This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/XIqvmqOdi_1zuzz2kKUxoCjwnVU.roa
File:                     XIqvmqOdi_1zuzz2kKUxoCjwnVU.roa (raw, json)
Hash identifier:          aMJOD4Mp/WfwOzWMvVMOZcZY7T1v0Kzr3ZB6XKJtt8o=
Subject key identifier:   5C:8A:AF:9A:A3:9D:8B:FD:73:BB:3C:F6:90:A5:31:A0:28:F0:9D:55
Certificate issuer:       /CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
Certificate serial:       019B77C776839E46ECDD7CA5782EA78CD1A1
Authority key identifier: 3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/XIqvmqOdi_1zuzz2kKUxoCjwnVU.roa
Signing time:             Thu 01 Jan 2026 04:18:39 +0000
ROA not before:           Thu 01 Jan 2026 04:18:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211440
IP address blocks:        91.147.120.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:76:83:9e:46:ec:dd:7c:a5:78:2e:a7:8c:d1:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
        Validity
            Not Before: Jan  1 04:18:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5c8aaf9aa39d8bfd73bb3cf690a531a028f09d55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:4a:9f:f7:b0:27:57:a9:44:89:97:90:72:de:
                    62:55:60:b9:c8:2c:0d:ff:08:75:0c:58:69:46:92:
                    37:33:79:dd:4a:ea:95:a5:51:ea:c3:55:0e:44:9f:
                    9f:af:26:85:7b:24:2a:20:ae:e9:76:90:5f:16:a3:
                    12:ea:bd:c7:15:7c:9e:3e:1f:2f:c8:aa:bf:73:ed:
                    7b:3c:8b:b2:f6:ba:e8:99:65:d2:b0:4e:d0:1b:f8:
                    60:60:bc:00:67:5b:b0:e8:cd:4c:38:6a:1d:95:f4:
                    b0:c1:a6:b3:ce:8d:c0:b6:23:48:67:81:0c:5f:cd:
                    ac:2f:56:6f:a9:7f:5c:0b:b2:07:10:25:ca:42:91:
                    0d:8b:9e:4b:16:44:22:e4:f9:d2:2c:eb:a0:26:d8:
                    84:99:bb:38:e7:f1:0f:80:26:82:19:65:2b:07:fd:
                    85:ef:f4:93:ae:73:d7:94:aa:a8:24:a5:dc:72:6a:
                    85:0d:2a:d0:bc:ef:2c:d8:82:64:a9:4a:e8:fa:f8:
                    25:0f:25:69:d1:68:84:15:98:ef:8e:c1:be:2d:f3:
                    dd:4b:a3:12:e3:c7:dc:d6:36:31:75:b5:ee:eb:b9:
                    00:17:19:ca:37:5b:3e:97:81:b1:83:29:9a:cf:87:
                    d2:b7:51:ea:85:21:40:f5:83:b0:ef:c6:90:7b:3d:
                    e7:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:8A:AF:9A:A3:9D:8B:FD:73:BB:3C:F6:90:A5:31:A0:28:F0:9D:55
            X509v3 Authority Key Identifier:
                keyid:3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/XIqvmqOdi_1zuzz2kKUxoCjwnVU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.147.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:05:a4:9e:42:38:74:a7:ce:be:7e:46:9e:c2:93:f3:ba:79:
         00:7b:5e:4b:84:98:c4:13:2f:46:c7:83:a9:02:10:6e:0e:e1:
         13:26:3a:25:82:eb:a1:42:ca:bf:69:a3:0b:af:81:79:7e:65:
         55:21:e0:f3:4c:e5:5e:18:db:0a:67:e5:1f:b7:bc:1a:98:9b:
         62:36:90:4c:a9:d4:49:63:e1:ed:05:91:e5:08:04:da:fd:17:
         fb:9d:ad:5b:c0:2e:5d:cc:f0:51:05:3e:9a:77:23:fb:7a:5d:
         34:d0:63:fc:d6:4a:dd:bb:17:c0:20:bb:75:9d:3f:bd:88:39:
         fe:c9:1f:51:8d:0a:8e:f3:7b:aa:d0:8b:23:fd:ff:3e:c2:2d:
         10:cf:69:1f:5b:bc:01:d3:c5:ea:78:00:1b:86:95:e7:21:97:
         e1:04:9b:28:bb:76:8f:19:c6:3e:2d:93:c6:99:d5:ae:d2:e4:
         32:90:e1:bd:bb:c8:55:77:62:0a:55:41:5b:17:93:19:ac:a9:
         45:1c:a9:b0:a4:53:37:ce:35:24:af:c9:cc:a4:64:59:29:74:
         90:16:22:fb:08:d1:23:ca:a7:ed:e6:75:dc:fc:0c:9d:65:78:
         48:a3:9c:f3:79:54:27:aa:f6:a0:e6:fb:98:ae:e9:c6:5e:e3:
         99:40:ff:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3x3aDnkbs3XyleC6njNGhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiMDk4ZTQ1ZWY0YmI1ZDE4ZGJjODZjNWExMzVmNTdlYmNi
ZTAwNWQwHhcNMjYwMTAxMDQxODM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzhhYWY5YWEzOWQ4YmZkNzNiYjNjZjY5MGE1MzFhMDI4ZjA5ZDU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Uqf97AnV6lEiZeQct5iVWC5yCwN
/wh1DFhpRpI3M3ndSuqVpVHqw1UORJ+fryaFeyQqIK7pdpBfFqMS6r3HFXyePh8v
yKq/c+17PIuy9rromWXSsE7QG/hgYLwAZ1uw6M1MOGodlfSwwaazzo3AtiNIZ4EM
X82sL1ZvqX9cC7IHECXKQpENi55LFkQi5PnSLOugJtiEmbs45/EPgCaCGWUrB/2F
7/STrnPXlKqoJKXccmqFDSrQvO8s2IJkqUro+vglDyVp0WiEFZjvjsG+LfPdS6MS
48fc1jYxdbXu67kAFxnKN1s+l4Gxgymaz4fSt1HqhSFA9YOw78aQez3nLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFyKr5qjnYv9c7s89pClMaAo8J1VMB8GA1UdIwQY
MBaAFDsJjkXvS7XRjbyGxaE19X68vgBdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMt
ZTEyYjE2NDIxNWI5LzEvWElxdm1xT2RpXzF6dXp6MmtLVXhvQ2p3blZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMtZTEyYjE2NDIxNWI5
LzEvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW5N4MA0G
CSqGSIb3DQEBCwUAA4IBAQAbBaSeQjh0p86+fkaewpPzunkAe15LhJjEEy9Gx4Op
AhBuDuETJjolguuhQsq/aaMLr4F5fmVVIeDzTOVeGNsKZ+Uft7wamJtiNpBMqdRJ
Y+HtBZHlCATa/Rf7na1bwC5dzPBRBT6adyP7el000GP81krduxfAILt1nT+9iDn+
yR9RjQqO83uq0Isj/f8+wi0Qz2kfW7wB08XqeAAbhpXnIZfhBJsou3aPGcY+LZPG
mdWu0uQykOG9u8hVd2IKVUFbF5MZrKlFHKmwpFM3zjUkr8nMpGRZKXSQFiL7CNEj
yqft5nXc/AydZXhIo5zzeVQnqvag5vuYrunGXuOZQP8j
-----END CERTIFICATE-----