This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/738edb-d9ff-4af5-8341-fc5cc64db749/1/_z2uZVdWVofMNDXIfpAr7x8K_Pw.roa
File:                     _z2uZVdWVofMNDXIfpAr7x8K_Pw.roa (raw, json)
Hash identifier:          moGqRZrZjmmem4RcH2GHZPdoIwD9Iav/z8dOsylXWfw=
Subject key identifier:   FF:3D:AE:65:57:56:56:87:CC:34:35:C8:7E:90:2B:EF:1F:0A:FC:FC
Certificate issuer:       /CN=71ee7ed4a6a91054e6bc2498693fe0c2f862101d
Certificate serial:       019B7C805E780A2E96CFCBE113D219C3E401
Authority key identifier: 71:EE:7E:D4:A6:A9:10:54:E6:BC:24:98:69:3F:E0:C2:F8:62:10:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ce5-1KapEFTmvCSYaT_gwvhiEB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/738edb-d9ff-4af5-8341-fc5cc64db749/1/_z2uZVdWVofMNDXIfpAr7x8K_Pw.roa
Signing time:             Fri 02 Jan 2026 02:19:06 +0000
ROA not before:           Fri 02 Jan 2026 02:19:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     196721
IP address blocks:        91.212.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/738edb-d9ff-4af5-8341-fc5cc64db749/1/ce5-1KapEFTmvCSYaT_gwvhiEB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/738edb-d9ff-4af5-8341-fc5cc64db749/1/ce5-1KapEFTmvCSYaT_gwvhiEB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ce5-1KapEFTmvCSYaT_gwvhiEB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:5e:78:0a:2e:96:cf:cb:e1:13:d2:19:c3:e4:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=71ee7ed4a6a91054e6bc2498693fe0c2f862101d
        Validity
            Not Before: Jan  2 02:19:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ff3dae6557565687cc3435c87e902bef1f0afcfc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:dd:fd:a6:e0:26:58:75:3d:3a:9c:d2:b8:87:
                    6b:80:84:ab:6d:c5:5f:86:06:e1:9f:f7:05:6e:de:
                    c2:b1:fb:73:20:17:96:11:0c:e1:d5:5f:01:fe:74:
                    24:bc:66:87:00:20:c9:09:a3:fe:e8:df:b6:fd:d1:
                    e7:cb:05:62:c9:da:bf:8a:f1:67:d6:0c:90:db:31:
                    0d:b4:26:e0:69:8e:7b:01:93:11:46:82:7e:2a:a4:
                    41:87:d3:85:7e:b3:59:5f:fe:67:80:43:32:ed:9b:
                    20:ad:89:b2:a5:de:c7:62:94:43:31:2d:07:82:fc:
                    03:f3:77:03:00:65:c8:a7:38:9a:7c:55:a4:b4:32:
                    fa:e5:40:f7:87:99:90:37:4c:83:75:ae:1d:e3:3c:
                    2d:7b:fa:e2:d0:08:05:77:17:28:6f:7e:54:22:5b:
                    d4:6d:35:31:70:9d:92:41:4c:d6:16:2c:57:e8:ef:
                    5f:aa:15:90:ac:36:df:16:3c:bc:6a:ff:02:02:dd:
                    30:0e:dc:69:4d:dc:a2:0f:b1:b6:5f:9c:2a:81:ef:
                    92:af:43:c8:17:68:ab:3d:49:e7:3d:af:f1:61:14:
                    fa:6b:7d:01:a0:30:d1:6a:14:b9:12:b1:b9:0e:67:
                    3a:77:ad:f2:fe:16:4b:3a:1d:36:86:b1:18:b4:d9:
                    b4:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:3D:AE:65:57:56:56:87:CC:34:35:C8:7E:90:2B:EF:1F:0A:FC:FC
            X509v3 Authority Key Identifier:
                keyid:71:EE:7E:D4:A6:A9:10:54:E6:BC:24:98:69:3F:E0:C2:F8:62:10:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce5-1KapEFTmvCSYaT_gwvhiEB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/738edb-d9ff-4af5-8341-fc5cc64db749/1/_z2uZVdWVofMNDXIfpAr7x8K_Pw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/738edb-d9ff-4af5-8341-fc5cc64db749/1/ce5-1KapEFTmvCSYaT_gwvhiEB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:68:e2:7e:4c:8c:de:29:2d:42:26:41:57:9b:d2:86:64:7e:
         4d:47:de:cc:a8:dc:61:38:f2:ac:2f:03:7e:e2:1b:af:cc:87:
         3f:13:bc:dd:31:98:80:26:05:3c:a2:ce:9a:51:04:54:bf:2b:
         94:91:65:7a:8c:fb:d2:05:8a:74:19:13:b8:f9:2f:33:3d:a2:
         34:24:44:6a:26:24:69:73:69:b9:01:e1:95:19:e9:4c:e1:b9:
         f1:72:c5:50:5d:7f:f6:e6:d8:c8:90:f8:30:9f:18:c9:ed:6c:
         9b:17:01:2f:cb:9e:43:c0:fd:ae:ff:f0:18:f3:d1:32:f6:83:
         66:71:38:fb:c9:44:9b:f6:4c:04:26:81:73:1d:57:f0:6b:47:
         9e:a3:b6:b9:10:89:ba:63:8b:5b:e0:bd:b6:7b:90:26:38:d9:
         ee:09:49:09:8d:9a:0a:47:65:28:81:24:0f:f3:7d:5d:1c:e4:
         0c:b1:8b:40:f8:47:55:32:f0:54:ea:af:28:c0:a5:25:14:04:
         81:d5:37:6d:56:b8:2f:27:40:f3:19:ef:81:45:07:9e:94:73:
         2e:c5:dd:d1:32:f1:c4:22:1f:55:65:9e:16:8c:b9:76:a9:11:
         96:8b:66:6a:20:bd:3c:c0:e1:2d:fc:61:c2:0a:d3:e3:09:ed:
         e0:88:5d:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gF54Ci6Wz8vhE9IZw+QBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxZWU3ZWQ0YTZhOTEwNTRlNmJjMjQ5ODY5M2ZlMGMyZjg2
MjEwMWQwHhcNMjYwMTAyMDIxOTA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjNkYWU2NTU3NTY1Njg3Y2MzNDM1Yzg3ZTkwMmJlZjFmMGFmY2ZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq939puAmWHU9OpzSuIdrgISrbcVf
hgbhn/cFbt7CsftzIBeWEQzh1V8B/nQkvGaHACDJCaP+6N+2/dHnywViydq/ivFn
1gyQ2zENtCbgaY57AZMRRoJ+KqRBh9OFfrNZX/5ngEMy7ZsgrYmypd7HYpRDMS0H
gvwD83cDAGXIpziafFWktDL65UD3h5mQN0yDda4d4zwte/ri0AgFdxcob35UIlvU
bTUxcJ2SQUzWFixX6O9fqhWQrDbfFjy8av8CAt0wDtxpTdyiD7G2X5wqge+Sr0PI
F2irPUnnPa/xYRT6a30BoDDRahS5ErG5Dmc6d63y/hZLOh02hrEYtNm0qwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP89rmVXVlaHzDQ1yH6QK+8fCvz8MB8GA1UdIwQY
MBaAFHHuftSmqRBU5rwkmGk/4ML4YhAdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2U1LTFLYXBFRlRtdkNTWWFUX2d3dmhpRUIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83MzhlZGItZDlmZi00YWY1LTgzNDEt
ZmM1Y2M2NGRiNzQ5LzEvX3oydVpWZFdWb2ZNTkRYSWZwQXI3eDhLX1B3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83MzhlZGItZDlmZi00YWY1LTgzNDEtZmM1Y2M2NGRiNzQ5
LzEvY2U1LTFLYXBFRlRtdkNTWWFUX2d3dmhpRUIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9RRMA0G
CSqGSIb3DQEBCwUAA4IBAQAhaOJ+TIzeKS1CJkFXm9KGZH5NR97MqNxhOPKsLwN+
4huvzIc/E7zdMZiAJgU8os6aUQRUvyuUkWV6jPvSBYp0GRO4+S8zPaI0JERqJiRp
c2m5AeGVGelM4bnxcsVQXX/25tjIkPgwnxjJ7WybFwEvy55DwP2u//AY89Ey9oNm
cTj7yUSb9kwEJoFzHVfwa0eeo7a5EIm6Y4tb4L22e5AmONnuCUkJjZoKR2UogSQP
831dHOQMsYtA+EdVMvBU6q8owKUlFASB1TdtVrgvJ0DzGe+BRQeelHMuxd3RMvHE
Ih9VZZ4WjLl2qRGWi2ZqIL08wOEt/GHCCtPjCe3giF0r
-----END CERTIFICATE-----