This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/71b428-ce82-4e91-ba09-4e0481dc7d1c/1/esQ4LQtwMGAVPfo5Iqwd6J1wFFg.roa
File:                     esQ4LQtwMGAVPfo5Iqwd6J1wFFg.roa (raw, json)
Hash identifier:          Zp5wls9Z57v3c+rmph9lPmQEqF9p8BKAcLAfNlb+aO0=
Subject key identifier:   7A:C4:38:2D:0B:70:30:60:15:3D:FA:39:22:AC:1D:E8:9D:70:14:58
Certificate issuer:       /CN=2d597268a57534f8cf1b63b794eef0d77c7b43a2
Certificate serial:       019B77C6E9EE4DADC90AE530E1BEB69BEB16
Authority key identifier: 2D:59:72:68:A5:75:34:F8:CF:1B:63:B7:94:EE:F0:D7:7C:7B:43:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LVlyaKV1NPjPG2O3lO7w13x7Q6I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/71b428-ce82-4e91-ba09-4e0481dc7d1c/1/esQ4LQtwMGAVPfo5Iqwd6J1wFFg.roa
Signing time:             Thu 01 Jan 2026 04:18:03 +0000
ROA not before:           Thu 01 Jan 2026 04:18:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60052
IP address blocks:        91.206.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/71b428-ce82-4e91-ba09-4e0481dc7d1c/1/LVlyaKV1NPjPG2O3lO7w13x7Q6I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/71b428-ce82-4e91-ba09-4e0481dc7d1c/1/LVlyaKV1NPjPG2O3lO7w13x7Q6I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LVlyaKV1NPjPG2O3lO7w13x7Q6I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:e9:ee:4d:ad:c9:0a:e5:30:e1:be:b6:9b:eb:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d597268a57534f8cf1b63b794eef0d77c7b43a2
        Validity
            Not Before: Jan  1 04:18:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7ac4382d0b703060153dfa3922ac1de89d701458
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:cd:6a:1e:98:a0:45:11:89:52:a8:00:02:28:
                    58:21:8c:e8:ea:e7:0c:17:06:71:06:e8:47:47:bc:
                    35:8a:73:66:73:5a:61:2c:8b:90:a2:8d:b0:dd:46:
                    31:07:69:32:b0:28:bd:61:d4:04:3c:63:7e:e1:2c:
                    0d:41:89:e4:a9:f3:d0:f9:a0:97:82:05:0d:ea:3f:
                    e3:52:24:8a:b4:de:a4:3b:cb:00:f7:1b:c5:4b:30:
                    9d:5d:6e:a0:89:09:c4:12:b0:57:9b:00:17:67:88:
                    e3:20:87:ba:7e:c8:31:e8:97:2d:42:b4:88:14:33:
                    3b:67:db:81:fc:e9:ed:78:e7:27:6e:75:e5:85:77:
                    18:d9:0d:3b:28:07:f0:18:d3:69:1b:e1:cd:f6:f1:
                    46:ee:93:5f:f6:ef:14:4b:48:57:d5:7d:e2:fb:c8:
                    43:74:27:31:e1:96:6a:96:b2:54:01:c7:03:88:0f:
                    cd:78:e1:e2:ed:c6:77:8b:dd:82:35:47:9d:54:5b:
                    12:26:56:dc:93:a6:15:49:ea:52:a9:0a:89:47:da:
                    67:e4:fb:31:6c:d1:3d:66:23:68:6a:7e:a3:3a:d8:
                    f4:59:d3:69:aa:17:5e:d7:f5:2c:e5:fc:e0:04:71:
                    a7:b6:45:a4:f1:f6:02:2f:4d:84:57:4d:fa:ce:30:
                    56:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:C4:38:2D:0B:70:30:60:15:3D:FA:39:22:AC:1D:E8:9D:70:14:58
            X509v3 Authority Key Identifier:
                keyid:2D:59:72:68:A5:75:34:F8:CF:1B:63:B7:94:EE:F0:D7:7C:7B:43:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LVlyaKV1NPjPG2O3lO7w13x7Q6I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/71b428-ce82-4e91-ba09-4e0481dc7d1c/1/esQ4LQtwMGAVPfo5Iqwd6J1wFFg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/71b428-ce82-4e91-ba09-4e0481dc7d1c/1/LVlyaKV1NPjPG2O3lO7w13x7Q6I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:87:b6:ec:ad:56:5c:53:85:e9:72:f5:12:95:35:5b:40:34:
         61:f2:1c:5d:c6:51:b3:55:3e:3e:22:6d:f9:2f:61:be:18:02:
         da:52:25:44:22:fd:74:85:77:f6:ac:a3:8c:da:76:ce:8c:0d:
         25:e7:33:c9:6b:7b:50:f5:43:ae:8b:2f:d4:c7:c3:2f:11:89:
         ee:04:45:19:c6:97:11:b3:af:e6:44:42:6f:9f:30:92:80:28:
         b2:17:34:58:f3:8d:ec:b5:6a:0c:0e:32:75:89:26:50:5b:40:
         bb:fc:d8:84:33:fe:93:78:25:43:bd:b1:15:f2:8f:fa:35:7a:
         59:f5:70:f9:77:83:59:ea:bf:2a:ae:28:87:d7:8b:80:b3:ff:
         9d:fb:bb:b1:0b:02:94:15:df:9d:c4:73:f5:df:e2:67:40:9d:
         c8:6a:c5:5f:65:8f:e1:e5:f9:e0:3e:25:40:23:6f:54:1e:ce:
         0f:95:39:19:7e:39:e1:75:3e:c4:2f:c9:fe:c0:d3:73:fd:0c:
         ca:f2:3b:c5:94:8c:f8:8a:7b:fe:3f:16:50:4e:d7:23:a5:6c:
         85:32:e1:04:e8:23:ac:6a:43:0e:be:a5:5d:9b:f0:a4:d1:0d:
         fa:fd:fd:ce:c2:11:5f:f4:32:34:43:54:ea:9e:39:e1:dc:05:
         5e:fe:9c:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xunuTa3JCuUw4b62m+sWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkNTk3MjY4YTU3NTM0ZjhjZjFiNjNiNzk0ZWVmMGQ3N2M3
YjQzYTIwHhcNMjYwMTAxMDQxODAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWM0MzgyZDBiNzAzMDYwMTUzZGZhMzkyMmFjMWRlODlkNzAxNDU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA381qHpigRRGJUqgAAihYIYzo6ucM
FwZxBuhHR7w1inNmc1phLIuQoo2w3UYxB2kysCi9YdQEPGN+4SwNQYnkqfPQ+aCX
ggUN6j/jUiSKtN6kO8sA9xvFSzCdXW6giQnEErBXmwAXZ4jjIIe6fsgx6JctQrSI
FDM7Z9uB/OnteOcnbnXlhXcY2Q07KAfwGNNpG+HN9vFG7pNf9u8US0hX1X3i+8hD
dCcx4ZZqlrJUAccDiA/NeOHi7cZ3i92CNUedVFsSJlbck6YVSepSqQqJR9pn5Psx
bNE9ZiNoan6jOtj0WdNpqhde1/Us5fzgBHGntkWk8fYCL02EV036zjBWtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHrEOC0LcDBgFT36OSKsHeidcBRYMB8GA1UdIwQY
MBaAFC1ZcmildTT4zxtjt5Tu8Nd8e0OiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFZseWFLVjFOUGpQRzJPM2xPN3cxM3g3UTZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS83MWI0MjgtY2U4Mi00ZTkxLWJhMDkt
NGUwNDgxZGM3ZDFjLzEvZXNRNExRdHdNR0FWUGZvNUlxd2Q2SjF3RkZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS83MWI0MjgtY2U4Mi00ZTkxLWJhMDktNGUwNDgxZGM3ZDFj
LzEvTFZseWFLVjFOUGpQRzJPM2xPN3cxM3g3UTZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW84jMA0G
CSqGSIb3DQEBCwUAA4IBAQA7h7bsrVZcU4XpcvUSlTVbQDRh8hxdxlGzVT4+Im35
L2G+GALaUiVEIv10hXf2rKOM2nbOjA0l5zPJa3tQ9UOuiy/Ux8MvEYnuBEUZxpcR
s6/mREJvnzCSgCiyFzRY843stWoMDjJ1iSZQW0C7/NiEM/6TeCVDvbEV8o/6NXpZ
9XD5d4NZ6r8qriiH14uAs/+d+7uxCwKUFd+dxHP13+JnQJ3IasVfZY/h5fngPiVA
I29UHs4PlTkZfjnhdT7EL8n+wNNz/QzK8jvFlIz4inv+PxZQTtcjpWyFMuEE6COs
akMOvqVdm/Ck0Q36/f3OwhFf9DI0Q1Tqnjnh3AVe/pz6
-----END CERTIFICATE-----