This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/3b1544-4b50-4684-ab75-fce214c6ffda/1/IYhXGcvuReRwLkKFqkHfMT0xdMQ.roa
File:                     IYhXGcvuReRwLkKFqkHfMT0xdMQ.roa (raw, json)
Hash identifier:          P65YHmORj/Qbi7gb1HICB61t5DJTFwQfC/ueE2C3wHQ=
Subject key identifier:   21:88:57:19:CB:EE:45:E4:70:2E:42:85:AA:41:DF:31:3D:31:74:C4
Certificate issuer:       /CN=f2e160f0ce5e035af3cb21f4dfd04eab9ea7ee51
Certificate serial:       019BE0A0C367D29EDE629DA50E782898C2BC
Authority key identifier: F2:E1:60:F0:CE:5E:03:5A:F3:CB:21:F4:DF:D0:4E:AB:9E:A7:EE:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8uFg8M5eA1rzyyH039BOq56n7lE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/3b1544-4b50-4684-ab75-fce214c6ffda/1/IYhXGcvuReRwLkKFqkHfMT0xdMQ.roa
Signing time:             Wed 21 Jan 2026 12:56:30 +0000
ROA not before:           Wed 21 Jan 2026 12:56:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56340
IP address blocks:        77.91.104.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/3b1544-4b50-4684-ab75-fce214c6ffda/1/8uFg8M5eA1rzyyH039BOq56n7lE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/3b1544-4b50-4684-ab75-fce214c6ffda/1/8uFg8M5eA1rzyyH039BOq56n7lE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8uFg8M5eA1rzyyH039BOq56n7lE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:e0:a0:c3:67:d2:9e:de:62:9d:a5:0e:78:28:98:c2:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f2e160f0ce5e035af3cb21f4dfd04eab9ea7ee51
        Validity
            Not Before: Jan 21 12:56:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=21885719cbee45e4702e4285aa41df313d3174c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:13:31:aa:f7:e9:31:79:c2:c6:4a:7a:65:8d:
                    98:3a:f3:74:e5:cb:8c:08:c1:3e:dd:2b:f2:8c:00:
                    80:2b:2c:4f:db:78:2a:3e:b2:9c:ae:68:12:b7:ee:
                    2f:f6:7d:98:58:95:3d:7f:88:77:a3:c5:e2:4c:ab:
                    fb:55:39:65:41:3d:51:ec:84:12:2b:7e:1e:2f:fc:
                    29:03:c8:dd:c9:6f:77:7c:33:1e:38:6a:16:d0:b3:
                    dd:45:d0:6b:a8:1f:76:71:a9:b6:dd:84:59:88:97:
                    0c:2e:c7:18:55:3a:e9:65:3e:0c:dc:05:75:5f:c5:
                    b8:b9:33:de:91:b2:82:c5:f4:73:5f:d7:39:6a:c4:
                    f1:fe:cd:83:1c:7a:00:f0:1b:5e:57:29:27:9f:3d:
                    17:86:40:72:4b:1c:71:62:9c:cc:3b:f9:b8:c5:84:
                    12:fe:14:54:b6:0c:03:03:48:e9:a3:18:1d:05:1c:
                    a4:df:87:35:72:10:1d:f5:c5:c4:da:71:73:d6:b1:
                    14:10:d1:49:a1:95:56:12:ee:9d:49:55:71:fe:cf:
                    90:a0:63:ba:be:55:2c:2b:af:ee:55:ab:3d:fe:1e:
                    af:e5:26:78:87:c9:5e:a1:81:23:2e:bd:92:73:8c:
                    5f:cc:19:e0:6c:1b:79:76:3b:96:14:8c:82:7f:ae:
                    c3:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:88:57:19:CB:EE:45:E4:70:2E:42:85:AA:41:DF:31:3D:31:74:C4
            X509v3 Authority Key Identifier:
                keyid:F2:E1:60:F0:CE:5E:03:5A:F3:CB:21:F4:DF:D0:4E:AB:9E:A7:EE:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8uFg8M5eA1rzyyH039BOq56n7lE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/3b1544-4b50-4684-ab75-fce214c6ffda/1/IYhXGcvuReRwLkKFqkHfMT0xdMQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/3b1544-4b50-4684-ab75-fce214c6ffda/1/8uFg8M5eA1rzyyH039BOq56n7lE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.104.0/21

    Signature Algorithm: sha256WithRSAEncryption
         c8:ab:94:3c:b9:a0:fe:af:db:9f:f0:66:43:9c:c6:77:7b:38:
         8e:a1:1b:39:29:fd:7d:ee:2d:92:e4:12:69:6d:6c:5b:f0:68:
         61:af:34:ca:8b:75:b8:ef:6d:4e:58:3c:66:bb:75:89:b3:e8:
         34:26:c1:b4:56:22:66:a6:60:1b:3a:d3:e0:f4:67:58:4e:4a:
         6a:8d:75:d4:52:e3:90:1e:02:29:34:6d:fa:a4:c2:d6:09:5a:
         c5:ed:a8:2d:1a:12:ad:fc:0b:c3:0d:eb:01:49:77:98:20:dd:
         33:7e:c7:cc:1d:93:d5:d8:7b:26:47:de:f5:c3:54:b2:90:c9:
         c9:71:91:c5:11:8d:06:9c:ca:86:fa:d8:b2:97:fc:50:75:c8:
         41:03:24:5d:3d:72:56:65:58:38:5d:8d:35:63:62:e4:4d:06:
         67:e1:ea:da:01:eb:34:20:f8:b6:d1:99:b2:e8:d9:3c:a3:6e:
         fe:27:3f:c8:2a:39:d2:9f:f0:ca:62:6c:2b:6e:6f:cd:82:ff:
         3d:fb:4e:ad:0c:41:83:10:43:fa:f7:4f:72:d0:3b:b2:01:90:
         a5:b3:23:80:89:32:53:c4:1c:de:4b:ea:63:b3:c3:e0:78:d4:
         52:09:ac:ee:d3:ab:8d:d4:cf:52:0b:1d:83:fb:b3:21:ec:97:
         54:ce:3c:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZvgoMNn0p7eYp2lDngomMK8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyZTE2MGYwY2U1ZTAzNWFmM2NiMjFmNGRmZDA0ZWFiOWVh
N2VlNTEwHhcNMjYwMTIxMTI1NjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTg4NTcxOWNiZWU0NWU0NzAyZTQyODVhYTQxZGYzMTNkMzE3NGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1RMxqvfpMXnCxkp6ZY2YOvN05cuM
CME+3SvyjACAKyxP23gqPrKcrmgSt+4v9n2YWJU9f4h3o8XiTKv7VTllQT1R7IQS
K34eL/wpA8jdyW93fDMeOGoW0LPdRdBrqB92cam23YRZiJcMLscYVTrpZT4M3AV1
X8W4uTPekbKCxfRzX9c5asTx/s2DHHoA8BteVyknnz0XhkBySxxxYpzMO/m4xYQS
/hRUtgwDA0jpoxgdBRyk34c1chAd9cXE2nFz1rEUENFJoZVWEu6dSVVx/s+QoGO6
vlUsK6/uVas9/h6v5SZ4h8leoYEjLr2Sc4xfzBngbBt5djuWFIyCf67DcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCGIVxnL7kXkcC5ChapB3zE9MXTEMB8GA1UdIwQY
MBaAFPLhYPDOXgNa88sh9N/QTquep+5RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHVGZzhNNWVBMXJ6eXlIMDM5Qk9xNTZuN2xFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS8zYjE1NDQtNGI1MC00Njg0LWFiNzUt
ZmNlMjE0YzZmZmRhLzEvSVloWEdjdnVSZVJ3TGtLRnFrSGZNVDB4ZE1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS8zYjE1NDQtNGI1MC00Njg0LWFiNzUtZmNlMjE0YzZmZmRh
LzEvOHVGZzhNNWVBMXJ6eXlIMDM5Qk9xNTZuN2xFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDTVtoMA0G
CSqGSIb3DQEBCwUAA4IBAQDIq5Q8uaD+r9uf8GZDnMZ3eziOoRs5Kf197i2S5BJp
bWxb8GhhrzTKi3W4721OWDxmu3WJs+g0JsG0ViJmpmAbOtPg9GdYTkpqjXXUUuOQ
HgIpNG36pMLWCVrF7agtGhKt/AvDDesBSXeYIN0zfsfMHZPV2HsmR971w1SykMnJ
cZHFEY0GnMqG+tiyl/xQdchBAyRdPXJWZVg4XY01Y2LkTQZn4eraAes0IPi20Zmy
6Nk8o27+Jz/IKjnSn/DKYmwrbm/Ngv89+06tDEGDEEP6909y0DuyAZClsyOAiTJT
xBzeS+pjs8PgeNRSCazu06uN1M9SCx2D+7Mh7JdUzjxK
-----END CERTIFICATE-----