This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/59bcd1-1e0b-485d-9510-096af478f04b/1/dj2slW3vOttM2lqgWk6ocAGgDC0.roa
File:                     dj2slW3vOttM2lqgWk6ocAGgDC0.roa (raw, json)
Hash identifier:          +gmMzsdCL+TQ11aBaKus+EwBw7GGlK23QYqU5eoC/TU=
Subject key identifier:   76:3D:AC:95:6D:EF:3A:DB:4C:DA:5A:A0:5A:4E:A8:70:01:A0:0C:2D
Certificate issuer:       /CN=ffbcae2b290c801d57d09d025a9348e16706f182
Certificate serial:       019B7AC7BBDD1D4391AB11E8BDE0142364E4
Authority key identifier: FF:BC:AE:2B:29:0C:80:1D:57:D0:9D:02:5A:93:48:E1:67:06:F1:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_7yuKykMgB1X0J0CWpNI4WcG8YI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/59bcd1-1e0b-485d-9510-096af478f04b/1/dj2slW3vOttM2lqgWk6ocAGgDC0.roa
Signing time:             Thu 01 Jan 2026 18:17:48 +0000
ROA not before:           Thu 01 Jan 2026 18:17:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211430
IP address blocks:        91.209.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/59bcd1-1e0b-485d-9510-096af478f04b/1/_7yuKykMgB1X0J0CWpNI4WcG8YI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/59bcd1-1e0b-485d-9510-096af478f04b/1/_7yuKykMgB1X0J0CWpNI4WcG8YI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_7yuKykMgB1X0J0CWpNI4WcG8YI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c7:bb:dd:1d:43:91:ab:11:e8:bd:e0:14:23:64:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffbcae2b290c801d57d09d025a9348e16706f182
        Validity
            Not Before: Jan  1 18:17:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=763dac956def3adb4cda5aa05a4ea87001a00c2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:6c:87:1f:57:a8:6d:b3:e8:0a:c6:79:95:a7:
                    e8:2d:d4:69:8c:cd:b8:9e:89:bf:1c:4b:48:92:98:
                    e1:fb:d2:f1:92:e2:74:62:f4:a4:76:cf:cd:c1:1e:
                    1e:d6:61:96:57:01:0b:ca:4f:95:c9:07:43:32:26:
                    23:b2:e0:05:a9:18:6b:9d:0f:53:a2:3e:75:3a:50:
                    08:0f:67:82:ee:ff:4f:2a:3e:38:3f:c8:09:7e:a1:
                    56:4d:bd:0c:72:85:ce:bb:c2:d7:fb:75:c9:e5:32:
                    ae:e1:c4:5d:50:ad:03:d5:53:2d:02:78:c7:20:97:
                    59:db:e4:3c:9d:6b:76:93:42:d0:1d:a3:a3:fb:04:
                    1e:74:5f:54:3c:cf:79:eb:de:cb:f3:b2:d7:5d:c2:
                    3e:53:5f:df:9f:8f:7f:d3:55:60:92:a6:1a:3a:c1:
                    70:34:97:62:d2:ad:d8:58:0a:09:a9:ba:61:0c:57:
                    ae:47:da:b2:6a:ab:0d:e3:6d:e4:38:92:e1:49:47:
                    74:43:d3:d5:a5:c2:f2:60:cd:13:04:c8:40:e3:59:
                    e7:ec:05:b0:55:6f:89:28:59:6a:05:68:56:f9:50:
                    29:35:c2:dd:9c:1e:1f:7b:7f:e9:bb:8e:64:af:f8:
                    91:3a:78:48:ef:29:a0:71:70:41:67:f5:e3:1a:48:
                    91:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:3D:AC:95:6D:EF:3A:DB:4C:DA:5A:A0:5A:4E:A8:70:01:A0:0C:2D
            X509v3 Authority Key Identifier:
                keyid:FF:BC:AE:2B:29:0C:80:1D:57:D0:9D:02:5A:93:48:E1:67:06:F1:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_7yuKykMgB1X0J0CWpNI4WcG8YI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/59bcd1-1e0b-485d-9510-096af478f04b/1/dj2slW3vOttM2lqgWk6ocAGgDC0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/59bcd1-1e0b-485d-9510-096af478f04b/1/_7yuKykMgB1X0J0CWpNI4WcG8YI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:fc:87:ca:c2:0d:e6:b7:88:8c:bd:5e:7d:11:57:90:db:fb:
         ac:32:a7:57:93:3f:9e:f1:97:4a:d0:c5:0a:fa:55:f1:f5:67:
         97:b8:10:81:bb:81:2f:3f:33:ba:17:ea:21:ff:1f:d6:17:57:
         ea:17:4e:94:3c:ed:b5:c2:2d:1e:6d:2f:ba:97:1b:21:12:29:
         c7:d4:9a:0b:09:09:43:19:5d:85:61:3f:0f:c1:ea:58:86:b2:
         6c:ac:01:ab:f4:03:00:e0:7a:3d:31:14:ab:88:7b:d9:c2:c1:
         32:d6:36:df:7b:1f:47:8b:cf:14:4c:42:0a:19:2b:c8:80:fd:
         d8:43:6d:87:da:a6:70:c1:b8:c7:ba:ec:ac:a0:5f:af:91:a3:
         13:72:d3:d6:ae:d5:3c:a0:6a:d1:37:9c:69:57:83:14:91:44:
         bc:b9:77:91:98:6b:d2:35:aa:fe:28:c9:5b:b7:56:25:fa:67:
         42:ea:cc:7e:ff:1f:6b:f7:af:99:62:89:6a:ed:b7:11:ec:34:
         bf:50:97:4f:10:83:8d:d5:29:c4:c0:6d:b1:b9:41:2c:40:4d:
         c3:68:9b:04:37:e8:68:68:4c:02:c2:99:87:34:cc:f7:7b:b5:
         2c:05:76:a5:1e:b4:dd:01:78:b5:a0:76:ce:f3:a1:0b:19:db:
         19:90:58:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6x7vdHUORqxHoveAUI2TkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYmNhZTJiMjkwYzgwMWQ1N2QwOWQwMjVhOTM0OGUxNjcw
NmYxODIwHhcNMjYwMTAxMTgxNzQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjNkYWM5NTZkZWYzYWRiNGNkYTVhYTA1YTRlYTg3MDAxYTAwYzJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGyHH1eobbPoCsZ5lafoLdRpjM24
nom/HEtIkpjh+9LxkuJ0YvSkds/NwR4e1mGWVwELyk+VyQdDMiYjsuAFqRhrnQ9T
oj51OlAID2eC7v9PKj44P8gJfqFWTb0McoXOu8LX+3XJ5TKu4cRdUK0D1VMtAnjH
IJdZ2+Q8nWt2k0LQHaOj+wQedF9UPM95697L87LXXcI+U1/fn49/01VgkqYaOsFw
NJdi0q3YWAoJqbphDFeuR9qyaqsN423kOJLhSUd0Q9PVpcLyYM0TBMhA41nn7AWw
VW+JKFlqBWhW+VApNcLdnB4fe3/pu45kr/iROnhI7ymgcXBBZ/XjGkiRlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHY9rJVt7zrbTNpaoFpOqHABoAwtMB8GA1UdIwQY
MBaAFP+8rispDIAdV9CdAlqTSOFnBvGCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzd5dUt5a01nQjFYMEowQ1dwTkk0V2NHOFlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS81OWJjZDEtMWUwYi00ODVkLTk1MTAt
MDk2YWY0NzhmMDRiLzEvZGoyc2xXM3ZPdHRNMmxxZ1drNm9jQUdnREMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS81OWJjZDEtMWUwYi00ODVkLTk1MTAtMDk2YWY0NzhmMDRi
LzEvXzd5dUt5a01nQjFYMEowQ1dwTkk0V2NHOFlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9FpMA0G
CSqGSIb3DQEBCwUAA4IBAQAv/IfKwg3mt4iMvV59EVeQ2/usMqdXkz+e8ZdK0MUK
+lXx9WeXuBCBu4EvPzO6F+oh/x/WF1fqF06UPO21wi0ebS+6lxshEinH1JoLCQlD
GV2FYT8PwepYhrJsrAGr9AMA4Ho9MRSriHvZwsEy1jbfex9Hi88UTEIKGSvIgP3Y
Q22H2qZwwbjHuuysoF+vkaMTctPWrtU8oGrRN5xpV4MUkUS8uXeRmGvSNar+KMlb
t1Yl+mdC6sx+/x9r96+ZYolq7bcR7DS/UJdPEION1SnEwG2xuUEsQE3DaJsEN+ho
aEwCwpmHNMz3e7UsBXalHrTdAXi1oHbO86ELGdsZkFht
-----END CERTIFICATE-----