This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/86ba02-f970-4869-be27-e8ede5a2f875/1/RiSZlLjYu2HkKfgG-ViVEkyKZns.roa
File:                     RiSZlLjYu2HkKfgG-ViVEkyKZns.roa (raw, json)
Hash identifier:          lhY041uMz7TjMMSGYMZC4RSrTiXBMmzOCgXBevRNjRY=
Subject key identifier:   46:24:99:94:B8:D8:BB:61:E4:29:F8:06:F9:58:95:12:4C:8A:66:7B
Certificate issuer:       /CN=b4c0439c795551102d6f1e4ceb6d1c52fbc5ea3f
Certificate serial:       019B7B368865BA30E0837C9FE70C800E075B
Authority key identifier: B4:C0:43:9C:79:55:51:10:2D:6F:1E:4C:EB:6D:1C:52:FB:C5:EA:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tMBDnHlVURAtbx5M620cUvvF6j8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/86ba02-f970-4869-be27-e8ede5a2f875/1/RiSZlLjYu2HkKfgG-ViVEkyKZns.roa
Signing time:             Thu 01 Jan 2026 20:18:50 +0000
ROA not before:           Thu 01 Jan 2026 20:18:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198732
IP address blocks:        91.238.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/86ba02-f970-4869-be27-e8ede5a2f875/1/tMBDnHlVURAtbx5M620cUvvF6j8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/86ba02-f970-4869-be27-e8ede5a2f875/1/tMBDnHlVURAtbx5M620cUvvF6j8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tMBDnHlVURAtbx5M620cUvvF6j8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 11:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:88:65:ba:30:e0:83:7c:9f:e7:0c:80:0e:07:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4c0439c795551102d6f1e4ceb6d1c52fbc5ea3f
        Validity
            Not Before: Jan  1 20:18:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=46249994b8d8bb61e429f806f95895124c8a667b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:f9:1c:c1:21:fe:97:47:93:91:14:46:3a:1d:
                    23:5e:4e:10:b4:76:78:e5:f0:e5:df:76:f4:13:30:
                    99:5c:82:4c:fc:07:d6:d6:bd:fa:32:88:aa:71:63:
                    8a:37:81:72:10:fe:50:eb:96:e4:a3:ee:e9:7b:fe:
                    10:56:b1:fd:c7:74:4a:13:9c:ad:cf:46:68:69:3e:
                    53:37:c3:c5:a4:65:42:ef:7d:47:df:17:21:24:c1:
                    70:9c:51:59:ce:4b:f7:23:66:f6:05:14:00:c3:64:
                    f2:58:55:76:42:c8:04:9f:df:d3:a5:b9:73:1b:ee:
                    a3:89:9f:ad:9b:25:b9:17:0c:28:66:12:9c:7d:77:
                    9f:f7:8f:cc:b9:26:d4:c5:cd:3e:84:06:17:1a:4f:
                    fd:be:c6:00:f9:64:17:b1:7e:45:e4:a7:31:f5:9d:
                    df:07:14:bf:51:af:c5:a8:ae:b1:5d:e5:61:9b:8b:
                    3e:a2:9a:2c:e4:d8:31:2e:19:ff:96:5f:6c:5e:63:
                    e8:aa:c0:8f:c7:92:4a:79:b2:d7:50:12:60:37:d8:
                    39:d1:c6:d6:a3:94:3c:70:5b:d7:9e:7c:e0:8f:a5:
                    e7:d9:a1:eb:cd:5a:b2:62:7b:22:68:58:43:0e:a8:
                    6f:76:05:7e:9d:dd:d6:3c:71:c2:07:2a:3b:cd:ef:
                    06:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:24:99:94:B8:D8:BB:61:E4:29:F8:06:F9:58:95:12:4C:8A:66:7B
            X509v3 Authority Key Identifier:
                keyid:B4:C0:43:9C:79:55:51:10:2D:6F:1E:4C:EB:6D:1C:52:FB:C5:EA:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tMBDnHlVURAtbx5M620cUvvF6j8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/86ba02-f970-4869-be27-e8ede5a2f875/1/RiSZlLjYu2HkKfgG-ViVEkyKZns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/86ba02-f970-4869-be27-e8ede5a2f875/1/tMBDnHlVURAtbx5M620cUvvF6j8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.238.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:f9:1e:fd:e6:1f:99:e9:77:55:f8:75:49:97:17:6a:4e:b3:
         6d:59:75:3a:fd:20:e1:09:21:c4:d2:82:c4:b6:22:0f:e3:90:
         54:53:49:65:42:02:14:1e:c8:42:05:f5:fb:2a:23:30:d9:8c:
         18:eb:84:12:88:44:3c:9c:62:c8:dc:4a:80:7d:2b:b4:2f:3f:
         64:f5:e5:a8:c0:f5:7e:71:58:94:ec:6b:7c:46:c4:28:7d:d0:
         95:6b:ab:e3:30:31:26:80:24:ad:7f:17:76:57:b5:e6:2e:35:
         1a:f5:cb:fc:b8:4c:df:2e:da:dd:fc:02:93:5b:c4:41:70:d5:
         98:78:92:63:2c:49:f7:d2:6c:7c:bf:09:14:1d:5a:29:2f:b2:
         e5:45:cb:f5:23:06:7b:13:dc:53:90:fb:f5:23:db:20:dd:17:
         ab:d2:c2:3c:7e:b5:8c:18:35:d7:4d:fd:34:ae:8e:08:1c:2c:
         d0:3e:5c:6f:85:ad:e9:57:33:31:a7:97:74:94:de:36:7d:dc:
         3b:ee:6a:f0:d2:24:cb:a2:4b:f1:76:2d:52:30:e1:f9:70:a6:
         cf:5e:0e:c7:98:bb:43:ec:59:9f:a6:51:a0:ef:75:87:30:85:
         9f:25:ad:f9:62:b9:34:30:ad:aa:cb:14:68:58:03:c7:c5:5b:
         b1:30:d7:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NohlujDgg3yf5wyADgdbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0YzA0MzljNzk1NTUxMTAyZDZmMWU0Y2ViNmQxYzUyZmJj
NWVhM2YwHhcNMjYwMTAxMjAxODUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjI0OTk5NGI4ZDhiYjYxZTQyOWY4MDZmOTU4OTUxMjRjOGE2NjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn/kcwSH+l0eTkRRGOh0jXk4QtHZ4
5fDl33b0EzCZXIJM/AfW1r36MoiqcWOKN4FyEP5Q65bko+7pe/4QVrH9x3RKE5yt
z0ZoaT5TN8PFpGVC731H3xchJMFwnFFZzkv3I2b2BRQAw2TyWFV2QsgEn9/Tpblz
G+6jiZ+tmyW5FwwoZhKcfXef94/MuSbUxc0+hAYXGk/9vsYA+WQXsX5F5Kcx9Z3f
BxS/Ua/FqK6xXeVhm4s+opos5NgxLhn/ll9sXmPoqsCPx5JKebLXUBJgN9g50cbW
o5Q8cFvXnnzgj6Xn2aHrzVqyYnsiaFhDDqhvdgV+nd3WPHHCByo7ze8GHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEYkmZS42Lth5Cn4BvlYlRJMimZ7MB8GA1UdIwQY
MBaAFLTAQ5x5VVEQLW8eTOttHFL7xeo/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdE1CRG5IbFZVUkF0Yng1TTYyMGNVdnZGNmo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy84NmJhMDItZjk3MC00ODY5LWJlMjct
ZThlZGU1YTJmODc1LzEvUmlTWmxMall1MkhrS2ZnRy1WaVZFa3lLWm5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy84NmJhMDItZjk3MC00ODY5LWJlMjctZThlZGU1YTJmODc1
LzEvdE1CRG5IbFZVUkF0Yng1TTYyMGNVdnZGNmo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+7cMA0G
CSqGSIb3DQEBCwUAA4IBAQCF+R795h+Z6XdV+HVJlxdqTrNtWXU6/SDhCSHE0oLE
tiIP45BUU0llQgIUHshCBfX7KiMw2YwY64QSiEQ8nGLI3EqAfSu0Lz9k9eWowPV+
cViU7Gt8RsQofdCVa6vjMDEmgCStfxd2V7XmLjUa9cv8uEzfLtrd/AKTW8RBcNWY
eJJjLEn30mx8vwkUHVopL7LlRcv1IwZ7E9xTkPv1I9sg3Rer0sI8frWMGDXXTf00
ro4IHCzQPlxvha3pVzMxp5d0lN42fdw77mrw0iTLokvxdi1SMOH5cKbPXg7HmLtD
7FmfplGg73WHMIWfJa35Yrk0MK2qyxRoWAPHxVuxMNfK
-----END CERTIFICATE-----