This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/8efd8b-e516-4c49-92cb-89296ccb35f5/1/AHrBc9IiI5rzT7NjkubAdT8SUZY.roa
File:                     AHrBc9IiI5rzT7NjkubAdT8SUZY.roa (raw, json)
Hash identifier:          sAnmMyrh/QNIQf8VgWnCRno2TJ9xZybX3KXlbr+CHB4=
Subject key identifier:   00:7A:C1:73:D2:22:23:9A:F3:4F:B3:63:92:E6:C0:75:3F:12:51:96
Certificate issuer:       /CN=4d0ade54c27e6fcddace262c4fdf790f320fed9c
Certificate serial:       019B7DC958D1DFA43DF452A13FABE5933C95
Authority key identifier: 4D:0A:DE:54:C2:7E:6F:CD:DA:CE:26:2C:4F:DF:79:0F:32:0F:ED:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TQreVMJ-b83aziYsT995DzIP7Zw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/8efd8b-e516-4c49-92cb-89296ccb35f5/1/AHrBc9IiI5rzT7NjkubAdT8SUZY.roa
Signing time:             Fri 02 Jan 2026 08:18:26 +0000
ROA not before:           Fri 02 Jan 2026 08:18:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61262
IP address blocks:        91.223.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/8efd8b-e516-4c49-92cb-89296ccb35f5/1/TQreVMJ-b83aziYsT995DzIP7Zw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/8efd8b-e516-4c49-92cb-89296ccb35f5/1/TQreVMJ-b83aziYsT995DzIP7Zw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TQreVMJ-b83aziYsT995DzIP7Zw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:c9:58:d1:df:a4:3d:f4:52:a1:3f:ab:e5:93:3c:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d0ade54c27e6fcddace262c4fdf790f320fed9c
        Validity
            Not Before: Jan  2 08:18:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=007ac173d222239af34fb36392e6c0753f125196
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:24:89:29:c2:fa:a0:29:d2:d2:e0:5f:db:76:
                    ef:3e:bd:46:d6:ee:d3:58:04:6f:11:03:91:9a:2e:
                    f7:8b:30:66:0a:d9:65:58:ce:56:5a:a9:c9:22:9e:
                    01:5b:68:cb:b3:68:f3:6f:c2:47:18:4d:a6:1d:31:
                    0b:50:70:8c:97:35:0c:5f:cc:39:42:86:4d:9f:7a:
                    30:36:2b:18:44:b0:9c:58:9a:df:f9:20:a6:b9:0d:
                    fd:44:6c:03:0c:4c:30:ab:9b:7e:29:62:ce:93:43:
                    39:2c:2d:e0:7b:02:a2:e4:12:9e:2f:a3:d5:64:6b:
                    61:2e:4d:35:0d:a4:a5:de:5f:92:73:3b:4f:67:63:
                    20:96:40:75:16:d9:c1:38:81:f9:4f:50:8b:06:48:
                    32:7d:80:25:62:0d:3a:58:af:f8:f6:b6:10:6d:ea:
                    ef:a1:a1:91:ef:92:44:cf:f1:e3:d2:e3:0a:68:02:
                    75:05:43:26:b8:20:4d:ef:30:c8:cf:9d:08:64:55:
                    7d:56:f8:c4:ab:b5:c1:6e:53:20:1a:b3:48:f7:2f:
                    d1:93:d9:bb:90:63:5f:bb:3a:32:7c:a5:76:bb:77:
                    70:1d:2c:b6:68:49:db:73:98:a7:09:7f:53:8a:71:
                    13:d6:d6:a1:2c:47:b5:90:b4:a0:5e:85:da:03:e2:
                    2a:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:7A:C1:73:D2:22:23:9A:F3:4F:B3:63:92:E6:C0:75:3F:12:51:96
            X509v3 Authority Key Identifier:
                keyid:4D:0A:DE:54:C2:7E:6F:CD:DA:CE:26:2C:4F:DF:79:0F:32:0F:ED:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TQreVMJ-b83aziYsT995DzIP7Zw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/8efd8b-e516-4c49-92cb-89296ccb35f5/1/AHrBc9IiI5rzT7NjkubAdT8SUZY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/8efd8b-e516-4c49-92cb-89296ccb35f5/1/TQreVMJ-b83aziYsT995DzIP7Zw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:7a:0f:46:c4:32:72:a8:0e:08:82:c5:07:83:f0:ae:e2:0a:
         38:0e:dc:6d:fc:3c:3d:e8:2c:18:cf:df:27:46:0f:21:95:7b:
         8e:53:e4:d7:d5:61:60:c3:9d:64:d8:8c:f0:99:15:1c:a3:e7:
         14:84:14:cf:ca:3d:d6:ae:aa:81:ab:28:db:25:cb:70:0c:a6:
         c8:ba:50:c7:23:a3:c9:be:9a:8e:67:97:93:d6:32:2b:98:41:
         4f:74:92:8f:4a:99:39:c3:e2:b7:cf:dd:ed:8d:99:7b:32:3d:
         02:38:29:bb:f3:e6:51:6d:8e:51:44:29:2c:32:89:18:a2:ca:
         3c:3c:22:a6:34:c2:0f:46:03:3b:02:1a:15:ea:b9:04:a6:50:
         69:32:b9:f6:9c:e7:7c:9a:37:cf:61:3d:06:b7:9f:c5:13:8a:
         16:e2:1b:4f:b8:47:4c:b7:36:ec:16:11:0a:1d:11:64:67:aa:
         61:5b:ef:30:6a:92:50:e5:20:a1:53:f1:49:66:fb:4e:55:f1:
         cf:96:0b:71:dc:a9:26:1a:96:93:56:86:40:88:74:8c:fe:b2:
         54:bb:18:49:c8:ff:37:7a:08:0c:f1:70:1b:92:da:30:8b:18:
         a9:86:79:e2:b4:4e:02:48:88:05:29:bb:81:42:9d:02:2d:45:
         56:ab:08:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yVjR36Q99FKhP6vlkzyVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkMGFkZTU0YzI3ZTZmY2RkYWNlMjYyYzRmZGY3OTBmMzIw
ZmVkOWMwHhcNMjYwMTAyMDgxODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDdhYzE3M2QyMjIyMzlhZjM0ZmIzNjM5MmU2YzA3NTNmMTI1MTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5CSJKcL6oCnS0uBf23bvPr1G1u7T
WARvEQORmi73izBmCtllWM5WWqnJIp4BW2jLs2jzb8JHGE2mHTELUHCMlzUMX8w5
QoZNn3owNisYRLCcWJrf+SCmuQ39RGwDDEwwq5t+KWLOk0M5LC3gewKi5BKeL6PV
ZGthLk01DaSl3l+ScztPZ2MglkB1FtnBOIH5T1CLBkgyfYAlYg06WK/49rYQberv
oaGR75JEz/Hj0uMKaAJ1BUMmuCBN7zDIz50IZFV9VvjEq7XBblMgGrNI9y/Rk9m7
kGNfuzoyfKV2u3dwHSy2aEnbc5inCX9TinET1tahLEe1kLSgXoXaA+IqoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAB6wXPSIiOa80+zY5LmwHU/ElGWMB8GA1UdIwQY
MBaAFE0K3lTCfm/N2s4mLE/feQ8yD+2cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFFyZVZNSi1iODNhemlZc1Q5OTVEeklQN1p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC84ZWZkOGItZTUxNi00YzQ5LTkyY2It
ODkyOTZjY2IzNWY1LzEvQUhyQmM5SWlJNXJ6VDdOamt1YkFkVDhTVVpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC84ZWZkOGItZTUxNi00YzQ5LTkyY2ItODkyOTZjY2IzNWY1
LzEvVFFyZVZNSi1iODNhemlZc1Q5OTVEeklQN1p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW99kMA0G
CSqGSIb3DQEBCwUAA4IBAQAWeg9GxDJyqA4IgsUHg/Cu4go4Dtxt/Dw96CwYz98n
Rg8hlXuOU+TX1WFgw51k2IzwmRUco+cUhBTPyj3WrqqBqyjbJctwDKbIulDHI6PJ
vpqOZ5eT1jIrmEFPdJKPSpk5w+K3z93tjZl7Mj0COCm78+ZRbY5RRCksMokYoso8
PCKmNMIPRgM7AhoV6rkEplBpMrn2nOd8mjfPYT0Gt5/FE4oW4htPuEdMtzbsFhEK
HRFkZ6phW+8wapJQ5SChU/FJZvtOVfHPlgtx3KkmGpaTVoZAiHSM/rJUuxhJyP83
eggM8XAbktowixiphnnitE4CSIgFKbuBQp0CLUVWqwhP
-----END CERTIFICATE-----