This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/8b9bd9-3f62-4e30-8085-1ec721fa2a30/1/xj3KIjGGQeE9p2z5xDtR4kdM838.roa
File:                     xj3KIjGGQeE9p2z5xDtR4kdM838.roa (raw, json)
Hash identifier:          KadOdd0YIetDxyuEeROWrqZ3UbDrY1vHEUtLjmlaM0E=
Subject key identifier:   C6:3D:CA:22:31:86:41:E1:3D:A7:6C:F9:C4:3B:51:E2:47:4C:F3:7F
Certificate issuer:       /CN=bc56db796def0dbdb4c78f2445abecc1570a6fd9
Certificate serial:       019B7F822905ECF11ADEF598AD8D1837B269
Authority key identifier: BC:56:DB:79:6D:EF:0D:BD:B4:C7:8F:24:45:AB:EC:C1:57:0A:6F:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vFbbeW3vDb20x48kRavswVcKb9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/8b9bd9-3f62-4e30-8085-1ec721fa2a30/1/xj3KIjGGQeE9p2z5xDtR4kdM838.roa
Signing time:             Fri 02 Jan 2026 16:19:55 +0000
ROA not before:           Fri 02 Jan 2026 16:19:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57304
IP address blocks:        91.199.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/8b9bd9-3f62-4e30-8085-1ec721fa2a30/1/vFbbeW3vDb20x48kRavswVcKb9k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/8b9bd9-3f62-4e30-8085-1ec721fa2a30/1/vFbbeW3vDb20x48kRavswVcKb9k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vFbbeW3vDb20x48kRavswVcKb9k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:82:29:05:ec:f1:1a:de:f5:98:ad:8d:18:37:b2:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc56db796def0dbdb4c78f2445abecc1570a6fd9
        Validity
            Not Before: Jan  2 16:19:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c63dca22318641e13da76cf9c43b51e2474cf37f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:38:f3:23:94:73:e7:6c:9f:00:b1:8c:77:00:
                    1a:3a:b8:26:4b:54:f4:40:4f:ba:c0:05:1d:bb:8e:
                    a1:f2:55:3d:39:75:82:40:df:5f:33:10:2e:22:88:
                    6d:0b:74:7c:41:16:f4:c4:2f:a3:c3:80:c3:ef:60:
                    5a:b6:fb:96:df:4a:95:a5:d7:48:16:5c:29:41:97:
                    25:a1:0b:ad:37:b0:11:04:cf:06:12:22:9c:af:29:
                    83:fb:ea:46:01:a2:cd:35:65:24:ea:0d:18:14:0e:
                    7c:a3:b1:6a:cf:d2:ba:09:3b:07:d1:78:ec:4d:99:
                    e2:81:63:63:47:ae:66:5a:8a:5c:09:26:6f:8d:fa:
                    45:bf:53:3d:77:4a:fe:ff:8a:6b:c7:0a:00:4c:57:
                    b5:62:8d:7f:59:6c:59:b1:8a:de:34:d2:15:a6:56:
                    57:bf:12:e8:6c:7a:41:95:cd:f9:a2:b2:a0:87:c9:
                    19:28:d5:09:1b:fc:a5:15:7a:e5:26:62:cb:3c:b2:
                    6c:5d:ac:3a:03:88:4c:14:b2:6c:4e:bf:64:e9:f4:
                    c8:00:59:3b:2f:fc:c4:e1:b4:be:a4:6d:57:61:0f:
                    54:21:c4:1a:68:01:a4:40:43:e6:40:fc:12:68:de:
                    43:c0:5e:57:4d:d7:13:ed:4e:1a:0f:15:2b:14:42:
                    8b:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:3D:CA:22:31:86:41:E1:3D:A7:6C:F9:C4:3B:51:E2:47:4C:F3:7F
            X509v3 Authority Key Identifier:
                keyid:BC:56:DB:79:6D:EF:0D:BD:B4:C7:8F:24:45:AB:EC:C1:57:0A:6F:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vFbbeW3vDb20x48kRavswVcKb9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/8b9bd9-3f62-4e30-8085-1ec721fa2a30/1/xj3KIjGGQeE9p2z5xDtR4kdM838.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/8b9bd9-3f62-4e30-8085-1ec721fa2a30/1/vFbbeW3vDb20x48kRavswVcKb9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:5f:6b:8f:39:9c:a1:56:33:ca:1b:91:40:56:10:2a:22:fe:
         ae:d1:b5:e8:89:db:e0:a3:2e:d9:1d:ef:cf:5a:39:b1:dd:6e:
         cb:e6:eb:3d:88:a1:3a:09:52:b6:b6:a1:09:d5:dc:a5:f3:77:
         16:4d:02:40:15:0e:5d:df:49:c7:d3:10:cb:b7:9e:b9:54:b1:
         20:0a:9e:0e:68:d8:34:0a:1e:4f:d2:4f:f1:81:54:a2:2a:ff:
         3a:38:26:89:01:34:94:58:88:ec:a3:22:cd:b5:20:e3:4c:f4:
         9b:7d:37:68:bf:1d:a8:19:d9:34:7b:3d:ea:1e:9d:13:11:f9:
         fd:d4:1b:ce:9b:e2:4b:08:69:e3:af:10:47:2a:70:dc:19:8d:
         e8:d0:0c:bc:ea:9a:4e:80:02:d8:5a:d9:9e:8c:0a:02:85:c7:
         f6:a0:73:64:4c:fe:3b:43:b7:49:6c:bc:e5:3e:77:50:63:38:
         27:ae:5a:3a:46:dd:a9:a4:a3:68:1f:e2:0f:66:89:d4:85:8b:
         88:3e:dc:e9:0f:73:b5:ba:6d:e2:67:f9:0a:a7:d3:74:fa:cd:
         a0:ee:37:a2:ae:23:80:16:24:ca:71:b7:e3:9e:2c:c9:5f:8b:
         14:3f:75:a3:3c:c5:38:5d:bd:c6:0a:af:8a:2d:4c:85:24:47:
         e8:5c:fb:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/gikF7PEa3vWYrY0YN7JpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjNTZkYjc5NmRlZjBkYmRiNGM3OGYyNDQ1YWJlY2MxNTcw
YTZmZDkwHhcNMjYwMTAyMTYxOTU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjNkY2EyMjMxODY0MWUxM2RhNzZjZjljNDNiNTFlMjQ3NGNmMzdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyDjzI5Rz52yfALGMdwAaOrgmS1T0
QE+6wAUdu46h8lU9OXWCQN9fMxAuIohtC3R8QRb0xC+jw4DD72BatvuW30qVpddI
FlwpQZcloQutN7ARBM8GEiKcrymD++pGAaLNNWUk6g0YFA58o7Fqz9K6CTsH0Xjs
TZnigWNjR65mWopcCSZvjfpFv1M9d0r+/4prxwoATFe1Yo1/WWxZsYreNNIVplZX
vxLobHpBlc35orKgh8kZKNUJG/ylFXrlJmLLPLJsXaw6A4hMFLJsTr9k6fTIAFk7
L/zE4bS+pG1XYQ9UIcQaaAGkQEPmQPwSaN5DwF5XTdcT7U4aDxUrFEKLDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMY9yiIxhkHhPads+cQ7UeJHTPN/MB8GA1UdIwQY
MBaAFLxW23lt7w29tMePJEWr7MFXCm/ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkZiYmVXM3ZEYjIweDQ4a1JhdnN3VmNLYjlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC84YjliZDktM2Y2Mi00ZTMwLTgwODUt
MWVjNzIxZmEyYTMwLzEveGozS0lqR0dRZUU5cDJ6NXhEdFI0a2RNODM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC84YjliZDktM2Y2Mi00ZTMwLTgwODUtMWVjNzIxZmEyYTMw
LzEvdkZiYmVXM3ZEYjIweDQ4a1JhdnN3VmNLYjlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8cQMA0G
CSqGSIb3DQEBCwUAA4IBAQBtX2uPOZyhVjPKG5FAVhAqIv6u0bXoidvgoy7ZHe/P
Wjmx3W7L5us9iKE6CVK2tqEJ1dyl83cWTQJAFQ5d30nH0xDLt565VLEgCp4OaNg0
Ch5P0k/xgVSiKv86OCaJATSUWIjsoyLNtSDjTPSbfTdovx2oGdk0ez3qHp0TEfn9
1BvOm+JLCGnjrxBHKnDcGY3o0Ay86ppOgALYWtmejAoChcf2oHNkTP47Q7dJbLzl
PndQYzgnrlo6Rt2ppKNoH+IPZonUhYuIPtzpD3O1um3iZ/kKp9N0+s2g7jeiriOA
FiTKcbfjnizJX4sUP3WjPMU4Xb3GCq+KLUyFJEfoXPs0
-----END CERTIFICATE-----