This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/b993ef-aaa7-400c-8db7-96d304c8db02/1/pSuYpl6WxbthlcwSwOwfJ2eEOEM.roa
File:                     pSuYpl6WxbthlcwSwOwfJ2eEOEM.roa (raw, json)
Hash identifier:          0ZM4/++BdSQLGaayny50tbB3TCayRFezzAq6CjxEPBs=
Subject key identifier:   A5:2B:98:A6:5E:96:C5:BB:61:95:CC:12:C0:EC:1F:27:67:84:38:43
Certificate issuer:       /CN=b8207697d0b7c24199e6dd1282b49b56cef0244f
Certificate serial:       019B7EA55D5F48ABFC32ABCD180DC8555CE6
Authority key identifier: B8:20:76:97:D0:B7:C2:41:99:E6:DD:12:82:B4:9B:56:CE:F0:24:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uCB2l9C3wkGZ5t0SgrSbVs7wJE8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/b993ef-aaa7-400c-8db7-96d304c8db02/1/pSuYpl6WxbthlcwSwOwfJ2eEOEM.roa
Signing time:             Fri 02 Jan 2026 12:18:45 +0000
ROA not before:           Fri 02 Jan 2026 12:18:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51248
IP address blocks:        91.209.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/b993ef-aaa7-400c-8db7-96d304c8db02/1/uCB2l9C3wkGZ5t0SgrSbVs7wJE8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/b993ef-aaa7-400c-8db7-96d304c8db02/1/uCB2l9C3wkGZ5t0SgrSbVs7wJE8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uCB2l9C3wkGZ5t0SgrSbVs7wJE8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 18:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a5:5d:5f:48:ab:fc:32:ab:cd:18:0d:c8:55:5c:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8207697d0b7c24199e6dd1282b49b56cef0244f
        Validity
            Not Before: Jan  2 12:18:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a52b98a65e96c5bb6195cc12c0ec1f2767843843
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:48:11:33:45:55:f7:01:0a:fd:60:54:00:ad:
                    a8:c9:e5:8b:d3:f4:a3:35:e3:13:53:bb:04:e0:2b:
                    46:63:b5:34:26:67:1d:aa:e1:9e:d6:3f:da:c2:e0:
                    38:85:5b:db:82:8a:5b:1b:5d:0c:aa:54:73:c2:0a:
                    58:98:25:b1:a7:60:69:de:01:e2:8d:03:db:26:4d:
                    c2:84:6c:7a:07:69:c4:94:69:64:bd:a9:56:49:bd:
                    66:34:aa:20:bf:c3:bb:3f:43:ba:9d:73:44:2b:29:
                    a0:9d:b2:ba:84:78:09:36:dc:c1:4b:f7:16:f6:3a:
                    19:c6:7f:5c:bf:0d:c2:dd:7b:47:c7:07:9b:c9:3c:
                    9d:f7:7c:8b:bf:48:74:47:7d:e4:90:3d:d4:11:d3:
                    01:f2:da:d2:98:64:d9:ae:1b:b7:58:24:bd:a1:1b:
                    3d:9f:9c:83:18:5f:5f:1f:93:8e:27:71:90:3b:5c:
                    2c:6b:ff:50:b8:e2:76:fd:29:d3:87:2e:cf:d0:01:
                    de:22:5c:5e:64:f4:5a:96:17:c2:79:9e:65:d5:24:
                    1f:34:64:2a:87:6d:df:91:e3:75:05:19:fa:79:1f:
                    ee:89:46:52:57:23:a9:c4:1b:d1:97:ac:bd:ba:56:
                    d9:38:a0:b4:88:a8:3b:f5:ee:61:b3:75:0e:88:69:
                    31:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:2B:98:A6:5E:96:C5:BB:61:95:CC:12:C0:EC:1F:27:67:84:38:43
            X509v3 Authority Key Identifier:
                keyid:B8:20:76:97:D0:B7:C2:41:99:E6:DD:12:82:B4:9B:56:CE:F0:24:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uCB2l9C3wkGZ5t0SgrSbVs7wJE8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/b993ef-aaa7-400c-8db7-96d304c8db02/1/pSuYpl6WxbthlcwSwOwfJ2eEOEM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/b993ef-aaa7-400c-8db7-96d304c8db02/1/uCB2l9C3wkGZ5t0SgrSbVs7wJE8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:02:41:87:64:02:06:af:fc:97:55:b0:69:4c:3a:66:97:42:
         00:fd:e7:00:ce:90:03:0f:38:6f:c5:c1:8d:fc:cc:3e:d4:8b:
         17:91:8b:09:01:41:fe:c4:7c:7f:32:94:89:a1:19:e0:59:2c:
         55:89:2a:6a:21:73:98:7f:ce:bb:4f:77:55:7b:c5:ff:25:70:
         8f:d8:d5:56:63:08:4f:7e:6a:f6:b8:ec:1c:3d:54:0c:77:4f:
         f8:67:81:de:f9:e8:d3:bc:dc:c1:24:19:b5:97:96:42:a0:3c:
         f6:32:59:3b:51:b6:da:c6:f1:eb:8e:27:fa:ed:41:da:49:c2:
         e7:a9:ff:89:6c:92:35:2c:1e:b6:98:40:dd:fa:fa:73:3b:6d:
         f2:79:3c:74:29:1f:46:df:9f:1e:2d:a1:b5:31:ae:8d:1d:4f:
         2f:fc:b4:3c:06:b6:cc:b8:71:e1:ea:e8:5f:56:8d:93:15:7f:
         c6:ac:0f:b7:87:ad:a4:d1:ba:ef:d1:08:ab:cc:93:7f:4e:15:
         87:bd:97:bf:57:79:ce:4c:65:19:28:be:ac:10:fd:2e:f4:9d:
         2e:53:05:8e:b3:1e:f3:5c:3f:7b:44:30:f0:61:db:5e:f0:de:
         83:9d:4d:33:66:2e:df:d5:bb:ed:04:86:73:f8:f6:55:fa:26:
         21:62:b7:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pV1fSKv8MqvNGA3IVVzmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MjA3Njk3ZDBiN2MyNDE5OWU2ZGQxMjgyYjQ5YjU2Y2Vm
MDI0NGYwHhcNMjYwMTAyMTIxODQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTJiOThhNjVlOTZjNWJiNjE5NWNjMTJjMGVjMWYyNzY3ODQzODQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoEgRM0VV9wEK/WBUAK2oyeWL0/Sj
NeMTU7sE4CtGY7U0JmcdquGe1j/awuA4hVvbgopbG10MqlRzwgpYmCWxp2Bp3gHi
jQPbJk3ChGx6B2nElGlkvalWSb1mNKogv8O7P0O6nXNEKymgnbK6hHgJNtzBS/cW
9joZxn9cvw3C3XtHxwebyTyd93yLv0h0R33kkD3UEdMB8trSmGTZrhu3WCS9oRs9
n5yDGF9fH5OOJ3GQO1wsa/9QuOJ2/SnThy7P0AHeIlxeZPRalhfCeZ5l1SQfNGQq
h23fkeN1BRn6eR/uiUZSVyOpxBvRl6y9ulbZOKC0iKg79e5hs3UOiGkx+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKUrmKZelsW7YZXMEsDsHydnhDhDMB8GA1UdIwQY
MBaAFLggdpfQt8JBmebdEoK0m1bO8CRPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUNCMmw5QzN3a0daNXQwU2dyU2JWczd3SkU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi9iOTkzZWYtYWFhNy00MDBjLThkYjct
OTZkMzA0YzhkYjAyLzEvcFN1WXBsNld4YnRobGN3U3dPd2ZKMmVFT0VNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi9iOTkzZWYtYWFhNy00MDBjLThkYjctOTZkMzA0YzhkYjAy
LzEvdUNCMmw5QzN3a0daNXQwU2dyU2JWczd3SkU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9FNMA0G
CSqGSIb3DQEBCwUAA4IBAQCXAkGHZAIGr/yXVbBpTDpml0IA/ecAzpADDzhvxcGN
/Mw+1IsXkYsJAUH+xHx/MpSJoRngWSxViSpqIXOYf867T3dVe8X/JXCP2NVWYwhP
fmr2uOwcPVQMd0/4Z4He+ejTvNzBJBm1l5ZCoDz2Mlk7UbbaxvHrjif67UHaScLn
qf+JbJI1LB62mEDd+vpzO23yeTx0KR9G358eLaG1Ma6NHU8v/LQ8BrbMuHHh6uhf
Vo2TFX/GrA+3h62k0brv0QirzJN/ThWHvZe/V3nOTGUZKL6sEP0u9J0uUwWOsx7z
XD97RDDwYdte8N6DnU0zZi7f1bvtBIZz+PZV+iYhYrcu
-----END CERTIFICATE-----