This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/97e057-0f60-4aaf-9a48-83a44310a964/1/4qJQVO5xGJM4Hwo9a4t-72WANJk.roa
File:                     4qJQVO5xGJM4Hwo9a4t-72WANJk.roa (raw, json)
Hash identifier:          ktLSVwEG6cBJVzhe6kIb459fjppN/37esTFhqreayZU=
Subject key identifier:   E2:A2:50:54:EE:71:18:93:38:1F:0A:3D:6B:8B:7E:EF:65:80:34:99
Certificate issuer:       /CN=8c96c66af331c985b859d403b36974c0632e1ef2
Certificate serial:       019B7A5AE46967421D344C5702157A9FF337
Authority key identifier: 8C:96:C6:6A:F3:31:C9:85:B8:59:D4:03:B3:69:74:C0:63:2E:1E:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jJbGavMxyYW4WdQDs2l0wGMuHvI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/97e057-0f60-4aaf-9a48-83a44310a964/1/4qJQVO5xGJM4Hwo9a4t-72WANJk.roa
Signing time:             Thu 01 Jan 2026 16:18:55 +0000
ROA not before:           Thu 01 Jan 2026 16:18:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49544
IP address blocks:        91.233.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/97e057-0f60-4aaf-9a48-83a44310a964/1/jJbGavMxyYW4WdQDs2l0wGMuHvI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/97e057-0f60-4aaf-9a48-83a44310a964/1/jJbGavMxyYW4WdQDs2l0wGMuHvI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jJbGavMxyYW4WdQDs2l0wGMuHvI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 16:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:e4:69:67:42:1d:34:4c:57:02:15:7a:9f:f3:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c96c66af331c985b859d403b36974c0632e1ef2
        Validity
            Not Before: Jan  1 16:18:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e2a25054ee711893381f0a3d6b8b7eef65803499
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:90:4f:69:fb:f8:2a:2a:21:e8:a7:a8:74:ec:
                    51:12:4f:64:15:ed:e8:f6:e5:93:8c:19:35:3a:46:
                    7a:62:c7:14:e1:bd:e5:51:91:25:4a:f4:79:fc:b4:
                    94:ef:f2:a2:3e:d8:e7:69:18:51:69:b1:80:0f:ef:
                    ba:3a:0d:5d:f8:b5:e1:80:e4:71:94:e7:42:5f:56:
                    ad:b5:ea:5d:f9:b7:ea:aa:89:c8:4c:7c:19:aa:3d:
                    f4:78:9d:4b:ff:3a:0f:8f:63:2d:8b:b3:62:86:71:
                    b2:64:c1:06:f7:16:61:ed:cf:6f:20:60:eb:c3:ec:
                    18:e8:07:1f:35:ac:aa:66:6e:dc:56:6c:b6:3d:ae:
                    34:cd:59:96:82:ba:e2:3a:41:86:56:e9:f1:76:25:
                    84:b1:85:27:c1:6f:8b:af:b6:db:6c:58:dd:67:07:
                    b0:f3:f9:b7:2e:a1:9a:a8:61:30:bd:4e:7b:bf:9e:
                    d5:fe:8f:e8:fb:4c:86:ed:68:42:c7:d5:3d:fb:94:
                    53:cb:f6:99:6d:92:7e:0a:cf:bf:cc:6d:f8:2e:10:
                    b1:dc:41:e4:b8:ce:56:60:53:4f:c7:6e:a8:a0:92:
                    c9:ab:d9:9c:c5:09:80:50:fd:e4:a6:d2:6a:b8:99:
                    a2:e6:dc:7e:01:66:f1:58:03:35:74:6a:82:22:e4:
                    9a:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:A2:50:54:EE:71:18:93:38:1F:0A:3D:6B:8B:7E:EF:65:80:34:99
            X509v3 Authority Key Identifier:
                keyid:8C:96:C6:6A:F3:31:C9:85:B8:59:D4:03:B3:69:74:C0:63:2E:1E:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jJbGavMxyYW4WdQDs2l0wGMuHvI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/97e057-0f60-4aaf-9a48-83a44310a964/1/4qJQVO5xGJM4Hwo9a4t-72WANJk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/97e057-0f60-4aaf-9a48-83a44310a964/1/jJbGavMxyYW4WdQDs2l0wGMuHvI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.233.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:88:19:5d:14:c2:6e:06:3b:ea:d8:d7:12:5b:62:9d:5d:65:
         91:a2:37:bd:17:ca:9d:d8:ab:59:73:73:1d:ad:cc:1c:38:86:
         bf:09:33:52:1d:1b:f7:e6:c5:2e:fc:16:b6:75:85:ee:fa:f8:
         c9:8a:b1:93:94:ed:a1:2c:62:5f:64:d1:12:82:03:a6:d6:39:
         6b:52:71:7d:d9:a2:e9:de:1a:c4:04:44:9f:38:5c:a2:fb:a0:
         dc:ee:1a:68:70:90:c4:75:9e:d3:f2:03:6d:7b:dc:ec:47:56:
         4b:f8:7d:08:8b:37:c3:c7:7a:ea:ea:1b:17:f2:fa:eb:9d:27:
         05:b2:f7:6f:bc:a7:29:f3:cb:8c:89:6b:0c:94:81:30:af:9f:
         75:6b:c0:ce:c5:e0:f3:aa:0f:c8:dc:15:41:da:18:42:45:1d:
         50:be:cd:e6:eb:59:a4:2e:28:53:db:dc:d3:64:af:97:a0:d7:
         3f:31:eb:1c:82:bb:a9:fa:a1:68:b2:7b:d0:b2:ed:19:5f:1d:
         53:1e:11:2a:dd:8e:1e:3a:d5:06:19:ba:f1:88:c8:3d:19:a3:
         58:88:ff:28:23:95:c3:2e:a0:2f:aa:59:6b:58:8b:0e:f5:11:
         a9:62:a7:b3:71:ef:25:c0:34:37:63:38:92:68:0b:8f:dc:d7:
         33:d8:d2:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WuRpZ0IdNExXAhV6n/M3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjOTZjNjZhZjMzMWM5ODViODU5ZDQwM2IzNjk3NGMwNjMy
ZTFlZjIwHhcNMjYwMTAxMTYxODU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmEyNTA1NGVlNzExODkzMzgxZjBhM2Q2YjhiN2VlZjY1ODAzNDk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAipBPafv4Kioh6KeodOxREk9kFe3o
9uWTjBk1OkZ6YscU4b3lUZElSvR5/LSU7/KiPtjnaRhRabGAD++6Og1d+LXhgORx
lOdCX1attepd+bfqqonITHwZqj30eJ1L/zoPj2Mti7NihnGyZMEG9xZh7c9vIGDr
w+wY6AcfNayqZm7cVmy2Pa40zVmWgrriOkGGVunxdiWEsYUnwW+Lr7bbbFjdZwew
8/m3LqGaqGEwvU57v57V/o/o+0yG7WhCx9U9+5RTy/aZbZJ+Cs+/zG34LhCx3EHk
uM5WYFNPx26ooJLJq9mcxQmAUP3kptJquJmi5tx+AWbxWAM1dGqCIuSaYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOKiUFTucRiTOB8KPWuLfu9lgDSZMB8GA1UdIwQY
MBaAFIyWxmrzMcmFuFnUA7NpdMBjLh7yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvakpiR2F2TXh5WVc0V2RRRHMybDB3R011SHZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC85N2UwNTctMGY2MC00YWFmLTlhNDgt
ODNhNDQzMTBhOTY0LzEvNHFKUVZPNXhHSk00SHdvOWE0dC03MldBTkprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC85N2UwNTctMGY2MC00YWFmLTlhNDgtODNhNDQzMTBhOTY0
LzEvakpiR2F2TXh5WVc0V2RRRHMybDB3R011SHZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+lDMA0G
CSqGSIb3DQEBCwUAA4IBAQBRiBldFMJuBjvq2NcSW2KdXWWRoje9F8qd2KtZc3Md
rcwcOIa/CTNSHRv35sUu/Ba2dYXu+vjJirGTlO2hLGJfZNESggOm1jlrUnF92aLp
3hrEBESfOFyi+6Dc7hpocJDEdZ7T8gNte9zsR1ZL+H0IizfDx3rq6hsX8vrrnScF
svdvvKcp88uMiWsMlIEwr591a8DOxeDzqg/I3BVB2hhCRR1Qvs3m61mkLihT29zT
ZK+XoNc/Mescgrup+qFosnvQsu0ZXx1THhEq3Y4eOtUGGbrxiMg9GaNYiP8oI5XD
LqAvqllrWIsO9RGpYqezce8lwDQ3YziSaAuP3Ncz2NI5
-----END CERTIFICATE-----