This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/e5344d-5ec3-40ee-8612-f99a3dd99826/1/eL4sddmNTd7PSzARjzADz_21RBc.roa
File:                     eL4sddmNTd7PSzARjzADz_21RBc.roa (raw, json)
Hash identifier:          9PP/TpfqraKWqrmb3Ro9MwG6dH8Z8rYhFZu1I649JYI=
Subject key identifier:   78:BE:2C:75:D9:8D:4D:DE:CF:4B:30:11:8F:30:03:CF:FD:B5:44:17
Certificate issuer:       /CN=24d2807eae26a67d3ebc25ed50ffe5434bc66c52
Certificate serial:       019B7C8007144E884A609EC588571EA76C66
Authority key identifier: 24:D2:80:7E:AE:26:A6:7D:3E:BC:25:ED:50:FF:E5:43:4B:C6:6C:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JNKAfq4mpn0-vCXtUP_lQ0vGbFI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/e5344d-5ec3-40ee-8612-f99a3dd99826/1/eL4sddmNTd7PSzARjzADz_21RBc.roa
Signing time:             Fri 02 Jan 2026 02:18:43 +0000
ROA not before:           Fri 02 Jan 2026 02:18:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21449
IP address blocks:        91.217.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/e5344d-5ec3-40ee-8612-f99a3dd99826/1/JNKAfq4mpn0-vCXtUP_lQ0vGbFI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/e5344d-5ec3-40ee-8612-f99a3dd99826/1/JNKAfq4mpn0-vCXtUP_lQ0vGbFI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JNKAfq4mpn0-vCXtUP_lQ0vGbFI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 28 Jan 2026 00:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:07:14:4e:88:4a:60:9e:c5:88:57:1e:a7:6c:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24d2807eae26a67d3ebc25ed50ffe5434bc66c52
        Validity
            Not Before: Jan  2 02:18:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=78be2c75d98d4ddecf4b30118f3003cffdb54417
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:eb:3a:cc:4e:c6:f5:22:a2:18:c5:8c:5f:78:
                    ec:c2:c9:d5:e2:94:c1:71:5a:0c:35:e8:cd:eb:a4:
                    36:ad:b2:16:58:2b:3a:04:2d:9e:3f:06:c8:00:90:
                    3a:34:ae:4b:c1:ce:fd:35:f0:16:18:1c:2b:1f:14:
                    9d:80:b9:11:07:60:05:f1:6d:af:6b:44:64:4d:de:
                    d0:12:99:cc:0b:22:e9:14:53:c8:b2:37:15:54:74:
                    97:c0:95:40:3c:5c:8d:03:62:b0:62:83:7d:bd:3e:
                    99:4c:e4:34:c3:97:0e:1a:52:50:6e:6c:6e:3d:50:
                    8d:0c:3d:df:6e:b8:d4:12:90:69:c8:fb:62:40:dc:
                    49:79:0d:5b:b6:7e:a6:93:e7:9d:1c:28:e5:78:fb:
                    17:45:e4:3a:56:d5:96:71:df:70:d2:a1:74:be:83:
                    d8:cf:8a:b9:09:50:1c:c4:be:ee:01:d8:e2:1b:c0:
                    93:d3:47:8c:ba:1e:9f:3d:1c:cf:e0:21:33:fe:73:
                    bc:1e:59:6f:eb:3c:30:fe:b4:fc:53:5a:82:01:b4:
                    e2:06:5b:6f:e6:f6:60:83:7e:a9:e3:01:81:ea:71:
                    3c:59:02:e1:73:b9:cf:20:54:12:7e:8b:31:ef:aa:
                    16:e1:b8:c8:10:f8:3d:18:a4:83:5b:1c:39:52:4e:
                    ca:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:BE:2C:75:D9:8D:4D:DE:CF:4B:30:11:8F:30:03:CF:FD:B5:44:17
            X509v3 Authority Key Identifier:
                keyid:24:D2:80:7E:AE:26:A6:7D:3E:BC:25:ED:50:FF:E5:43:4B:C6:6C:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JNKAfq4mpn0-vCXtUP_lQ0vGbFI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/e5344d-5ec3-40ee-8612-f99a3dd99826/1/eL4sddmNTd7PSzARjzADz_21RBc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/e5344d-5ec3-40ee-8612-f99a3dd99826/1/JNKAfq4mpn0-vCXtUP_lQ0vGbFI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:08:d2:2d:3c:b5:b0:c4:4c:32:db:8c:6e:cd:9c:97:df:04:
         f2:4e:47:6c:d2:6c:e2:b0:53:d5:6e:6d:67:04:2c:0a:24:f1:
         8c:6b:ba:ac:9c:07:2b:ba:00:2c:76:3a:cc:88:98:bf:9b:2a:
         87:ab:8e:c1:74:94:f6:f9:ac:ab:e9:45:65:e7:99:0f:18:f8:
         17:f7:97:73:18:bb:8f:c3:ee:81:92:81:3a:1b:36:2b:d1:1f:
         11:ee:47:70:ce:a1:8a:ef:7f:ad:62:a8:19:25:b9:db:9e:f3:
         a9:f1:6d:c7:b7:e3:a2:58:ee:98:ef:33:5e:c5:d9:9e:16:d3:
         f8:21:8a:97:b1:db:28:85:d4:2e:a3:c3:69:bd:d3:1b:9c:e3:
         26:04:25:e0:28:31:13:8d:83:d8:6b:70:54:59:3b:50:8a:cc:
         6d:ed:42:15:98:0a:fd:a8:cc:d8:61:b9:d8:18:82:bf:0f:4f:
         2f:5f:69:d2:6c:c5:3d:f6:ad:e1:50:07:5d:af:7d:b9:00:18:
         c7:ca:49:4c:5d:33:10:f1:c6:bd:28:17:61:6e:37:1d:4b:f6:
         e9:4f:99:06:b6:89:34:1a:3b:44:2c:ec:ef:75:7a:3a:ef:ec:
         66:d3:92:16:70:6d:86:2e:2c:7c:e1:ea:68:7b:b9:29:9b:22:
         18:43:e9:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gAcUTohKYJ7FiFcep2xmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0ZDI4MDdlYWUyNmE2N2QzZWJjMjVlZDUwZmZlNTQzNGJj
NjZjNTIwHhcNMjYwMTAyMDIxODQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGJlMmM3NWQ5OGQ0ZGRlY2Y0YjMwMTE4ZjMwMDNjZmZkYjU0NDE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx+s6zE7G9SKiGMWMX3jswsnV4pTB
cVoMNejN66Q2rbIWWCs6BC2ePwbIAJA6NK5Lwc79NfAWGBwrHxSdgLkRB2AF8W2v
a0RkTd7QEpnMCyLpFFPIsjcVVHSXwJVAPFyNA2KwYoN9vT6ZTOQ0w5cOGlJQbmxu
PVCNDD3fbrjUEpBpyPtiQNxJeQ1btn6mk+edHCjlePsXReQ6VtWWcd9w0qF0voPY
z4q5CVAcxL7uAdjiG8CT00eMuh6fPRzP4CEz/nO8Hllv6zww/rT8U1qCAbTiBltv
5vZgg36p4wGB6nE8WQLhc7nPIFQSfosx76oW4bjIEPg9GKSDWxw5Uk7KbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHi+LHXZjU3ez0swEY8wA8/9tUQXMB8GA1UdIwQY
MBaAFCTSgH6uJqZ9Prwl7VD/5UNLxmxSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSk5LQWZxNG1wbjAtdkNYdFVQX2xRMHZHYkZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9lNTM0NGQtNWVjMy00MGVlLTg2MTIt
Zjk5YTNkZDk5ODI2LzEvZUw0c2RkbU5UZDdQU3pBUmp6QUR6XzIxUkJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9lNTM0NGQtNWVjMy00MGVlLTg2MTItZjk5YTNkZDk5ODI2
LzEvSk5LQWZxNG1wbjAtdkNYdFVQX2xRMHZHYkZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9mAMA0G
CSqGSIb3DQEBCwUAA4IBAQCECNItPLWwxEwy24xuzZyX3wTyTkds0mzisFPVbm1n
BCwKJPGMa7qsnAcrugAsdjrMiJi/myqHq47BdJT2+ayr6UVl55kPGPgX95dzGLuP
w+6BkoE6GzYr0R8R7kdwzqGK73+tYqgZJbnbnvOp8W3Ht+OiWO6Y7zNexdmeFtP4
IYqXsdsohdQuo8NpvdMbnOMmBCXgKDETjYPYa3BUWTtQisxt7UIVmAr9qMzYYbnY
GIK/D08vX2nSbMU99q3hUAddr325ABjHyklMXTMQ8ca9KBdhbjcdS/bpT5kGtok0
GjtELOzvdXo67+xm05IWcG2GLix84epoe7kpmyIYQ+kw
-----END CERTIFICATE-----