This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/ay8yAoc88wAj2V0brdWw5VdAYUE.roa
File:                     ay8yAoc88wAj2V0brdWw5VdAYUE.roa (raw, json)
Hash identifier:          uEoLe7XoIo5DxCpUn3Ll+nX3PqXVlfbcylC6QSJzhLc=
Subject key identifier:   6B:2F:32:02:87:3C:F3:00:23:D9:5D:1B:AD:D5:B0:E5:57:40:61:41
Certificate issuer:       /CN=2793bde946ae936d3cacc136a5f3239edf2431f4
Certificate serial:       019B7E386CAC4E2177510653359CD11149C5
Authority key identifier: 27:93:BD:E9:46:AE:93:6D:3C:AC:C1:36:A5:F3:23:9E:DF:24:31:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J5O96Uauk208rME2pfMjnt8kMfQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/ay8yAoc88wAj2V0brdWw5VdAYUE.roa
Signing time:             Fri 02 Jan 2026 10:19:45 +0000
ROA not before:           Fri 02 Jan 2026 10:19:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     399641
IP address blocks:        91.188.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/J5O96Uauk208rME2pfMjnt8kMfQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/J5O96Uauk208rME2pfMjnt8kMfQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J5O96Uauk208rME2pfMjnt8kMfQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:6c:ac:4e:21:77:51:06:53:35:9c:d1:11:49:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2793bde946ae936d3cacc136a5f3239edf2431f4
        Validity
            Not Before: Jan  2 10:19:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6b2f3202873cf30023d95d1badd5b0e557406141
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:a6:a6:a6:23:67:4d:1f:e9:45:ce:53:5b:35:
                    9b:71:df:3b:1f:33:8c:36:af:34:0e:9d:44:a5:76:
                    1d:99:6a:fd:53:3a:63:6b:da:5e:3a:e8:42:f3:bf:
                    9a:17:e5:c3:2d:fe:a9:41:85:d3:f0:76:ee:9c:10:
                    73:71:83:49:50:9b:43:4b:06:ab:31:2c:d2:a5:64:
                    ef:75:8e:66:35:f7:6c:de:42:7b:0a:4d:3b:1c:e7:
                    ec:cd:1a:3e:ac:44:e7:e8:53:dc:df:40:04:24:27:
                    14:47:5b:b2:df:05:de:38:f5:67:84:ca:8e:b8:8d:
                    dc:39:cc:eb:e1:2e:a1:7b:ea:88:da:79:de:6f:ba:
                    b1:18:3e:34:30:1b:6f:d8:b5:5e:4e:32:55:28:35:
                    06:bc:40:78:05:ac:5f:07:95:46:b0:9d:f1:d5:56:
                    79:5a:e3:e0:f1:c3:86:0d:e4:f2:22:ba:c3:b7:5e:
                    4e:52:3d:55:c7:17:c2:c5:8b:74:a7:38:5b:94:e0:
                    b7:90:0e:44:28:56:2a:db:ab:af:22:96:5d:a1:74:
                    26:4d:e5:df:30:d3:b2:ad:6e:17:74:e4:02:42:df:
                    2a:29:b0:92:2b:8c:65:b5:00:a1:5e:fe:2c:e1:44:
                    1d:f3:69:6a:e1:a3:37:2d:d8:5e:84:1e:2a:94:58:
                    98:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:2F:32:02:87:3C:F3:00:23:D9:5D:1B:AD:D5:B0:E5:57:40:61:41
            X509v3 Authority Key Identifier:
                keyid:27:93:BD:E9:46:AE:93:6D:3C:AC:C1:36:A5:F3:23:9E:DF:24:31:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J5O96Uauk208rME2pfMjnt8kMfQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/ay8yAoc88wAj2V0brdWw5VdAYUE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/J5O96Uauk208rME2pfMjnt8kMfQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.188.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:85:bf:84:c0:b5:50:c4:58:ea:0b:e3:91:e8:e1:a5:a6:ca:
         ca:e1:8d:2c:5a:1c:71:ee:12:bb:03:38:d4:c0:8f:ff:1c:5e:
         da:52:6b:18:0d:ba:68:ef:f3:c9:f8:61:69:20:d7:96:bc:73:
         82:5a:ab:68:90:a1:f8:6f:95:fa:1c:65:c8:85:2e:99:8e:aa:
         ae:f6:25:41:05:d3:9f:d3:d8:2e:70:93:b2:ec:d2:3b:ca:4e:
         8f:fa:0a:ad:11:55:4f:da:d1:0b:ab:48:37:9e:38:59:3c:71:
         22:4b:b3:ed:c8:81:5c:57:39:53:70:d1:15:0b:ac:27:1c:d3:
         c6:98:8c:63:d8:86:3c:03:86:4e:f3:c0:01:ea:e8:64:eb:ae:
         42:bc:e5:01:a6:b3:f7:16:bd:01:ed:ca:12:7d:f4:d0:f7:a1:
         59:36:0d:af:5d:33:33:9c:d6:0f:42:66:44:53:00:77:b9:50:
         82:dd:71:1e:62:e5:04:e0:59:bf:02:08:59:90:18:8b:b7:35:
         f0:f7:12:1d:a4:7b:13:85:9d:c0:18:7d:38:c0:a7:4b:11:a9:
         ef:32:57:73:23:4a:50:5d:2d:cb:29:11:ad:c7:b5:92:6d:93:
         e6:8e:ad:d7:6b:11:8b:af:ba:7e:95:f3:04:5e:a3:50:f2:cf:
         e5:a7:62:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OGysTiF3UQZTNZzREUnFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OTNiZGU5NDZhZTkzNmQzY2FjYzEzNmE1ZjMyMzllZGYy
NDMxZjQwHhcNMjYwMTAyMTAxOTQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjJmMzIwMjg3M2NmMzAwMjNkOTVkMWJhZGQ1YjBlNTU3NDA2MTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxaampiNnTR/pRc5TWzWbcd87HzOM
Nq80Dp1EpXYdmWr9Uzpja9peOuhC87+aF+XDLf6pQYXT8HbunBBzcYNJUJtDSwar
MSzSpWTvdY5mNfds3kJ7Ck07HOfszRo+rETn6FPc30AEJCcUR1uy3wXeOPVnhMqO
uI3cOczr4S6he+qI2nneb7qxGD40MBtv2LVeTjJVKDUGvEB4BaxfB5VGsJ3x1VZ5
WuPg8cOGDeTyIrrDt15OUj1VxxfCxYt0pzhblOC3kA5EKFYq26uvIpZdoXQmTeXf
MNOyrW4XdOQCQt8qKbCSK4xltQChXv4s4UQd82lq4aM3LdhehB4qlFiYOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGsvMgKHPPMAI9ldG63VsOVXQGFBMB8GA1UdIwQY
MBaAFCeTvelGrpNtPKzBNqXzI57fJDH0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjVPOTZVYXVrMjA4ck1FMnBmTWpudDhrTWZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9iZjU4ZGEtYTlkMi00MjFhLWI0M2Et
OTJjM2JmNzRhOTdiLzEvYXk4eUFvYzg4d0FqMlYwYnJkV3c1VmRBWVVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9iZjU4ZGEtYTlkMi00MjFhLWI0M2EtOTJjM2JmNzRhOTdi
LzEvSjVPOTZVYXVrMjA4ck1FMnBmTWpudDhrTWZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW7z9MA0G
CSqGSIb3DQEBCwUAA4IBAQAIhb+EwLVQxFjqC+OR6OGlpsrK4Y0sWhxx7hK7AzjU
wI//HF7aUmsYDbpo7/PJ+GFpINeWvHOCWqtokKH4b5X6HGXIhS6Zjqqu9iVBBdOf
09gucJOy7NI7yk6P+gqtEVVP2tELq0g3njhZPHEiS7PtyIFcVzlTcNEVC6wnHNPG
mIxj2IY8A4ZO88AB6uhk665CvOUBprP3Fr0B7coSffTQ96FZNg2vXTMznNYPQmZE
UwB3uVCC3XEeYuUE4Fm/AghZkBiLtzXw9xIdpHsThZ3AGH04wKdLEanvMldzI0pQ
XS3LKRGtx7WSbZPmjq3XaxGLr7p+lfMEXqNQ8s/lp2J+
-----END CERTIFICATE-----