This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/SH8U9jyhwwnj6O-2MB6B9qfPeoA.roa
File:                     SH8U9jyhwwnj6O-2MB6B9qfPeoA.roa (raw, json)
Hash identifier:          KH6Pob4zCHmHkEXL85meTE0xHiRhBhf5Dz/U5ppUn7Y=
Subject key identifier:   48:7F:14:F6:3C:A1:C3:09:E3:E8:EF:B6:30:1E:81:F6:A7:CF:7A:80
Certificate issuer:       /CN=2d1caa69358f8c98f7a719f2597d5daddbd0018c
Certificate serial:       019BE0A0C1E3A74C6C1E07C7EE0A5DF7C314
Authority key identifier: 2D:1C:AA:69:35:8F:8C:98:F7:A7:19:F2:59:7D:5D:AD:DB:D0:01:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/SH8U9jyhwwnj6O-2MB6B9qfPeoA.roa
Signing time:             Wed 21 Jan 2026 12:56:30 +0000
ROA not before:           Wed 21 Jan 2026 12:56:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215762
IP address blocks:        91.92.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 24 Jan 2026 00:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:e0:a0:c1:e3:a7:4c:6c:1e:07:c7:ee:0a:5d:f7:c3:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d1caa69358f8c98f7a719f2597d5daddbd0018c
        Validity
            Not Before: Jan 21 12:56:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=487f14f63ca1c309e3e8efb6301e81f6a7cf7a80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:98:f9:6f:ef:99:c1:5a:17:36:da:aa:79:77:
                    a6:f4:51:3a:1f:9a:05:b3:40:9e:43:d1:bc:d0:e1:
                    3d:fd:2b:03:52:91:65:67:ec:6b:44:9a:40:e0:3e:
                    f6:58:6d:cc:93:62:56:b4:04:f6:87:f1:d5:30:af:
                    98:34:18:0a:b8:19:38:a4:77:97:e1:d2:9e:e3:80:
                    64:a3:ce:d8:6c:b4:80:c1:b2:43:cc:b4:a0:5a:be:
                    88:1e:3f:f4:41:90:41:5b:ad:79:d4:60:9c:a3:e7:
                    51:a3:fa:ec:09:35:b2:f9:5d:31:1c:30:f0:49:21:
                    eb:82:b4:43:cf:07:a3:95:33:be:b9:36:b6:ac:4f:
                    fb:49:62:13:6e:cb:9c:6d:a8:74:d4:c0:07:a2:7a:
                    80:4e:f2:a8:51:d6:c4:7b:41:d6:f0:b2:64:a1:eb:
                    63:b1:b6:5e:b5:42:3b:f7:f8:b0:63:36:ac:d6:c8:
                    5b:41:a1:7f:21:e1:83:49:40:98:7c:dd:eb:c9:24:
                    c2:61:e8:5a:16:c3:93:71:21:04:be:9e:19:8a:f3:
                    63:82:06:5b:2f:ab:87:54:7c:ff:d8:26:2c:bc:17:
                    20:12:cd:7d:99:3b:e2:aa:7f:5f:a7:9f:d5:21:61:
                    fc:57:99:8e:42:ad:aa:2c:2b:32:2f:e5:65:7d:7c:
                    8e:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:7F:14:F6:3C:A1:C3:09:E3:E8:EF:B6:30:1E:81:F6:A7:CF:7A:80
            X509v3 Authority Key Identifier:
                keyid:2D:1C:AA:69:35:8F:8C:98:F7:A7:19:F2:59:7D:5D:AD:DB:D0:01:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/SH8U9jyhwwnj6O-2MB6B9qfPeoA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.92.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:8b:82:da:c4:a8:c0:60:f5:c9:8e:65:c1:e6:b5:b4:4d:e0:
         39:d7:d1:62:44:90:13:41:e2:46:46:d2:b9:b9:36:6e:f4:05:
         a4:cd:d4:16:2b:69:92:17:ac:0d:52:c2:9f:74:89:0a:99:47:
         0f:f2:68:82:8c:38:c7:f4:a7:fe:a1:99:d9:a1:b9:44:e1:83:
         de:a2:f6:8b:e6:4c:0a:04:3d:73:f5:3c:30:36:e5:1c:42:2c:
         e0:17:79:71:e5:e8:d9:be:22:99:55:d1:47:0e:44:2c:c3:e8:
         0b:62:fc:dc:21:da:cd:1b:88:4f:8e:fe:d4:d8:56:4e:bc:3f:
         d3:0e:e0:3b:a6:11:cc:ec:4b:6e:f0:1f:02:c7:b6:20:50:9b:
         45:27:78:5c:25:bb:0c:29:aa:30:f6:b2:52:45:c5:f3:bc:5a:
         d2:7d:9e:b2:66:18:5a:79:f7:4a:e4:c1:92:75:7e:1f:d8:68:
         6e:61:33:28:4b:e8:70:9b:85:2c:49:21:cf:c5:12:45:8b:3d:
         41:94:38:1e:24:a8:e3:bb:b4:a3:74:3e:25:c7:0e:5a:14:ba:
         80:61:e2:4f:4d:b5:90:62:ee:51:b1:ec:38:21:2b:b0:58:39:
         83:3e:fa:ff:ac:cc:11:5f:3f:21:44:78:78:2b:01:e6:3d:08:
         34:32:80:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZvgoMHjp0xsHgfH7gpd98MUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMWNhYTY5MzU4ZjhjOThmN2E3MTlmMjU5N2Q1ZGFkZGJk
MDAxOGMwHhcNMjYwMTIxMTI1NjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODdmMTRmNjNjYTFjMzA5ZTNlOGVmYjYzMDFlODFmNmE3Y2Y3YTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnZj5b++ZwVoXNtqqeXem9FE6H5oF
s0CeQ9G80OE9/SsDUpFlZ+xrRJpA4D72WG3Mk2JWtAT2h/HVMK+YNBgKuBk4pHeX
4dKe44Bko87YbLSAwbJDzLSgWr6IHj/0QZBBW6151GCco+dRo/rsCTWy+V0xHDDw
SSHrgrRDzwejlTO+uTa2rE/7SWITbsucbah01MAHonqATvKoUdbEe0HW8LJkoetj
sbZetUI79/iwYzas1shbQaF/IeGDSUCYfN3rySTCYehaFsOTcSEEvp4ZivNjggZb
L6uHVHz/2CYsvBcgEs19mTviqn9fp5/VIWH8V5mOQq2qLCsyL+VlfXyO0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEh/FPY8ocMJ4+jvtjAegfanz3qAMB8GA1UdIwQY
MBaAFC0cqmk1j4yY96cZ8ll9Xa3b0AGMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFJ5cWFUV1BqSmozcHhueVdYMWRyZHZRQVl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9hOTM2OTktMTg4Yi00NzBhLTk2Yjct
MjliMDg1ZGQyM2FkLzEvU0g4VTlqeWh3d25qNk8tMk1CNkI5cWZQZW9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9hOTM2OTktMTg4Yi00NzBhLTk2YjctMjliMDg1ZGQyM2Fk
LzEvTFJ5cWFUV1BqSmozcHhueVdYMWRyZHZRQVl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW1woMA0G
CSqGSIb3DQEBCwUAA4IBAQBGi4LaxKjAYPXJjmXB5rW0TeA519FiRJATQeJGRtK5
uTZu9AWkzdQWK2mSF6wNUsKfdIkKmUcP8miCjDjH9Kf+oZnZoblE4YPeovaL5kwK
BD1z9TwwNuUcQizgF3lx5ejZviKZVdFHDkQsw+gLYvzcIdrNG4hPjv7U2FZOvD/T
DuA7phHM7Etu8B8Cx7YgUJtFJ3hcJbsMKaow9rJSRcXzvFrSfZ6yZhhaefdK5MGS
dX4f2GhuYTMoS+hwm4UsSSHPxRJFiz1BlDgeJKjju7SjdD4lxw5aFLqAYeJPTbWQ
Yu5Rsew4ISuwWDmDPvr/rMwRXz8hRHh4KwHmPQg0MoD7
-----END CERTIFICATE-----