This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/cbfa9b-0291-48e3-805c-43d66a0331ec/1/66eo3bJdi9RGbEdDXS4tD5cqq_o.roa
File:                     66eo3bJdi9RGbEdDXS4tD5cqq_o.roa (raw, json)
Hash identifier:          5t8peN4WCQBgYdxTrPyY0DXm3aBeHyQsSo4GmYIKBxg=
Subject key identifier:   EB:A7:A8:DD:B2:5D:8B:D4:46:6C:47:43:5D:2E:2D:0F:97:2A:AB:FA
Certificate issuer:       /CN=2bc8695772f0e64f3b9a1621733cc02506f74702
Certificate serial:       019B791149E4CF015E9A1D5445EA9FB1CFEE
Authority key identifier: 2B:C8:69:57:72:F0:E6:4F:3B:9A:16:21:73:3C:C0:25:06:F7:47:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K8hpV3Lw5k87mhYhczzAJQb3RwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/cbfa9b-0291-48e3-805c-43d66a0331ec/1/66eo3bJdi9RGbEdDXS4tD5cqq_o.roa
Signing time:             Thu 01 Jan 2026 10:18:54 +0000
ROA not before:           Thu 01 Jan 2026 10:18:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202987
IP address blocks:        91.188.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/cbfa9b-0291-48e3-805c-43d66a0331ec/1/K8hpV3Lw5k87mhYhczzAJQb3RwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/cbfa9b-0291-48e3-805c-43d66a0331ec/1/K8hpV3Lw5k87mhYhczzAJQb3RwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K8hpV3Lw5k87mhYhczzAJQb3RwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:11:49:e4:cf:01:5e:9a:1d:54:45:ea:9f:b1:cf:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2bc8695772f0e64f3b9a1621733cc02506f74702
        Validity
            Not Before: Jan  1 10:18:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=eba7a8ddb25d8bd4466c47435d2e2d0f972aabfa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:d2:d0:8a:92:71:95:1c:2c:b0:cc:01:f8:35:
                    f1:86:a8:b0:98:68:13:b7:23:39:cd:6b:7a:19:06:
                    01:ba:7f:81:d2:26:e7:76:bf:7e:2c:0d:75:09:6d:
                    6a:fd:e4:05:e1:65:82:23:9d:8d:56:a8:0e:34:cd:
                    ac:10:b9:ec:2f:3d:e0:e1:fc:c7:54:6d:05:e7:fc:
                    61:5a:7d:6c:bd:3f:4d:d4:5d:78:0c:94:3d:b2:0f:
                    4e:ad:db:85:a7:3a:dd:02:57:a1:af:3b:52:dc:78:
                    a8:1d:19:e0:a8:1d:01:bd:d4:e3:3d:44:8e:12:37:
                    c2:e1:22:8a:e3:ce:57:7a:8c:0d:11:52:f3:b7:45:
                    80:8d:5c:db:7d:89:ed:4e:a8:54:13:db:a4:84:89:
                    73:40:e8:98:d1:43:b5:ed:3f:6a:d9:79:87:1d:f2:
                    6c:c5:ae:d7:12:8e:29:de:ba:71:a0:1a:24:77:8e:
                    b2:5a:73:88:9e:53:44:49:db:09:7e:1b:dd:d0:6d:
                    9e:24:99:d3:4e:4d:32:47:40:de:ce:61:f3:47:62:
                    4e:8d:41:05:70:5a:a1:fc:9d:07:85:cc:6e:b8:e9:
                    e3:0c:6d:ec:6f:1e:9a:b7:96:3f:f0:3c:e3:59:1b:
                    a2:5e:e9:fa:1d:ab:9c:49:38:ae:6c:1b:64:e1:ef:
                    7e:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:A7:A8:DD:B2:5D:8B:D4:46:6C:47:43:5D:2E:2D:0F:97:2A:AB:FA
            X509v3 Authority Key Identifier:
                keyid:2B:C8:69:57:72:F0:E6:4F:3B:9A:16:21:73:3C:C0:25:06:F7:47:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K8hpV3Lw5k87mhYhczzAJQb3RwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/cbfa9b-0291-48e3-805c-43d66a0331ec/1/66eo3bJdi9RGbEdDXS4tD5cqq_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/cbfa9b-0291-48e3-805c-43d66a0331ec/1/K8hpV3Lw5k87mhYhczzAJQb3RwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.188.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:1e:83:be:64:70:cd:93:b9:70:e5:c6:e9:be:b5:d4:9f:a7:
         76:a9:49:54:27:9b:97:36:9d:31:5a:80:bb:4d:d0:82:99:b8:
         de:89:5f:91:71:53:54:fc:2d:c2:85:05:02:a1:5e:05:ce:37:
         83:1a:69:4f:61:e1:8e:9f:65:ff:aa:49:ac:4e:b4:a3:64:fd:
         b8:62:51:bd:fe:85:ed:22:08:5b:80:a8:da:4c:68:94:24:8c:
         d1:26:b3:8c:b1:98:5e:73:f5:47:d0:6a:80:36:87:7a:ea:6d:
         0f:3c:3e:51:2b:e8:97:71:e2:d2:61:bb:d4:ad:9c:0c:80:0c:
         b4:b6:5c:bf:8e:e0:5b:20:65:6a:df:f1:fc:f3:60:5c:fc:3f:
         75:d7:91:79:69:32:4b:fe:bd:3f:7d:f2:a7:83:9c:2a:f8:be:
         ef:6f:f4:80:c8:8c:b5:35:85:ef:ad:a0:70:73:a4:1c:ec:bb:
         e6:c7:b4:0c:22:a5:5a:4e:8a:51:69:57:ff:e0:27:10:ef:ff:
         60:36:57:b1:fe:61:7d:49:6f:c0:4e:ce:b1:bb:21:ac:6e:82:
         59:9e:06:67:f6:7d:ff:8c:64:ff:47:46:37:a5:bc:35:90:8d:
         31:7b:9a:29:7e:93:2c:cb:0a:07:2b:e7:b4:ba:05:e8:b8:2f:
         dc:7e:87:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EUnkzwFemh1UReqfsc/uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiYzg2OTU3NzJmMGU2NGYzYjlhMTYyMTczM2NjMDI1MDZm
NzQ3MDIwHhcNMjYwMTAxMTAxODU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmE3YThkZGIyNWQ4YmQ0NDY2YzQ3NDM1ZDJlMmQwZjk3MmFhYmZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1dLQipJxlRwssMwB+DXxhqiwmGgT
tyM5zWt6GQYBun+B0ibndr9+LA11CW1q/eQF4WWCI52NVqgONM2sELnsLz3g4fzH
VG0F5/xhWn1svT9N1F14DJQ9sg9OrduFpzrdAlehrztS3HioHRngqB0BvdTjPUSO
EjfC4SKK485XeowNEVLzt0WAjVzbfYntTqhUE9ukhIlzQOiY0UO17T9q2XmHHfJs
xa7XEo4p3rpxoBokd46yWnOInlNESdsJfhvd0G2eJJnTTk0yR0DezmHzR2JOjUEF
cFqh/J0HhcxuuOnjDG3sbx6at5Y/8DzjWRuiXun6HaucSTiubBtk4e9+1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOunqN2yXYvURmxHQ10uLQ+XKqv6MB8GA1UdIwQY
MBaAFCvIaVdy8OZPO5oWIXM8wCUG90cCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzhocFYzTHc1azg3bWhZaGN6ekFKUWIzUndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS9jYmZhOWItMDI5MS00OGUzLTgwNWMt
NDNkNjZhMDMzMWVjLzEvNjZlbzNiSmRpOVJHYkVkRFhTNHRENWNxcV9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS9jYmZhOWItMDI5MS00OGUzLTgwNWMtNDNkNjZhMDMzMWVj
LzEvSzhocFYzTHc1azg3bWhZaGN6ekFKUWIzUndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW7zRMA0G
CSqGSIb3DQEBCwUAA4IBAQA4HoO+ZHDNk7lw5cbpvrXUn6d2qUlUJ5uXNp0xWoC7
TdCCmbjeiV+RcVNU/C3ChQUCoV4FzjeDGmlPYeGOn2X/qkmsTrSjZP24YlG9/oXt
IghbgKjaTGiUJIzRJrOMsZhec/VH0GqANod66m0PPD5RK+iXceLSYbvUrZwMgAy0
tly/juBbIGVq3/H882Bc/D9115F5aTJL/r0/ffKng5wq+L7vb/SAyIy1NYXvraBw
c6Qc7Lvmx7QMIqVaTopRaVf/4CcQ7/9gNlex/mF9SW/ATs6xuyGsboJZngZn9n3/
jGT/R0Y3pbw1kI0xe5opfpMsywoHK+e0ugXouC/cfodt
-----END CERTIFICATE-----