This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/15c47c-2c7c-481c-bf89-807246ca7a24/1/yS7JOrLZP4AOFmgm3gsxJRJWJXE.roa
File:                     yS7JOrLZP4AOFmgm3gsxJRJWJXE.roa (raw, json)
Hash identifier:          IrIgEVW7MNtRvbALuTRFogWK6/R+xoKvrCBDKRLo8XA=
Subject key identifier:   C9:2E:C9:3A:B2:D9:3F:80:0E:16:68:26:DE:0B:31:25:12:56:25:71
Certificate issuer:       /CN=45d1a7716025171133a3202c9462a0eabd660682
Certificate serial:       019B78A2BF15676384F80738C8555C8CDB4D
Authority key identifier: 45:D1:A7:71:60:25:17:11:33:A3:20:2C:94:62:A0:EA:BD:66:06:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RdGncWAlFxEzoyAslGKg6r1mBoI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/15c47c-2c7c-481c-bf89-807246ca7a24/1/yS7JOrLZP4AOFmgm3gsxJRJWJXE.roa
Signing time:             Thu 01 Jan 2026 08:18:10 +0000
ROA not before:           Thu 01 Jan 2026 08:18:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50767
IP address blocks:        91.230.98.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/15c47c-2c7c-481c-bf89-807246ca7a24/1/RdGncWAlFxEzoyAslGKg6r1mBoI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/15c47c-2c7c-481c-bf89-807246ca7a24/1/RdGncWAlFxEzoyAslGKg6r1mBoI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RdGncWAlFxEzoyAslGKg6r1mBoI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:bf:15:67:63:84:f8:07:38:c8:55:5c:8c:db:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45d1a7716025171133a3202c9462a0eabd660682
        Validity
            Not Before: Jan  1 08:18:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c92ec93ab2d93f800e166826de0b312512562571
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:42:53:1c:c2:e2:18:0f:15:f6:d2:5f:a6:8c:
                    13:99:95:9f:85:1d:f8:79:a5:21:ee:80:70:62:8c:
                    94:e1:69:e4:b6:ec:db:1a:72:62:1a:63:9d:d2:be:
                    3c:93:5b:a9:34:38:c3:50:73:13:92:d8:90:eb:45:
                    f0:26:f5:a3:c4:c4:a6:3d:ce:aa:c5:16:5a:fa:8d:
                    41:5e:61:d7:6a:24:92:7c:b9:3a:1e:36:ba:35:36:
                    7b:50:54:7b:23:a1:31:b4:33:c1:7b:df:ff:34:40:
                    0f:07:db:f7:91:ea:e6:14:09:52:35:33:a1:6d:ed:
                    fc:0f:6d:09:f2:64:3c:ef:b1:98:74:10:ac:a1:4c:
                    9d:7c:32:9d:cf:0b:bd:44:cd:8d:6c:d4:ed:09:5a:
                    ba:dc:5d:a3:81:ae:83:ff:1c:4f:43:26:65:11:29:
                    0c:bb:4b:dc:ef:0f:d2:da:22:bb:52:92:c4:1c:8d:
                    77:e9:6a:a5:ff:5c:e2:c2:50:a5:b7:39:5e:43:93:
                    cb:ef:1c:ed:56:a0:83:25:8d:62:d0:1c:79:0b:4e:
                    b6:1d:f9:7e:b8:fa:8e:02:64:23:f5:48:6a:72:80:
                    18:60:46:70:f4:5a:bc:27:8b:a8:bc:1d:d2:50:b7:
                    d6:0f:30:e6:1a:45:91:54:80:ed:06:e6:0a:fd:93:
                    b9:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:2E:C9:3A:B2:D9:3F:80:0E:16:68:26:DE:0B:31:25:12:56:25:71
            X509v3 Authority Key Identifier:
                keyid:45:D1:A7:71:60:25:17:11:33:A3:20:2C:94:62:A0:EA:BD:66:06:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RdGncWAlFxEzoyAslGKg6r1mBoI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/15c47c-2c7c-481c-bf89-807246ca7a24/1/yS7JOrLZP4AOFmgm3gsxJRJWJXE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/15c47c-2c7c-481c-bf89-807246ca7a24/1/RdGncWAlFxEzoyAslGKg6r1mBoI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.230.98.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4e:9c:5b:e8:bf:0e:ae:6c:9a:32:03:04:7c:74:b7:42:81:b4:
         02:db:22:f0:35:c3:73:b4:46:be:3c:ad:d5:e0:36:1d:69:ca:
         8d:00:b7:0e:20:ec:79:ad:66:d5:a1:36:92:a6:e7:ca:53:c0:
         5a:54:35:6c:e0:37:dd:b8:f5:9a:cc:97:e3:c1:be:e1:af:5c:
         b7:bb:32:e5:ba:fc:09:d2:2e:4d:2f:70:62:15:04:dc:f1:2a:
         0f:b1:6e:22:71:4c:46:70:57:4e:6f:18:ab:55:3b:16:53:77:
         de:2f:07:3b:c5:1e:cf:ab:01:aa:0a:66:b4:f4:46:a7:97:47:
         3e:d1:79:32:d4:c9:26:e0:69:9a:5d:f4:39:b0:0f:bf:52:fa:
         c8:16:e4:4a:ca:cf:f7:42:49:08:14:72:82:9d:4f:7c:83:bd:
         d2:18:e2:30:6e:b2:e7:af:03:3d:a2:85:23:07:43:8f:41:22:
         e5:4d:f9:24:3f:18:2f:44:65:81:47:88:50:fd:a6:1b:4d:52:
         ed:f3:13:05:d1:b0:1b:91:cb:0e:8a:a9:fe:bf:03:ed:66:65:
         b0:e6:86:82:f6:ed:03:f6:17:ac:2d:e3:2c:66:34:ff:a9:4f:
         91:57:1a:4f:9a:28:61:ff:2f:f4:5d:62:1a:ed:76:88:74:5b:
         36:c5:16:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4or8VZ2OE+Ac4yFVcjNtNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1ZDFhNzcxNjAyNTE3MTEzM2EzMjAyYzk0NjJhMGVhYmQ2
NjA2ODIwHhcNMjYwMTAxMDgxODEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTJlYzkzYWIyZDkzZjgwMGUxNjY4MjZkZTBiMzEyNTEyNTYyNTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0EJTHMLiGA8V9tJfpowTmZWfhR34
eaUh7oBwYoyU4WnktuzbGnJiGmOd0r48k1upNDjDUHMTktiQ60XwJvWjxMSmPc6q
xRZa+o1BXmHXaiSSfLk6Hja6NTZ7UFR7I6ExtDPBe9//NEAPB9v3kermFAlSNTOh
be38D20J8mQ877GYdBCsoUydfDKdzwu9RM2NbNTtCVq63F2jga6D/xxPQyZlESkM
u0vc7w/S2iK7UpLEHI136Wql/1ziwlCltzleQ5PL7xztVqCDJY1i0Bx5C062Hfl+
uPqOAmQj9UhqcoAYYEZw9Fq8J4uovB3SULfWDzDmGkWRVIDtBuYK/ZO53QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMkuyTqy2T+ADhZoJt4LMSUSViVxMB8GA1UdIwQY
MBaAFEXRp3FgJRcRM6MgLJRioOq9ZgaCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmRHbmNXQWxGeEV6b3lBc2xHS2c2cjFtQm9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC8xNWM0N2MtMmM3Yy00ODFjLWJmODkt
ODA3MjQ2Y2E3YTI0LzEveVM3Sk9yTFpQNEFPRm1nbTNnc3hKUkpXSlhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC8xNWM0N2MtMmM3Yy00ODFjLWJmODktODA3MjQ2Y2E3YTI0
LzEvUmRHbmNXQWxGeEV6b3lBc2xHS2c2cjFtQm9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+ZiMA0G
CSqGSIb3DQEBCwUAA4IBAQBOnFvovw6ubJoyAwR8dLdCgbQC2yLwNcNztEa+PK3V
4DYdacqNALcOIOx5rWbVoTaSpufKU8BaVDVs4DfduPWazJfjwb7hr1y3uzLluvwJ
0i5NL3BiFQTc8SoPsW4icUxGcFdObxirVTsWU3feLwc7xR7PqwGqCma09Eanl0c+
0Xky1Mkm4GmaXfQ5sA+/UvrIFuRKys/3QkkIFHKCnU98g73SGOIwbrLnrwM9ooUj
B0OPQSLlTfkkPxgvRGWBR4hQ/aYbTVLt8xMF0bAbkcsOiqn+vwPtZmWw5oaC9u0D
9hesLeMsZjT/qU+RVxpPmihh/y/0XWIa7XaIdFs2xRaa
-----END CERTIFICATE-----