This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/42f7f8-7407-432d-bbb5-0d339707cb88/1/gJz6RmgOr74ogolKTIbJJ0khIbY.roa
File:                     gJz6RmgOr74ogolKTIbJJ0khIbY.roa (raw, json)
Hash identifier:          nc3zZ0AuWIJRv8B+9l+JRXdB9csW2X29DxKckbvvC9Q=
Subject key identifier:   80:9C:FA:46:68:0E:AF:BE:28:82:89:4A:4C:86:C9:27:49:21:21:B6
Certificate issuer:       /CN=a5097a156aef2f82ff13b3c16aff6f7e16db02c8
Certificate serial:       019B7CEE1B52E7F802B90FE243B3A3084514
Authority key identifier: A5:09:7A:15:6A:EF:2F:82:FF:13:B3:C1:6A:FF:6F:7E:16:DB:02:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pQl6FWrvL4L_E7PBav9vfhbbAsg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/42f7f8-7407-432d-bbb5-0d339707cb88/1/gJz6RmgOr74ogolKTIbJJ0khIbY.roa
Signing time:             Fri 02 Jan 2026 04:18:57 +0000
ROA not before:           Fri 02 Jan 2026 04:18:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35421
IP address blocks:        91.209.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/42f7f8-7407-432d-bbb5-0d339707cb88/1/pQl6FWrvL4L_E7PBav9vfhbbAsg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/42f7f8-7407-432d-bbb5-0d339707cb88/1/pQl6FWrvL4L_E7PBav9vfhbbAsg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pQl6FWrvL4L_E7PBav9vfhbbAsg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 19:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ee:1b:52:e7:f8:02:b9:0f:e2:43:b3:a3:08:45:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5097a156aef2f82ff13b3c16aff6f7e16db02c8
        Validity
            Not Before: Jan  2 04:18:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=809cfa46680eafbe2882894a4c86c927492121b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:90:43:7f:a3:b8:e8:d9:fc:76:93:c7:c0:bb:
                    5e:4b:4a:aa:80:82:37:90:3a:37:4b:16:d9:74:38:
                    17:3b:7f:11:a1:8a:56:b3:b2:0c:1d:b5:a1:bc:d4:
                    20:1d:3f:a4:79:a2:44:88:3a:ef:8a:06:b5:86:02:
                    12:4d:12:6f:c0:a7:62:2a:8c:ee:1c:51:37:9f:8f:
                    91:a5:ba:5b:12:b8:76:64:da:a0:0d:69:8e:53:e6:
                    fa:96:82:c2:a8:2e:aa:c9:fc:87:ad:bc:71:b8:30:
                    ac:94:db:14:57:81:95:49:2b:96:e9:af:d3:65:7c:
                    a3:8b:e3:4b:c6:4e:16:22:2a:1c:61:91:52:93:5f:
                    1d:36:a2:a5:29:7a:fc:fa:2a:ea:de:58:2b:99:7f:
                    8d:18:86:0d:d1:81:71:cf:9e:51:fd:02:58:e1:a2:
                    21:73:b4:94:af:c2:5b:e4:20:d8:dc:11:08:78:d9:
                    b2:38:66:e3:49:86:f3:f1:dd:2a:39:20:4e:74:aa:
                    be:15:6d:e1:b6:e6:45:49:ee:ee:e9:e0:3f:4f:95:
                    54:bb:53:c3:86:d3:4f:bd:e5:51:1d:c9:d1:13:17:
                    ea:72:01:df:4d:42:42:6e:d6:24:24:e2:73:5c:f2:
                    bc:ad:9e:23:66:37:a1:7e:65:99:b4:2a:a9:b6:bb:
                    7d:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:9C:FA:46:68:0E:AF:BE:28:82:89:4A:4C:86:C9:27:49:21:21:B6
            X509v3 Authority Key Identifier:
                keyid:A5:09:7A:15:6A:EF:2F:82:FF:13:B3:C1:6A:FF:6F:7E:16:DB:02:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pQl6FWrvL4L_E7PBav9vfhbbAsg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/42f7f8-7407-432d-bbb5-0d339707cb88/1/gJz6RmgOr74ogolKTIbJJ0khIbY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/42f7f8-7407-432d-bbb5-0d339707cb88/1/pQl6FWrvL4L_E7PBav9vfhbbAsg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:19:e7:7c:2b:20:48:4d:11:c3:18:9f:8a:53:19:aa:f5:be:
         d5:a0:6a:7d:90:4e:9a:65:67:c8:84:28:c7:57:92:8d:a6:02:
         65:bc:c2:69:65:81:a6:d4:67:cf:82:56:90:56:ec:4f:8c:10:
         1c:5c:0b:aa:25:58:52:a8:7c:7f:dc:42:03:c0:c1:57:e0:9b:
         18:32:71:4d:ed:37:4b:b7:8c:4b:d2:e4:22:91:25:18:6f:74:
         a5:2b:95:47:fc:9d:21:47:77:f7:a4:b6:0d:61:c4:3b:59:87:
         fd:a5:58:35:86:cc:15:c6:c7:37:ac:67:6e:be:2b:6d:9c:38:
         21:88:da:97:93:c1:3e:db:24:39:e6:6d:ba:9d:e2:ce:6e:61:
         22:5b:e0:4d:6b:c1:95:31:68:fb:4e:ca:3e:5e:4d:9a:95:5a:
         4f:f3:bc:c4:53:7e:5d:70:d3:9a:bc:2c:52:1b:05:ea:06:bb:
         61:0c:5d:e2:60:2a:8f:8e:28:93:25:11:76:05:0b:d4:06:4f:
         c6:fa:22:46:70:a6:24:03:f1:44:2f:ec:51:ca:a0:96:87:fa:
         40:db:20:41:56:6e:d2:90:d1:9a:d7:cd:3e:04:8a:33:24:09:
         35:4c:5f:02:ac:a0:94:8e:70:ff:dd:93:fc:45:66:2a:b6:8c:
         77:25:cc:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87htS5/gCuQ/iQ7OjCEUUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1MDk3YTE1NmFlZjJmODJmZjEzYjNjMTZhZmY2ZjdlMTZk
YjAyYzgwHhcNMjYwMTAyMDQxODU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDljZmE0NjY4MGVhZmJlMjg4Mjg5NGE0Yzg2YzkyNzQ5MjEyMWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxJBDf6O46Nn8dpPHwLteS0qqgII3
kDo3SxbZdDgXO38RoYpWs7IMHbWhvNQgHT+keaJEiDrviga1hgISTRJvwKdiKozu
HFE3n4+RpbpbErh2ZNqgDWmOU+b6loLCqC6qyfyHrbxxuDCslNsUV4GVSSuW6a/T
ZXyji+NLxk4WIiocYZFSk18dNqKlKXr8+irq3lgrmX+NGIYN0YFxz55R/QJY4aIh
c7SUr8Jb5CDY3BEIeNmyOGbjSYbz8d0qOSBOdKq+FW3htuZFSe7u6eA/T5VUu1PD
htNPveVRHcnRExfqcgHfTUJCbtYkJOJzXPK8rZ4jZjehfmWZtCqptrt9DQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFICc+kZoDq++KIKJSkyGySdJISG2MB8GA1UdIwQY
MBaAFKUJehVq7y+C/xOzwWr/b34W2wLIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFFsNkZXcnZMNExfRTdQQmF2OXZmaGJiQXNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi80MmY3ZjgtNzQwNy00MzJkLWJiYjUt
MGQzMzk3MDdjYjg4LzEvZ0p6NlJtZ09yNzRvZ29sS1RJYkpKMGtoSWJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi80MmY3ZjgtNzQwNy00MzJkLWJiYjUtMGQzMzk3MDdjYjg4
LzEvcFFsNkZXcnZMNExfRTdQQmF2OXZmaGJiQXNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9ENMA0G
CSqGSIb3DQEBCwUAA4IBAQCmGed8KyBITRHDGJ+KUxmq9b7VoGp9kE6aZWfIhCjH
V5KNpgJlvMJpZYGm1GfPglaQVuxPjBAcXAuqJVhSqHx/3EIDwMFX4JsYMnFN7TdL
t4xL0uQikSUYb3SlK5VH/J0hR3f3pLYNYcQ7WYf9pVg1hswVxsc3rGduvittnDgh
iNqXk8E+2yQ55m26neLObmEiW+BNa8GVMWj7Tso+Xk2alVpP87zEU35dcNOavCxS
GwXqBrthDF3iYCqPjiiTJRF2BQvUBk/G+iJGcKYkA/FEL+xRyqCWh/pA2yBBVm7S
kNGa180+BIozJAk1TF8CrKCUjnD/3ZP8RWYqtox3JcxX
-----END CERTIFICATE-----