This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/da25c9-4fe1-45da-8e74-2bea34b8938b/1/px387i4PMR3bxTg6V44Yz40bBQk.roa
File:                     px387i4PMR3bxTg6V44Yz40bBQk.roa (raw, json)
Hash identifier:          zLXh41bENdVi+kdvA9RLWLAUXLX8rorUJoL9hmG7R2k=
Subject key identifier:   A7:1D:FC:EE:2E:0F:31:1D:DB:C5:38:3A:57:8E:18:CF:8D:1B:05:09
Certificate issuer:       /CN=b418677abf3aaee036cd4add77d66196fcde4c6d
Certificate serial:       019B79105661AA92337CBF47EEF7BA7FC831
Authority key identifier: B4:18:67:7A:BF:3A:AE:E0:36:CD:4A:DD:77:D6:61:96:FC:DE:4C:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tBhner86ruA2zUrdd9ZhlvzeTG0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/da25c9-4fe1-45da-8e74-2bea34b8938b/1/px387i4PMR3bxTg6V44Yz40bBQk.roa
Signing time:             Thu 01 Jan 2026 10:17:52 +0000
ROA not before:           Thu 01 Jan 2026 10:17:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6453
IP address blocks:        91.223.85.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/da25c9-4fe1-45da-8e74-2bea34b8938b/1/tBhner86ruA2zUrdd9ZhlvzeTG0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/da25c9-4fe1-45da-8e74-2bea34b8938b/1/tBhner86ruA2zUrdd9ZhlvzeTG0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tBhner86ruA2zUrdd9ZhlvzeTG0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 07:01:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:56:61:aa:92:33:7c:bf:47:ee:f7:ba:7f:c8:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b418677abf3aaee036cd4add77d66196fcde4c6d
        Validity
            Not Before: Jan  1 10:17:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a71dfcee2e0f311ddbc5383a578e18cf8d1b0509
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:93:f8:c7:f4:b6:72:05:e0:fd:27:52:e8:82:
                    79:7d:ba:16:08:1c:8b:67:8a:88:91:2f:69:3c:a6:
                    1d:50:12:7e:2f:bc:88:00:44:1b:70:59:35:10:4a:
                    70:e2:74:44:2a:a3:19:d6:e4:66:38:ae:99:82:98:
                    53:f5:5d:31:25:22:35:eb:6e:12:a1:6f:24:0f:21:
                    55:c8:9b:be:fd:99:e7:3e:5a:5e:12:5b:2e:88:f1:
                    ab:bc:84:6f:c7:b6:cd:19:6c:50:59:47:f1:5d:00:
                    12:54:31:20:e4:2a:c1:62:02:da:ce:36:19:cc:4c:
                    1f:51:23:78:7c:6a:05:67:6a:63:e6:75:a1:bc:c2:
                    44:c3:7d:e1:e6:55:1f:48:fb:cb:ab:07:0b:5b:12:
                    aa:14:c3:90:30:ed:5d:db:29:49:b9:4a:b0:56:5a:
                    fa:bc:3c:17:34:19:b0:a7:c9:e7:dc:ee:37:b1:50:
                    18:ae:0a:e3:d0:95:6c:e7:8c:9f:fe:61:f7:77:72:
                    ea:ea:e2:66:6e:f3:4f:7a:72:a6:78:be:5e:94:a2:
                    ca:ba:11:03:c2:99:26:32:47:dd:25:2f:04:91:f5:
                    a4:6d:29:29:be:b0:a5:9f:a3:d2:f5:4f:7c:f3:94:
                    8e:29:ac:40:93:0d:06:36:7f:ec:c3:e3:5a:0b:72:
                    a4:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:1D:FC:EE:2E:0F:31:1D:DB:C5:38:3A:57:8E:18:CF:8D:1B:05:09
            X509v3 Authority Key Identifier:
                keyid:B4:18:67:7A:BF:3A:AE:E0:36:CD:4A:DD:77:D6:61:96:FC:DE:4C:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tBhner86ruA2zUrdd9ZhlvzeTG0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/da25c9-4fe1-45da-8e74-2bea34b8938b/1/px387i4PMR3bxTg6V44Yz40bBQk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/da25c9-4fe1-45da-8e74-2bea34b8938b/1/tBhner86ruA2zUrdd9ZhlvzeTG0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:c9:99:16:4e:9c:6f:9f:11:47:0d:e4:8b:21:13:9d:c5:d3:
         97:cb:61:60:05:c2:90:71:91:12:d1:6e:11:27:5f:c5:44:a9:
         1a:e1:15:47:a5:2a:de:d5:93:07:d5:f3:bf:00:99:6f:46:67:
         30:33:c4:70:bd:a3:b1:66:c6:5c:bc:47:98:a8:84:c2:10:0f:
         0b:5e:33:82:2f:da:fb:89:6c:95:22:c8:e3:a2:7b:af:71:85:
         58:9d:5a:38:07:5c:5f:24:2d:e7:58:01:cb:22:9e:66:29:27:
         14:06:b4:eb:f5:6e:08:4c:81:5a:2b:2a:8d:e7:e6:5b:a7:b2:
         5b:30:3c:64:1d:38:67:b1:36:ea:3a:e2:72:54:eb:d5:d2:73:
         c5:56:09:1f:82:4d:50:61:2c:84:52:a1:cd:94:d2:bc:ee:72:
         d4:64:eb:db:f0:d4:9c:ee:40:10:1d:11:ad:05:f8:09:db:f9:
         c2:3f:ca:c3:a0:c5:4a:43:f3:60:c8:61:6d:4b:83:fd:b1:ff:
         ce:c6:5b:3c:57:20:6f:97:99:e5:26:ac:bb:33:85:2a:a5:3f:
         44:db:83:bd:e9:2d:35:1c:e5:e9:ab:7d:b8:84:08:f8:08:33:
         39:3b:f2:9a:eb:49:c7:88:01:d2:24:58:10:34:2a:ca:32:15:
         4b:6f:39:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EFZhqpIzfL9H7ve6f8gxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MTg2NzdhYmYzYWFlZTAzNmNkNGFkZDc3ZDY2MTk2ZmNk
ZTRjNmQwHhcNMjYwMTAxMTAxNzUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzFkZmNlZTJlMGYzMTFkZGJjNTM4M2E1NzhlMThjZjhkMWIwNTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiZP4x/S2cgXg/SdS6IJ5fboWCByL
Z4qIkS9pPKYdUBJ+L7yIAEQbcFk1EEpw4nREKqMZ1uRmOK6ZgphT9V0xJSI1624S
oW8kDyFVyJu+/ZnnPlpeElsuiPGrvIRvx7bNGWxQWUfxXQASVDEg5CrBYgLazjYZ
zEwfUSN4fGoFZ2pj5nWhvMJEw33h5lUfSPvLqwcLWxKqFMOQMO1d2ylJuUqwVlr6
vDwXNBmwp8nn3O43sVAYrgrj0JVs54yf/mH3d3Lq6uJmbvNPenKmeL5elKLKuhED
wpkmMkfdJS8EkfWkbSkpvrCln6PS9U9885SOKaxAkw0GNn/sw+NaC3Kk3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKcd/O4uDzEd28U4OleOGM+NGwUJMB8GA1UdIwQY
MBaAFLQYZ3q/Oq7gNs1K3XfWYZb83kxtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEJobmVyODZydUEyelVyZGQ5WmhsdnplVEcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni9kYTI1YzktNGZlMS00NWRhLThlNzQt
MmJlYTM0Yjg5MzhiLzEvcHgzODdpNFBNUjNieFRnNlY0NFl6NDBiQlFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni9kYTI1YzktNGZlMS00NWRhLThlNzQtMmJlYTM0Yjg5Mzhi
LzEvdEJobmVyODZydUEyelVyZGQ5WmhsdnplVEcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW99VMA0G
CSqGSIb3DQEBCwUAA4IBAQBnyZkWTpxvnxFHDeSLIROdxdOXy2FgBcKQcZES0W4R
J1/FRKka4RVHpSre1ZMH1fO/AJlvRmcwM8RwvaOxZsZcvEeYqITCEA8LXjOCL9r7
iWyVIsjjonuvcYVYnVo4B1xfJC3nWAHLIp5mKScUBrTr9W4ITIFaKyqN5+Zbp7Jb
MDxkHThnsTbqOuJyVOvV0nPFVgkfgk1QYSyEUqHNlNK87nLUZOvb8NSc7kAQHRGt
BfgJ2/nCP8rDoMVKQ/NgyGFtS4P9sf/Oxls8VyBvl5nlJqy7M4UqpT9E24O96S01
HOXpq324hAj4CDM5O/Ka60nHiAHSJFgQNCrKMhVLbzkU
-----END CERTIFICATE-----