This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/7a4402-f3f5-4f3a-98a8-2337a81b1f78/1/jO9rf4-cCHZRF2KoiLta2NyAQgU.roa
File:                     jO9rf4-cCHZRF2KoiLta2NyAQgU.roa (raw, json)
Hash identifier:          UwmPs36c2ef9tHjcukHaPVItxdtDMmpbGOtpHRoCvf0=
Subject key identifier:   8C:EF:6B:7F:8F:9C:08:76:51:17:62:A8:88:BB:5A:D8:DC:80:42:05
Certificate issuer:       /CN=3389e0b8a2ff82a23b48dd6e6e76176b4cd3832e
Certificate serial:       019B7B36E9688E63FDDFF212E54D899A8879
Authority key identifier: 33:89:E0:B8:A2:FF:82:A2:3B:48:DD:6E:6E:76:17:6B:4C:D3:83:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M4nguKL_gqI7SN1ubnYXa0zTgy4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/7a4402-f3f5-4f3a-98a8-2337a81b1f78/1/jO9rf4-cCHZRF2KoiLta2NyAQgU.roa
Signing time:             Thu 01 Jan 2026 20:19:14 +0000
ROA not before:           Thu 01 Jan 2026 20:19:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41489
IP address blocks:        91.240.176.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/7a4402-f3f5-4f3a-98a8-2337a81b1f78/1/M4nguKL_gqI7SN1ubnYXa0zTgy4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/7a4402-f3f5-4f3a-98a8-2337a81b1f78/1/M4nguKL_gqI7SN1ubnYXa0zTgy4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M4nguKL_gqI7SN1ubnYXa0zTgy4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:e9:68:8e:63:fd:df:f2:12:e5:4d:89:9a:88:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3389e0b8a2ff82a23b48dd6e6e76176b4cd3832e
        Validity
            Not Before: Jan  1 20:19:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8cef6b7f8f9c0876511762a888bb5ad8dc804205
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:34:c8:67:7e:d1:54:48:56:ed:ab:9a:e5:78:
                    c2:9b:7f:e9:ea:a1:0e:56:a5:67:49:f4:d0:97:02:
                    ed:85:46:59:24:f1:24:a7:85:58:50:b0:17:71:0f:
                    09:91:6e:5f:3e:3a:47:c9:db:90:85:92:c1:ea:b7:
                    96:c7:40:fd:83:fe:7b:e6:a2:a9:b4:c9:aa:d2:23:
                    ef:36:c9:59:4d:15:72:c8:1e:a2:61:0c:94:1d:12:
                    56:a3:83:b6:97:74:21:85:26:05:e9:c1:7c:82:b6:
                    79:ff:8b:b7:3f:aa:a2:6c:03:b3:89:03:de:74:b0:
                    be:02:d1:42:c0:25:1e:50:4b:80:0f:34:16:64:38:
                    76:7d:86:30:c9:54:04:56:9b:7e:a2:95:7e:70:f8:
                    2b:d2:0b:b1:3a:cd:3c:83:91:e2:dd:fb:14:00:55:
                    6f:74:8c:ed:dd:49:30:aa:b0:a8:0a:72:9b:37:07:
                    1c:d7:8d:5f:6d:e2:3c:b8:5e:85:d8:f2:78:b4:1f:
                    54:90:9b:ac:d3:fa:9e:5a:1d:94:79:02:e6:78:0b:
                    78:30:39:ad:34:ae:f5:0c:0f:53:72:39:18:86:26:
                    5f:e2:0e:87:5a:7b:d9:22:73:12:9b:92:76:e0:bc:
                    d3:15:94:2e:8a:72:85:29:14:17:4f:8b:57:86:fd:
                    bc:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:EF:6B:7F:8F:9C:08:76:51:17:62:A8:88:BB:5A:D8:DC:80:42:05
            X509v3 Authority Key Identifier:
                keyid:33:89:E0:B8:A2:FF:82:A2:3B:48:DD:6E:6E:76:17:6B:4C:D3:83:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M4nguKL_gqI7SN1ubnYXa0zTgy4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/7a4402-f3f5-4f3a-98a8-2337a81b1f78/1/jO9rf4-cCHZRF2KoiLta2NyAQgU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/7a4402-f3f5-4f3a-98a8-2337a81b1f78/1/M4nguKL_gqI7SN1ubnYXa0zTgy4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:7e:da:d5:21:d4:30:6a:f3:63:20:c4:d9:2d:44:4a:52:e0:
         45:98:df:d5:98:bf:bf:97:7e:d9:01:92:06:3b:e3:48:74:69:
         e2:85:2b:4f:f1:3a:cf:bb:28:b1:bf:08:6f:f8:37:a6:2b:77:
         d3:73:97:59:af:56:8c:f5:2b:92:84:ff:e0:24:da:91:7f:90:
         1f:b6:e1:0c:de:51:a8:5b:36:20:b0:b6:f4:b8:3f:d2:e9:1a:
         3a:38:99:f2:9b:6e:96:88:4f:b9:4c:0d:01:6d:1d:f0:a6:15:
         5b:eb:a8:71:52:15:37:ce:fe:52:e1:4e:c8:64:9b:c1:fe:b9:
         41:f6:e9:35:77:1b:2a:7b:50:33:7c:e9:42:ad:6e:22:34:75:
         70:94:0b:c1:fe:52:b3:58:71:32:86:2b:38:e0:7f:41:f5:b2:
         4b:4c:79:7e:db:33:83:7a:a2:b7:4f:8a:54:bd:82:ef:a0:cc:
         43:59:8e:4e:30:57:ca:84:76:e4:e5:f8:5c:73:c3:ba:d2:cf:
         c5:24:01:9e:ee:e1:65:5a:f0:99:4e:3a:80:a1:78:32:09:53:
         24:1c:f7:49:b2:2f:41:9e:29:44:c7:b9:74:e4:c0:e5:a4:4e:
         9f:3f:96:20:2e:81:4c:3c:c6:df:6a:31:5d:6b:d5:77:22:c3:
         cb:72:cc:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NulojmP93/IS5U2Jmoh5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzODllMGI4YTJmZjgyYTIzYjQ4ZGQ2ZTZlNzYxNzZiNGNk
MzgzMmUwHhcNMjYwMTAxMjAxOTE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2VmNmI3ZjhmOWMwODc2NTExNzYyYTg4OGJiNWFkOGRjODA0MjA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqDTIZ37RVEhW7aua5XjCm3/p6qEO
VqVnSfTQlwLthUZZJPEkp4VYULAXcQ8JkW5fPjpHyduQhZLB6reWx0D9g/575qKp
tMmq0iPvNslZTRVyyB6iYQyUHRJWo4O2l3QhhSYF6cF8grZ5/4u3P6qibAOziQPe
dLC+AtFCwCUeUEuADzQWZDh2fYYwyVQEVpt+opV+cPgr0guxOs08g5Hi3fsUAFVv
dIzt3UkwqrCoCnKbNwcc141fbeI8uF6F2PJ4tB9UkJus0/qeWh2UeQLmeAt4MDmt
NK71DA9TcjkYhiZf4g6HWnvZInMSm5J24LzTFZQuinKFKRQXT4tXhv28cwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIzva3+PnAh2URdiqIi7WtjcgEIFMB8GA1UdIwQY
MBaAFDOJ4Lii/4KiO0jdbm52F2tM04MuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTRuZ3VLTF9ncUk3U04xdWJuWVhhMHpUZ3k0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS83YTQ0MDItZjNmNS00ZjNhLTk4YTgt
MjMzN2E4MWIxZjc4LzEvak85cmY0LWNDSFpSRjJLb2lMdGEyTnlBUWdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS83YTQ0MDItZjNmNS00ZjNhLTk4YTgtMjMzN2E4MWIxZjc4
LzEvTTRuZ3VLTF9ncUk3U04xdWJuWVhhMHpUZ3k0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/CwMA0G
CSqGSIb3DQEBCwUAA4IBAQCIftrVIdQwavNjIMTZLURKUuBFmN/VmL+/l37ZAZIG
O+NIdGnihStP8TrPuyixvwhv+DemK3fTc5dZr1aM9SuShP/gJNqRf5AftuEM3lGo
WzYgsLb0uD/S6Ro6OJnym26WiE+5TA0BbR3wphVb66hxUhU3zv5S4U7IZJvB/rlB
9uk1dxsqe1AzfOlCrW4iNHVwlAvB/lKzWHEyhis44H9B9bJLTHl+2zODeqK3T4pU
vYLvoMxDWY5OMFfKhHbk5fhcc8O60s/FJAGe7uFlWvCZTjqAoXgyCVMkHPdJsi9B
nilEx7l05MDlpE6fP5YgLoFMPMbfajFda9V3IsPLcsxE
-----END CERTIFICATE-----