdHalg3eVRXaTg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9FGMA0G
CSqGSIb3DQEBCwUAA4IBAQB1YhsmppnHBoRtnPqQDyJ8Knbchd+HkFOgAUfOUqUP
iHfoOrJbn93ehGT5x/mAMqAiRq8b3vuldhMTOFYH1a7gCYAss8fPNwJp0jq2mYFO
E8LzG8VuSqns/RtSbl5JayMfHeRiEVo1JGk7PIJPsYHR4wc0ECV3b6Ac8jjiSvdh
Sz2DTYwj4LodhcZBL0v6XuKTww/w3EbdGOmEQ66NIGeVx6D1tBlJo20oIdgnAL2k
4vaSLP2l1foIXnYHTtN9J3YBTgjadFeJREhXH5kzzntpjmnImKEtgSSa6mE1pxrR
V2XwzGEy0L8SlmcVzSJvnMzREt+YtS9u4nUpE7p0ugbW
-----END CERTIFICATE-----