This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/e17644-93d4-4457-8e5e-9675068857f1/1/24Zrc9Sa3mkmhxXcYmY4uXfmiNI.roa
File:                     24Zrc9Sa3mkmhxXcYmY4uXfmiNI.roa (raw, json)
Hash identifier:          IiS3/lG9LXcsfTMiNGJvn3bbUJtOXlgdK2CgKQGbOYU=
Subject key identifier:   DB:86:6B:73:D4:9A:DE:69:26:87:15:DC:62:66:38:B9:77:E6:88:D2
Certificate issuer:       /CN=c22d553b28c5d0ea5b1ef60c9bce33df50bcb493
Certificate serial:       019B797EE56E6EA9D2AA2E170103B9042FB8
Authority key identifier: C2:2D:55:3B:28:C5:D0:EA:5B:1E:F6:0C:9B:CE:33:DF:50:BC:B4:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wi1VOyjF0OpbHvYMm84z31C8tJM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/e17644-93d4-4457-8e5e-9675068857f1/1/24Zrc9Sa3mkmhxXcYmY4uXfmiNI.roa
Signing time:             Thu 01 Jan 2026 12:18:37 +0000
ROA not before:           Thu 01 Jan 2026 12:18:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48367
IP address blocks:        91.210.220.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/e17644-93d4-4457-8e5e-9675068857f1/1/wi1VOyjF0OpbHvYMm84z31C8tJM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/e17644-93d4-4457-8e5e-9675068857f1/1/wi1VOyjF0OpbHvYMm84z31C8tJM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wi1VOyjF0OpbHvYMm84z31C8tJM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 21:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:e5:6e:6e:a9:d2:aa:2e:17:01:03:b9:04:2f:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c22d553b28c5d0ea5b1ef60c9bce33df50bcb493
        Validity
            Not Before: Jan  1 12:18:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=db866b73d49ade69268715dc626638b977e688d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:1f:c7:3f:bb:0f:3b:43:53:79:00:e6:4a:3c:
                    db:e3:80:20:88:97:04:fb:e0:46:d0:dc:b3:a6:8e:
                    35:03:d2:fd:2e:b5:d2:cd:e6:a5:a4:9c:51:a5:23:
                    ff:c8:c8:af:20:89:e9:9e:75:8d:e1:8c:f8:db:e6:
                    39:db:f6:a8:6d:18:55:5e:87:bb:0c:f1:11:38:8b:
                    c1:9d:92:a2:38:93:b9:e9:b5:34:11:2d:e6:ff:00:
                    7f:e9:c7:89:c5:3b:68:49:8e:df:63:35:33:2a:c1:
                    83:fb:79:01:a9:92:73:e6:c2:fe:91:de:f8:7f:c5:
                    e3:04:54:fb:14:a5:23:1f:60:6a:0d:2a:97:42:dc:
                    82:f5:bd:c9:c8:04:8e:46:70:32:6a:fa:a2:1a:4e:
                    b5:82:c7:12:d1:49:ab:86:6f:58:f5:51:3e:30:dc:
                    ce:30:3b:bd:6f:76:92:82:75:7f:5d:71:46:d7:13:
                    2e:e9:a3:a2:2a:bc:cc:31:72:24:8b:22:5b:0d:a7:
                    ab:d1:bb:e0:c8:84:fe:8b:74:41:50:fb:63:a4:2b:
                    3c:80:f7:71:54:fa:0c:8e:1a:36:53:f5:c7:e2:0c:
                    46:7c:ed:79:bb:81:10:bd:65:46:db:e7:7d:aa:f5:
                    39:fa:4e:5c:68:55:fb:5a:e4:0a:3e:fe:41:40:4c:
                    9d:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:86:6B:73:D4:9A:DE:69:26:87:15:DC:62:66:38:B9:77:E6:88:D2
            X509v3 Authority Key Identifier:
                keyid:C2:2D:55:3B:28:C5:D0:EA:5B:1E:F6:0C:9B:CE:33:DF:50:BC:B4:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wi1VOyjF0OpbHvYMm84z31C8tJM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/e17644-93d4-4457-8e5e-9675068857f1/1/24Zrc9Sa3mkmhxXcYmY4uXfmiNI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/e17644-93d4-4457-8e5e-9675068857f1/1/wi1VOyjF0OpbHvYMm84z31C8tJM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.210.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1e:03:22:0a:9e:f9:03:a1:32:4d:b7:88:f9:ed:50:80:03:68:
         9d:df:9f:39:66:e0:09:88:01:34:4e:18:b2:fb:6d:7b:c7:bf:
         0b:2b:f9:9a:65:c5:9c:7a:d1:d9:60:0b:cb:73:fe:a3:c9:b2:
         6e:18:7f:fd:79:30:6f:9f:09:d7:f8:04:93:30:f9:f4:f5:b6:
         df:64:61:5a:72:66:bb:05:57:57:20:bf:c1:6f:e0:e3:78:c2:
         dd:75:16:5f:a9:40:f9:1d:02:1a:f4:d6:1c:e4:64:0b:7a:af:
         66:d9:e6:e9:68:bf:fd:80:e5:ca:0e:10:30:30:61:d5:a8:ee:
         6d:4d:39:dc:e6:40:3c:da:3c:66:c1:ac:81:62:ae:d6:8c:87:
         cd:d8:8a:dd:29:0b:f1:87:84:10:65:51:40:ba:d4:9b:b2:17:
         00:0f:e0:33:7b:ae:3f:5a:f1:34:e2:98:e3:5e:4a:e4:4d:93:
         10:a7:d6:6c:6e:26:2a:74:56:d9:10:f0:a7:8f:90:5a:fe:bc:
         6c:7f:28:f2:66:8f:9e:0a:d0:77:14:9a:b1:87:9c:13:45:24:
         f6:16:ad:06:54:c3:90:cf:89:b6:6c:a5:43:bd:89:78:43:df:
         4c:a2:d5:c1:97:f0:37:b5:a6:ac:04:a7:a8:03:db:78:71:df:
         e4:50:9d:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fuVubqnSqi4XAQO5BC+4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMmQ1NTNiMjhjNWQwZWE1YjFlZjYwYzliY2UzM2RmNTBi
Y2I0OTMwHhcNMjYwMTAxMTIxODM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjg2NmI3M2Q0OWFkZTY5MjY4NzE1ZGM2MjY2MzhiOTc3ZTY4OGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhR/HP7sPO0NTeQDmSjzb44AgiJcE
++BG0Nyzpo41A9L9LrXSzealpJxRpSP/yMivIInpnnWN4Yz42+Y52/aobRhVXoe7
DPEROIvBnZKiOJO56bU0ES3m/wB/6ceJxTtoSY7fYzUzKsGD+3kBqZJz5sL+kd74
f8XjBFT7FKUjH2BqDSqXQtyC9b3JyASORnAyavqiGk61gscS0Umrhm9Y9VE+MNzO
MDu9b3aSgnV/XXFG1xMu6aOiKrzMMXIkiyJbDaer0bvgyIT+i3RBUPtjpCs8gPdx
VPoMjho2U/XH4gxGfO15u4EQvWVG2+d9qvU5+k5caFX7WuQKPv5BQEydRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNuGa3PUmt5pJocV3GJmOLl35ojSMB8GA1UdIwQY
MBaAFMItVTsoxdDqWx72DJvOM99QvLSTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2kxVk95akYwT3BiSHZZTW04NHozMUM4dEpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS9lMTc2NDQtOTNkNC00NDU3LThlNWUt
OTY3NTA2ODg1N2YxLzEvMjRacmM5U2EzbWttaHhYY1ltWTR1WGZtaU5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS9lMTc2NDQtOTNkNC00NDU3LThlNWUtOTY3NTA2ODg1N2Yx
LzEvd2kxVk95akYwT3BiSHZZTW04NHozMUM4dEpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW9LcMA0G
CSqGSIb3DQEBCwUAA4IBAQAeAyIKnvkDoTJNt4j57VCAA2id3585ZuAJiAE0Thiy
+217x78LK/maZcWcetHZYAvLc/6jybJuGH/9eTBvnwnX+ASTMPn09bbfZGFacma7
BVdXIL/Bb+DjeMLddRZfqUD5HQIa9NYc5GQLeq9m2ebpaL/9gOXKDhAwMGHVqO5t
TTnc5kA82jxmwayBYq7WjIfN2IrdKQvxh4QQZVFAutSbshcAD+Aze64/WvE04pjj
XkrkTZMQp9ZsbiYqdFbZEPCnj5Ba/rxsfyjyZo+eCtB3FJqxh5wTRST2Fq0GVMOQ
z4m2bKVDvYl4Q99MotXBl/A3taasBKeoA9t4cd/kUJ1P
-----END CERTIFICATE-----