This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/40a9b5-e899-4a8a-ac4f-966fa96beff2/1/COs54IVsv9bN1SyErw-G5fsb6yY.roa
File:                     COs54IVsv9bN1SyErw-G5fsb6yY.roa (raw, json)
Hash identifier:          9UNs6Dnf3rvvi5W/WKDmiw83fNTieB9/5O5ngxCvRno=
Subject key identifier:   08:EB:39:E0:85:6C:BF:D6:CD:D5:2C:84:AF:0F:86:E5:FB:1B:EB:26
Certificate issuer:       /CN=326f51ca23982103ffe34f9890d0b74e8fa781af
Certificate serial:       019B7BA51BDBEE67FD745049C9A08889CAC9
Authority key identifier: 32:6F:51:CA:23:98:21:03:FF:E3:4F:98:90:D0:B7:4E:8F:A7:81:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mm9RyiOYIQP_40-YkNC3To-nga8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/40a9b5-e899-4a8a-ac4f-966fa96beff2/1/COs54IVsv9bN1SyErw-G5fsb6yY.roa
Signing time:             Thu 01 Jan 2026 22:19:36 +0000
ROA not before:           Thu 01 Jan 2026 22:19:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57689
IP address blocks:        91.213.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/40a9b5-e899-4a8a-ac4f-966fa96beff2/1/Mm9RyiOYIQP_40-YkNC3To-nga8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/40a9b5-e899-4a8a-ac4f-966fa96beff2/1/Mm9RyiOYIQP_40-YkNC3To-nga8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mm9RyiOYIQP_40-YkNC3To-nga8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:1b:db:ee:67:fd:74:50:49:c9:a0:88:89:ca:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=326f51ca23982103ffe34f9890d0b74e8fa781af
        Validity
            Not Before: Jan  1 22:19:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=08eb39e0856cbfd6cdd52c84af0f86e5fb1beb26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:d4:2e:0a:8a:a3:4b:35:80:07:e8:3d:ec:9e:
                    67:dd:87:50:18:86:7d:4a:dd:9a:37:20:fc:26:be:
                    d9:41:9e:1b:1d:93:2e:5a:f1:6a:4a:fa:82:02:76:
                    0f:91:21:cc:37:19:f8:3d:99:d6:02:3c:dd:1e:eb:
                    fb:bd:ec:b3:c0:25:2a:50:b6:7a:8c:a4:05:58:39:
                    c1:d4:e8:97:f4:e7:7b:87:67:5d:fb:6d:3b:92:3a:
                    3a:ab:c1:eb:74:3d:55:27:49:65:28:88:b3:4f:9b:
                    7b:1f:e1:3d:45:6e:1a:53:0e:e6:4a:ff:c3:bc:d3:
                    92:b8:6b:0e:98:c7:4f:97:48:68:01:e3:02:e6:41:
                    04:59:c6:7e:25:b4:9f:67:bf:e6:cc:54:70:dc:aa:
                    8b:65:33:fb:65:20:35:48:d6:1c:99:81:d6:5c:8b:
                    60:e0:45:36:4b:94:0f:9f:15:58:97:f9:57:d6:bc:
                    18:7f:e3:c3:e5:f7:65:0b:f9:7e:7b:c1:da:d9:15:
                    71:eb:87:83:4c:4b:ac:76:93:b8:e0:2a:a4:f5:a9:
                    aa:c2:7d:05:eb:7d:e1:26:eb:f6:2d:37:bb:00:d6:
                    e4:3b:5d:99:86:58:db:9a:66:b7:21:69:00:53:51:
                    09:17:6c:62:cc:e6:09:a3:fc:4e:1f:c7:5d:54:eb:
                    04:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:EB:39:E0:85:6C:BF:D6:CD:D5:2C:84:AF:0F:86:E5:FB:1B:EB:26
            X509v3 Authority Key Identifier:
                keyid:32:6F:51:CA:23:98:21:03:FF:E3:4F:98:90:D0:B7:4E:8F:A7:81:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mm9RyiOYIQP_40-YkNC3To-nga8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/40a9b5-e899-4a8a-ac4f-966fa96beff2/1/COs54IVsv9bN1SyErw-G5fsb6yY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/40a9b5-e899-4a8a-ac4f-966fa96beff2/1/Mm9RyiOYIQP_40-YkNC3To-nga8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:3c:3e:04:5e:12:0f:9b:9b:93:ee:8e:e0:17:f7:88:e2:88:
         38:db:2c:5f:d3:40:a4:08:f4:fd:8f:75:8f:a3:28:2a:cf:37:
         04:c7:da:fe:31:25:07:d0:ee:ff:76:14:7c:e0:87:f7:87:1b:
         29:27:01:2e:d6:95:e7:f7:09:c8:a2:11:b8:60:6e:8c:d7:56:
         51:bd:a4:99:cb:cb:58:7e:bf:a4:b9:69:f5:23:1c:2b:32:de:
         f4:42:34:62:ad:b9:42:55:cd:49:a0:b3:49:82:51:03:2f:ee:
         7f:3c:0b:98:8f:ed:e3:27:a5:55:4f:59:09:dc:af:9c:f8:c4:
         3d:f7:c0:ee:53:cf:e3:3e:9a:1b:c5:29:57:e3:93:68:26:81:
         6c:8f:cf:1f:f8:bc:37:e9:79:43:3d:37:68:4f:f4:9c:4a:8e:
         90:19:02:74:52:24:0f:5e:eb:13:b2:b4:07:0c:bc:ff:97:62:
         01:6e:35:7a:87:7b:d8:b3:4d:70:b3:2c:7d:d2:dc:5c:ac:44:
         ff:db:77:8d:3e:85:ea:1c:9b:41:c9:71:6d:66:16:d4:29:48:
         89:bf:84:28:91:47:5e:e5:e5:0d:a3:3d:be:48:c2:4d:32:e6:
         87:ff:db:fc:34:48:83:a0:f1:eb:14:a5:72:09:0e:03:6c:43:
         da:35:d2:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pRvb7mf9dFBJyaCIicrJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNmY1MWNhMjM5ODIxMDNmZmUzNGY5ODkwZDBiNzRlOGZh
NzgxYWYwHhcNMjYwMTAxMjIxOTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGViMzllMDg1NmNiZmQ2Y2RkNTJjODRhZjBmODZlNWZiMWJlYjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuNQuCoqjSzWAB+g97J5n3YdQGIZ9
St2aNyD8Jr7ZQZ4bHZMuWvFqSvqCAnYPkSHMNxn4PZnWAjzdHuv7veyzwCUqULZ6
jKQFWDnB1OiX9Od7h2dd+207kjo6q8HrdD1VJ0llKIizT5t7H+E9RW4aUw7mSv/D
vNOSuGsOmMdPl0hoAeMC5kEEWcZ+JbSfZ7/mzFRw3KqLZTP7ZSA1SNYcmYHWXItg
4EU2S5QPnxVYl/lX1rwYf+PD5fdlC/l+e8Ha2RVx64eDTEusdpO44Cqk9amqwn0F
633hJuv2LTe7ANbkO12Zhljbmma3IWkAU1EJF2xizOYJo/xOH8ddVOsEpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAjrOeCFbL/WzdUshK8PhuX7G+smMB8GA1UdIwQY
MBaAFDJvUcojmCED/+NPmJDQt06Pp4GvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTW05UnlpT1lJUVBfNDAtWWtOQzNUby1uZ2E4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS80MGE5YjUtZTg5OS00YThhLWFjNGYt
OTY2ZmE5NmJlZmYyLzEvQ09zNTRJVnN2OWJOMVN5RXJ3LUc1ZnNiNnlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS80MGE5YjUtZTg5OS00YThhLWFjNGYtOTY2ZmE5NmJlZmYy
LzEvTW05UnlpT1lJUVBfNDAtWWtOQzNUby1uZ2E4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9USMA0G
CSqGSIb3DQEBCwUAA4IBAQBFPD4EXhIPm5uT7o7gF/eI4og42yxf00CkCPT9j3WP
oygqzzcEx9r+MSUH0O7/dhR84If3hxspJwEu1pXn9wnIohG4YG6M11ZRvaSZy8tY
fr+kuWn1IxwrMt70QjRirblCVc1JoLNJglEDL+5/PAuYj+3jJ6VVT1kJ3K+c+MQ9
98DuU8/jPpobxSlX45NoJoFsj88f+Lw36XlDPTdoT/ScSo6QGQJ0UiQPXusTsrQH
DLz/l2IBbjV6h3vYs01wsyx90txcrET/23eNPoXqHJtByXFtZhbUKUiJv4QokUde
5eUNoz2+SMJNMuaH/9v8NEiDoPHrFKVyCQ4DbEPaNdKa
-----END CERTIFICATE-----