This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/9f43aa-c5c9-4ef7-8766-5a9d702e77e3/1/h2uRyyLQQ2Shtkyxrk1UdTyzOhc.roa
File:                     h2uRyyLQQ2Shtkyxrk1UdTyzOhc.roa (raw, json)
Hash identifier:          9VGK+pBjMxIsPPaRSCjbbR6f7e4NiPLTe+cZavCVZO0=
Subject key identifier:   87:6B:91:CB:22:D0:43:64:A1:B6:4C:B1:AE:4D:54:75:3C:B3:3A:17
Certificate issuer:       /CN=6b475c6fb8033b5e11d7db5f2c997c84ba725ca2
Certificate serial:       019B79EC1D7269E9C06F39D922C7669142D1
Authority key identifier: 6B:47:5C:6F:B8:03:3B:5E:11:D7:DB:5F:2C:99:7C:84:BA:72:5C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a0dcb7gDO14R19tfLJl8hLpyXKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/9f43aa-c5c9-4ef7-8766-5a9d702e77e3/1/h2uRyyLQQ2Shtkyxrk1UdTyzOhc.roa
Signing time:             Thu 01 Jan 2026 14:17:55 +0000
ROA not before:           Thu 01 Jan 2026 14:17:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5413
IP address blocks:        91.227.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/9f43aa-c5c9-4ef7-8766-5a9d702e77e3/1/a0dcb7gDO14R19tfLJl8hLpyXKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/9f43aa-c5c9-4ef7-8766-5a9d702e77e3/1/a0dcb7gDO14R19tfLJl8hLpyXKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a0dcb7gDO14R19tfLJl8hLpyXKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:1d:72:69:e9:c0:6f:39:d9:22:c7:66:91:42:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b475c6fb8033b5e11d7db5f2c997c84ba725ca2
        Validity
            Not Before: Jan  1 14:17:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=876b91cb22d04364a1b64cb1ae4d54753cb33a17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:92:85:57:03:21:53:de:5a:5d:8b:03:bb:73:
                    32:93:3a:a5:46:0b:d0:cd:a5:9e:6e:ee:de:93:c6:
                    4a:af:0f:ba:9e:0f:f5:ec:c8:a7:e4:17:d1:e9:6e:
                    c1:8b:52:bf:00:0a:e6:58:96:9e:c4:37:d7:39:5d:
                    9a:9b:bf:74:7b:50:4c:e7:32:f0:9d:90:31:c4:6a:
                    3b:23:77:71:96:28:a5:73:13:30:75:39:78:1f:58:
                    37:ad:4d:72:d7:74:6e:23:c1:a1:b8:ee:76:00:4e:
                    85:2f:3c:ae:1a:5c:22:a5:df:c4:b2:87:52:c1:ac:
                    5d:d4:bb:b7:72:06:2c:b9:89:6e:50:43:73:bc:54:
                    7a:3e:22:dd:1b:fe:bd:8d:95:4c:fc:fb:aa:5d:ec:
                    c6:f3:f0:cd:4b:57:2a:3c:1c:8b:33:66:be:81:bc:
                    06:c8:30:01:66:3b:0e:da:b7:93:78:aa:74:09:fe:
                    c5:99:0d:a5:e3:56:a1:74:b9:1c:13:61:90:79:5f:
                    d5:7c:37:e2:01:36:fa:ab:5a:02:f1:2d:a2:31:c6:
                    68:c0:7c:0c:5d:4e:9f:3b:d5:c7:dc:2f:c6:8c:91:
                    93:af:a2:7c:f5:4d:46:24:8d:98:53:ac:b5:61:1a:
                    8a:b7:e1:29:da:ad:7f:7c:f5:81:ca:f7:ff:42:05:
                    57:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:6B:91:CB:22:D0:43:64:A1:B6:4C:B1:AE:4D:54:75:3C:B3:3A:17
            X509v3 Authority Key Identifier:
                keyid:6B:47:5C:6F:B8:03:3B:5E:11:D7:DB:5F:2C:99:7C:84:BA:72:5C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0dcb7gDO14R19tfLJl8hLpyXKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/9f43aa-c5c9-4ef7-8766-5a9d702e77e3/1/h2uRyyLQQ2Shtkyxrk1UdTyzOhc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/9f43aa-c5c9-4ef7-8766-5a9d702e77e3/1/a0dcb7gDO14R19tfLJl8hLpyXKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:62:1f:8c:8b:b2:5a:3e:9a:9d:20:e5:a8:52:c2:36:75:07:
         27:31:92:0a:af:99:9a:e7:90:84:bf:a3:46:83:ba:d8:08:f7:
         93:02:62:eb:2e:ca:6d:29:5e:55:45:77:7b:fe:19:3c:28:a2:
         84:aa:fa:8f:20:08:95:4c:10:0d:15:68:9e:d2:fb:7e:08:6f:
         cc:24:36:4d:0b:f0:19:0e:11:11:e3:ae:19:1b:88:8e:b1:c4:
         44:f5:a0:7d:8b:21:13:aa:ba:97:39:a9:54:f1:c2:15:bf:6b:
         1d:b9:f0:31:5f:2d:ed:8c:e2:f4:55:ef:88:6f:89:71:60:15:
         b3:a7:e4:76:49:d3:ff:76:84:a9:96:2d:41:90:9c:aa:cf:c8:
         e5:6a:47:b7:3a:28:1a:73:cd:23:7a:53:3a:97:c1:7f:8d:26:
         01:a2:df:2e:4f:f9:7a:78:f4:d1:02:b0:5d:cc:db:e7:6a:40:
         b9:48:0d:1f:3b:68:dd:0b:be:aa:8f:37:0c:42:ca:57:4a:63:
         ad:c3:f5:f9:ef:94:3a:dd:05:90:b2:af:0e:7b:e1:1d:4d:c0:
         48:3c:a5:b7:bd:b7:e4:2e:3a:8b:f2:5e:36:d9:e4:39:8f:a5:
         c7:d1:84:78:78:00:e5:eb:fa:f3:24:a5:39:b1:06:f3:36:d0:
         fd:ec:32:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57B1yaenAbznZIsdmkULRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNDc1YzZmYjgwMzNiNWUxMWQ3ZGI1ZjJjOTk3Yzg0YmE3
MjVjYTIwHhcNMjYwMTAxMTQxNzU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzZiOTFjYjIyZDA0MzY0YTFiNjRjYjFhZTRkNTQ3NTNjYjMzYTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpKFVwMhU95aXYsDu3MykzqlRgvQ
zaWebu7ek8ZKrw+6ng/17Min5BfR6W7Bi1K/AArmWJaexDfXOV2am790e1BM5zLw
nZAxxGo7I3dxliilcxMwdTl4H1g3rU1y13RuI8GhuO52AE6FLzyuGlwipd/EsodS
waxd1Lu3cgYsuYluUENzvFR6PiLdG/69jZVM/PuqXezG8/DNS1cqPByLM2a+gbwG
yDABZjsO2reTeKp0Cf7FmQ2l41ahdLkcE2GQeV/VfDfiATb6q1oC8S2iMcZowHwM
XU6fO9XH3C/GjJGTr6J89U1GJI2YU6y1YRqKt+Ep2q1/fPWByvf/QgVXlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIdrkcsi0ENkobZMsa5NVHU8szoXMB8GA1UdIwQY
MBaAFGtHXG+4AzteEdfbXyyZfIS6clyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTBkY2I3Z0RPMTRSMTl0ZkxKbDhoTHB5WEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi85ZjQzYWEtYzVjOS00ZWY3LTg3NjYt
NWE5ZDcwMmU3N2UzLzEvaDJ1Unl5TFFRMlNodGt5eHJrMVVkVHl6T2hjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi85ZjQzYWEtYzVjOS00ZWY3LTg3NjYtNWE5ZDcwMmU3N2Uz
LzEvYTBkY2I3Z0RPMTRSMTl0ZkxKbDhoTHB5WEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+P1MA0G
CSqGSIb3DQEBCwUAA4IBAQCiYh+Mi7JaPpqdIOWoUsI2dQcnMZIKr5ma55CEv6NG
g7rYCPeTAmLrLsptKV5VRXd7/hk8KKKEqvqPIAiVTBANFWie0vt+CG/MJDZNC/AZ
DhER464ZG4iOscRE9aB9iyETqrqXOalU8cIVv2sdufAxXy3tjOL0Ve+Ib4lxYBWz
p+R2SdP/doSpli1BkJyqz8jlake3Oigac80jelM6l8F/jSYBot8uT/l6ePTRArBd
zNvnakC5SA0fO2jdC76qjzcMQspXSmOtw/X575Q63QWQsq8Oe+EdTcBIPKW3vbfk
LjqL8l422eQ5j6XH0YR4eADl6/rzJKU5sQbzNtD97DKp
-----END CERTIFICATE-----