This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/8866bb-2eb7-4288-a82c-5559ac410ace/1/iLu5B9aeu4NSBPHA9ivJ0i8Z4AA.roa
File:                     iLu5B9aeu4NSBPHA9ivJ0i8Z4AA.roa (raw, json)
Hash identifier:          acJKMRQ5Omks2WW0pWsL2TS7UwZ6+sYIZuHt+6L6NH8=
Subject key identifier:   88:BB:B9:07:D6:9E:BB:83:52:04:F1:C0:F6:2B:C9:D2:2F:19:E0:00
Certificate issuer:       /CN=f31d1c05abd714c67c3291e010d21c70a35dd57e
Certificate serial:       019B7A5AE48CA8A7FBA9F441BB4A35ACBAB8
Authority key identifier: F3:1D:1C:05:AB:D7:14:C6:7C:32:91:E0:10:D2:1C:70:A3:5D:D5:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8x0cBavXFMZ8MpHgENIccKNd1X4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/8866bb-2eb7-4288-a82c-5559ac410ace/1/iLu5B9aeu4NSBPHA9ivJ0i8Z4AA.roa
Signing time:             Thu 01 Jan 2026 16:18:55 +0000
ROA not before:           Thu 01 Jan 2026 16:18:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3320
IP address blocks:        91.103.240.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/8866bb-2eb7-4288-a82c-5559ac410ace/1/8x0cBavXFMZ8MpHgENIccKNd1X4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/8866bb-2eb7-4288-a82c-5559ac410ace/1/8x0cBavXFMZ8MpHgENIccKNd1X4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8x0cBavXFMZ8MpHgENIccKNd1X4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 07:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:e4:8c:a8:a7:fb:a9:f4:41:bb:4a:35:ac:ba:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f31d1c05abd714c67c3291e010d21c70a35dd57e
        Validity
            Not Before: Jan  1 16:18:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=88bbb907d69ebb835204f1c0f62bc9d22f19e000
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:a9:7e:0c:cd:23:52:52:cc:b6:1c:0f:72:55:
                    bb:99:4a:8d:da:a2:f7:b2:3c:47:3e:ed:85:54:2a:
                    32:ce:86:ba:d8:d1:f8:77:e0:d8:3c:ab:41:db:b7:
                    e4:64:d8:6a:6c:7d:d4:d9:66:d3:18:0c:ad:2f:fe:
                    d9:4d:ca:ef:03:55:8c:9c:69:76:1d:c9:7a:7a:8a:
                    36:37:9e:9c:23:eb:9d:17:c6:c4:c4:63:21:9c:59:
                    5f:f6:cf:70:70:b1:51:f6:32:a4:8b:1e:f1:5c:22:
                    1f:59:26:9f:04:23:c8:68:9f:1a:38:7c:88:85:c7:
                    dd:bc:d5:cc:2f:81:83:e6:c3:b8:4c:3d:fe:43:04:
                    54:b8:e9:b5:7d:35:ae:af:e9:2b:d7:5b:c2:ad:30:
                    5a:7e:b8:f9:24:14:b2:76:74:2b:c7:3e:51:1e:07:
                    bd:c2:b2:58:fd:88:04:84:4a:c0:e7:bc:e2:4b:d2:
                    42:8f:ce:a7:1a:07:ea:66:e6:3a:29:fd:ad:e3:dc:
                    1b:dd:8b:09:17:3a:4f:31:73:74:04:08:ac:7b:f4:
                    08:95:5a:73:0d:49:c4:dd:6c:16:c7:a4:50:6f:86:
                    a3:e8:77:e2:a4:7e:fe:b9:58:aa:ee:c9:b0:b2:db:
                    b7:3a:70:d7:42:7b:d6:40:93:80:40:c8:2f:1c:3b:
                    97:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:BB:B9:07:D6:9E:BB:83:52:04:F1:C0:F6:2B:C9:D2:2F:19:E0:00
            X509v3 Authority Key Identifier:
                keyid:F3:1D:1C:05:AB:D7:14:C6:7C:32:91:E0:10:D2:1C:70:A3:5D:D5:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8x0cBavXFMZ8MpHgENIccKNd1X4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/8866bb-2eb7-4288-a82c-5559ac410ace/1/iLu5B9aeu4NSBPHA9ivJ0i8Z4AA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/8866bb-2eb7-4288-a82c-5559ac410ace/1/8x0cBavXFMZ8MpHgENIccKNd1X4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.103.240.0/21

    Signature Algorithm: sha256WithRSAEncryption
         47:39:d6:e2:8e:44:a5:41:55:23:b5:39:a3:00:a7:39:69:10:
         1e:ab:93:e5:8d:50:4d:ca:2e:92:b0:14:64:f3:aa:0d:da:69:
         ea:db:61:1d:4a:fe:11:d8:0c:7e:b0:c6:a3:c4:8f:65:80:de:
         2c:22:4b:39:15:81:d9:86:bf:69:eb:c4:b1:57:02:01:02:85:
         f1:0f:82:99:93:71:91:6b:0d:7a:20:a2:ca:a0:53:e9:24:79:
         d2:d2:be:43:ed:06:6b:e5:d2:aa:b0:b1:c8:de:86:0c:89:ad:
         f3:e1:64:b7:ce:8d:e6:b1:c8:f9:03:bb:0c:4b:75:54:e4:b7:
         76:d8:c8:3f:c2:6f:18:91:37:29:07:ac:77:cf:45:5c:3d:4c:
         01:f8:9f:0f:38:d2:78:8a:92:23:35:88:cc:64:c8:7d:43:c4:
         b8:83:ce:f2:73:f0:21:55:b6:c9:9e:9c:d2:df:e7:f5:89:aa:
         78:1b:61:46:e0:59:80:b7:67:74:1c:b0:d2:94:16:f2:91:13:
         a8:f9:67:f8:19:e2:c7:7a:e9:f6:14:70:47:c4:b8:6e:6c:9f:
         6f:22:cd:da:bf:09:a3:7e:d7:b8:4f:d8:c0:08:e0:6b:b6:2c:
         fe:99:f5:c7:65:f8:42:5e:cf:bb:ff:75:f0:9e:7a:b7:1e:d0:
         54:d0:9d:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WuSMqKf7qfRBu0o1rLq4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzMWQxYzA1YWJkNzE0YzY3YzMyOTFlMDEwZDIxYzcwYTM1
ZGQ1N2UwHhcNMjYwMTAxMTYxODU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGJiYjkwN2Q2OWViYjgzNTIwNGYxYzBmNjJiYzlkMjJmMTllMDAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtal+DM0jUlLMthwPclW7mUqN2qL3
sjxHPu2FVCoyzoa62NH4d+DYPKtB27fkZNhqbH3U2WbTGAytL/7ZTcrvA1WMnGl2
Hcl6eoo2N56cI+udF8bExGMhnFlf9s9wcLFR9jKkix7xXCIfWSafBCPIaJ8aOHyI
hcfdvNXML4GD5sO4TD3+QwRUuOm1fTWur+kr11vCrTBafrj5JBSydnQrxz5RHge9
wrJY/YgEhErA57ziS9JCj86nGgfqZuY6Kf2t49wb3YsJFzpPMXN0BAise/QIlVpz
DUnE3WwWx6RQb4aj6HfipH7+uViq7smwstu3OnDXQnvWQJOAQMgvHDuXdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIi7uQfWnruDUgTxwPYrydIvGeAAMB8GA1UdIwQY
MBaAFPMdHAWr1xTGfDKR4BDSHHCjXdV+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHgwY0JhdlhGTVo4TXBIZ0VOSWNjS05kMVg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC84ODY2YmItMmViNy00Mjg4LWE4MmMt
NTU1OWFjNDEwYWNlLzEvaUx1NUI5YWV1NE5TQlBIQTlpdkowaThaNEFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC84ODY2YmItMmViNy00Mjg4LWE4MmMtNTU1OWFjNDEwYWNl
LzEvOHgwY0JhdlhGTVo4TXBIZ0VOSWNjS05kMVg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDW2fwMA0G
CSqGSIb3DQEBCwUAA4IBAQBHOdbijkSlQVUjtTmjAKc5aRAeq5PljVBNyi6SsBRk
86oN2mnq22EdSv4R2Ax+sMajxI9lgN4sIks5FYHZhr9p68SxVwIBAoXxD4KZk3GR
aw16IKLKoFPpJHnS0r5D7QZr5dKqsLHI3oYMia3z4WS3zo3mscj5A7sMS3VU5Ld2
2Mg/wm8YkTcpB6x3z0VcPUwB+J8PONJ4ipIjNYjMZMh9Q8S4g87yc/AhVbbJnpzS
3+f1iap4G2FG4FmAt2d0HLDSlBbykROo+Wf4GeLHeun2FHBHxLhubJ9vIs3avwmj
fte4T9jACOBrtiz+mfXHZfhCXs+7/3Xwnnq3HtBU0J3M
-----END CERTIFICATE-----