This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/ID0uSUS9YSfHNd3tbHUPCxezP7c.roa
File:                     ID0uSUS9YSfHNd3tbHUPCxezP7c.roa (raw, json)
Hash identifier:          5otoNJPeWt6BZ43Y3oQiN7LrNktvMHr+JIVRYTpLS2U=
Subject key identifier:   20:3D:2E:49:44:BD:61:27:C7:35:DD:ED:6C:75:0F:0B:17:B3:3F:B7
Certificate issuer:       /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial:       019B7A5AACE43E9AB8125850910531C59905
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/ID0uSUS9YSfHNd3tbHUPCxezP7c.roa
Signing time:             Thu 01 Jan 2026 16:18:41 +0000
ROA not before:           Thu 01 Jan 2026 16:18:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200017
IP address blocks:        91.216.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 16:02:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:ac:e4:3e:9a:b8:12:58:50:91:05:31:c5:99:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
        Validity
            Not Before: Jan  1 16:18:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=203d2e4944bd6127c735dded6c750f0b17b33fb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:b4:79:d0:0a:ff:b1:5e:f1:70:92:7f:ab:b1:
                    50:09:28:d9:6d:a9:fd:a0:08:2a:e7:ed:62:87:e1:
                    99:78:b0:72:9b:23:39:3f:14:6a:66:8a:4c:36:7f:
                    2a:1e:9a:fa:68:e5:28:e4:a7:43:0d:0e:33:d2:64:
                    bd:6b:90:ba:2f:fe:c2:fb:82:6b:bc:56:fc:25:ab:
                    52:93:c5:fe:9a:47:b1:76:3b:8e:da:ac:34:5a:02:
                    b2:75:ad:50:76:fe:7c:d5:63:49:4b:c5:cc:dd:3d:
                    76:4b:7f:04:d0:a5:1e:89:fd:86:95:36:a7:da:5e:
                    7a:23:13:05:33:d7:52:5f:ae:0d:cc:e9:fb:a4:81:
                    98:ad:5a:3f:2a:70:b4:74:3d:6b:27:b0:9c:94:ac:
                    00:a5:d8:66:0b:8b:e3:88:22:0c:65:86:1e:4a:8f:
                    dc:a0:7e:b6:2b:be:71:c3:8b:b2:0e:95:6a:8f:47:
                    20:ce:86:d5:8c:a9:36:c9:72:16:a3:3b:0a:68:9e:
                    fe:3c:f9:d8:72:63:5b:24:b3:33:ec:8d:4e:57:3e:
                    9e:9d:f9:a4:25:58:8f:63:d3:77:f7:84:de:63:76:
                    d6:6a:88:74:57:71:8a:86:7f:ac:9e:90:eb:3d:23:
                    eb:3f:8a:c6:14:1e:3f:ac:8d:9b:aa:2c:8b:e7:59:
                    af:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:3D:2E:49:44:BD:61:27:C7:35:DD:ED:6C:75:0F:0B:17:B3:3F:B7
            X509v3 Authority Key Identifier:
                keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/ID0uSUS9YSfHNd3tbHUPCxezP7c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:05:b3:62:f5:5e:a4:28:ed:fc:81:b9:d7:77:a9:21:a6:11:
         18:bd:e5:43:99:f8:24:d1:0a:f1:31:4e:30:a8:dc:dc:bc:06:
         92:e4:94:8f:8a:54:89:ef:19:0d:fa:c0:05:5d:4d:a5:32:49:
         10:62:54:42:fb:46:14:3f:5f:4b:9d:20:99:f5:6b:a0:68:91:
         d2:2f:2f:18:bc:ff:7a:c8:d2:2b:85:ec:00:23:40:4a:ab:98:
         36:82:fa:b9:58:8a:02:0f:34:4d:ab:c1:5e:bd:91:49:cd:4a:
         f0:e4:95:c5:93:02:4b:b6:73:2b:a3:93:b5:e1:aa:31:4d:25:
         f0:fe:8c:62:91:50:90:07:e4:1b:8b:60:63:62:41:02:ea:5c:
         bf:97:b7:df:cf:62:c3:5e:7f:65:a4:48:f5:5f:a0:c4:6d:36:
         1d:c4:4a:3c:36:de:aa:4f:57:f9:4a:a5:74:53:1f:6c:d8:95:
         94:d7:56:56:79:3c:f5:f5:f8:f8:14:a4:8d:09:e7:d8:10:91:
         d3:4a:1f:10:9f:4f:bd:10:08:9a:4c:c6:33:27:b7:86:28:c7:
         11:4c:fe:97:0e:a4:8c:31:9a:5c:3f:37:bc:7a:f5:7a:74:68:
         d2:90:40:ca:00:2b:e3:0c:46:36:90:06:71:71:61:3c:e8:c6:
         4f:53:f1:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WqzkPpq4ElhQkQUxxZkFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjYwMTAxMTYxODQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDNkMmU0OTQ0YmQ2MTI3YzczNWRkZWQ2Yzc1MGYwYjE3YjMzZmI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5LR50Ar/sV7xcJJ/q7FQCSjZban9
oAgq5+1ih+GZeLBymyM5PxRqZopMNn8qHpr6aOUo5KdDDQ4z0mS9a5C6L/7C+4Jr
vFb8JatSk8X+mkexdjuO2qw0WgKyda1Qdv581WNJS8XM3T12S38E0KUeif2GlTan
2l56IxMFM9dSX64NzOn7pIGYrVo/KnC0dD1rJ7CclKwApdhmC4vjiCIMZYYeSo/c
oH62K75xw4uyDpVqj0cgzobVjKk2yXIWozsKaJ7+PPnYcmNbJLMz7I1OVz6enfmk
JViPY9N394TeY3bWaoh0V3GKhn+snpDrPSPrP4rGFB4/rI2bqiyL51mvdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCA9LklEvWEnxzXd7Wx1DwsXsz+3MB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEvSUQwdVNVUzlZU2ZITmQzdGJIVVBDeGV6UDdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9jXMA0G
CSqGSIb3DQEBCwUAA4IBAQCsBbNi9V6kKO38gbnXd6khphEYveVDmfgk0QrxMU4w
qNzcvAaS5JSPilSJ7xkN+sAFXU2lMkkQYlRC+0YUP19LnSCZ9WugaJHSLy8YvP96
yNIrhewAI0BKq5g2gvq5WIoCDzRNq8FevZFJzUrw5JXFkwJLtnMro5O14aoxTSXw
/oxikVCQB+Qbi2BjYkEC6ly/l7ffz2LDXn9lpEj1X6DEbTYdxEo8Nt6qT1f5SqV0
Ux9s2JWU11ZWeTz19fj4FKSNCefYEJHTSh8Qn0+9EAiaTMYzJ7eGKMcRTP6XDqSM
MZpcPze8evV6dGjSkEDKACvjDEY2kAZxcWE86MZPU/H4
-----END CERTIFICATE-----