This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/b75b92-f1c7-4b56-9a9f-9a2f796c9477/1/yAy7dhfnf5ztz8zG2y2BYT0K2Nc.roa
File:                     yAy7dhfnf5ztz8zG2y2BYT0K2Nc.roa (raw, json)
Hash identifier:          Yhi2sxhWb+ZdylE1qzvoU8mFvZlrRwD3FR8dKXylg+g=
Subject key identifier:   C8:0C:BB:76:17:E7:7F:9C:ED:CF:CC:C6:DB:2D:81:61:3D:0A:D8:D7
Certificate issuer:       /CN=88d5c80b358732cf1eceecf2f5bdc8ab3dc181ae
Certificate serial:       019B79ED183BFA8B73CAE8B7230CC6200FA3
Authority key identifier: 88:D5:C8:0B:35:87:32:CF:1E:CE:EC:F2:F5:BD:C8:AB:3D:C1:81:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iNXICzWHMs8ezuzy9b3Iqz3Bga4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/b75b92-f1c7-4b56-9a9f-9a2f796c9477/1/yAy7dhfnf5ztz8zG2y2BYT0K2Nc.roa
Signing time:             Thu 01 Jan 2026 14:18:59 +0000
ROA not before:           Thu 01 Jan 2026 14:18:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3330
IP address blocks:        91.208.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/b75b92-f1c7-4b56-9a9f-9a2f796c9477/1/iNXICzWHMs8ezuzy9b3Iqz3Bga4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/b75b92-f1c7-4b56-9a9f-9a2f796c9477/1/iNXICzWHMs8ezuzy9b3Iqz3Bga4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iNXICzWHMs8ezuzy9b3Iqz3Bga4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 17:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:18:3b:fa:8b:73:ca:e8:b7:23:0c:c6:20:0f:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88d5c80b358732cf1eceecf2f5bdc8ab3dc181ae
        Validity
            Not Before: Jan  1 14:18:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c80cbb7617e77f9cedcfccc6db2d81613d0ad8d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:2f:e6:e9:92:79:d0:83:dc:aa:b0:e2:15:ed:
                    c6:7b:b7:54:8d:75:59:23:4e:8c:3e:b8:f5:2b:bf:
                    c1:47:76:dc:49:5a:bb:6c:49:33:85:7b:ca:55:3a:
                    bc:fb:d4:9c:26:c9:ac:8e:b9:a1:3a:47:b4:d5:90:
                    98:03:97:2b:f9:bd:c9:47:c7:4c:81:4f:2c:ba:05:
                    2a:3e:a9:5c:49:76:8f:7e:07:79:6f:d7:c0:0e:db:
                    74:a4:17:a7:f5:d8:71:a5:78:31:8a:6f:f3:c1:03:
                    b9:39:e6:a6:0e:09:8d:74:e3:1b:8d:7d:52:ec:2c:
                    e6:c0:f4:da:b4:26:d9:b4:36:02:11:53:0f:43:49:
                    d2:c4:41:9f:52:03:84:18:51:d0:dc:3b:2c:e0:0d:
                    55:b7:49:41:c9:3c:85:19:e8:76:e5:f9:5f:12:39:
                    d1:58:be:b1:52:eb:4a:6c:8d:00:07:3a:bb:ff:47:
                    4f:4e:7f:e7:bb:bd:53:84:9c:3e:7a:67:2f:f3:78:
                    97:16:ea:11:97:35:30:6c:9a:6c:e3:30:1c:9d:07:
                    00:56:e1:b5:26:68:f2:21:30:4e:34:75:d0:39:70:
                    89:88:ec:39:2e:53:dc:3f:c3:38:44:c9:ab:56:66:
                    cf:c9:f9:6a:a7:f5:c4:f9:26:96:35:b8:05:64:2a:
                    de:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:0C:BB:76:17:E7:7F:9C:ED:CF:CC:C6:DB:2D:81:61:3D:0A:D8:D7
            X509v3 Authority Key Identifier:
                keyid:88:D5:C8:0B:35:87:32:CF:1E:CE:EC:F2:F5:BD:C8:AB:3D:C1:81:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iNXICzWHMs8ezuzy9b3Iqz3Bga4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/b75b92-f1c7-4b56-9a9f-9a2f796c9477/1/yAy7dhfnf5ztz8zG2y2BYT0K2Nc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/b75b92-f1c7-4b56-9a9f-9a2f796c9477/1/iNXICzWHMs8ezuzy9b3Iqz3Bga4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:e3:1f:5e:06:cf:9c:fa:43:66:74:33:02:be:62:dd:1f:0d:
         ab:19:f2:e8:f0:15:91:c2:e0:a9:65:5c:5a:9d:ed:38:9a:b4:
         7e:6e:e3:29:52:ad:9f:4f:f8:bc:2d:1a:f5:ce:e5:35:d1:bc:
         90:04:4d:68:f8:c5:99:87:7c:8e:92:98:7a:65:56:20:83:8a:
         7a:6e:59:e5:15:51:71:df:ef:52:4d:57:a8:8e:ba:87:88:16:
         96:fb:6f:2e:a5:67:8c:2f:90:66:7b:ed:bd:4c:d6:37:5d:7e:
         4e:0e:9e:b9:89:8f:01:05:56:99:31:66:ce:b0:f1:11:df:42:
         78:c2:ef:e0:b1:fc:4a:b0:a5:d2:ab:13:42:67:8c:b1:a1:f6:
         b2:25:90:bf:95:7a:bc:28:f7:c5:9c:d4:4d:dc:3a:66:4f:e1:
         3c:38:29:67:ae:72:94:c2:34:f4:cc:21:e6:32:14:c4:2f:ec:
         fd:50:22:56:15:c3:bf:e8:75:88:af:c7:17:4e:89:19:e9:9a:
         34:c0:d7:a4:62:da:75:28:56:48:f8:6f:bb:34:f3:84:dd:ba:
         cf:9f:5a:ae:31:9c:93:ae:96:6b:bc:cd:22:ec:19:87:a5:31:
         16:37:bc:3b:c8:ee:80:f3:41:8a:2c:12:d0:af:25:42:44:68:
         08:26:3d:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57Rg7+otzyui3IwzGIA+jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4ZDVjODBiMzU4NzMyY2YxZWNlZWNmMmY1YmRjOGFiM2Rj
MTgxYWUwHhcNMjYwMTAxMTQxODU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODBjYmI3NjE3ZTc3ZjljZWRjZmNjYzZkYjJkODE2MTNkMGFkOGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAly/m6ZJ50IPcqrDiFe3Ge7dUjXVZ
I06MPrj1K7/BR3bcSVq7bEkzhXvKVTq8+9ScJsmsjrmhOke01ZCYA5cr+b3JR8dM
gU8sugUqPqlcSXaPfgd5b9fADtt0pBen9dhxpXgxim/zwQO5OeamDgmNdOMbjX1S
7CzmwPTatCbZtDYCEVMPQ0nSxEGfUgOEGFHQ3Dss4A1Vt0lByTyFGeh25flfEjnR
WL6xUutKbI0ABzq7/0dPTn/nu71ThJw+emcv83iXFuoRlzUwbJps4zAcnQcAVuG1
JmjyITBONHXQOXCJiOw5LlPcP8M4RMmrVmbPyflqp/XE+SaWNbgFZCreKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMgMu3YX53+c7c/MxtstgWE9CtjXMB8GA1UdIwQY
MBaAFIjVyAs1hzLPHs7s8vW9yKs9wYGuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaU5YSUN6V0hNczhlenV6eTliM0lxejNCZ2E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC9iNzViOTItZjFjNy00YjU2LTlhOWYt
OWEyZjc5NmM5NDc3LzEveUF5N2RoZm5mNXp0ejh6RzJ5MkJZVDBLMk5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC9iNzViOTItZjFjNy00YjU2LTlhOWYtOWEyZjc5NmM5NDc3
LzEvaU5YSUN6V0hNczhlenV6eTliM0lxejNCZ2E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9BQMA0G
CSqGSIb3DQEBCwUAA4IBAQBM4x9eBs+c+kNmdDMCvmLdHw2rGfLo8BWRwuCpZVxa
ne04mrR+buMpUq2fT/i8LRr1zuU10byQBE1o+MWZh3yOkph6ZVYgg4p6blnlFVFx
3+9STVeojrqHiBaW+28upWeML5Bme+29TNY3XX5ODp65iY8BBVaZMWbOsPER30J4
wu/gsfxKsKXSqxNCZ4yxofayJZC/lXq8KPfFnNRN3DpmT+E8OClnrnKUwjT0zCHm
MhTEL+z9UCJWFcO/6HWIr8cXTokZ6Zo0wNekYtp1KFZI+G+7NPOE3brPn1quMZyT
rpZrvM0i7BmHpTEWN7w7yO6A80GKLBLQryVCRGgIJj3t
-----END CERTIFICATE-----