This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/92c1cf-5a22-453c-907f-eb1f8715eec0/1/jgJjnBaMcQo884ecdwwWeiiVGwE.roa
File:                     jgJjnBaMcQo884ecdwwWeiiVGwE.roa (raw, json)
Hash identifier:          uwiSgB/KcqJF3KmjqsXsLwBRecZ/E7ry8OXiZq9C8PQ=
Subject key identifier:   8E:02:63:9C:16:8C:71:0A:3C:F3:87:9C:77:0C:16:7A:28:95:1B:01
Certificate issuer:       /CN=b3d66297c5cdbd36d86849ddeae7985979f450ca
Certificate serial:       019B7F15EDB6740B535C0B02A1B66993FC42
Authority key identifier: B3:D6:62:97:C5:CD:BD:36:D8:68:49:DD:EA:E7:98:59:79:F4:50:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s9Zil8XNvTbYaEnd6ueYWXn0UMo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/92c1cf-5a22-453c-907f-eb1f8715eec0/1/jgJjnBaMcQo884ecdwwWeiiVGwE.roa
Signing time:             Fri 02 Jan 2026 14:21:42 +0000
ROA not before:           Fri 02 Jan 2026 14:21:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396982
IP address blocks:        91.241.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/92c1cf-5a22-453c-907f-eb1f8715eec0/1/s9Zil8XNvTbYaEnd6ueYWXn0UMo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/92c1cf-5a22-453c-907f-eb1f8715eec0/1/s9Zil8XNvTbYaEnd6ueYWXn0UMo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s9Zil8XNvTbYaEnd6ueYWXn0UMo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 Jan 2026 21:02:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:ed:b6:74:0b:53:5c:0b:02:a1:b6:69:93:fc:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3d66297c5cdbd36d86849ddeae7985979f450ca
        Validity
            Not Before: Jan  2 14:21:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8e02639c168c710a3cf3879c770c167a28951b01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:42:b4:37:42:1d:c4:96:59:da:65:ae:0a:1b:
                    19:8f:99:e5:d0:d1:2f:8b:af:95:33:9b:32:81:d5:
                    5a:ae:ca:90:f0:7e:fe:62:f6:e4:46:bd:75:86:c5:
                    77:a4:4a:3b:0e:c5:56:47:03:7d:8e:43:f2:70:71:
                    94:bc:9a:7a:f5:16:6e:e1:87:f5:d8:e3:df:0f:4f:
                    9b:3c:d6:64:c4:f5:77:a9:90:ef:9b:49:a0:96:b0:
                    44:20:47:5c:b3:5c:f2:b6:30:1d:04:d7:4c:2f:32:
                    cb:0c:39:97:83:4d:84:d9:b6:5c:27:f3:f5:f4:d9:
                    f7:0a:f6:a1:ec:40:a3:e5:c6:aa:10:8a:08:8f:18:
                    32:85:ff:f6:44:05:90:0b:11:2b:41:d2:08:6f:0e:
                    c0:a0:0c:22:35:ad:80:18:82:3b:35:b2:e5:f6:e1:
                    ed:13:53:36:16:c0:d7:e3:65:19:ad:5e:de:03:b1:
                    57:b1:43:7c:a0:0f:cf:f7:4f:d0:2e:12:3f:92:e6:
                    d9:db:e3:b6:cc:af:1d:2e:3a:4c:33:60:9f:10:ae:
                    68:fc:06:52:b5:8e:7f:ef:13:63:66:e3:fe:9f:85:
                    d3:05:84:2d:11:c5:37:85:70:c2:c2:88:a7:09:32:
                    f3:8b:8c:d3:31:bb:e3:55:5d:bd:c6:be:48:e6:16:
                    ed:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:02:63:9C:16:8C:71:0A:3C:F3:87:9C:77:0C:16:7A:28:95:1B:01
            X509v3 Authority Key Identifier:
                keyid:B3:D6:62:97:C5:CD:BD:36:D8:68:49:DD:EA:E7:98:59:79:F4:50:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s9Zil8XNvTbYaEnd6ueYWXn0UMo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/92c1cf-5a22-453c-907f-eb1f8715eec0/1/jgJjnBaMcQo884ecdwwWeiiVGwE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/92c1cf-5a22-453c-907f-eb1f8715eec0/1/s9Zil8XNvTbYaEnd6ueYWXn0UMo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.241.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:48:bd:5b:b9:90:aa:7e:ee:a1:08:62:93:ae:51:10:74:b0:
         8f:e0:19:e2:fa:53:1d:e2:80:df:b6:85:76:c0:f0:de:3e:e0:
         05:24:4d:ec:85:1e:60:03:79:ea:6a:5c:3c:4c:07:48:f5:61:
         fc:fe:df:e0:4b:a1:e7:a4:3c:80:6b:07:28:a2:05:03:97:ee:
         ad:14:a1:64:21:21:4c:ac:6d:48:c4:b3:53:45:fc:43:57:d9:
         c2:ef:fe:6c:f8:1a:64:c9:e7:60:5c:de:56:b2:e0:c9:2e:c9:
         2f:d1:90:7a:80:cf:89:f7:dd:8d:77:fe:9f:b6:83:5f:71:33:
         58:bd:5d:3a:7e:60:7d:48:8d:52:dd:c5:a7:ae:3c:6b:2a:30:
         85:88:b1:45:17:a3:ea:0b:82:a5:72:2c:d2:89:04:79:1f:44:
         7d:7b:7d:5e:bc:2e:d4:cf:f0:f2:5e:fc:72:44:fe:ac:ef:cb:
         02:20:0f:60:87:35:97:4d:90:31:32:fe:af:a2:61:f8:5c:cb:
         58:bc:ac:bc:57:37:75:aa:50:a1:66:49:ef:d7:dd:5c:a5:6e:
         81:d6:7a:84:85:eb:86:58:67:9c:d9:fe:2b:04:ea:57:28:6c:
         28:06:d1:6e:ec:12:d5:c5:eb:c4:05:e8:3d:41:fc:83:c1:44:
         a9:e6:dc:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/Fe22dAtTXAsCobZpk/xCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzZDY2Mjk3YzVjZGJkMzZkODY4NDlkZGVhZTc5ODU5Nzlm
NDUwY2EwHhcNMjYwMTAyMTQyMTQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTAyNjM5YzE2OGM3MTBhM2NmMzg3OWM3NzBjMTY3YTI4OTUxYjAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlEK0N0IdxJZZ2mWuChsZj5nl0NEv
i6+VM5sygdVarsqQ8H7+YvbkRr11hsV3pEo7DsVWRwN9jkPycHGUvJp69RZu4Yf1
2OPfD0+bPNZkxPV3qZDvm0mglrBEIEdcs1zytjAdBNdMLzLLDDmXg02E2bZcJ/P1
9Nn3Cvah7ECj5caqEIoIjxgyhf/2RAWQCxErQdIIbw7AoAwiNa2AGII7NbLl9uHt
E1M2FsDX42UZrV7eA7FXsUN8oA/P90/QLhI/kubZ2+O2zK8dLjpMM2CfEK5o/AZS
tY5/7xNjZuP+n4XTBYQtEcU3hXDCwoinCTLzi4zTMbvjVV29xr5I5hbtFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI4CY5wWjHEKPPOHnHcMFnoolRsBMB8GA1UdIwQY
MBaAFLPWYpfFzb022GhJ3ernmFl59FDKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczlaaWw4WE52VGJZYUVuZDZ1ZVlXWG4wVU1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS85MmMxY2YtNWEyMi00NTNjLTkwN2Yt
ZWIxZjg3MTVlZWMwLzEvamdKam5CYU1jUW84ODRlY2R3d1dlaWlWR3dFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS85MmMxY2YtNWEyMi00NTNjLTkwN2YtZWIxZjg3MTVlZWMw
LzEvczlaaWw4WE52VGJZYUVuZDZ1ZVlXWG4wVU1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/EOMA0G
CSqGSIb3DQEBCwUAA4IBAQAJSL1buZCqfu6hCGKTrlEQdLCP4Bni+lMd4oDftoV2
wPDePuAFJE3shR5gA3nqalw8TAdI9WH8/t/gS6HnpDyAawcoogUDl+6tFKFkISFM
rG1IxLNTRfxDV9nC7/5s+BpkyedgXN5WsuDJLskv0ZB6gM+J992Nd/6ftoNfcTNY
vV06fmB9SI1S3cWnrjxrKjCFiLFFF6PqC4KlcizSiQR5H0R9e31evC7Uz/DyXvxy
RP6s78sCIA9ghzWXTZAxMv6vomH4XMtYvKy8Vzd1qlChZknv191cpW6B1nqEheuG
WGec2f4rBOpXKGwoBtFu7BLVxevEBeg9QfyDwUSp5twO
-----END CERTIFICATE-----