This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/fc4690-080f-4018-89a1-93b4fe5157ec/1/hDVYn_Cqke4-sU20IyVPJrrTGIs.roa
File:                     hDVYn_Cqke4-sU20IyVPJrrTGIs.roa (raw, json)
Hash identifier:          aIes+pqXbeivjOHzkJRTZPV5B1wddYada+DAKnLqkQU=
Subject key identifier:   84:35:58:9F:F0:AA:91:EE:3E:B1:4D:B4:23:25:4F:26:BA:D3:18:8B
Certificate issuer:       /CN=96f2da2fa1bc8ed2f2bc6b703a8bf15340f97cfa
Certificate serial:       019B797F0AAC42D9A17A6F45408E489D16EE
Authority key identifier: 96:F2:DA:2F:A1:BC:8E:D2:F2:BC:6B:70:3A:8B:F1:53:40:F9:7C:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lvLaL6G8jtLyvGtwOovxU0D5fPo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/fc4690-080f-4018-89a1-93b4fe5157ec/1/hDVYn_Cqke4-sU20IyVPJrrTGIs.roa
Signing time:             Thu 01 Jan 2026 12:18:47 +0000
ROA not before:           Thu 01 Jan 2026 12:18:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197645
IP address blocks:        91.223.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/fc4690-080f-4018-89a1-93b4fe5157ec/1/lvLaL6G8jtLyvGtwOovxU0D5fPo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/fc4690-080f-4018-89a1-93b4fe5157ec/1/lvLaL6G8jtLyvGtwOovxU0D5fPo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lvLaL6G8jtLyvGtwOovxU0D5fPo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7f:0a:ac:42:d9:a1:7a:6f:45:40:8e:48:9d:16:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96f2da2fa1bc8ed2f2bc6b703a8bf15340f97cfa
        Validity
            Not Before: Jan  1 12:18:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8435589ff0aa91ee3eb14db423254f26bad3188b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:df:bb:11:68:65:07:cc:d6:8e:f4:22:21:93:
                    0a:cb:90:50:83:93:22:70:48:c6:ef:66:0d:44:af:
                    1c:b0:42:86:db:0a:c9:9b:a4:fa:43:e3:f1:12:78:
                    55:ce:15:8a:df:4d:32:6d:a3:57:b8:90:eb:f8:97:
                    fc:72:f7:73:d8:4d:d0:ab:c8:aa:ff:d4:3f:61:b5:
                    4c:8d:1f:da:a7:55:06:cc:29:02:ba:dc:6f:07:81:
                    61:78:16:42:93:29:32:1e:6f:a3:b4:ce:8d:30:96:
                    2a:52:93:94:be:3c:b6:ad:a7:f9:25:7d:3e:04:e2:
                    75:96:e9:69:64:e9:b9:23:f7:ad:ef:96:a6:56:4d:
                    50:09:fc:5b:ec:ff:72:df:36:55:fb:3a:56:6c:7d:
                    cd:3c:72:52:70:26:75:05:85:72:b3:62:d9:1f:a0:
                    19:3c:13:8a:c7:9b:4d:b0:3f:98:0d:a7:a5:39:af:
                    6f:1d:b1:65:09:64:cf:b8:c0:23:33:0f:17:c0:51:
                    3c:9c:0d:e5:60:92:0e:04:6b:4d:a1:dc:07:11:17:
                    8b:23:c1:2c:04:39:64:48:48:bc:8d:9f:ac:f3:48:
                    32:57:90:81:2d:6b:c8:4f:52:28:3a:63:8d:dc:eb:
                    3b:23:6b:7b:3c:91:6f:30:d2:b2:99:80:31:e5:fd:
                    b5:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:35:58:9F:F0:AA:91:EE:3E:B1:4D:B4:23:25:4F:26:BA:D3:18:8B
            X509v3 Authority Key Identifier:
                keyid:96:F2:DA:2F:A1:BC:8E:D2:F2:BC:6B:70:3A:8B:F1:53:40:F9:7C:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lvLaL6G8jtLyvGtwOovxU0D5fPo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/fc4690-080f-4018-89a1-93b4fe5157ec/1/hDVYn_Cqke4-sU20IyVPJrrTGIs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/fc4690-080f-4018-89a1-93b4fe5157ec/1/lvLaL6G8jtLyvGtwOovxU0D5fPo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:f6:66:89:c9:98:75:00:37:cd:97:76:ac:6c:bd:0b:bb:31:
         63:79:8d:6d:97:93:4b:d9:e5:4f:ca:2b:f9:ec:18:7f:99:88:
         2d:a3:14:34:7b:f2:06:97:40:cf:cc:ba:de:37:b9:be:55:46:
         cf:bd:3a:09:1b:6a:e0:7d:5f:02:e0:4b:13:c9:d2:72:2e:9b:
         6b:90:01:ac:cc:5b:c1:cc:d9:41:f8:9c:67:ae:14:bc:b9:79:
         ce:5f:60:04:ec:16:69:c2:af:79:25:d0:b0:15:c2:37:e3:9f:
         63:89:c3:e2:37:ed:9d:e9:77:3a:53:52:6a:ba:9e:66:5f:76:
         ec:1d:34:bf:b2:c0:f0:98:ad:8e:7d:59:f7:f2:8a:43:a2:40:
         72:3f:48:25:1d:ce:dd:c5:19:9d:24:a6:9b:f7:bc:e5:b2:d2:
         21:c0:81:e5:39:17:99:3a:4a:7e:ab:12:a8:39:03:f4:d1:7e:
         59:df:1b:9e:70:c7:0e:61:97:b6:6a:96:45:b3:58:03:c6:ce:
         5d:ed:8b:a7:35:06:08:da:9a:c6:12:60:c4:71:2b:1a:2f:ee:
         67:d9:34:d1:91:3f:e9:63:52:be:cf:21:4f:a1:08:49:0b:73:
         ab:5e:db:ab:89:f8:c6:03:cb:f7:1b:0f:da:69:ea:46:b6:87:
         6a:7e:30:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fwqsQtmhem9FQI5InRbuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2ZjJkYTJmYTFiYzhlZDJmMmJjNmI3MDNhOGJmMTUzNDBm
OTdjZmEwHhcNMjYwMTAxMTIxODQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDM1NTg5ZmYwYWE5MWVlM2ViMTRkYjQyMzI1NGYyNmJhZDMxODhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm9+7EWhlB8zWjvQiIZMKy5BQg5Mi
cEjG72YNRK8csEKG2wrJm6T6Q+PxEnhVzhWK300ybaNXuJDr+Jf8cvdz2E3Qq8iq
/9Q/YbVMjR/ap1UGzCkCutxvB4FheBZCkykyHm+jtM6NMJYqUpOUvjy2raf5JX0+
BOJ1lulpZOm5I/et75amVk1QCfxb7P9y3zZV+zpWbH3NPHJScCZ1BYVys2LZH6AZ
PBOKx5tNsD+YDaelOa9vHbFlCWTPuMAjMw8XwFE8nA3lYJIOBGtNodwHEReLI8Es
BDlkSEi8jZ+s80gyV5CBLWvIT1IoOmON3Os7I2t7PJFvMNKymYAx5f21TQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIQ1WJ/wqpHuPrFNtCMlTya60xiLMB8GA1UdIwQY
MBaAFJby2i+hvI7S8rxrcDqL8VNA+Xz6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHZMYUw2RzhqdEx5dkd0d09vdnhVMEQ1ZlBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9mYzQ2OTAtMDgwZi00MDE4LTg5YTEt
OTNiNGZlNTE1N2VjLzEvaERWWW5fQ3FrZTQtc1UyMEl5VlBKcnJUR0lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9mYzQ2OTAtMDgwZi00MDE4LTg5YTEtOTNiNGZlNTE1N2Vj
LzEvbHZMYUw2RzhqdEx5dkd0d09vdnhVMEQ1ZlBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9/UMA0G
CSqGSIb3DQEBCwUAA4IBAQBp9maJyZh1ADfNl3asbL0LuzFjeY1tl5NL2eVPyiv5
7Bh/mYgtoxQ0e/IGl0DPzLreN7m+VUbPvToJG2rgfV8C4EsTydJyLptrkAGszFvB
zNlB+JxnrhS8uXnOX2AE7BZpwq95JdCwFcI3459jicPiN+2d6Xc6U1Jqup5mX3bs
HTS/ssDwmK2OfVn38opDokByP0glHc7dxRmdJKab97zlstIhwIHlOReZOkp+qxKo
OQP00X5Z3xuecMcOYZe2apZFs1gDxs5d7YunNQYI2prGEmDEcSsaL+5n2TTRkT/p
Y1K+zyFPoQhJC3OrXturifjGA8v3Gw/aaepGtodqfjAB
-----END CERTIFICATE-----