This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/7fb254-417a-4180-a4f0-8f2af9b51c5b/1/aJHKOA-DMpMHSd964JXfuSmBfY0.roa
File:                     aJHKOA-DMpMHSd964JXfuSmBfY0.roa (raw, json)
Hash identifier:          oXACImzHioTx7c3QtWHlpndieWC52eNkX76flIoPyqE=
Subject key identifier:   68:91:CA:38:0F:83:32:93:07:49:DF:7A:E0:95:DF:B9:29:81:7D:8D
Certificate issuer:       /CN=77c2d8a60197fc7bde64fc3fad10eb2da4fe8779
Certificate serial:       019B7AC851A095E6E6E3750CB7EFF7A9F004
Authority key identifier: 77:C2:D8:A6:01:97:FC:7B:DE:64:FC:3F:AD:10:EB:2D:A4:FE:87:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d8LYpgGX_HveZPw_rRDrLaT-h3k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/7fb254-417a-4180-a4f0-8f2af9b51c5b/1/aJHKOA-DMpMHSd964JXfuSmBfY0.roa
Signing time:             Thu 01 Jan 2026 18:18:26 +0000
ROA not before:           Thu 01 Jan 2026 18:18:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204922
IP address blocks:        91.199.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/7fb254-417a-4180-a4f0-8f2af9b51c5b/1/d8LYpgGX_HveZPw_rRDrLaT-h3k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/7fb254-417a-4180-a4f0-8f2af9b51c5b/1/d8LYpgGX_HveZPw_rRDrLaT-h3k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d8LYpgGX_HveZPw_rRDrLaT-h3k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:51:a0:95:e6:e6:e3:75:0c:b7:ef:f7:a9:f0:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77c2d8a60197fc7bde64fc3fad10eb2da4fe8779
        Validity
            Not Before: Jan  1 18:18:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6891ca380f8332930749df7ae095dfb929817d8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:da:35:f7:4b:8f:54:49:9d:30:c6:45:04:97:
                    3f:4a:7e:64:87:f4:3c:ad:37:55:11:f3:e5:5e:41:
                    1d:c1:89:d2:d8:e0:80:d7:9c:8d:c4:07:36:fb:b3:
                    35:c2:08:2f:8e:ff:df:32:df:43:53:0f:39:a7:3f:
                    b8:2e:49:63:6d:03:11:ff:d7:d1:8a:5a:ad:82:ba:
                    39:a4:55:67:19:71:37:5b:4a:b7:1b:27:0e:6c:e2:
                    7d:b9:8b:d6:f4:d3:79:f9:39:34:75:f0:6a:55:96:
                    01:0a:ac:9b:c4:a3:33:5a:57:07:c2:ba:d1:5f:e9:
                    66:5f:b2:f5:87:60:96:4c:e6:16:c6:1b:5c:77:77:
                    25:3f:e4:1e:3d:fa:a4:c5:04:7c:a8:77:a9:5c:87:
                    4c:53:ac:50:27:14:c9:90:9e:fe:d5:1c:65:3b:fa:
                    5d:c0:90:87:89:b1:c5:c2:bb:f4:5f:6c:1c:7f:88:
                    69:75:af:02:94:c4:58:01:40:c5:a2:d9:44:29:e6:
                    e9:e5:55:03:4e:1d:f2:ba:bf:d3:a5:8c:13:03:32:
                    60:f4:a5:5d:45:95:d7:f4:74:f7:d7:b5:8a:c1:8d:
                    9b:5d:fe:03:e9:33:21:85:ef:5c:d6:b8:42:64:96:
                    20:dc:f4:6e:1e:6c:31:76:ae:f0:c2:56:5e:78:60:
                    d0:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:91:CA:38:0F:83:32:93:07:49:DF:7A:E0:95:DF:B9:29:81:7D:8D
            X509v3 Authority Key Identifier:
                keyid:77:C2:D8:A6:01:97:FC:7B:DE:64:FC:3F:AD:10:EB:2D:A4:FE:87:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8LYpgGX_HveZPw_rRDrLaT-h3k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/7fb254-417a-4180-a4f0-8f2af9b51c5b/1/aJHKOA-DMpMHSd964JXfuSmBfY0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/7fb254-417a-4180-a4f0-8f2af9b51c5b/1/d8LYpgGX_HveZPw_rRDrLaT-h3k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:7b:00:53:e3:d2:ae:3e:7d:2a:b6:f5:47:26:d6:5f:ff:c6:
         dc:39:df:76:1b:43:d1:d5:a2:cc:76:e6:3c:fe:bf:a3:e9:3a:
         4e:8b:57:89:b2:83:53:85:5f:12:20:6f:fe:3c:c6:3f:af:ab:
         0b:ce:02:54:8f:53:d3:56:c6:80:43:f4:42:19:2f:34:7e:6f:
         b4:a2:40:0c:78:ba:a3:17:04:11:4d:04:a4:8b:3f:f6:eb:be:
         05:e2:ce:4c:20:7f:52:84:ec:7f:7f:19:8b:f7:c6:31:79:87:
         e4:4a:fa:10:79:ab:5c:17:23:61:25:a8:80:a1:ae:e2:ef:55:
         7f:02:53:df:b3:04:e4:99:51:d9:30:bf:8e:7f:17:8a:13:91:
         ca:25:2c:c6:80:1a:7a:fc:70:d6:d5:55:4d:85:b4:dd:5d:80:
         64:98:60:1f:2b:49:31:5a:3f:52:a6:61:4d:10:a1:a1:49:02:
         56:28:24:60:b1:4c:e8:14:8e:1f:de:0c:ff:5c:b3:64:15:1e:
         43:9b:96:3f:27:94:3f:82:3e:90:34:f4:6a:9a:b4:41:06:60:
         10:f2:67:e6:a4:1e:7a:b6:b9:e0:8e:2e:15:ed:79:00:10:7f:
         cd:f6:40:19:d1:86:da:9b:09:7a:bc:68:8c:87:ef:11:08:60:
         d1:c2:d7:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yFGglebm43UMt+/3qfAEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3YzJkOGE2MDE5N2ZjN2JkZTY0ZmMzZmFkMTBlYjJkYTRm
ZTg3NzkwHhcNMjYwMTAxMTgxODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODkxY2EzODBmODMzMjkzMDc0OWRmN2FlMDk1ZGZiOTI5ODE3ZDhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuto190uPVEmdMMZFBJc/Sn5kh/Q8
rTdVEfPlXkEdwYnS2OCA15yNxAc2+7M1wggvjv/fMt9DUw85pz+4LkljbQMR/9fR
ilqtgro5pFVnGXE3W0q3GycObOJ9uYvW9NN5+Tk0dfBqVZYBCqybxKMzWlcHwrrR
X+lmX7L1h2CWTOYWxhtcd3clP+QePfqkxQR8qHepXIdMU6xQJxTJkJ7+1RxlO/pd
wJCHibHFwrv0X2wcf4hpda8ClMRYAUDFotlEKebp5VUDTh3yur/TpYwTAzJg9KVd
RZXX9HT317WKwY2bXf4D6TMhhe9c1rhCZJYg3PRuHmwxdq7wwlZeeGDQVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGiRyjgPgzKTB0nfeuCV37kpgX2NMB8GA1UdIwQY
MBaAFHfC2KYBl/x73mT8P60Q6y2k/od5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDhMWXBnR1hfSHZlWlB3X3JSRHJMYVQtaDNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni83ZmIyNTQtNDE3YS00MTgwLWE0ZjAt
OGYyYWY5YjUxYzViLzEvYUpIS09BLURNcE1IU2Q5NjRKWGZ1U21CZlkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni83ZmIyNTQtNDE3YS00MTgwLWE0ZjAtOGYyYWY5YjUxYzVi
LzEvZDhMWXBnR1hfSHZlWlB3X3JSRHJMYVQtaDNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8dxMA0G
CSqGSIb3DQEBCwUAA4IBAQBOewBT49KuPn0qtvVHJtZf/8bcOd92G0PR1aLMduY8
/r+j6TpOi1eJsoNThV8SIG/+PMY/r6sLzgJUj1PTVsaAQ/RCGS80fm+0okAMeLqj
FwQRTQSkiz/2674F4s5MIH9ShOx/fxmL98YxeYfkSvoQeatcFyNhJaiAoa7i71V/
AlPfswTkmVHZML+OfxeKE5HKJSzGgBp6/HDW1VVNhbTdXYBkmGAfK0kxWj9SpmFN
EKGhSQJWKCRgsUzoFI4f3gz/XLNkFR5Dm5Y/J5Q/gj6QNPRqmrRBBmAQ8mfmpB56
trngji4V7XkAEH/N9kAZ0Ybamwl6vGiMh+8RCGDRwtdk
-----END CERTIFICATE-----