This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/u_2w56w9VDiTEhKc_ZitgndOhPo.roa
File:                     u_2w56w9VDiTEhKc_ZitgndOhPo.roa (raw, json)
Hash identifier:          hQUv7XEtV7+B7R0n+5Br9ftO2lm1ptUCoJiMKucjmPE=
Subject key identifier:   BB:FD:B0:E7:AC:3D:54:38:93:12:12:9C:FD:98:AD:82:77:4E:84:FA
Certificate issuer:       /CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
Certificate serial:       019B78A349B55A9778DAFF280327EACDC36F
Authority key identifier: 55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/u_2w56w9VDiTEhKc_ZitgndOhPo.roa
Signing time:             Thu 01 Jan 2026 08:18:45 +0000
ROA not before:           Thu 01 Jan 2026 08:18:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202492
IP address blocks:        91.186.204.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:49:b5:5a:97:78:da:ff:28:03:27:ea:cd:c3:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
        Validity
            Not Before: Jan  1 08:18:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bbfdb0e7ac3d54389312129cfd98ad82774e84fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:99:cf:29:87:f0:a8:a8:b1:fc:8a:1a:71:2c:
                    01:66:1d:c7:36:de:54:25:2a:6a:52:8e:ec:c9:60:
                    99:dd:b0:4d:b3:6f:d1:6a:aa:5c:f1:bb:dd:42:c4:
                    46:df:f4:53:32:ec:30:96:aa:84:af:ce:0c:94:44:
                    0e:85:50:00:c6:e1:80:a5:4d:b1:1e:32:33:3a:1c:
                    b2:3f:9f:9f:3b:12:e8:d7:96:e0:8d:d1:3d:22:07:
                    05:ff:eb:dd:26:9d:91:24:ea:8c:14:2f:69:80:fc:
                    b1:4c:22:f8:2f:3e:19:9f:ce:5a:7b:1b:d4:c7:93:
                    ec:5e:49:ea:96:2c:71:31:a7:23:0f:c1:62:46:64:
                    40:f3:70:8f:ae:d5:d2:ce:2f:b4:db:ad:9c:f7:f7:
                    7b:34:aa:da:f2:e1:b0:69:b2:2d:4e:a7:54:79:de:
                    c2:03:37:9f:e7:d3:97:dd:11:9d:20:74:54:d0:2d:
                    60:b4:59:5d:26:a8:44:1e:f5:a7:ed:81:2f:78:d9:
                    ed:9f:b5:61:6b:52:b3:d4:ef:00:08:44:dd:1b:78:
                    95:8d:ae:ae:f6:94:a0:6c:d6:62:2f:f9:7c:83:20:
                    97:3a:77:ee:47:fd:a5:65:83:1f:bf:7d:ef:04:b9:
                    a9:bb:ea:69:4c:75:48:72:c1:55:b4:96:15:27:43:
                    c9:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:FD:B0:E7:AC:3D:54:38:93:12:12:9C:FD:98:AD:82:77:4E:84:FA
            X509v3 Authority Key Identifier:
                keyid:55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/u_2w56w9VDiTEhKc_ZitgndOhPo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.186.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         31:62:56:7b:d3:2c:b6:af:c4:29:a8:8e:4c:82:75:26:c7:88:
         c9:0a:e0:6e:5f:26:48:4f:12:07:d5:d9:b8:d0:46:b3:50:1e:
         dc:aa:00:b4:0f:09:a7:91:c5:63:c5:92:dc:ce:7b:38:60:07:
         91:ad:8a:55:f6:bf:bf:7c:f3:2d:c6:80:6f:62:26:31:a5:06:
         47:f6:11:69:19:c5:6c:63:80:9a:19:c0:2b:af:f4:23:8b:a5:
         03:7f:4d:f5:76:31:89:ee:f3:b3:7a:24:87:e7:93:1a:3a:b7:
         57:ca:3d:a3:51:e3:06:52:c8:63:0e:43:c1:7d:40:a8:67:65:
         69:e4:0c:4a:c8:84:4b:1c:80:ac:33:b4:00:d0:9b:28:0d:a1:
         ea:69:05:b0:a3:e9:ff:ff:2e:de:dd:4d:9c:eb:9c:94:c9:6c:
         42:2d:6d:9b:eb:6f:2a:cc:c5:8f:a7:f1:f0:db:68:89:55:06:
         cd:73:f9:be:62:7e:92:41:70:6d:ef:90:e4:b6:b5:c2:40:a1:
         fd:e0:aa:b8:80:77:17:34:fd:29:c3:3c:96:66:b4:d2:a3:cf:
         4e:d2:d7:14:52:24:f2:68:f7:43:14:06:a6:d9:6e:ae:32:69:
         df:e2:e8:ee:c6:c4:14:8a:1d:92:54:53:f3:8c:0e:e0:fe:7a:
         a2:4a:a7:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4o0m1Wpd42v8oAyfqzcNvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1YmFmMjY5Njc1MTBiM2M1MmU0NmQxZGM1OTM5NjdjZGYy
OWY5YzkwHhcNMjYwMTAxMDgxODQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmZkYjBlN2FjM2Q1NDM4OTMxMjEyOWNmZDk4YWQ4Mjc3NGU4NGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAupnPKYfwqKix/IoacSwBZh3HNt5U
JSpqUo7syWCZ3bBNs2/Raqpc8bvdQsRG3/RTMuwwlqqEr84MlEQOhVAAxuGApU2x
HjIzOhyyP5+fOxLo15bgjdE9IgcF/+vdJp2RJOqMFC9pgPyxTCL4Lz4Zn85aexvU
x5PsXknqlixxMacjD8FiRmRA83CPrtXSzi+0262c9/d7NKra8uGwabItTqdUed7C
Azef59OX3RGdIHRU0C1gtFldJqhEHvWn7YEveNntn7Vha1Kz1O8ACETdG3iVja6u
9pSgbNZiL/l8gyCXOnfuR/2lZYMfv33vBLmpu+ppTHVIcsFVtJYVJ0PJdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLv9sOesPVQ4kxISnP2YrYJ3ToT6MB8GA1UdIwQY
MBaAFFW68mlnUQs8UuRtHcWTlnzfKfnJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAt
NDlmOTgxZWU1OTgxLzEvdV8ydzU2dzlWRGlURWhLY19aaXRnbmRPaFBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAtNDlmOTgxZWU1OTgx
LzEvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW7rMMA0G
CSqGSIb3DQEBCwUAA4IBAQAxYlZ70yy2r8QpqI5MgnUmx4jJCuBuXyZITxIH1dm4
0EazUB7cqgC0DwmnkcVjxZLczns4YAeRrYpV9r+/fPMtxoBvYiYxpQZH9hFpGcVs
Y4CaGcArr/Qji6UDf031djGJ7vOzeiSH55MaOrdXyj2jUeMGUshjDkPBfUCoZ2Vp
5AxKyIRLHICsM7QA0JsoDaHqaQWwo+n//y7e3U2c65yUyWxCLW2b628qzMWPp/Hw
22iJVQbNc/m+Yn6SQXBt75DktrXCQKH94Kq4gHcXNP0pwzyWZrTSo89O0tcUUiTy
aPdDFAam2W6uMmnf4ujuxsQUih2SVFPzjA7g/nqiSqeg
-----END CERTIFICATE-----