This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/1f63db-c963-44bc-a039-8aaa6a90ff95/1/rIn8nuXIe5ah0WrNMb3X6_abjqo.roa
File:                     rIn8nuXIe5ah0WrNMb3X6_abjqo.roa (raw, json)
Hash identifier:          204By/4s2fRNwF4+6Yhppe1fwGO2Tcsoo2WrNB73Sr4=
Subject key identifier:   AC:89:FC:9E:E5:C8:7B:96:A1:D1:6A:CD:31:BD:D7:EB:F6:9B:8E:AA
Certificate issuer:       /CN=7d3045fc491d39f52e7145b1000b3b86c37ded45
Certificate serial:       019B7A5AEEAD24AE440503DE852C677EA437
Authority key identifier: 7D:30:45:FC:49:1D:39:F5:2E:71:45:B1:00:0B:3B:86:C3:7D:ED:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fTBF_EkdOfUucUWxAAs7hsN97UU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/1f63db-c963-44bc-a039-8aaa6a90ff95/1/rIn8nuXIe5ah0WrNMb3X6_abjqo.roa
Signing time:             Thu 01 Jan 2026 16:18:58 +0000
ROA not before:           Thu 01 Jan 2026 16:18:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        91.236.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/1f63db-c963-44bc-a039-8aaa6a90ff95/1/fTBF_EkdOfUucUWxAAs7hsN97UU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/1f63db-c963-44bc-a039-8aaa6a90ff95/1/fTBF_EkdOfUucUWxAAs7hsN97UU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fTBF_EkdOfUucUWxAAs7hsN97UU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 01:01:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:ee:ad:24:ae:44:05:03:de:85:2c:67:7e:a4:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d3045fc491d39f52e7145b1000b3b86c37ded45
        Validity
            Not Before: Jan  1 16:18:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ac89fc9ee5c87b96a1d16acd31bdd7ebf69b8eaa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:7d:fa:25:38:a7:61:00:b8:a8:e3:55:ce:6e:
                    fb:5e:7d:25:d9:c4:ef:8b:7c:ca:eb:1b:ec:6f:9d:
                    f8:3a:8f:11:65:c2:10:e9:c4:c3:81:32:ef:e1:aa:
                    b2:a9:0d:d0:c7:86:b1:0b:02:b5:81:94:b6:8c:85:
                    47:3c:16:cc:f3:79:27:96:2a:77:c4:44:04:01:f8:
                    22:55:09:13:65:b9:7b:e7:37:cb:b0:46:61:c5:58:
                    13:d8:56:cd:6a:8c:53:7c:dd:25:cf:8c:00:06:f1:
                    c6:e7:0f:2d:15:96:1b:fe:bf:f9:10:f5:b3:3b:f9:
                    11:a9:d0:7b:66:99:b3:2d:3f:0a:28:50:c9:1a:7b:
                    28:e7:06:c3:88:3a:92:f6:fe:2f:82:2e:59:e6:0e:
                    b0:a4:46:26:9a:e8:e1:d7:ce:12:e0:14:e8:b8:ca:
                    73:61:9a:7a:d2:e0:51:4e:8d:1d:bf:e9:e6:13:c9:
                    b0:c7:09:da:f5:de:fd:e1:89:06:3b:dd:70:27:87:
                    c8:23:f4:4e:95:2e:de:83:ac:a5:1e:00:f9:56:ba:
                    7c:a3:0a:11:fc:ca:ab:6c:31:54:9f:d3:aa:0a:72:
                    36:fe:c6:8f:69:ff:a2:8e:e7:e0:ac:82:11:4b:f6:
                    f3:c1:3b:a2:37:13:9f:fb:35:ac:1a:6e:14:ab:97:
                    c7:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:89:FC:9E:E5:C8:7B:96:A1:D1:6A:CD:31:BD:D7:EB:F6:9B:8E:AA
            X509v3 Authority Key Identifier:
                keyid:7D:30:45:FC:49:1D:39:F5:2E:71:45:B1:00:0B:3B:86:C3:7D:ED:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fTBF_EkdOfUucUWxAAs7hsN97UU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/1f63db-c963-44bc-a039-8aaa6a90ff95/1/rIn8nuXIe5ah0WrNMb3X6_abjqo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/1f63db-c963-44bc-a039-8aaa6a90ff95/1/fTBF_EkdOfUucUWxAAs7hsN97UU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:a8:b4:ba:8b:2a:c7:a8:91:b5:b0:07:39:8d:59:50:fa:77:
         04:05:29:50:00:d0:36:42:7f:67:fd:3a:99:b1:5b:65:91:05:
         a7:9e:c7:0a:76:b5:15:c7:f8:e5:6c:a9:c8:56:cf:bc:26:fd:
         ff:15:f7:32:92:a7:66:cc:a7:21:eb:1a:97:60:ab:9c:95:60:
         57:e1:f1:cd:88:e9:d6:0f:e5:b1:8b:39:ce:f6:d7:5d:c7:14:
         9e:2e:f0:de:26:a0:e8:1a:40:3b:ec:dd:41:3c:8e:74:d4:4e:
         52:33:9c:b8:a4:b6:d1:83:d2:45:d8:5a:6c:63:45:17:40:25:
         94:7c:42:fd:3b:4c:5c:13:66:2e:34:89:5f:b0:11:6c:a4:2d:
         d8:72:aa:23:22:22:5a:95:32:77:a2:8b:47:a5:bb:14:1d:6d:
         c9:95:cd:92:c8:8f:ad:a5:3d:ec:72:5a:29:b6:64:6e:6e:e7:
         a2:43:e3:db:5f:4d:8c:22:3e:21:fa:0c:1b:0b:48:ba:b3:23:
         d2:25:6f:74:78:b3:46:cc:04:45:a0:b4:a9:64:4b:b4:01:7c:
         a1:13:81:53:db:81:f1:3b:65:d1:d7:95:eb:a0:af:68:fd:45:
         fa:be:84:0d:78:80:6c:3d:6b:66:f4:30:ad:2f:24:07:30:9b:
         12:b6:5d:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6Wu6tJK5EBQPehSxnfqQ3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMzA0NWZjNDkxZDM5ZjUyZTcxNDViMTAwMGIzYjg2YzM3
ZGVkNDUwHhcNMjYwMTAxMTYxODU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzg5ZmM5ZWU1Yzg3Yjk2YTFkMTZhY2QzMWJkZDdlYmY2OWI4ZWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvX36JTinYQC4qONVzm77Xn0l2cTv
i3zK6xvsb534Oo8RZcIQ6cTDgTLv4aqyqQ3Qx4axCwK1gZS2jIVHPBbM83knlip3
xEQEAfgiVQkTZbl75zfLsEZhxVgT2FbNaoxTfN0lz4wABvHG5w8tFZYb/r/5EPWz
O/kRqdB7ZpmzLT8KKFDJGnso5wbDiDqS9v4vgi5Z5g6wpEYmmujh184S4BTouMpz
YZp60uBRTo0dv+nmE8mwxwna9d794YkGO91wJ4fII/ROlS7eg6ylHgD5Vrp8owoR
/MqrbDFUn9OqCnI2/saPaf+ijufgrIIRS/bzwTuiNxOf+zWsGm4Uq5fHQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKyJ/J7lyHuWodFqzTG91+v2m46qMB8GA1UdIwQY
MBaAFH0wRfxJHTn1LnFFsQALO4bDfe1FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlRCRl9Fa2RPZlV1Y1VXeEFBczdoc045N1VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni8xZjYzZGItYzk2My00NGJjLWEwMzkt
OGFhYTZhOTBmZjk1LzEvckluOG51WEllNWFoMFdyTk1iM1g2X2FianFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni8xZjYzZGItYzk2My00NGJjLWEwMzktOGFhYTZhOTBmZjk1
LzEvZlRCRl9Fa2RPZlV1Y1VXeEFBczdoc045N1VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+wSMA0G
CSqGSIb3DQEBCwUAA4IBAQAQqLS6iyrHqJG1sAc5jVlQ+ncEBSlQANA2Qn9n/TqZ
sVtlkQWnnscKdrUVx/jlbKnIVs+8Jv3/FfcykqdmzKch6xqXYKuclWBX4fHNiOnW
D+WxiznO9tddxxSeLvDeJqDoGkA77N1BPI501E5SM5y4pLbRg9JF2FpsY0UXQCWU
fEL9O0xcE2YuNIlfsBFspC3YcqojIiJalTJ3ootHpbsUHW3Jlc2SyI+tpT3sclop
tmRubueiQ+PbX02MIj4h+gwbC0i6syPSJW90eLNGzARFoLSpZEu0AXyhE4FT24Hx
O2XR15XroK9o/UX6voQNeIBsPWtm9DCtLyQHMJsStl1o
-----END CERTIFICATE-----