This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/b4b01a-0746-45ff-af41-15e288b4a57d/1/cml9YHU_ypax2ib4maFPoihbh6U.roa
File:                     cml9YHU_ypax2ib4maFPoihbh6U.roa (raw, json)
Hash identifier:          Y6I1JN/k3woFsSnAPG7GyjDBJmIyx7fHnaeAcHVvkC4=
Subject key identifier:   72:69:7D:60:75:3F:CA:96:B1:DA:26:F8:99:A1:4F:A2:28:5B:87:A5
Certificate issuer:       /CN=5baeeb4c3a6985141255fd5f6ae1884067348f41
Certificate serial:       019B7E387794FFAAD254DB0F34FAC311992B
Authority key identifier: 5B:AE:EB:4C:3A:69:85:14:12:55:FD:5F:6A:E1:88:40:67:34:8F:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W67rTDpphRQSVf1fauGIQGc0j0E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/b4b01a-0746-45ff-af41-15e288b4a57d/1/cml9YHU_ypax2ib4maFPoihbh6U.roa
Signing time:             Fri 02 Jan 2026 10:19:48 +0000
ROA not before:           Fri 02 Jan 2026 10:19:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48160
IP address blocks:        91.207.142.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/b4b01a-0746-45ff-af41-15e288b4a57d/1/W67rTDpphRQSVf1fauGIQGc0j0E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/b4b01a-0746-45ff-af41-15e288b4a57d/1/W67rTDpphRQSVf1fauGIQGc0j0E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W67rTDpphRQSVf1fauGIQGc0j0E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:77:94:ff:aa:d2:54:db:0f:34:fa:c3:11:99:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5baeeb4c3a6985141255fd5f6ae1884067348f41
        Validity
            Not Before: Jan  2 10:19:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=72697d60753fca96b1da26f899a14fa2285b87a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:cd:c2:28:56:0d:f8:da:5e:b5:42:c2:01:9e:
                    47:5a:a8:35:e6:04:63:e1:04:fd:db:b6:52:59:60:
                    fb:91:8a:3b:d3:2a:08:5a:e7:30:1d:f1:85:f1:ce:
                    e6:4a:78:f4:0c:49:bf:59:cc:1e:2f:a9:26:2b:eb:
                    15:22:cc:3d:16:f8:f0:0a:a1:af:6e:2f:ba:ea:3c:
                    db:dc:9f:55:9c:0f:7e:5c:e4:6a:c2:30:71:ae:c6:
                    f3:51:73:0f:7f:d2:69:13:0a:69:2d:84:4c:21:53:
                    df:c0:e4:33:71:0a:5e:f2:8c:82:1f:0f:75:28:2e:
                    24:20:25:b9:4f:dd:b8:fc:9b:23:2b:e5:7f:6f:4e:
                    2b:dc:81:60:32:4b:93:4d:4e:72:85:28:2c:e4:a6:
                    46:7a:28:17:09:0e:78:f7:a2:04:b1:0b:46:eb:b8:
                    38:65:a7:7d:1e:4a:ec:65:5c:d0:f8:4a:fa:ca:db:
                    f1:e5:eb:c6:c1:3a:f4:a7:b1:53:0e:82:45:93:f3:
                    cf:8f:cf:62:b6:ba:8f:72:72:9e:4a:81:b3:2b:f8:
                    1b:d7:61:66:db:e1:5c:0f:7c:59:9a:7a:77:5b:7e:
                    74:52:01:73:79:5a:67:bc:06:38:14:ed:7e:b4:f6:
                    12:32:ca:f2:c8:66:78:8e:35:8a:fd:ee:82:f9:4d:
                    4d:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:69:7D:60:75:3F:CA:96:B1:DA:26:F8:99:A1:4F:A2:28:5B:87:A5
            X509v3 Authority Key Identifier:
                keyid:5B:AE:EB:4C:3A:69:85:14:12:55:FD:5F:6A:E1:88:40:67:34:8F:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W67rTDpphRQSVf1fauGIQGc0j0E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/b4b01a-0746-45ff-af41-15e288b4a57d/1/cml9YHU_ypax2ib4maFPoihbh6U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/b4b01a-0746-45ff-af41-15e288b4a57d/1/W67rTDpphRQSVf1fauGIQGc0j0E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.142.0/23

    Signature Algorithm: sha256WithRSAEncryption
         80:5e:ae:eb:66:a0:60:1d:aa:a0:23:9d:8a:87:8a:b7:17:9d:
         73:6b:64:4c:e8:e8:d7:4f:d0:0f:43:d8:ed:2e:02:2a:e2:f0:
         12:b9:9a:ae:24:95:68:f2:5f:d1:0e:34:b9:5d:7f:0d:59:25:
         96:b1:76:d9:50:be:fa:59:5e:fb:10:b7:ed:69:32:37:19:ac:
         85:1f:e6:29:f9:87:6d:99:5f:2f:98:aa:79:09:c2:0b:cd:cd:
         93:3b:28:79:5a:ca:61:e1:05:92:f4:29:be:a1:28:af:31:34:
         4d:1f:ec:1a:85:3f:36:26:00:d5:3d:f8:b1:7a:a4:40:89:ab:
         dd:69:5d:4e:1f:af:ce:60:2f:6b:57:67:03:08:42:23:f3:e3:
         0f:4e:f5:32:8f:ea:24:d4:d9:c1:3d:5d:af:87:57:33:93:ea:
         21:d9:e1:97:7b:5e:ff:b7:42:5e:e9:ff:f5:e7:f5:1c:83:d0:
         d9:6b:4c:f3:8d:8c:23:70:11:6f:7e:45:90:92:3b:2b:2e:c8:
         d7:6b:4b:f2:65:6b:3b:e3:d1:df:52:0c:e3:ca:b1:2d:89:33:
         fc:47:7f:27:53:9c:30:3a:f3:fb:24:af:2e:bf:e6:68:39:af:
         3b:c8:01:de:6b:4a:c2:ff:e4:88:e1:df:c6:08:20:ed:b1:67:
         aa:1d:ba:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OHeU/6rSVNsPNPrDEZkrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViYWVlYjRjM2E2OTg1MTQxMjU1ZmQ1ZjZhZTE4ODQwNjcz
NDhmNDEwHhcNMjYwMTAyMTAxOTQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjY5N2Q2MDc1M2ZjYTk2YjFkYTI2Zjg5OWExNGZhMjI4NWI4N2E1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0s3CKFYN+NpetULCAZ5HWqg15gRj
4QT927ZSWWD7kYo70yoIWucwHfGF8c7mSnj0DEm/WcweL6kmK+sVIsw9FvjwCqGv
bi+66jzb3J9VnA9+XORqwjBxrsbzUXMPf9JpEwppLYRMIVPfwOQzcQpe8oyCHw91
KC4kICW5T924/JsjK+V/b04r3IFgMkuTTU5yhSgs5KZGeigXCQ5496IEsQtG67g4
Zad9HkrsZVzQ+Er6ytvx5evGwTr0p7FTDoJFk/PPj89itrqPcnKeSoGzK/gb12Fm
2+FcD3xZmnp3W350UgFzeVpnvAY4FO1+tPYSMsryyGZ4jjWK/e6C+U1N7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHJpfWB1P8qWsdom+JmhT6IoW4elMB8GA1UdIwQY
MBaAFFuu60w6aYUUElX9X2rhiEBnNI9BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzY3clREcHBoUlFTVmYxZmF1R0lRR2MwajBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy9iNGIwMWEtMDc0Ni00NWZmLWFmNDEt
MTVlMjg4YjRhNTdkLzEvY21sOVlIVV95cGF4MmliNG1hRlBvaWhiaDZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy9iNGIwMWEtMDc0Ni00NWZmLWFmNDEtMTVlMjg4YjRhNTdk
LzEvVzY3clREcHBoUlFTVmYxZmF1R0lRR2MwajBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW8+OMA0G
CSqGSIb3DQEBCwUAA4IBAQCAXq7rZqBgHaqgI52Kh4q3F51za2RM6OjXT9APQ9jt
LgIq4vASuZquJJVo8l/RDjS5XX8NWSWWsXbZUL76WV77ELftaTI3GayFH+Yp+Ydt
mV8vmKp5CcILzc2TOyh5Wsph4QWS9Cm+oSivMTRNH+wahT82JgDVPfixeqRAiavd
aV1OH6/OYC9rV2cDCEIj8+MPTvUyj+ok1NnBPV2vh1czk+oh2eGXe17/t0Je6f/1
5/Ucg9DZa0zzjYwjcBFvfkWQkjsrLsjXa0vyZWs749HfUgzjyrEtiTP8R38nU5ww
OvP7JK8uv+ZoOa87yAHea0rC/+SI4d/GCCDtsWeqHbon
-----END CERTIFICATE-----