This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/kopgSW14D0aMxVGgeQmEGmsYFAQ.roa
File:                     kopgSW14D0aMxVGgeQmEGmsYFAQ.roa (raw, json)
Hash identifier:          emFzXwVeUl6yg/bnrgocFfxZY+cFQwEF3lD8I6fBmX0=
Subject key identifier:   92:8A:60:49:6D:78:0F:46:8C:C5:51:A0:79:09:84:1A:6B:18:14:04
Certificate issuer:       /CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
Certificate serial:       019B79EC410799621170C3039E15C5AB9E2C
Authority key identifier: CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/kopgSW14D0aMxVGgeQmEGmsYFAQ.roa
Signing time:             Thu 01 Jan 2026 14:18:04 +0000
ROA not before:           Thu 01 Jan 2026 14:18:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35381
IP address blocks:        91.207.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 08:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:41:07:99:62:11:70:c3:03:9e:15:c5:ab:9e:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
        Validity
            Not Before: Jan  1 14:18:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=928a60496d780f468cc551a07909841a6b181404
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:4d:e8:fb:fd:72:cc:55:e6:6c:2a:41:20:b1:
                    b8:71:5d:db:c6:23:28:80:45:ea:85:16:01:1c:d4:
                    8a:19:b6:e4:ea:4d:92:60:b0:c4:ac:37:ab:6a:0f:
                    e1:b6:02:6d:37:7b:61:57:49:fc:dd:0e:87:5a:88:
                    bc:4a:23:f2:5a:75:a9:e0:6f:2f:a6:3d:72:b3:e7:
                    5e:2a:88:f4:77:cd:19:e3:b0:d0:5c:61:c7:f6:fe:
                    07:6b:d1:9e:c2:ed:94:bf:b4:2a:81:2b:85:12:24:
                    76:e4:20:66:ed:29:4f:18:54:57:3f:46:8e:51:32:
                    8a:76:2f:b1:a0:76:7c:88:01:53:d5:93:46:9f:89:
                    4a:ea:77:87:b4:1c:ed:61:2d:55:46:d2:06:66:9f:
                    32:c3:4d:fe:44:0d:24:e1:23:36:2c:91:97:b1:c0:
                    2a:fc:c3:b6:82:59:38:11:ab:e5:f2:44:ad:2e:dd:
                    d5:4b:fc:10:6b:45:0c:dd:31:05:85:55:6a:3b:04:
                    0a:9c:82:9d:ea:dc:c0:73:9c:a1:5b:b2:08:2c:e4:
                    f7:b4:ec:03:d7:35:e9:d1:b1:a2:6f:e1:ee:72:b8:
                    82:7e:1a:4f:a4:d7:89:64:2c:f6:3d:c5:72:da:53:
                    25:c4:b6:f4:d4:b3:c2:02:30:c3:1a:68:d3:d0:23:
                    11:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:8A:60:49:6D:78:0F:46:8C:C5:51:A0:79:09:84:1A:6B:18:14:04
            X509v3 Authority Key Identifier:
                keyid:CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/kopgSW14D0aMxVGgeQmEGmsYFAQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:21:e9:55:b6:f5:90:e5:8c:7c:8f:b6:ff:9d:5f:ee:1d:7b:
         37:8f:64:eb:31:1b:c9:84:29:8b:ec:c1:0e:cb:af:88:bb:e1:
         23:fb:0e:cb:da:c8:f2:ed:93:71:d9:df:2e:4d:02:03:db:7b:
         44:43:75:fc:39:b3:cb:1d:cf:4c:ab:9b:1d:70:72:fc:1c:c5:
         6c:19:02:bb:62:aa:09:15:26:09:32:96:f6:12:a4:44:81:c5:
         0a:08:79:43:d2:a3:cc:f9:ec:cc:e7:5a:c0:71:ed:bd:41:e6:
         60:e7:2f:e0:24:78:88:66:1e:0d:89:37:ac:6a:ba:06:79:6a:
         d2:ce:56:ac:72:c4:ec:4c:b0:7f:41:ae:be:84:ed:ed:e4:29:
         23:89:c6:d5:8e:0e:57:f0:4d:24:cb:a2:1d:e9:08:72:51:6b:
         16:43:01:fb:df:d2:f3:86:5d:0a:fb:d4:fe:0f:40:d3:3f:89:
         b4:81:3e:1d:66:2d:d7:7e:52:53:fc:32:ed:64:54:f2:76:45:
         d4:6b:97:c3:a2:d7:12:3d:40:32:72:50:12:ef:d4:01:0f:f5:
         eb:ca:2d:21:1e:20:bd:b1:bd:d3:fa:8e:c5:15:ab:77:3b:18:
         c5:99:db:b9:88:f4:aa:96:d3:6a:68:56:b3:f5:a7:89:11:16:
         ed:c3:2a:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57EEHmWIRcMMDnhXFq54sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmMWRmNjY2N2RhMzhlNTdhMjViMTk0NWZhNDBlNTkzZTVh
ZGZhMDAwHhcNMjYwMTAxMTQxODA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjhhNjA0OTZkNzgwZjQ2OGNjNTUxYTA3OTA5ODQxYTZiMTgxNDA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1E3o+/1yzFXmbCpBILG4cV3bxiMo
gEXqhRYBHNSKGbbk6k2SYLDErDerag/htgJtN3thV0n83Q6HWoi8SiPyWnWp4G8v
pj1ys+deKoj0d80Z47DQXGHH9v4Ha9Gewu2Uv7QqgSuFEiR25CBm7SlPGFRXP0aO
UTKKdi+xoHZ8iAFT1ZNGn4lK6neHtBztYS1VRtIGZp8yw03+RA0k4SM2LJGXscAq
/MO2glk4Eavl8kStLt3VS/wQa0UM3TEFhVVqOwQKnIKd6tzAc5yhW7IILOT3tOwD
1zXp0bGib+HucriCfhpPpNeJZCz2PcVy2lMlxLb01LPCAjDDGmjT0CMRKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJKKYElteA9GjMVRoHkJhBprGBQEMB8GA1UdIwQY
MBaAFM8d9mZ9o45XolsZRfpA5ZPlrfoAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEt
OGRmMzYzMzdlNmJjLzEva29wZ1NXMTREMGFNeFZHZ2VRbUVHbXNZRkFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEtOGRmMzYzMzdlNmJj
LzEvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW89rMA0G
CSqGSIb3DQEBCwUAA4IBAQALIelVtvWQ5Yx8j7b/nV/uHXs3j2TrMRvJhCmL7MEO
y6+Iu+Ej+w7L2sjy7ZNx2d8uTQID23tEQ3X8ObPLHc9Mq5sdcHL8HMVsGQK7YqoJ
FSYJMpb2EqREgcUKCHlD0qPM+ezM51rAce29QeZg5y/gJHiIZh4NiTesaroGeWrS
zlascsTsTLB/Qa6+hO3t5CkjicbVjg5X8E0ky6Id6QhyUWsWQwH739Lzhl0K+9T+
D0DTP4m0gT4dZi3XflJT/DLtZFTydkXUa5fDotcSPUAyclAS79QBD/Xryi0hHiC9
sb3T+o7FFat3OxjFmdu5iPSqltNqaFaz9aeJERbtwyqB
-----END CERTIFICATE-----