This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/WyQhrcQcI54FWZmH__lrHoE3FWU.roa
File:                     WyQhrcQcI54FWZmH__lrHoE3FWU.roa (raw, json)
Hash identifier:          1vjfP6Nqw8yzFBCOkKdm5HoQUw0v3VTrGmhqLtnS2VE=
Subject key identifier:   5B:24:21:AD:C4:1C:23:9E:05:59:99:87:FF:F9:6B:1E:81:37:15:65
Certificate issuer:       /CN=7f6bd1a6b04625c571d830f878b1c0238247408c
Certificate serial:       019B7DC951BA7ADFACEB792C7BB0CD9FAD8C
Authority key identifier: 7F:6B:D1:A6:B0:46:25:C5:71:D8:30:F8:78:B1:C0:23:82:47:40:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f2vRprBGJcVx2DD4eLHAI4JHQIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/WyQhrcQcI54FWZmH__lrHoE3FWU.roa
Signing time:             Fri 02 Jan 2026 08:18:24 +0000
ROA not before:           Fri 02 Jan 2026 08:18:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7029
IP address blocks:        91.246.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/f2vRprBGJcVx2DD4eLHAI4JHQIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/f2vRprBGJcVx2DD4eLHAI4JHQIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f2vRprBGJcVx2DD4eLHAI4JHQIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 02:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:c9:51:ba:7a:df:ac:eb:79:2c:7b:b0:cd:9f:ad:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7f6bd1a6b04625c571d830f878b1c0238247408c
        Validity
            Not Before: Jan  2 08:18:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5b2421adc41c239e05599987fff96b1e81371565
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:1c:28:f5:11:38:bf:dd:9a:e9:dd:f0:77:0e:
                    39:a2:b3:3b:14:7e:5e:75:cf:2c:1f:7e:ac:61:f4:
                    b0:55:0f:31:93:1c:29:03:46:36:4d:aa:94:a0:15:
                    b8:46:cd:00:9e:c3:a9:9a:6e:e7:36:cb:94:05:58:
                    42:89:fd:5e:70:7e:78:fb:77:ea:e5:6a:1b:59:56:
                    16:14:6b:c7:d5:e8:29:06:11:59:ee:32:2c:f0:3e:
                    36:48:6f:45:eb:42:c2:82:da:9f:92:b3:aa:a2:5d:
                    21:30:b6:0e:ff:59:c3:2f:c1:9d:93:58:c1:89:61:
                    8d:39:cc:0d:2a:1f:39:ab:38:4a:ed:25:21:33:32:
                    6c:cd:ec:6d:9b:da:21:69:1e:d3:44:17:a5:2e:b0:
                    4c:8d:2d:7f:e3:4b:c0:4d:0a:ab:a5:7e:46:3b:b1:
                    fc:25:34:1e:69:31:ca:f0:1d:ee:ff:e0:2d:9b:46:
                    f1:97:58:8f:ac:be:3b:ff:c8:95:1f:dc:79:cf:f4:
                    fa:75:85:f3:e0:87:de:04:d2:ad:9e:24:98:f3:3f:
                    b1:97:37:97:71:c7:22:ee:1a:f3:53:c9:23:23:6a:
                    c1:88:91:b4:57:74:ac:0d:26:80:ac:db:be:20:f9:
                    25:2c:1a:14:3d:4a:ab:59:9e:26:65:20:ac:05:d7:
                    fa:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:24:21:AD:C4:1C:23:9E:05:59:99:87:FF:F9:6B:1E:81:37:15:65
            X509v3 Authority Key Identifier:
                keyid:7F:6B:D1:A6:B0:46:25:C5:71:D8:30:F8:78:B1:C0:23:82:47:40:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2vRprBGJcVx2DD4eLHAI4JHQIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/WyQhrcQcI54FWZmH__lrHoE3FWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/f2vRprBGJcVx2DD4eLHAI4JHQIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.246.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:f0:c3:25:62:a4:01:64:1b:a7:70:0c:76:89:55:64:16:de:
         ba:fb:dc:0e:be:bc:5a:c5:df:bb:2c:55:6f:75:2f:5c:06:6c:
         d2:90:2a:90:50:82:04:38:22:81:77:50:99:c4:a7:e8:ef:55:
         6c:f1:18:fc:f9:cb:2d:78:b0:14:6b:27:e9:99:4d:a0:6b:6e:
         d0:7c:fc:b8:6d:3d:a5:23:f8:c4:fa:43:5a:26:40:3d:80:94:
         bf:ad:a8:cf:a8:76:5d:ec:4d:58:ed:e6:07:b8:07:ca:dc:4d:
         22:1d:45:a1:57:9a:fd:18:9f:a9:64:58:17:2e:31:76:57:75:
         90:e3:e7:9c:06:22:8c:25:39:06:9b:6d:39:a9:c6:5b:02:db:
         3d:11:37:01:dc:c8:d5:4e:ed:a3:80:0e:04:57:e7:ed:17:3c:
         c1:9d:f3:25:aa:d2:41:30:39:2b:5a:68:76:10:8e:6e:c1:1f:
         3b:cb:b0:8c:70:52:6a:ad:1c:b7:73:5a:af:cf:b1:d1:d2:a6:
         83:d5:c3:9e:47:cc:16:37:d5:be:e3:71:46:ce:0d:c9:91:b9:
         a3:ec:9f:14:2b:f0:ed:80:86:2b:13:df:df:21:db:5c:a2:48:
         69:48:00:ee:47:77:5e:fc:e2:bc:7e:a9:aa:d0:81:dd:7c:02:
         1e:72:59:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yVG6et+s63kse7DNn62MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmNmJkMWE2YjA0NjI1YzU3MWQ4MzBmODc4YjFjMDIzODI0
NzQwOGMwHhcNMjYwMTAyMDgxODI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjI0MjFhZGM0MWMyMzllMDU1OTk5ODdmZmY5NmIxZTgxMzcxNTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuRwo9RE4v92a6d3wdw45orM7FH5e
dc8sH36sYfSwVQ8xkxwpA0Y2TaqUoBW4Rs0AnsOpmm7nNsuUBVhCif1ecH54+3fq
5WobWVYWFGvH1egpBhFZ7jIs8D42SG9F60LCgtqfkrOqol0hMLYO/1nDL8Gdk1jB
iWGNOcwNKh85qzhK7SUhMzJszextm9ohaR7TRBelLrBMjS1/40vATQqrpX5GO7H8
JTQeaTHK8B3u/+Atm0bxl1iPrL47/8iVH9x5z/T6dYXz4IfeBNKtniSY8z+xlzeX
ccci7hrzU8kjI2rBiJG0V3SsDSaArNu+IPklLBoUPUqrWZ4mZSCsBdf6TQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFskIa3EHCOeBVmZh//5ax6BNxVlMB8GA1UdIwQY
MBaAFH9r0aawRiXFcdgw+HixwCOCR0CMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjJ2UnByQkdKY1Z4MkRENGVMSEFJNEpIUUl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC9iYzY2ZDctNTdhYi00NzVkLTk2YmEt
ODliNmMzMjMxNWMyLzEvV3lRaHJjUWNJNTRGV1ptSF9fbHJIb0UzRldVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC9iYzY2ZDctNTdhYi00NzVkLTk2YmEtODliNmMzMjMxNWMy
LzEvZjJ2UnByQkdKY1Z4MkRENGVMSEFJNEpIUUl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/YrMA0G
CSqGSIb3DQEBCwUAA4IBAQAJ8MMlYqQBZBuncAx2iVVkFt66+9wOvrxaxd+7LFVv
dS9cBmzSkCqQUIIEOCKBd1CZxKfo71Vs8Rj8+csteLAUayfpmU2ga27QfPy4bT2l
I/jE+kNaJkA9gJS/rajPqHZd7E1Y7eYHuAfK3E0iHUWhV5r9GJ+pZFgXLjF2V3WQ
4+ecBiKMJTkGm205qcZbAts9ETcB3MjVTu2jgA4EV+ftFzzBnfMlqtJBMDkrWmh2
EI5uwR87y7CMcFJqrRy3c1qvz7HR0qaD1cOeR8wWN9W+43FGzg3Jkbmj7J8UK/Dt
gIYrE9/fIdtcokhpSADuR3de/OK8fqmq0IHdfAIeclkz
-----END CERTIFICATE-----