This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/b96cee-9009-458b-aa60-b33a4097bcb0/1/W7IQ0gYxKitQBnBcdtE5nlhijE8.roa
File:                     W7IQ0gYxKitQBnBcdtE5nlhijE8.roa (raw, json)
Hash identifier:          V0HmiVipVSUCDssqQ1zBus3ujIkvu0DIBcIZVK71Cfg=
Subject key identifier:   5B:B2:10:D2:06:31:2A:2B:50:06:70:5C:76:D1:39:9E:58:62:8C:4F
Certificate issuer:       /CN=728627f95026514b42654058f49eeb9b7c48f020
Certificate serial:       019B7F1395DB56D5E0500336F72079C736E1
Authority key identifier: 72:86:27:F9:50:26:51:4B:42:65:40:58:F4:9E:EB:9B:7C:48:F0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/coYn-VAmUUtCZUBY9J7rm3xI8CA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/b96cee-9009-458b-aa60-b33a4097bcb0/1/W7IQ0gYxKitQBnBcdtE5nlhijE8.roa
Signing time:             Fri 02 Jan 2026 14:19:08 +0000
ROA not before:           Fri 02 Jan 2026 14:19:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42525
IP address blocks:        91.240.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/b96cee-9009-458b-aa60-b33a4097bcb0/1/coYn-VAmUUtCZUBY9J7rm3xI8CA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/b96cee-9009-458b-aa60-b33a4097bcb0/1/coYn-VAmUUtCZUBY9J7rm3xI8CA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/coYn-VAmUUtCZUBY9J7rm3xI8CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 20:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:13:95:db:56:d5:e0:50:03:36:f7:20:79:c7:36:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=728627f95026514b42654058f49eeb9b7c48f020
        Validity
            Not Before: Jan  2 14:19:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5bb210d206312a2b5006705c76d1399e58628c4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:8e:ab:fd:17:6f:e9:93:1c:3c:44:2e:55:e0:
                    fd:91:ea:d0:e3:2f:52:ae:17:01:d9:34:9b:37:7f:
                    eb:a9:19:95:c1:fa:2b:e0:9b:57:0f:bd:5d:6c:b0:
                    7e:6a:3d:d2:74:03:96:39:9f:d4:a6:38:2c:fe:47:
                    72:f3:50:b1:5b:10:51:d4:5f:ae:7e:35:ee:84:bb:
                    e1:41:00:9d:52:a8:dd:ba:10:51:8b:5b:e1:e8:33:
                    0d:2a:46:ac:14:f0:90:7b:b9:7f:eb:61:d5:ba:b1:
                    59:1b:d9:63:c1:80:06:6e:83:69:83:16:fe:25:c6:
                    36:48:d9:24:99:cf:d5:b5:ed:3d:33:7a:c7:c6:6e:
                    3d:75:17:a2:c7:90:a9:32:20:3c:64:e1:54:45:c3:
                    f9:f8:32:5c:8b:d7:4b:28:82:84:6a:8d:0c:59:45:
                    7f:f8:cc:cc:8d:d0:97:4e:44:a4:c9:14:44:46:02:
                    30:37:82:f9:fb:5c:6c:f1:d5:57:a9:74:74:0d:0c:
                    a8:b5:65:9c:8e:19:82:e0:8e:0c:0d:93:90:b5:fb:
                    9e:59:4d:ac:31:ea:ae:f6:7e:fa:4f:2a:65:27:9c:
                    07:a2:8f:4b:26:78:c2:be:c1:e5:85:2b:36:91:69:
                    2f:3c:f9:d0:8d:a1:62:75:69:82:ab:33:75:89:32:
                    cb:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:B2:10:D2:06:31:2A:2B:50:06:70:5C:76:D1:39:9E:58:62:8C:4F
            X509v3 Authority Key Identifier:
                keyid:72:86:27:F9:50:26:51:4B:42:65:40:58:F4:9E:EB:9B:7C:48:F0:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/coYn-VAmUUtCZUBY9J7rm3xI8CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/b96cee-9009-458b-aa60-b33a4097bcb0/1/W7IQ0gYxKitQBnBcdtE5nlhijE8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/b96cee-9009-458b-aa60-b33a4097bcb0/1/coYn-VAmUUtCZUBY9J7rm3xI8CA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:a4:23:c1:a6:c1:4c:84:b5:d6:37:24:46:d5:ae:68:d4:a1:
         cf:e3:10:87:f4:72:02:e5:5a:43:c8:89:a1:8e:63:3b:59:6a:
         1d:ce:08:46:09:10:dc:d2:38:88:e2:50:22:7c:0f:ce:e2:a3:
         a5:f0:3f:d5:f1:76:3d:82:73:57:28:7b:f5:69:db:52:47:b6:
         c2:bf:75:6b:64:e2:3e:f6:9f:6d:65:7e:6f:86:b6:48:83:2b:
         a8:59:21:ce:cf:69:00:cc:86:6f:20:15:03:72:3a:a6:ac:8f:
         ac:85:38:da:7e:17:b7:53:28:2e:e7:75:14:d7:07:3e:13:89:
         0e:76:79:b5:fb:de:4d:a6:06:cf:7b:34:5a:21:8d:b5:4b:85:
         21:d7:03:b3:3b:ee:51:e6:e4:e3:df:da:24:e2:87:05:51:31:
         78:55:40:ce:06:ca:8f:12:c1:19:40:49:0d:39:6e:96:f5:30:
         80:52:59:2e:40:ff:20:8b:78:60:60:ee:50:9a:5e:40:f3:77:
         f5:b0:ca:f3:58:ad:9f:75:4c:77:ac:37:c2:ef:ff:c2:35:c6:
         6a:a5:d0:44:c9:bd:be:30:4b:98:15:94:42:3a:d3:2d:ae:5f:
         8e:f6:59:b7:45:e1:ca:c6:0c:f6:2e:d4:8d:33:1a:24:54:30:
         1d:87:13:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/E5XbVtXgUAM29yB5xzbhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyODYyN2Y5NTAyNjUxNGI0MjY1NDA1OGY0OWVlYjliN2M0
OGYwMjAwHhcNMjYwMTAyMTQxOTA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmIyMTBkMjA2MzEyYTJiNTAwNjcwNWM3NmQxMzk5ZTU4NjI4YzRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApI6r/Rdv6ZMcPEQuVeD9kerQ4y9S
rhcB2TSbN3/rqRmVwfor4JtXD71dbLB+aj3SdAOWOZ/Upjgs/kdy81CxWxBR1F+u
fjXuhLvhQQCdUqjduhBRi1vh6DMNKkasFPCQe7l/62HVurFZG9ljwYAGboNpgxb+
JcY2SNkkmc/Vte09M3rHxm49dReix5CpMiA8ZOFURcP5+DJci9dLKIKEao0MWUV/
+MzMjdCXTkSkyRRERgIwN4L5+1xs8dVXqXR0DQyotWWcjhmC4I4MDZOQtfueWU2s
Mequ9n76TyplJ5wHoo9LJnjCvsHlhSs2kWkvPPnQjaFidWmCqzN1iTLLoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFuyENIGMSorUAZwXHbROZ5YYoxPMB8GA1UdIwQY
MBaAFHKGJ/lQJlFLQmVAWPSe65t8SPAgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY29Zbi1WQW1VVXRDWlVCWTlKN3JtM3hJOENBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9iOTZjZWUtOTAwOS00NThiLWFhNjAt
YjMzYTQwOTdiY2IwLzEvVzdJUTBnWXhLaXRRQm5CY2R0RTVubGhpakU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9iOTZjZWUtOTAwOS00NThiLWFhNjAtYjMzYTQwOTdiY2Iw
LzEvY29Zbi1WQW1VVXRDWlVCWTlKN3JtM3hJOENBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/C9MA0G
CSqGSIb3DQEBCwUAA4IBAQBrpCPBpsFMhLXWNyRG1a5o1KHP4xCH9HIC5VpDyImh
jmM7WWodzghGCRDc0jiI4lAifA/O4qOl8D/V8XY9gnNXKHv1adtSR7bCv3VrZOI+
9p9tZX5vhrZIgyuoWSHOz2kAzIZvIBUDcjqmrI+shTjafhe3Uygu53UU1wc+E4kO
dnm1+95NpgbPezRaIY21S4Uh1wOzO+5R5uTj39ok4ocFUTF4VUDOBsqPEsEZQEkN
OW6W9TCAUlkuQP8gi3hgYO5Qml5A83f1sMrzWK2fdUx3rDfC7//CNcZqpdBEyb2+
MEuYFZRCOtMtrl+O9lm3ReHKxgz2LtSNMxokVDAdhxN4
-----END CERTIFICATE-----