This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/161d71-fd23-4615-b81a-5b5efbeadfd4/1/1-hctJgY6gBl33VVyS8tXmbS7abc.roa
File:                     1-hctJgY6gBl33VVyS8tXmbS7abc.roa (raw, json)
Hash identifier:          9yNVIpszOVVnnRDnySBI4EcYFXEUf6DlgTK4b8GXEqs=
Subject key identifier:   FA:17:2D:26:06:3A:80:19:77:DD:55:72:4B:CB:57:99:B4:BB:69:B7
Certificate issuer:       /CN=4d49a64c8a87812495e8d4dac40580a06d1e1658
Certificate serial:       019BC10AA4F2B8A49E868BF8D12D5239818F
Authority key identifier: 4D:49:A6:4C:8A:87:81:24:95:E8:D4:DA:C4:05:80:A0:6D:1E:16:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TUmmTIqHgSSV6NTaxAWAoG0eFlg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/161d71-fd23-4615-b81a-5b5efbeadfd4/1/1-hctJgY6gBl33VVyS8tXmbS7abc.roa
Signing time:             Thu 15 Jan 2026 09:44:18 +0000
ROA not before:           Thu 15 Jan 2026 09:44:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201827
IP address blocks:        91.216.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/161d71-fd23-4615-b81a-5b5efbeadfd4/1/TUmmTIqHgSSV6NTaxAWAoG0eFlg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/161d71-fd23-4615-b81a-5b5efbeadfd4/1/TUmmTIqHgSSV6NTaxAWAoG0eFlg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TUmmTIqHgSSV6NTaxAWAoG0eFlg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 12:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:c1:0a:a4:f2:b8:a4:9e:86:8b:f8:d1:2d:52:39:81:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d49a64c8a87812495e8d4dac40580a06d1e1658
        Validity
            Not Before: Jan 15 09:44:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fa172d26063a801977dd55724bcb5799b4bb69b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:da:f3:bc:db:ad:06:fc:80:02:75:39:00:94:
                    8d:a5:a4:f7:74:09:1a:9f:62:bc:52:ef:06:07:49:
                    05:9a:89:d3:a8:72:f3:0e:f1:8d:44:8a:b0:83:50:
                    24:49:96:36:59:f2:01:52:06:42:37:8b:c3:c9:fb:
                    db:ce:b0:bc:8b:c9:8f:ca:7b:7c:6b:61:3a:91:ca:
                    76:19:08:2e:02:32:a8:ea:60:2a:19:78:6f:ae:1f:
                    f3:5f:a6:00:88:11:48:e8:06:7b:9c:0d:b5:53:d7:
                    7b:fe:54:40:89:68:64:3a:b3:50:25:66:0e:d4:cf:
                    8d:16:9f:f7:cc:ec:01:10:8e:1d:e0:df:2d:f8:69:
                    0c:87:cf:fe:3b:be:ce:88:49:1e:cd:18:c0:37:42:
                    ad:98:74:5f:d4:f7:cc:40:99:c5:a6:39:3d:85:81:
                    b8:9a:ff:a8:74:a0:d3:5b:2d:69:33:45:03:a1:24:
                    3e:ac:2a:4e:60:2c:4c:7f:2a:26:ec:e4:38:1d:48:
                    83:2f:5c:5d:cf:52:d9:91:50:6e:eb:ce:17:d6:c4:
                    bf:99:6f:ba:68:c1:9d:b4:f6:6f:23:d5:e7:94:02:
                    d2:19:ac:fb:85:80:12:91:84:44:3f:e2:e1:9d:51:
                    a0:46:85:d1:f5:67:29:b6:7d:43:03:94:8d:cc:76:
                    2d:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:17:2D:26:06:3A:80:19:77:DD:55:72:4B:CB:57:99:B4:BB:69:B7
            X509v3 Authority Key Identifier:
                keyid:4D:49:A6:4C:8A:87:81:24:95:E8:D4:DA:C4:05:80:A0:6D:1E:16:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TUmmTIqHgSSV6NTaxAWAoG0eFlg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/161d71-fd23-4615-b81a-5b5efbeadfd4/1/1-hctJgY6gBl33VVyS8tXmbS7abc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/161d71-fd23-4615-b81a-5b5efbeadfd4/1/TUmmTIqHgSSV6NTaxAWAoG0eFlg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:d4:39:84:86:45:2f:9c:80:8f:38:0a:bc:15:2e:11:19:ea:
         2d:0d:a6:2c:f9:7b:ae:42:54:05:8e:02:c7:b8:b1:09:e2:78:
         0e:fb:4a:47:0f:28:6b:ce:77:52:51:34:b6:cf:ca:16:c4:02:
         06:35:ce:16:2d:0a:2c:d4:fd:7c:c9:2f:07:6a:37:35:80:da:
         ee:7f:2f:40:d3:36:a4:e1:82:b6:76:b6:96:08:c7:eb:61:3a:
         5e:07:26:73:ba:c8:9c:60:6f:00:1d:f5:d6:ab:0b:9a:7c:dc:
         2e:29:f8:39:8a:a2:6c:6a:74:1e:f8:a2:34:85:48:8d:5c:78:
         6c:bc:c8:2b:af:9e:c0:6b:f2:9f:df:96:ae:9d:ea:5b:85:cc:
         03:44:24:f2:e9:0b:6f:e3:1d:97:7d:f6:f2:c0:ac:09:77:e2:
         05:83:df:95:50:8e:ec:7b:0c:af:63:69:e1:2b:cc:8a:47:2e:
         b9:57:78:cb:67:75:18:29:c6:b1:b6:cd:34:b8:f1:6c:46:b5:
         a9:91:e0:49:d3:01:6f:72:95:2a:bf:dc:a4:58:64:66:79:d2:
         f4:03:ad:d1:23:f6:79:f6:80:9f:47:28:51:4b:79:f3:37:8d:
         bd:5f:1f:70:75:3a:8b:c5:de:ff:9f:25:ce:f3:80:58:69:47:
         af:ad:92:09
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZvBCqTyuKSehov40S1SOYGPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkNDlhNjRjOGE4NzgxMjQ5NWU4ZDRkYWM0MDU4MGEwNmQx
ZTE2NTgwHhcNMjYwMTE1MDk0NDE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTE3MmQyNjA2M2E4MDE5NzdkZDU1NzI0YmNiNTc5OWI0YmI2OWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0drzvNutBvyAAnU5AJSNpaT3dAka
n2K8Uu8GB0kFmonTqHLzDvGNRIqwg1AkSZY2WfIBUgZCN4vDyfvbzrC8i8mPynt8
a2E6kcp2GQguAjKo6mAqGXhvrh/zX6YAiBFI6AZ7nA21U9d7/lRAiWhkOrNQJWYO
1M+NFp/3zOwBEI4d4N8t+GkMh8/+O77OiEkezRjAN0KtmHRf1PfMQJnFpjk9hYG4
mv+odKDTWy1pM0UDoSQ+rCpOYCxMfyom7OQ4HUiDL1xdz1LZkVBu684X1sS/mW+6
aMGdtPZvI9XnlALSGaz7hYASkYREP+LhnVGgRoXR9Wcptn1DA5SNzHYtcQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPoXLSYGOoAZd91VckvLV5m0u2m3MB8GA1UdIwQY
MBaAFE1JpkyKh4EklejU2sQFgKBtHhZYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFVtbVRJcUhnU1NWNk5UYXhBV0FvRzBlRmxnLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8xNjFkNzEtZmQyMy00NjE1LWI4MWEt
NWI1ZWZiZWFkZmQ0LzEvMS1oY3RKZ1k2Z0JsMzNWVnlTOHRYbWJTN2FiYy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNWEvMTYxZDcxLWZkMjMtNDYxNS1iODFhLTViNWVmYmVhZGZk
NC8xL1RVbW1USXFIZ1NTVjZOVGF4QVdBb0cwZUZsZy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvYTDAN
BgkqhkiG9w0BAQsFAAOCAQEAUNQ5hIZFL5yAjzgKvBUuERnqLQ2mLPl7rkJUBY4C
x7ixCeJ4DvtKRw8oa853UlE0ts/KFsQCBjXOFi0KLNT9fMkvB2o3NYDa7n8vQNM2
pOGCtna2lgjH62E6Xgcmc7rInGBvAB311qsLmnzcLin4OYqibGp0HviiNIVIjVx4
bLzIK6+ewGvyn9+Wrp3qW4XMA0Qk8ukLb+Mdl3328sCsCXfiBYPflVCO7HsMr2Np
4SvMikcuuVd4y2d1GCnGsbbNNLjxbEa1qZHgSdMBb3KVKr/cpFhkZnnS9AOt0SP2
efaAn0coUUt58zeNvV8fcHU6i8Xe/58lzvOAWGlHr62SCQ==
-----END CERTIFICATE-----