This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/e3aa31-964f-4a81-bcee-de8c26202b17/1/BoWpyd3JOZi5Y_vkexanhVBW_Ag.roa
File:                     BoWpyd3JOZi5Y_vkexanhVBW_Ag.roa (raw, json)
Hash identifier:          TuPfakwU0uajSPw+NwpFbys7R8R7VeHveufD46rtpys=
Subject key identifier:   06:85:A9:C9:DD:C9:39:98:B9:63:FB:E4:7B:16:A7:85:50:56:FC:08
Certificate issuer:       /CN=f85d04e6c50ba906f9ac11c2e75bf3f5d1042a62
Certificate serial:       019B7DCB20774A54822FB10D67CD8045ECF1
Authority key identifier: F8:5D:04:E6:C5:0B:A9:06:F9:AC:11:C2:E7:5B:F3:F5:D1:04:2A:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-F0E5sULqQb5rBHC51vz9dEEKmI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/e3aa31-964f-4a81-bcee-de8c26202b17/1/BoWpyd3JOZi5Y_vkexanhVBW_Ag.roa
Signing time:             Fri 02 Jan 2026 08:20:22 +0000
ROA not before:           Fri 02 Jan 2026 08:20:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43164
IP address blocks:        91.198.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/e3aa31-964f-4a81-bcee-de8c26202b17/1/1-F0E5sULqQb5rBHC51vz9dEEKmI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/e3aa31-964f-4a81-bcee-de8c26202b17/1/1-F0E5sULqQb5rBHC51vz9dEEKmI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-F0E5sULqQb5rBHC51vz9dEEKmI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 14:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:cb:20:77:4a:54:82:2f:b1:0d:67:cd:80:45:ec:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f85d04e6c50ba906f9ac11c2e75bf3f5d1042a62
        Validity
            Not Before: Jan  2 08:20:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0685a9c9ddc93998b963fbe47b16a7855056fc08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:70:62:50:7d:cf:9a:31:a3:4a:53:5a:ac:64:
                    42:6f:9b:c3:a3:bd:51:a0:e7:92:a2:48:91:96:a0:
                    6f:ab:61:c2:31:46:f1:9a:06:c6:ca:49:16:da:f9:
                    04:1c:f5:68:52:a4:0c:1b:a6:9a:ab:3c:22:23:0d:
                    ee:2e:02:94:3d:32:9e:5b:de:78:77:43:f3:a3:5e:
                    93:94:86:6d:5e:dd:b1:d7:cf:2e:6d:ae:60:f7:c7:
                    9d:87:b8:d8:c6:e2:3e:ca:18:8b:e9:ff:0f:bf:c5:
                    9b:84:06:01:54:20:ac:30:f7:ba:19:96:e4:0a:89:
                    96:5d:d7:08:37:b9:89:ca:bf:03:dd:50:59:b9:c7:
                    62:7a:72:03:44:d9:26:3e:81:65:0b:e1:d8:08:35:
                    f7:f1:22:30:5a:21:f0:67:45:00:ae:ae:e2:07:20:
                    88:3b:58:17:99:17:25:86:bb:df:2d:13:7a:cd:0f:
                    da:cf:a2:b4:08:8f:5c:64:ac:fc:a7:4c:64:e9:67:
                    33:37:fe:8f:7c:8b:16:a2:2a:85:81:ca:6b:06:cb:
                    79:68:eb:e2:91:8b:61:4c:55:45:07:62:45:fd:b1:
                    f3:00:71:61:e5:9e:7b:af:59:9b:6d:af:27:31:11:
                    08:bc:a0:7c:1f:bd:4e:c7:8c:e8:da:8c:d0:e8:5e:
                    00:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:85:A9:C9:DD:C9:39:98:B9:63:FB:E4:7B:16:A7:85:50:56:FC:08
            X509v3 Authority Key Identifier:
                keyid:F8:5D:04:E6:C5:0B:A9:06:F9:AC:11:C2:E7:5B:F3:F5:D1:04:2A:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-F0E5sULqQb5rBHC51vz9dEEKmI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/e3aa31-964f-4a81-bcee-de8c26202b17/1/BoWpyd3JOZi5Y_vkexanhVBW_Ag.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/e3aa31-964f-4a81-bcee-de8c26202b17/1/1-F0E5sULqQb5rBHC51vz9dEEKmI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:c0:c1:96:55:74:19:89:3e:db:3f:f5:9c:a6:56:1a:ac:c6:
         95:6d:da:02:eb:68:a9:05:a4:15:c9:a1:ba:ff:dd:b1:a0:ea:
         c8:62:d1:33:67:81:40:29:d3:47:3f:dc:79:92:a5:5d:2e:8d:
         fc:03:47:0b:61:e4:3e:7b:da:ea:be:04:5a:ae:be:1b:6d:da:
         f2:68:9b:92:87:06:04:32:09:48:2a:d6:e4:ef:1b:e6:5f:b1:
         cf:4d:fc:1b:ab:37:a4:15:66:c4:71:d0:d9:0e:82:44:37:4a:
         9f:0e:a4:72:1d:dd:43:38:dc:47:a7:6a:ff:c3:7e:97:a1:93:
         7c:39:26:9b:89:57:d9:94:c2:ec:b1:95:ba:3d:0f:4d:33:85:
         d8:a7:07:11:52:86:c7:e8:c7:31:f7:41:b3:ca:99:0e:e3:57:
         c0:49:1b:ed:c1:3d:f4:3d:51:d8:b5:32:02:61:e0:5e:b6:39:
         d1:e5:0c:82:73:2d:bd:18:60:71:8c:d2:b0:e8:97:c4:17:2f:
         ec:04:bf:f2:19:4a:5a:ed:ec:f9:ad:5c:64:64:d2:6f:bf:cf:
         a6:ff:78:41:28:49:68:50:b9:f8:6b:0c:15:bf:04:8e:ed:d5:
         c3:ff:34:f0:00:2a:6a:15:9e:bd:95:ad:5e:f6:65:69:c0:21:
         54:bc:35:fe
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt9yyB3SlSCL7ENZ82ARezxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4NWQwNGU2YzUwYmE5MDZmOWFjMTFjMmU3NWJmM2Y1ZDEw
NDJhNjIwHhcNMjYwMTAyMDgyMDIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjg1YTljOWRkYzkzOTk4Yjk2M2ZiZTQ3YjE2YTc4NTUwNTZmYzA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAznBiUH3PmjGjSlNarGRCb5vDo71R
oOeSokiRlqBvq2HCMUbxmgbGykkW2vkEHPVoUqQMG6aaqzwiIw3uLgKUPTKeW954
d0Pzo16TlIZtXt2x188uba5g98edh7jYxuI+yhiL6f8Pv8WbhAYBVCCsMPe6GZbk
ComWXdcIN7mJyr8D3VBZucdienIDRNkmPoFlC+HYCDX38SIwWiHwZ0UArq7iByCI
O1gXmRclhrvfLRN6zQ/az6K0CI9cZKz8p0xk6WczN/6PfIsWoiqFgcprBst5aOvi
kYthTFVFB2JF/bHzAHFh5Z57r1mbba8nMREIvKB8H71Ox4zo2ozQ6F4ALQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFAaFqcndyTmYuWP75HsWp4VQVvwIMB8GA1UdIwQY
MBaAFPhdBObFC6kG+awRwudb8/XRBCpiMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1GMEU1c1VMcVFiNXJCSEM1MXZ6OWRFRUttSS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTQvZTNhYTMxLTk2NGYtNGE4MS1iY2Vl
LWRlOGMyNjIwMmIxNy8xL0JvV3B5ZDNKT1ppNVlfdmtleGFuaFZCV19BZy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNTQvZTNhYTMxLTk2NGYtNGE4MS1iY2VlLWRlOGMyNjIwMmIx
Ny8xLzEtRjBFNXNVTHFRYjVyQkhDNTF2ejlkRUVLbUkuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABbxgAw
DQYJKoZIhvcNAQELBQADggEBAEnAwZZVdBmJPts/9ZymVhqsxpVt2gLraKkFpBXJ
obr/3bGg6shi0TNngUAp00c/3HmSpV0ujfwDRwth5D572uq+BFquvhtt2vJom5KH
BgQyCUgq1uTvG+Zfsc9N/BurN6QVZsRx0NkOgkQ3Sp8OpHId3UM43Eenav/Dfpeh
k3w5JpuJV9mUwuyxlbo9D00zhdinBxFShsfoxzH3QbPKmQ7jV8BJG+3BPfQ9Udi1
MgJh4F62OdHlDIJzLb0YYHGM0rDol8QXL+wEv/IZSlrt7PmtXGRk0m+/z6b/eEEo
SWhQufhrDBW/BI7t1cP/NPAAKmoVnr2VrV72ZWnAIVS8Nf4=
-----END CERTIFICATE-----