This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/IoKAaUn5hHoSZa6sUj65DGrvknE.roa
File:                     IoKAaUn5hHoSZa6sUj65DGrvknE.roa (raw, json)
Hash identifier:          Or+camIRByvkSq/YJYQeDEV0rn7Enxy5KL9bCDwotIc=
Subject key identifier:   22:82:80:69:49:F9:84:7A:12:65:AE:AC:52:3E:B9:0C:6A:EF:92:71
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       019B7AC786E4969047AFE391B34E6EDE6833
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/IoKAaUn5hHoSZa6sUj65DGrvknE.roa
Signing time:             Thu 01 Jan 2026 18:17:35 +0000
ROA not before:           Thu 01 Jan 2026 18:17:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9098
IP address blocks:        91.191.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c7:86:e4:96:90:47:af:e3:91:b3:4e:6e:de:68:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Jan  1 18:17:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2282806949f9847a1265aeac523eb90c6aef9271
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:4e:37:d9:36:80:2d:74:66:d4:db:66:c0:b9:
                    fd:a8:ba:31:59:b2:8f:b7:3f:7d:12:ca:11:5b:31:
                    73:d7:b3:03:48:c8:bf:6e:f0:06:96:f4:6c:1f:1c:
                    a4:8d:57:ed:dc:b2:ad:e4:64:81:fa:4b:71:6e:01:
                    f4:e0:b4:71:61:18:b9:99:81:1f:32:74:4f:27:a1:
                    1f:b0:dc:44:db:ea:8d:ea:f8:39:fb:16:54:29:88:
                    9c:0c:62:73:af:67:0b:e3:76:d9:33:8a:ef:ba:1b:
                    6c:06:b4:9d:9a:4c:28:99:d7:4f:8b:e6:24:a7:5e:
                    d1:40:d4:0a:95:c9:2d:09:b5:3f:cb:64:db:88:45:
                    4e:87:f3:55:25:37:65:b0:d5:94:3f:17:d7:74:bd:
                    94:7b:7c:b1:e0:a2:98:30:85:ca:1d:72:c5:ff:54:
                    f8:15:0a:76:72:f6:f9:4c:a6:31:51:69:f3:94:45:
                    57:e0:13:12:01:5a:84:0f:40:df:2f:14:50:bc:bf:
                    ec:64:cb:94:8f:e2:a2:e0:76:71:9d:99:67:4e:a8:
                    fb:d2:a0:d6:1d:9e:ea:f8:35:99:62:34:15:ec:dd:
                    49:13:98:1a:e3:6b:7b:dc:7b:d9:cc:ef:5a:a8:bd:
                    09:d5:7d:5a:98:b0:d9:96:5e:17:93:5d:15:03:17:
                    e3:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:82:80:69:49:F9:84:7A:12:65:AE:AC:52:3E:B9:0C:6A:EF:92:71
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/IoKAaUn5hHoSZa6sUj65DGrvknE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.191.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:33:52:f5:11:fc:49:a9:45:cb:15:09:fa:8e:47:49:9a:78:
         77:c0:4a:8e:f3:2f:61:85:1c:41:ac:24:19:b9:09:9b:42:6b:
         4e:6f:d2:c3:e3:1a:32:91:ad:0a:ba:62:0b:c8:ea:c5:ad:d2:
         4b:5d:88:a3:62:9f:67:e6:47:98:7f:3d:c6:08:1f:df:4b:90:
         9c:31:67:1c:a3:bb:3d:77:45:5c:34:06:74:68:78:06:43:ed:
         3a:c7:fe:04:a8:2b:ad:70:f8:b3:f2:d1:82:e6:02:ea:93:76:
         27:29:46:2f:9d:43:34:e4:a1:a3:07:a0:51:e8:d5:f2:61:bd:
         f0:28:7a:86:3d:dc:64:22:ae:c7:c0:ec:1f:7b:09:b7:b2:53:
         b2:fc:98:36:e8:97:c7:1f:f7:0f:58:68:21:ac:a6:10:15:ee:
         6d:60:8c:b8:32:28:3a:00:8c:ea:10:14:76:29:78:ee:80:d6:
         6b:7d:5e:b3:d3:61:09:e2:ad:f0:4c:9b:cc:63:60:b0:b5:fb:
         44:46:85:a6:cc:7e:16:74:30:82:23:bd:7d:51:46:83:8a:f7:
         79:03:fc:b7:69:7a:28:f8:b6:46:33:a7:d3:f5:0a:f5:39:3f:
         f2:d3:9f:18:16:cf:a4:09:11:55:ea:ab:bf:78:c6:d5:31:be:
         b8:b4:3e:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6x4bklpBHr+ORs05u3mgzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjYwMTAxMTgxNzM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjgyODA2OTQ5Zjk4NDdhMTI2NWFlYWM1MjNlYjkwYzZhZWY5MjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4k432TaALXRm1NtmwLn9qLoxWbKP
tz99EsoRWzFz17MDSMi/bvAGlvRsHxykjVft3LKt5GSB+ktxbgH04LRxYRi5mYEf
MnRPJ6EfsNxE2+qN6vg5+xZUKYicDGJzr2cL43bZM4rvuhtsBrSdmkwomddPi+Yk
p17RQNQKlcktCbU/y2TbiEVOh/NVJTdlsNWUPxfXdL2Ue3yx4KKYMIXKHXLF/1T4
FQp2cvb5TKYxUWnzlEVX4BMSAVqED0DfLxRQvL/sZMuUj+Ki4HZxnZlnTqj70qDW
HZ7q+DWZYjQV7N1JE5ga42t73HvZzO9aqL0J1X1amLDZll4Xk10VAxfj0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCKCgGlJ+YR6EmWurFI+uQxq75JxMB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvSW9LQWFVbjVoSG9TWmE2c1VqNjVER3J2a25FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW7+/MA0G
CSqGSIb3DQEBCwUAA4IBAQBvM1L1EfxJqUXLFQn6jkdJmnh3wEqO8y9hhRxBrCQZ
uQmbQmtOb9LD4xoyka0KumILyOrFrdJLXYijYp9n5keYfz3GCB/fS5CcMWcco7s9
d0VcNAZ0aHgGQ+06x/4EqCutcPiz8tGC5gLqk3YnKUYvnUM05KGjB6BR6NXyYb3w
KHqGPdxkIq7HwOwfewm3slOy/Jg26JfHH/cPWGghrKYQFe5tYIy4Mig6AIzqEBR2
KXjugNZrfV6z02EJ4q3wTJvMY2CwtftERoWmzH4WdDCCI719UUaDivd5A/y3aXoo
+LZGM6fT9Qr1OT/y058YFs+kCRFV6qu/eMbVMb64tD5B
-----END CERTIFICATE-----