This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/421c6d-535c-4c13-8da3-dea12dd8c7f4/1/Z4cd67t_oTbTTOY62m-SDIBMEfk.roa
File:                     Z4cd67t_oTbTTOY62m-SDIBMEfk.roa (raw, json)
Hash identifier:          /PTXJtjmPJ7VKf+Ddpyha9KTCciauyGlpPXGyj6aw+Y=
Subject key identifier:   67:87:1D:EB:BB:7F:A1:36:D3:4C:E6:3A:DA:6F:92:0C:80:4C:11:F9
Certificate issuer:       /CN=b8ed3ebcd2155f9a178a103adab48fda8b2275a5
Certificate serial:       019B7BA33F80381AB2C7CFDFBE665ACDE1D3
Authority key identifier: B8:ED:3E:BC:D2:15:5F:9A:17:8A:10:3A:DA:B4:8F:DA:8B:22:75:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uO0-vNIVX5oXihA62rSP2osidaU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/421c6d-535c-4c13-8da3-dea12dd8c7f4/1/Z4cd67t_oTbTTOY62m-SDIBMEfk.roa
Signing time:             Thu 01 Jan 2026 22:17:34 +0000
ROA not before:           Thu 01 Jan 2026 22:17:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203473
IP address blocks:        91.215.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/421c6d-535c-4c13-8da3-dea12dd8c7f4/1/uO0-vNIVX5oXihA62rSP2osidaU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/421c6d-535c-4c13-8da3-dea12dd8c7f4/1/uO0-vNIVX5oXihA62rSP2osidaU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uO0-vNIVX5oXihA62rSP2osidaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:3f:80:38:1a:b2:c7:cf:df:be:66:5a:cd:e1:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8ed3ebcd2155f9a178a103adab48fda8b2275a5
        Validity
            Not Before: Jan  1 22:17:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=67871debbb7fa136d34ce63ada6f920c804c11f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:c6:d2:fc:40:70:02:5b:00:b9:94:b4:d6:de:
                    c8:8c:0b:51:aa:3d:f4:f5:a9:fe:42:53:f9:79:5a:
                    9f:71:a4:55:f3:85:81:15:08:2d:18:ab:c1:ba:c5:
                    13:9d:7e:62:c1:72:f8:f4:43:7e:bd:e6:7b:3f:57:
                    c9:15:96:f7:ed:ca:f9:b3:86:6f:bc:ac:dc:97:ad:
                    32:2a:00:6c:db:0a:73:79:48:42:e0:59:78:46:1f:
                    44:e0:57:0d:a6:b7:85:8b:f5:bb:b5:b2:cd:cc:bc:
                    c5:76:bd:69:57:42:26:40:75:4d:36:9a:58:54:62:
                    ce:23:7e:78:02:ed:94:66:5c:f0:fe:37:1d:55:46:
                    a5:ac:06:2d:23:7f:62:49:c0:b7:8d:be:67:da:c5:
                    46:7d:72:de:86:92:fa:26:ea:12:3d:3c:86:80:ab:
                    52:13:e5:90:e8:75:c1:1c:0b:68:d4:d7:26:f2:51:
                    d4:41:d2:ac:a6:b5:a4:e8:3a:44:43:25:98:fc:f2:
                    64:94:d5:25:21:3d:34:1b:e5:14:7e:88:f3:17:ec:
                    98:ad:1d:17:4a:1a:a3:22:bf:14:1a:74:0d:7a:a3:
                    e9:50:87:32:03:03:f3:ea:c9:1e:c3:65:e6:f2:61:
                    f2:7c:18:e5:a8:0d:31:f9:2b:96:3e:85:73:f7:78:
                    b9:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:87:1D:EB:BB:7F:A1:36:D3:4C:E6:3A:DA:6F:92:0C:80:4C:11:F9
            X509v3 Authority Key Identifier:
                keyid:B8:ED:3E:BC:D2:15:5F:9A:17:8A:10:3A:DA:B4:8F:DA:8B:22:75:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uO0-vNIVX5oXihA62rSP2osidaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/421c6d-535c-4c13-8da3-dea12dd8c7f4/1/Z4cd67t_oTbTTOY62m-SDIBMEfk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/421c6d-535c-4c13-8da3-dea12dd8c7f4/1/uO0-vNIVX5oXihA62rSP2osidaU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.215.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:06:bc:ad:c4:4a:94:35:12:cd:5d:ea:bb:5a:6d:e9:0c:f4:
         c6:6d:e2:be:98:96:b0:c5:d8:c6:22:3d:2d:54:17:da:c8:71:
         53:29:be:9e:43:16:c7:63:24:de:51:f1:01:2e:ee:b4:1a:51:
         ca:af:0f:5d:1b:97:56:a6:95:ba:9f:77:20:50:13:6e:fc:af:
         4f:c4:42:68:c4:95:33:b4:b3:77:65:0d:b1:fa:3c:67:d0:fc:
         f7:87:82:0c:b7:84:dd:24:69:95:eb:14:f6:da:d2:aa:0c:ff:
         1a:5d:72:53:68:67:05:17:a7:06:ce:d4:a0:1a:e8:78:6a:80:
         51:dd:87:64:f9:13:92:94:09:48:27:6c:fd:0b:8d:00:0c:7e:
         4a:b3:34:93:0c:a5:bc:ee:3a:f0:b5:4c:76:59:e8:74:77:4a:
         13:36:8c:b2:49:ed:24:1a:d1:44:80:29:6f:be:fa:47:d8:11:
         1c:47:49:6e:5a:b0:f5:e4:ba:74:7d:f4:11:04:aa:ed:0e:c1:
         fd:a9:de:01:6c:57:59:44:ab:97:e7:e1:6a:27:47:6c:92:f1:
         62:7e:59:ec:22:7c:8d:0c:3b:0d:e7:4e:17:01:4c:4e:dc:17:
         76:b5:21:ab:ae:6c:cf:44:f4:82:87:05:c8:29:04:04:5a:c6:
         fd:69:fb:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7oz+AOBqyx8/fvmZazeHTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4ZWQzZWJjZDIxNTVmOWExNzhhMTAzYWRhYjQ4ZmRhOGIy
Mjc1YTUwHhcNMjYwMTAxMjIxNzM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Nzg3MWRlYmJiN2ZhMTM2ZDM0Y2U2M2FkYTZmOTIwYzgwNGMxMWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtcbS/EBwAlsAuZS01t7IjAtRqj30
9an+QlP5eVqfcaRV84WBFQgtGKvBusUTnX5iwXL49EN+veZ7P1fJFZb37cr5s4Zv
vKzcl60yKgBs2wpzeUhC4Fl4Rh9E4FcNpreFi/W7tbLNzLzFdr1pV0ImQHVNNppY
VGLOI354Au2UZlzw/jcdVUalrAYtI39iScC3jb5n2sVGfXLehpL6JuoSPTyGgKtS
E+WQ6HXBHAto1Ncm8lHUQdKsprWk6DpEQyWY/PJklNUlIT00G+UUfojzF+yYrR0X
ShqjIr8UGnQNeqPpUIcyAwPz6skew2Xm8mHyfBjlqA0x+SuWPoVz93i58QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGeHHeu7f6E200zmOtpvkgyATBH5MB8GA1UdIwQY
MBaAFLjtPrzSFV+aF4oQOtq0j9qLInWlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdU8wLXZOSVZYNW9YaWhBNjJyU1Ayb3NpZGFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi80MjFjNmQtNTM1Yy00YzEzLThkYTMt
ZGVhMTJkZDhjN2Y0LzEvWjRjZDY3dF9vVGJUVE9ZNjJtLVNESUJNRWZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi80MjFjNmQtNTM1Yy00YzEzLThkYTMtZGVhMTJkZDhjN2Y0
LzEvdU8wLXZOSVZYNW9YaWhBNjJyU1Ayb3NpZGFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9fKMA0G
CSqGSIb3DQEBCwUAA4IBAQBqBrytxEqUNRLNXeq7Wm3pDPTGbeK+mJawxdjGIj0t
VBfayHFTKb6eQxbHYyTeUfEBLu60GlHKrw9dG5dWppW6n3cgUBNu/K9PxEJoxJUz
tLN3ZQ2x+jxn0Pz3h4IMt4TdJGmV6xT22tKqDP8aXXJTaGcFF6cGztSgGuh4aoBR
3Ydk+ROSlAlIJ2z9C40ADH5KszSTDKW87jrwtUx2Weh0d0oTNoyySe0kGtFEgClv
vvpH2BEcR0luWrD15Lp0ffQRBKrtDsH9qd4BbFdZRKuX5+FqJ0dskvFiflnsInyN
DDsN504XAUxO3Bd2tSGrrmzPRPSChwXIKQQEWsb9aftx
-----END CERTIFICATE-----