This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/U2Yc5skQvePijZYsWlFophc_BK4.roa
File:                     U2Yc5skQvePijZYsWlFophc_BK4.roa (raw, json)
Hash identifier:          gMfZmKyaceaZgToU/WPMcQ0QQiGVzdWPQc5qXxtNrpw=
Subject key identifier:   53:66:1C:E6:C9:10:BD:E3:E2:8D:96:2C:5A:51:68:A6:17:3F:04:AE
Certificate issuer:       /CN=af5e93f902354ce4804b4cb049cf68b20f76aeb2
Certificate serial:       019B7C804D1F476301A6B4B4E6351126A7B7
Authority key identifier: AF:5E:93:F9:02:35:4C:E4:80:4B:4C:B0:49:CF:68:B2:0F:76:AE:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r16T-QI1TOSAS0ywSc9osg92rrI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/U2Yc5skQvePijZYsWlFophc_BK4.roa
Signing time:             Fri 02 Jan 2026 02:19:01 +0000
ROA not before:           Fri 02 Jan 2026 02:19:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57270
IP address blocks:        91.231.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/r16T-QI1TOSAS0ywSc9osg92rrI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/r16T-QI1TOSAS0ywSc9osg92rrI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r16T-QI1TOSAS0ywSc9osg92rrI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 10:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:4d:1f:47:63:01:a6:b4:b4:e6:35:11:26:a7:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af5e93f902354ce4804b4cb049cf68b20f76aeb2
        Validity
            Not Before: Jan  2 02:19:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=53661ce6c910bde3e28d962c5a5168a6173f04ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:b3:1e:fc:b1:b4:b8:7c:2a:6b:26:73:a3:56:
                    29:c0:a2:30:c9:7a:04:a9:46:34:6a:47:c1:44:a5:
                    15:33:06:a6:22:6d:ab:96:08:0e:93:fc:9d:bc:b5:
                    a8:e5:27:04:f8:8f:60:f2:9c:06:a6:04:f1:d3:d8:
                    e6:74:c6:3f:87:83:79:f9:5b:29:d3:59:fa:41:1f:
                    bf:20:04:8f:84:13:34:36:68:3d:f7:22:02:88:cd:
                    b5:b7:17:d8:82:9e:9e:79:12:85:7b:1e:34:f0:27:
                    5f:83:c0:af:81:5a:bb:1f:6b:0a:61:17:b1:bd:a0:
                    b6:e1:83:24:fd:61:a4:51:33:29:74:ac:e7:56:1c:
                    6c:6c:7b:ae:e9:40:3c:e2:ea:f5:16:68:fc:d2:89:
                    95:37:7f:ca:e0:cf:5d:20:1a:24:f3:43:e6:7c:76:
                    44:89:81:ae:45:75:ed:44:22:f7:67:05:12:7d:06:
                    a3:c4:06:cd:24:6a:13:b6:3a:36:a7:53:e6:48:14:
                    49:5e:79:78:6e:36:f1:4b:da:05:61:31:94:de:c5:
                    ed:ea:da:fb:b2:f2:10:f5:d5:03:30:8f:55:2a:23:
                    b5:01:6e:04:1c:0a:6d:5f:d8:1d:2b:7b:d6:75:15:
                    b3:14:39:16:e7:67:c1:af:19:47:5e:d2:41:8c:ee:
                    99:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:66:1C:E6:C9:10:BD:E3:E2:8D:96:2C:5A:51:68:A6:17:3F:04:AE
            X509v3 Authority Key Identifier:
                keyid:AF:5E:93:F9:02:35:4C:E4:80:4B:4C:B0:49:CF:68:B2:0F:76:AE:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r16T-QI1TOSAS0ywSc9osg92rrI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/U2Yc5skQvePijZYsWlFophc_BK4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/r16T-QI1TOSAS0ywSc9osg92rrI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:cb:d4:87:f0:dc:f9:87:a3:7a:0d:47:9f:9f:18:54:7a:2e:
         d9:29:d0:17:9b:cb:ad:e5:ec:ce:19:3c:bc:9c:58:d2:5b:e3:
         21:45:7d:01:db:99:f8:47:78:48:59:a2:df:63:c5:e5:14:49:
         a3:ed:0e:aa:f0:6f:7d:c1:a8:c8:19:4e:6e:b9:50:9c:c0:aa:
         20:9f:e4:09:f2:3b:a3:8f:dd:8f:82:74:a6:4c:0b:42:18:e9:
         2c:0b:d3:42:9a:7e:fa:08:6b:ff:a3:38:ba:69:e1:b7:81:66:
         95:79:03:81:d2:82:2d:b4:d9:c7:db:a2:6b:f3:94:4c:a5:21:
         fd:e4:90:5c:61:0c:3c:54:87:fd:d2:60:6a:16:ce:6c:ec:4f:
         12:61:11:58:15:2f:89:47:74:d9:6c:5b:99:2e:8a:eb:cf:f9:
         bb:53:ee:7f:a4:1f:c3:7e:45:c1:a3:04:cf:9d:61:9d:1b:b2:
         97:a0:c0:cf:3e:fe:74:17:db:81:e8:75:ec:c0:7a:6a:74:94:
         13:2e:fb:b1:08:67:02:36:e0:a6:00:ce:a7:ab:56:01:1c:12:
         b6:a9:5d:8e:4b:56:19:9f:cc:5d:89:05:83:90:fa:10:55:61:
         19:2c:14:5e:e3:7f:27:18:c3:46:38:83:83:94:8a:f9:7f:72:
         50:26:3b:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gE0fR2MBprS05jURJqe3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNWU5M2Y5MDIzNTRjZTQ4MDRiNGNiMDQ5Y2Y2OGIyMGY3
NmFlYjIwHhcNMjYwMTAyMDIxOTAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzY2MWNlNmM5MTBiZGUzZTI4ZDk2MmM1YTUxNjhhNjE3M2YwNGFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLMe/LG0uHwqayZzo1YpwKIwyXoE
qUY0akfBRKUVMwamIm2rlggOk/ydvLWo5ScE+I9g8pwGpgTx09jmdMY/h4N5+Vsp
01n6QR+/IASPhBM0Nmg99yICiM21txfYgp6eeRKFex408Cdfg8CvgVq7H2sKYRex
vaC24YMk/WGkUTMpdKznVhxsbHuu6UA84ur1Fmj80omVN3/K4M9dIBok80PmfHZE
iYGuRXXtRCL3ZwUSfQajxAbNJGoTtjo2p1PmSBRJXnl4bjbxS9oFYTGU3sXt6tr7
svIQ9dUDMI9VKiO1AW4EHAptX9gdK3vWdRWzFDkW52fBrxlHXtJBjO6Z0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFNmHObJEL3j4o2WLFpRaKYXPwSuMB8GA1UdIwQY
MBaAFK9ek/kCNUzkgEtMsEnPaLIPdq6yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjE2VC1RSTFUT1NBUzB5d1NjOW9zZzkycnJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9mNDAwNGItZDYwMi00NzVkLTkzMWIt
N2UwNWFkMDE5MGNlLzEvVTJZYzVza1F2ZVBpalpZc1dsRm9waGNfQks0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9mNDAwNGItZDYwMi00NzVkLTkzMWItN2UwNWFkMDE5MGNl
LzEvcjE2VC1RSTFUT1NBUzB5d1NjOW9zZzkycnJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+e+MA0G
CSqGSIb3DQEBCwUAA4IBAQASy9SH8Nz5h6N6DUefnxhUei7ZKdAXm8ut5ezOGTy8
nFjSW+MhRX0B25n4R3hIWaLfY8XlFEmj7Q6q8G99wajIGU5uuVCcwKogn+QJ8juj
j92PgnSmTAtCGOksC9NCmn76CGv/ozi6aeG3gWaVeQOB0oIttNnH26Jr85RMpSH9
5JBcYQw8VIf90mBqFs5s7E8SYRFYFS+JR3TZbFuZLorrz/m7U+5/pB/DfkXBowTP
nWGdG7KXoMDPPv50F9uB6HXswHpqdJQTLvuxCGcCNuCmAM6nq1YBHBK2qV2OS1YZ
n8xdiQWDkPoQVWEZLBRe438nGMNGOIODlIr5f3JQJjsq
-----END CERTIFICATE-----