This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/aq4mHriPC_Od7XgUBZpEqq5gcHk.roa
File:                     aq4mHriPC_Od7XgUBZpEqq5gcHk.roa (raw, json)
Hash identifier:          yiecnEtPgQHrRACDcmP4fFBJvqjTl0FnO0eslGPKhWc=
Subject key identifier:   6A:AE:26:1E:B8:8F:0B:F3:9D:ED:78:14:05:9A:44:AA:AE:60:70:79
Certificate issuer:       /CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
Certificate serial:       019B79EC4249F74BA8E068279C29665CB9E7
Authority key identifier: CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/aq4mHriPC_Od7XgUBZpEqq5gcHk.roa
Signing time:             Thu 01 Jan 2026 14:18:05 +0000
ROA not before:           Thu 01 Jan 2026 14:18:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48086
IP address blocks:        91.207.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 08:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:42:49:f7:4b:a8:e0:68:27:9c:29:66:5c:b9:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
        Validity
            Not Before: Jan  1 14:18:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6aae261eb88f0bf39ded7814059a44aaae607079
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:f3:19:00:43:e6:74:20:89:80:93:8d:8d:9e:
                    d3:b6:52:5f:8a:26:c3:db:09:8f:35:bb:99:25:1a:
                    c7:23:f0:23:a1:c0:37:d3:b6:1e:c4:b1:5a:68:ee:
                    97:28:dd:f0:ab:b7:ce:32:76:f6:3f:4e:44:c6:c3:
                    b6:fb:7a:b8:71:4d:d0:f7:51:7f:ce:2b:b2:72:4e:
                    06:2d:bb:05:0d:f6:ad:10:d4:6d:86:58:fe:0a:c5:
                    cf:de:79:f1:1a:1e:a6:5e:02:03:2e:d2:6d:e6:f1:
                    02:48:ec:cb:57:4e:4a:0c:ff:8d:98:f5:ec:ce:c9:
                    68:3d:6c:30:ee:f0:6c:b6:fb:8c:4c:41:15:e3:0a:
                    51:2a:22:6d:7f:39:bd:3d:8d:4f:fe:64:da:bb:05:
                    31:18:2a:d1:53:41:ff:a3:1a:de:01:6c:a7:43:b8:
                    6b:9f:70:da:ec:a5:c0:2b:8e:78:ae:41:a1:11:12:
                    98:f1:16:ab:71:8d:db:1b:b6:50:b9:0b:cc:c3:13:
                    69:7d:4b:be:43:27:84:f1:61:41:34:3e:e6:86:b3:
                    dd:1f:a3:25:9b:25:6f:ec:48:e7:d9:9b:23:62:cd:
                    1a:c4:76:a8:e4:1a:67:90:03:9f:02:9f:4a:5f:7e:
                    34:1d:49:89:dc:0d:38:01:3c:a0:09:97:ae:2b:94:
                    6d:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:AE:26:1E:B8:8F:0B:F3:9D:ED:78:14:05:9A:44:AA:AE:60:70:79
            X509v3 Authority Key Identifier:
                keyid:CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/aq4mHriPC_Od7XgUBZpEqq5gcHk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:57:a6:e3:9d:4b:62:c0:7f:4b:fd:96:bf:8f:69:37:b6:45:
         2c:29:87:20:16:eb:e2:7a:d1:05:de:4e:9e:38:93:47:ea:81:
         3e:95:92:62:0d:c4:9d:b0:00:12:41:56:3a:cc:fd:50:5f:14:
         9c:1e:db:d8:81:08:37:99:ad:ba:12:c8:53:8a:9e:b9:2e:43:
         34:ec:96:03:d9:b7:9f:98:43:3d:d9:94:8b:3d:91:8d:28:2c:
         1d:af:b3:bc:4e:fc:b6:35:dc:60:92:c0:2c:53:cc:cb:cd:e3:
         1e:a4:8e:50:0d:84:0a:ff:ea:c1:4c:0c:1a:b6:d8:35:8b:81:
         a9:cb:e5:20:de:ae:e2:76:2e:11:50:8c:6f:b7:ba:02:1f:95:
         fd:6f:14:dd:5f:f9:16:41:8d:40:93:68:b9:8b:c3:6b:46:15:
         41:d5:58:59:2d:d0:ff:f2:9f:b3:8d:45:d0:2d:db:0f:ab:98:
         29:32:10:96:ec:4c:2d:b1:73:b5:23:7a:63:8a:6d:ac:d7:41:
         87:98:42:f9:00:e0:7d:49:e9:f5:b8:62:78:34:f8:f2:9c:2b:
         21:db:25:be:3d:7b:35:71:8c:1d:5e:b7:54:13:c2:64:c4:e3:
         6b:c0:94:e5:42:32:e8:d6:4a:9f:08:9b:cf:20:3a:90:30:47:
         90:c2:f0:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57EJJ90uo4GgnnClmXLnnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmMWRmNjY2N2RhMzhlNTdhMjViMTk0NWZhNDBlNTkzZTVh
ZGZhMDAwHhcNMjYwMTAxMTQxODA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWFlMjYxZWI4OGYwYmYzOWRlZDc4MTQwNTlhNDRhYWFlNjA3MDc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3vMZAEPmdCCJgJONjZ7TtlJfiibD
2wmPNbuZJRrHI/AjocA307YexLFaaO6XKN3wq7fOMnb2P05ExsO2+3q4cU3Q91F/
ziuyck4GLbsFDfatENRthlj+CsXP3nnxGh6mXgIDLtJt5vECSOzLV05KDP+NmPXs
zsloPWww7vBstvuMTEEV4wpRKiJtfzm9PY1P/mTauwUxGCrRU0H/oxreAWynQ7hr
n3Da7KXAK454rkGhERKY8RarcY3bG7ZQuQvMwxNpfUu+QyeE8WFBND7mhrPdH6Ml
myVv7Ejn2ZsjYs0axHao5BpnkAOfAp9KX340HUmJ3A04ATygCZeuK5RtHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGquJh64jwvzne14FAWaRKquYHB5MB8GA1UdIwQY
MBaAFM8d9mZ9o45XolsZRfpA5ZPlrfoAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEt
OGRmMzYzMzdlNmJjLzEvYXE0bUhyaVBDX09kN1hnVUJacEVxcTVnY0hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEtOGRmMzYzMzdlNmJj
LzEvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW89qMA0G
CSqGSIb3DQEBCwUAA4IBAQCYV6bjnUtiwH9L/Za/j2k3tkUsKYcgFuvietEF3k6e
OJNH6oE+lZJiDcSdsAASQVY6zP1QXxScHtvYgQg3ma26EshTip65LkM07JYD2bef
mEM92ZSLPZGNKCwdr7O8Tvy2NdxgksAsU8zLzeMepI5QDYQK/+rBTAwattg1i4Gp
y+Ug3q7idi4RUIxvt7oCH5X9bxTdX/kWQY1Ak2i5i8NrRhVB1VhZLdD/8p+zjUXQ
LdsPq5gpMhCW7EwtsXO1I3pjim2s10GHmEL5AOB9Sen1uGJ4NPjynCsh2yW+PXs1
cYwdXrdUE8JkxONrwJTlQjLo1kqfCJvPIDqQMEeQwvDs
-----END CERTIFICATE-----