This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/67ffe9-8d98-4c6d-be2a-3f6ec249717c/1/1Gy5y0l2Z3RJbwpIdwQeXu-S_os.roa
File:                     1Gy5y0l2Z3RJbwpIdwQeXu-S_os.roa (raw, json)
Hash identifier:          A0SPA20n6txHOLSFN/vzsdzLr5oEp33Xca7U8bJmR+A=
Subject key identifier:   D4:6C:B9:CB:49:76:67:74:49:6F:0A:48:77:04:1E:5E:EF:92:FE:8B
Certificate issuer:       /CN=ab2e5b67f25cbd882ca4d023d21ef98d483735db
Certificate serial:       019B7AC937E93079719496A0C4133C7DBD01
Authority key identifier: AB:2E:5B:67:F2:5C:BD:88:2C:A4:D0:23:D2:1E:F9:8D:48:37:35:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy5bZ_JcvYgspNAj0h75jUg3Nds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/67ffe9-8d98-4c6d-be2a-3f6ec249717c/1/1Gy5y0l2Z3RJbwpIdwQeXu-S_os.roa
Signing time:             Thu 01 Jan 2026 18:19:25 +0000
ROA not before:           Thu 01 Jan 2026 18:19:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15830
IP address blocks:        91.244.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/67ffe9-8d98-4c6d-be2a-3f6ec249717c/1/qy5bZ_JcvYgspNAj0h75jUg3Nds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/67ffe9-8d98-4c6d-be2a-3f6ec249717c/1/qy5bZ_JcvYgspNAj0h75jUg3Nds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy5bZ_JcvYgspNAj0h75jUg3Nds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 21:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c9:37:e9:30:79:71:94:96:a0:c4:13:3c:7d:bd:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2e5b67f25cbd882ca4d023d21ef98d483735db
        Validity
            Not Before: Jan  1 18:19:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d46cb9cb49766774496f0a4877041e5eef92fe8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:5b:a0:a3:ad:3a:1d:25:ca:9e:c1:1d:5f:4d:
                    f6:81:b9:bb:b8:ac:22:84:ec:e8:38:14:c6:38:61:
                    f0:29:18:2d:41:0a:7d:59:d6:9e:24:43:a5:bb:51:
                    03:8c:a8:b5:50:89:64:f7:e3:c2:e5:de:b1:84:ca:
                    ea:60:b4:c3:f3:5c:f2:e9:14:a5:cf:49:52:12:7e:
                    af:fa:67:55:bf:fe:45:93:bb:b8:dc:6a:d0:93:b8:
                    3d:d8:74:f9:66:72:4f:cc:87:66:14:3d:26:59:52:
                    62:7b:1f:0e:ee:3d:79:f1:f2:af:8e:f3:d2:4f:f0:
                    01:8b:2a:8d:d5:22:30:2e:f2:70:83:92:f8:e2:75:
                    ce:3d:a8:45:30:7b:cb:c8:4f:d4:72:92:92:88:5f:
                    21:fd:3b:3f:5b:f8:f5:38:74:30:84:4c:41:cd:f0:
                    74:a9:bf:ee:f8:71:db:39:38:39:cd:9a:5d:cd:70:
                    71:43:5b:e0:c1:8e:60:ab:7d:62:ed:b2:84:18:a0:
                    e4:0b:db:70:6c:b8:52:27:50:aa:09:22:b1:a9:b1:
                    37:06:81:9f:66:71:00:e1:5b:29:cd:48:40:af:9d:
                    ad:d0:bf:da:1e:b0:9d:38:3e:6f:4b:19:f1:06:cc:
                    6b:e9:c1:79:e0:d6:9e:b6:6b:45:42:ac:26:a9:1c:
                    d2:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:6C:B9:CB:49:76:67:74:49:6F:0A:48:77:04:1E:5E:EF:92:FE:8B
            X509v3 Authority Key Identifier:
                keyid:AB:2E:5B:67:F2:5C:BD:88:2C:A4:D0:23:D2:1E:F9:8D:48:37:35:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy5bZ_JcvYgspNAj0h75jUg3Nds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/67ffe9-8d98-4c6d-be2a-3f6ec249717c/1/1Gy5y0l2Z3RJbwpIdwQeXu-S_os.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/67ffe9-8d98-4c6d-be2a-3f6ec249717c/1/qy5bZ_JcvYgspNAj0h75jUg3Nds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.244.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:d4:77:98:05:b3:c0:39:6e:43:2e:b4:9f:09:40:6d:bf:46:
         93:01:42:48:5c:4d:b2:73:6a:3f:50:1a:cc:4f:8e:3a:ba:39:
         bb:d5:33:bf:ed:71:0d:ce:2e:e8:22:89:81:f3:57:f9:7b:74:
         37:3b:fb:83:02:6c:fb:8a:67:20:6e:5c:24:79:62:fe:e9:fe:
         85:b6:b4:55:17:d6:c0:30:70:a4:a7:79:e0:a3:78:43:56:23:
         01:6e:b2:c4:de:08:6e:e9:3d:f6:54:b2:f5:48:12:46:8a:75:
         cf:f4:15:8b:f5:9d:6e:72:1d:4f:49:c4:fa:5c:ef:35:64:83:
         b7:dc:16:45:01:6e:a6:b9:40:ce:c6:79:38:7f:70:a8:e0:d6:
         b2:7f:b0:26:4b:77:cd:ee:f7:3f:79:a0:5b:50:89:75:b9:f4:
         d5:e9:f8:6a:03:70:04:50:2a:8a:1c:bd:aa:36:d8:6a:54:0b:
         8b:d5:eb:15:92:dc:ed:e3:79:3f:cf:81:8e:05:6a:63:91:2a:
         8a:f0:41:02:d2:4a:08:cd:ce:38:c7:77:c7:dd:a8:05:fc:2b:
         84:0b:c5:58:fe:f0:9d:45:62:88:6d:67:42:9e:fe:ec:30:d2:
         db:19:98:b6:3b:9e:ff:dc:ad:d4:8d:0a:53:7a:41:7d:ed:eb:
         2c:de:1c:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yTfpMHlxlJagxBM8fb0BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMmU1YjY3ZjI1Y2JkODgyY2E0ZDAyM2QyMWVmOThkNDgz
NzM1ZGIwHhcNMjYwMTAxMTgxOTI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDZjYjljYjQ5NzY2Nzc0NDk2ZjBhNDg3NzA0MWU1ZWVmOTJmZThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo1ugo606HSXKnsEdX032gbm7uKwi
hOzoOBTGOGHwKRgtQQp9WdaeJEOlu1EDjKi1UIlk9+PC5d6xhMrqYLTD81zy6RSl
z0lSEn6v+mdVv/5Fk7u43GrQk7g92HT5ZnJPzIdmFD0mWVJiex8O7j158fKvjvPS
T/ABiyqN1SIwLvJwg5L44nXOPahFMHvLyE/UcpKSiF8h/Ts/W/j1OHQwhExBzfB0
qb/u+HHbOTg5zZpdzXBxQ1vgwY5gq31i7bKEGKDkC9twbLhSJ1CqCSKxqbE3BoGf
ZnEA4VspzUhAr52t0L/aHrCdOD5vSxnxBsxr6cF54NaetmtFQqwmqRzSKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNRsuctJdmd0SW8KSHcEHl7vkv6LMB8GA1UdIwQY
MBaAFKsuW2fyXL2ILKTQI9Ie+Y1INzXbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXk1YlpfSmN2WWdzcE5BajBoNzVqVWczTmRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC82N2ZmZTktOGQ5OC00YzZkLWJlMmEt
M2Y2ZWMyNDk3MTdjLzEvMUd5NXkwbDJaM1JKYndwSWR3UWVYdS1TX29zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC82N2ZmZTktOGQ5OC00YzZkLWJlMmEtM2Y2ZWMyNDk3MTdj
LzEvcXk1YlpfSmN2WWdzcE5BajBoNzVqVWczTmRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/TsMA0G
CSqGSIb3DQEBCwUAA4IBAQBi1HeYBbPAOW5DLrSfCUBtv0aTAUJIXE2yc2o/UBrM
T446ujm71TO/7XENzi7oIomB81f5e3Q3O/uDAmz7imcgblwkeWL+6f6FtrRVF9bA
MHCkp3ngo3hDViMBbrLE3ghu6T32VLL1SBJGinXP9BWL9Z1uch1PScT6XO81ZIO3
3BZFAW6muUDOxnk4f3Co4Nayf7AmS3fN7vc/eaBbUIl1ufTV6fhqA3AEUCqKHL2q
NthqVAuL1esVktzt43k/z4GOBWpjkSqK8EEC0koIzc44x3fH3agF/CuEC8VY/vCd
RWKIbWdCnv7sMNLbGZi2O57/3K3UjQpTekF97ess3hwv
-----END CERTIFICATE-----