This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/aIVLOfxkB2Rmu8EPBZ35XGAEKj0.roa
File:                     aIVLOfxkB2Rmu8EPBZ35XGAEKj0.roa (raw, json)
Hash identifier:          1mwqmwk/zSQkK5cpBFvRSrqip8M9MNCNPvZJO52oxKI=
Subject key identifier:   68:85:4B:39:FC:64:07:64:66:BB:C1:0F:05:9D:F9:5C:60:04:2A:3D
Certificate issuer:       /CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
Certificate serial:       019B6E477EBB39A7D7D2CEF26C2F3656AD95
Authority key identifier: 55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/aIVLOfxkB2Rmu8EPBZ35XGAEKj0.roa
Signing time:             Tue 30 Dec 2025 08:02:17 +0000
ROA not before:           Tue 30 Dec 2025 08:02:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203057
IP address blocks:        91.186.220.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 01 Jan 2026 00:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:6e:47:7e:bb:39:a7:d7:d2:ce:f2:6c:2f:36:56:ad:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
        Validity
            Not Before: Dec 30 08:02:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=68854b39fc64076466bbc10f059df95c60042a3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:1d:65:52:e7:eb:54:1f:f0:79:6e:42:88:c0:
                    88:9d:ea:7b:7d:4b:82:1b:55:0a:5f:31:45:57:69:
                    54:76:9c:06:9e:d7:75:c1:d3:59:11:60:15:69:30:
                    f7:58:b6:d7:8f:9c:7d:d4:64:40:27:b8:f1:5d:1c:
                    f2:de:ad:27:b2:36:48:46:2c:35:73:7b:4d:cd:da:
                    9f:5d:5a:24:8b:66:e3:fe:d2:9e:b1:0c:37:c2:00:
                    b4:4b:db:b2:55:60:51:58:82:6f:32:bd:58:c9:79:
                    0e:36:6d:9c:c9:85:42:0d:1c:9a:c9:2f:18:8d:24:
                    78:10:14:61:f4:de:81:52:45:48:90:e1:11:8e:68:
                    87:6f:ae:2b:a2:2b:c9:50:bc:61:c9:1b:a1:38:3f:
                    eb:7e:18:93:50:78:2e:0c:f1:c2:2d:46:6c:3e:db:
                    cd:0b:89:a8:3c:24:84:1a:da:84:63:52:64:f7:49:
                    8a:26:17:f6:b3:ba:7f:01:c0:3e:79:99:75:39:e4:
                    2b:42:3f:45:d8:2b:18:9f:70:b4:2a:29:8b:f0:de:
                    b0:e7:b9:be:07:c9:64:b4:a5:12:18:ec:1f:64:c4:
                    ae:46:32:64:ba:19:30:28:12:ed:51:40:61:4b:08:
                    75:0c:11:57:8a:67:a8:31:2b:76:df:16:53:51:7c:
                    ba:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:85:4B:39:FC:64:07:64:66:BB:C1:0F:05:9D:F9:5C:60:04:2A:3D
            X509v3 Authority Key Identifier:
                keyid:55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/aIVLOfxkB2Rmu8EPBZ35XGAEKj0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.186.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         76:c8:d0:31:8f:d5:68:7b:fa:59:eb:84:95:2c:48:65:be:df:
         01:1a:25:9f:2c:5f:6c:ae:7a:5b:3a:e4:94:8d:be:8b:6b:95:
         0b:dd:4a:6c:79:3f:64:98:15:8e:e5:6e:4f:72:a3:37:fb:0e:
         91:05:7a:ab:c2:ad:f0:6f:cd:b5:6b:46:67:f7:1d:25:07:53:
         16:d3:52:a7:67:4c:3f:f0:de:51:29:59:63:79:93:36:e9:8c:
         06:e9:3c:54:93:28:61:b8:4b:ba:d5:79:bd:4b:12:fe:c1:48:
         c3:0c:00:38:fd:7f:f8:d6:8b:f6:8e:f3:4e:f4:5f:b8:b3:d5:
         72:53:b0:b0:ba:5e:27:70:5e:46:dc:15:34:d9:2d:71:fa:e5:
         61:38:b6:8b:4d:5c:15:c6:e2:49:85:00:50:33:1b:74:6e:4b:
         8e:79:95:da:ac:d4:0f:75:bf:53:85:0b:70:e5:fb:52:54:dc:
         e5:9f:29:01:f4:f8:29:39:fc:9f:1b:dd:19:1c:2e:62:a5:00:
         72:11:9b:16:2d:57:08:c3:6b:09:2b:26:eb:4c:23:0f:23:84:
         46:20:05:46:bd:0a:74:73:6f:09:6e:f4:6b:2c:2c:40:8a:05:
         12:00:d8:0b:4a:57:ac:80:ed:df:d2:e9:fa:52:26:9d:90:50:
         33:17:b0:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZtuR367OafX0s7ybC82Vq2VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1YmFmMjY5Njc1MTBiM2M1MmU0NmQxZGM1OTM5NjdjZGYy
OWY5YzkwHhcNMjUxMjMwMDgwMjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODg1NGIzOWZjNjQwNzY0NjZiYmMxMGYwNTlkZjk1YzYwMDQyYTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6R1lUufrVB/weW5CiMCInep7fUuC
G1UKXzFFV2lUdpwGntd1wdNZEWAVaTD3WLbXj5x91GRAJ7jxXRzy3q0nsjZIRiw1
c3tNzdqfXVoki2bj/tKesQw3wgC0S9uyVWBRWIJvMr1YyXkONm2cyYVCDRyayS8Y
jSR4EBRh9N6BUkVIkOERjmiHb64roivJULxhyRuhOD/rfhiTUHguDPHCLUZsPtvN
C4moPCSEGtqEY1Jk90mKJhf2s7p/AcA+eZl1OeQrQj9F2CsYn3C0KimL8N6w57m+
B8lktKUSGOwfZMSuRjJkuhkwKBLtUUBhSwh1DBFXimeoMSt23xZTUXy6awIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGiFSzn8ZAdkZrvBDwWd+VxgBCo9MB8GA1UdIwQY
MBaAFFW68mlnUQs8UuRtHcWTlnzfKfnJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAt
NDlmOTgxZWU1OTgxLzEvYUlWTE9meGtCMlJtdThFUEJaMzVYR0FFS2owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAtNDlmOTgxZWU1OTgx
LzEvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW7rcMA0G
CSqGSIb3DQEBCwUAA4IBAQB2yNAxj9Voe/pZ64SVLEhlvt8BGiWfLF9srnpbOuSU
jb6La5UL3UpseT9kmBWO5W5PcqM3+w6RBXqrwq3wb821a0Zn9x0lB1MW01KnZ0w/
8N5RKVljeZM26YwG6TxUkyhhuEu61Xm9SxL+wUjDDAA4/X/41ov2jvNO9F+4s9Vy
U7Cwul4ncF5G3BU02S1x+uVhOLaLTVwVxuJJhQBQMxt0bkuOeZXarNQPdb9ThQtw
5ftSVNzlnykB9PgpOfyfG90ZHC5ipQByEZsWLVcIw2sJKybrTCMPI4RGIAVGvQp0
c28JbvRrLCxAigUSANgLSlesgO3f0un6UiadkFAzF7Br
-----END CERTIFICATE-----