This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/9b0ed7-9fd6-4ca6-a575-36aa91069cbd/1/PwmzQDtdQKKkIkWKrZGRcmah5dQ.roa
File:                     PwmzQDtdQKKkIkWKrZGRcmah5dQ.roa (raw, json)
Hash identifier:          ITm5p27lwo8RsG8igl1Cc79jjfq+F5jXkYNhSwGUmmE=
Subject key identifier:   3F:09:B3:40:3B:5D:40:A2:A4:22:45:8A:AD:91:91:72:66:A1:E5:D4
Certificate issuer:       /CN=8d90a8c886ee9ac4238616f92631ebb8bc76e371
Certificate serial:       019B797E21366330C279860550D7001579D3
Authority key identifier: 8D:90:A8:C8:86:EE:9A:C4:23:86:16:F9:26:31:EB:B8:BC:76:E3:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jZCoyIbumsQjhhb5JjHruLx243E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/9b0ed7-9fd6-4ca6-a575-36aa91069cbd/1/PwmzQDtdQKKkIkWKrZGRcmah5dQ.roa
Signing time:             Thu 01 Jan 2026 12:17:47 +0000
ROA not before:           Thu 01 Jan 2026 12:17:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     52182
IP address blocks:        91.222.248.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/9b0ed7-9fd6-4ca6-a575-36aa91069cbd/1/jZCoyIbumsQjhhb5JjHruLx243E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/9b0ed7-9fd6-4ca6-a575-36aa91069cbd/1/jZCoyIbumsQjhhb5JjHruLx243E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jZCoyIbumsQjhhb5JjHruLx243E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 12:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:21:36:63:30:c2:79:86:05:50:d7:00:15:79:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d90a8c886ee9ac4238616f92631ebb8bc76e371
        Validity
            Not Before: Jan  1 12:17:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3f09b3403b5d40a2a422458aad91917266a1e5d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:e8:d9:61:65:d1:df:cf:76:57:c6:c6:bf:13:
                    3b:50:3c:a1:85:e0:56:cd:c2:3b:e4:35:c3:94:42:
                    b4:01:51:9c:19:ed:75:0f:d5:53:22:f8:0e:9b:ac:
                    85:ff:d9:25:0d:d4:73:bc:a3:2d:3b:86:8a:52:92:
                    0d:5c:fc:6c:c5:ca:7f:f7:60:1a:24:8c:32:e2:c7:
                    73:2d:5b:4a:05:ef:52:7f:a8:0c:89:61:cd:8f:d7:
                    a7:3e:32:b1:cd:5e:89:fc:ff:12:7e:41:e4:7c:20:
                    c2:42:db:1e:3d:fe:c2:e0:53:d4:02:8e:45:84:6c:
                    97:7c:3c:30:c9:53:77:21:c4:a5:f4:70:c9:d3:0e:
                    42:a1:d6:e6:4f:a1:24:77:d6:18:93:00:29:bd:c0:
                    4a:ef:93:64:97:d4:ab:3d:5b:f8:2d:34:6d:39:91:
                    76:a9:dc:54:14:e0:bd:2a:7b:bf:7c:4e:a4:68:66:
                    d6:35:56:a9:a9:4f:7d:fd:4a:91:77:d2:41:f1:82:
                    fd:cb:1e:d8:6b:58:41:92:92:52:b8:19:54:1e:be:
                    70:c6:6c:71:32:ab:12:2b:d2:22:ef:d2:ad:b8:ed:
                    c5:1a:f2:18:09:64:95:19:38:48:ce:a4:50:69:61:
                    9e:c7:8e:5d:d7:1b:eb:d0:9a:93:c9:42:02:7f:78:
                    b3:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:09:B3:40:3B:5D:40:A2:A4:22:45:8A:AD:91:91:72:66:A1:E5:D4
            X509v3 Authority Key Identifier:
                keyid:8D:90:A8:C8:86:EE:9A:C4:23:86:16:F9:26:31:EB:B8:BC:76:E3:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jZCoyIbumsQjhhb5JjHruLx243E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/9b0ed7-9fd6-4ca6-a575-36aa91069cbd/1/PwmzQDtdQKKkIkWKrZGRcmah5dQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/9b0ed7-9fd6-4ca6-a575-36aa91069cbd/1/jZCoyIbumsQjhhb5JjHruLx243E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.222.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         85:32:31:65:34:20:c9:be:b3:54:29:75:28:4d:ac:2a:9e:7d:
         6b:79:b6:cf:12:e8:48:da:a6:56:85:39:18:19:fe:c0:01:eb:
         93:e8:50:80:e7:2d:6b:bb:d2:e4:ea:35:1e:11:c7:82:4d:0c:
         cd:11:26:af:c8:16:dc:fe:c4:68:c6:d3:dc:0f:8d:f5:b2:2a:
         66:d4:76:a7:45:3e:75:70:d7:2b:f3:75:e9:d6:b7:4d:df:11:
         47:02:6e:ec:fc:2e:c2:a9:7a:46:9e:97:ab:4a:0a:7f:77:d1:
         c3:43:60:9d:a5:02:85:8d:22:e3:73:93:22:a8:e1:9d:14:ed:
         fb:72:a5:85:90:7f:57:ef:46:51:ed:33:3f:c0:8c:1a:ba:4f:
         c2:f1:d6:c8:ed:8b:72:30:b7:d2:97:a2:cb:b0:3d:68:eb:22:
         c7:d8:b0:07:96:7e:d9:1c:80:e2:f9:25:e8:97:8e:4d:de:79:
         66:1a:85:6a:10:b0:7a:22:62:55:ba:44:3e:11:9a:3a:0c:36:
         51:2b:ce:fe:ce:1e:76:7c:9d:31:4f:45:e5:cb:53:a3:a5:a8:
         31:58:19:11:2e:f9:88:2d:79:33:19:a4:7c:dc:93:bd:ad:da:
         3e:c7:b2:30:b9:54:63:3d:b8:19:70:c3:7e:58:83:0d:b6:22:
         0d:5a:45:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fiE2YzDCeYYFUNcAFXnTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkOTBhOGM4ODZlZTlhYzQyMzg2MTZmOTI2MzFlYmI4YmM3
NmUzNzEwHhcNMjYwMTAxMTIxNzQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjA5YjM0MDNiNWQ0MGEyYTQyMjQ1OGFhZDkxOTE3MjY2YTFlNWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoujZYWXR3892V8bGvxM7UDyhheBW
zcI75DXDlEK0AVGcGe11D9VTIvgOm6yF/9klDdRzvKMtO4aKUpINXPxsxcp/92Aa
JIwy4sdzLVtKBe9Sf6gMiWHNj9enPjKxzV6J/P8SfkHkfCDCQtsePf7C4FPUAo5F
hGyXfDwwyVN3IcSl9HDJ0w5CodbmT6Ekd9YYkwApvcBK75Nkl9SrPVv4LTRtOZF2
qdxUFOC9Knu/fE6kaGbWNVapqU99/UqRd9JB8YL9yx7Ya1hBkpJSuBlUHr5wxmxx
MqsSK9Ii79KtuO3FGvIYCWSVGThIzqRQaWGex45d1xvr0JqTyUICf3izgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD8Js0A7XUCipCJFiq2RkXJmoeXUMB8GA1UdIwQY
MBaAFI2QqMiG7prEI4YW+SYx67i8duNxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalpDb3lJYnVtc1FqaGhiNUpqSHJ1THgyNDNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC85YjBlZDctOWZkNi00Y2E2LWE1NzUt
MzZhYTkxMDY5Y2JkLzEvUHdtelFEdGRRS0trSWtXS3JaR1JjbWFoNWRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC85YjBlZDctOWZkNi00Y2E2LWE1NzUtMzZhYTkxMDY5Y2Jk
LzEvalpDb3lJYnVtc1FqaGhiNUpqSHJ1THgyNDNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW974MA0G
CSqGSIb3DQEBCwUAA4IBAQCFMjFlNCDJvrNUKXUoTawqnn1rebbPEuhI2qZWhTkY
Gf7AAeuT6FCA5y1ru9Lk6jUeEceCTQzNESavyBbc/sRoxtPcD431sipm1HanRT51
cNcr83Xp1rdN3xFHAm7s/C7CqXpGnperSgp/d9HDQ2CdpQKFjSLjc5MiqOGdFO37
cqWFkH9X70ZR7TM/wIwauk/C8dbI7YtyMLfSl6LLsD1o6yLH2LAHln7ZHIDi+SXo
l45N3nlmGoVqELB6ImJVukQ+EZo6DDZRK87+zh52fJ0xT0Xly1OjpagxWBkRLvmI
LXkzGaR83JO9rdo+x7IwuVRjPbgZcMN+WIMNtiINWkXZ
-----END CERTIFICATE-----