This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/ab5fdc-9d6b-4675-9a13-9d185f738211/1/pwYTinLuDu67XvmsuR-F4t51_KA.roa
File:                     pwYTinLuDu67XvmsuR-F4t51_KA.roa (raw, json)
Hash identifier:          eNI+YaNU/hzM1s49lx5C1dDOoIT3b4beF5vq3z+7/TI=
Subject key identifier:   A7:06:13:8A:72:EE:0E:EE:BB:5E:F9:AC:B9:1F:85:E2:DE:75:FC:A0
Certificate issuer:       /CN=e43f23d68937494288dfcc7a0efe1fe74a2036e1
Certificate serial:       019B797EB74248EDFCE6A2CB91B98690B3F6
Authority key identifier: E4:3F:23:D6:89:37:49:42:88:DF:CC:7A:0E:FE:1F:E7:4A:20:36:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5D8j1ok3SUKI38x6Dv4f50ogNuE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/ab5fdc-9d6b-4675-9a13-9d185f738211/1/pwYTinLuDu67XvmsuR-F4t51_KA.roa
Signing time:             Thu 01 Jan 2026 12:18:26 +0000
ROA not before:           Thu 01 Jan 2026 12:18:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207186
IP address blocks:        91.207.154.0/24 maxlen: 24
                          91.207.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/ab5fdc-9d6b-4675-9a13-9d185f738211/1/5D8j1ok3SUKI38x6Dv4f50ogNuE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/ab5fdc-9d6b-4675-9a13-9d185f738211/1/5D8j1ok3SUKI38x6Dv4f50ogNuE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5D8j1ok3SUKI38x6Dv4f50ogNuE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:b7:42:48:ed:fc:e6:a2:cb:91:b9:86:90:b3:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e43f23d68937494288dfcc7a0efe1fe74a2036e1
        Validity
            Not Before: Jan  1 12:18:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a706138a72ee0eeebb5ef9acb91f85e2de75fca0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:e1:e3:0d:50:70:0a:f5:42:ac:2c:30:c4:d6:
                    5f:50:78:56:ff:b9:7d:9b:a6:00:c4:01:62:0b:7c:
                    32:1f:2d:c0:de:d9:90:51:ac:fd:41:2e:06:4f:96:
                    ba:d4:ff:a8:be:50:f2:06:ae:73:a0:34:d8:15:f0:
                    79:f8:84:d7:cb:75:5d:f4:67:91:ea:a0:5c:8a:dd:
                    f1:c4:80:84:50:78:a4:32:82:5d:c4:af:69:ce:71:
                    7b:21:70:3f:92:1b:d7:75:78:1e:84:d1:ed:57:29:
                    c1:3b:88:11:72:f2:fa:10:c8:85:76:5d:e5:7c:04:
                    2b:72:97:83:3d:07:aa:2a:2b:3d:9a:98:f1:97:6d:
                    be:47:92:b0:bd:94:0f:39:5c:47:9a:4e:92:73:73:
                    65:eb:8e:de:0c:4d:bb:8b:4d:e4:d2:91:8e:dc:55:
                    6a:14:2a:09:e3:df:19:44:2a:fb:57:e6:4f:fd:f1:
                    f6:0d:fc:91:0e:4d:74:0c:27:6d:7c:7c:75:bd:2d:
                    c7:1e:4e:1e:a5:54:cf:a5:ef:1b:6d:27:42:c2:dc:
                    6c:49:99:60:b2:a1:80:11:71:26:a7:d0:8f:3e:96:
                    ab:4f:51:e9:61:93:de:7e:2b:2a:8a:5f:8e:79:d6:
                    eb:9c:25:6f:ae:25:2a:52:8f:10:c0:46:70:f8:73:
                    15:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:06:13:8A:72:EE:0E:EE:BB:5E:F9:AC:B9:1F:85:E2:DE:75:FC:A0
            X509v3 Authority Key Identifier:
                keyid:E4:3F:23:D6:89:37:49:42:88:DF:CC:7A:0E:FE:1F:E7:4A:20:36:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5D8j1ok3SUKI38x6Dv4f50ogNuE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/ab5fdc-9d6b-4675-9a13-9d185f738211/1/pwYTinLuDu67XvmsuR-F4t51_KA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/ab5fdc-9d6b-4675-9a13-9d185f738211/1/5D8j1ok3SUKI38x6Dv4f50ogNuE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.154.0/23

    Signature Algorithm: sha256WithRSAEncryption
         15:bb:46:fd:1a:e8:e4:fd:d6:8a:7d:ea:7a:7b:3d:0d:99:f5:
         4e:4f:3b:34:f5:99:72:a9:d9:00:b7:4d:88:ae:80:bd:0d:76:
         6f:b9:ad:17:a5:fd:a3:8d:6f:35:71:52:94:56:db:d6:af:d0:
         98:80:e8:7b:6d:54:da:27:5a:55:f3:b7:52:af:d8:3b:49:a0:
         0a:0d:40:f4:3b:ae:29:31:be:d0:cb:3c:df:57:8f:aa:40:40:
         0d:dd:9d:92:7d:99:e0:b0:7f:29:c9:90:cd:cd:55:e2:d5:ae:
         e8:6f:a6:73:db:f5:fa:4a:3c:f4:4d:79:e3:43:71:4d:a5:39:
         ea:a4:79:45:4f:e8:63:fd:57:57:93:5e:d0:f7:db:24:dd:d0:
         a7:dd:40:d7:6b:05:84:de:39:96:80:3d:d5:75:02:11:63:ed:
         f5:61:31:5b:ac:c6:92:3d:8f:4f:b2:1d:58:96:20:b1:99:bd:
         1d:6b:67:12:23:cb:6d:19:ee:91:53:8f:3a:e7:ff:70:e0:e3:
         db:d3:41:6b:26:e5:a3:fc:bc:95:89:77:24:46:a7:66:49:7b:
         92:10:7d:6e:99:b2:4e:ba:66:35:e9:6f:1c:69:19:45:05:46:
         11:0a:0b:1b:57:7b:8e:b1:f9:2a:d6:6d:b7:4c:20:ef:e9:f7:
         66:64:40:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5frdCSO385qLLkbmGkLP2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0M2YyM2Q2ODkzNzQ5NDI4OGRmY2M3YTBlZmUxZmU3NGEy
MDM2ZTEwHhcNMjYwMTAxMTIxODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzA2MTM4YTcyZWUwZWVlYmI1ZWY5YWNiOTFmODVlMmRlNzVmY2EwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+HjDVBwCvVCrCwwxNZfUHhW/7l9
m6YAxAFiC3wyHy3A3tmQUaz9QS4GT5a61P+ovlDyBq5zoDTYFfB5+ITXy3Vd9GeR
6qBcit3xxICEUHikMoJdxK9pznF7IXA/khvXdXgehNHtVynBO4gRcvL6EMiFdl3l
fAQrcpeDPQeqKis9mpjxl22+R5KwvZQPOVxHmk6Sc3Nl647eDE27i03k0pGO3FVq
FCoJ498ZRCr7V+ZP/fH2DfyRDk10DCdtfHx1vS3HHk4epVTPpe8bbSdCwtxsSZlg
sqGAEXEmp9CPPparT1HpYZPefisqil+OedbrnCVvriUqUo8QwEZw+HMVawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKcGE4py7g7uu175rLkfheLedfygMB8GA1UdIwQY
MBaAFOQ/I9aJN0lCiN/Meg7+H+dKIDbhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUQ4ajFvazNTVUtJMzh4NkR2NGY1MG9nTnVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9hYjVmZGMtOWQ2Yi00Njc1LTlhMTMt
OWQxODVmNzM4MjExLzEvcHdZVGluTHVEdTY3WHZtc3VSLUY0dDUxX0tBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9hYjVmZGMtOWQ2Yi00Njc1LTlhMTMtOWQxODVmNzM4MjEx
LzEvNUQ4ajFvazNTVUtJMzh4NkR2NGY1MG9nTnVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW8+aMA0G
CSqGSIb3DQEBCwUAA4IBAQAVu0b9Gujk/daKfep6ez0NmfVOTzs09ZlyqdkAt02I
roC9DXZvua0Xpf2jjW81cVKUVtvWr9CYgOh7bVTaJ1pV87dSr9g7SaAKDUD0O64p
Mb7QyzzfV4+qQEAN3Z2SfZngsH8pyZDNzVXi1a7ob6Zz2/X6Sjz0TXnjQ3FNpTnq
pHlFT+hj/VdXk17Q99sk3dCn3UDXawWE3jmWgD3VdQIRY+31YTFbrMaSPY9Psh1Y
liCxmb0da2cSI8ttGe6RU4865/9w4OPb00FrJuWj/LyViXckRqdmSXuSEH1umbJO
umY16W8caRlFBUYRCgsbV3uOsfkq1m23TCDv6fdmZEAH
-----END CERTIFICATE-----