This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/84d476-3233-4131-8ffc-465adc2959f2/1/9ab9SzC0OpWVbVEzFAJlY3uXcBE.roa
File:                     9ab9SzC0OpWVbVEzFAJlY3uXcBE.roa (raw, json)
Hash identifier:          Hwfx1OavP79t3IGKe+XxghvhkOaiLTfmmJfTNk5J5Tw=
Subject key identifier:   F5:A6:FD:4B:30:B4:3A:95:95:6D:51:33:14:02:65:63:7B:97:70:11
Certificate issuer:       /CN=b31c4ce663e1ec245e747cd846f1a69ddb834b3b
Certificate serial:       019B7BA483CD7FB7AC13D15F8ABCDD6B8B01
Authority key identifier: B3:1C:4C:E6:63:E1:EC:24:5E:74:7C:D8:46:F1:A6:9D:DB:83:4B:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sxxM5mPh7CRedHzYRvGmnduDSzs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/84d476-3233-4131-8ffc-465adc2959f2/1/9ab9SzC0OpWVbVEzFAJlY3uXcBE.roa
Signing time:             Thu 01 Jan 2026 22:18:57 +0000
ROA not before:           Thu 01 Jan 2026 22:18:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205229
IP address blocks:        91.216.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/84d476-3233-4131-8ffc-465adc2959f2/1/sxxM5mPh7CRedHzYRvGmnduDSzs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/84d476-3233-4131-8ffc-465adc2959f2/1/sxxM5mPh7CRedHzYRvGmnduDSzs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sxxM5mPh7CRedHzYRvGmnduDSzs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 20:39:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a4:83:cd:7f:b7:ac:13:d1:5f:8a:bc:dd:6b:8b:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b31c4ce663e1ec245e747cd846f1a69ddb834b3b
        Validity
            Not Before: Jan  1 22:18:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f5a6fd4b30b43a95956d5133140265637b977011
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:2b:aa:a5:74:cd:65:4d:b6:78:0a:ff:cb:0c:
                    c7:94:21:ad:af:4f:e5:b7:04:cf:28:ca:e9:64:31:
                    8a:4a:4e:8e:0e:8e:18:7d:46:e8:e8:83:5a:20:ae:
                    78:d6:4c:b3:c8:94:3e:a3:ac:ad:30:8b:85:ae:a8:
                    a4:ae:ef:70:7d:b6:41:be:e5:33:5f:dd:62:ec:0d:
                    99:aa:15:53:0f:a6:ba:a5:78:8e:63:09:3d:6d:60:
                    02:33:9c:67:59:61:8b:52:af:93:96:22:fc:41:4e:
                    49:a5:30:29:5b:6c:cd:8a:dc:0e:c6:92:3c:e1:a2:
                    9d:4f:db:05:9e:5c:92:bb:fc:b8:c4:49:c3:c0:8c:
                    59:65:31:3f:05:d5:41:47:b5:e8:a1:49:f0:df:01:
                    48:46:aa:fe:40:ca:d3:96:4f:71:2d:07:29:18:6b:
                    7b:26:25:8d:de:68:07:56:3d:62:4a:58:09:3c:5a:
                    d7:4c:31:af:e0:d5:34:24:57:46:59:f9:f0:1b:a8:
                    62:ff:42:c5:7e:74:58:8e:07:94:39:60:91:b5:1c:
                    96:a4:86:9d:73:68:ef:72:f3:e0:c3:0c:5f:1f:8a:
                    2c:11:11:4c:07:28:44:fc:94:63:c7:32:9d:9c:ff:
                    58:49:13:0e:e7:87:81:29:9b:ed:cf:19:36:a5:f9:
                    28:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:A6:FD:4B:30:B4:3A:95:95:6D:51:33:14:02:65:63:7B:97:70:11
            X509v3 Authority Key Identifier:
                keyid:B3:1C:4C:E6:63:E1:EC:24:5E:74:7C:D8:46:F1:A6:9D:DB:83:4B:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sxxM5mPh7CRedHzYRvGmnduDSzs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/84d476-3233-4131-8ffc-465adc2959f2/1/9ab9SzC0OpWVbVEzFAJlY3uXcBE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/84d476-3233-4131-8ffc-465adc2959f2/1/sxxM5mPh7CRedHzYRvGmnduDSzs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:88:22:2b:55:7f:a1:ce:6d:6d:98:51:db:c3:c3:ec:ba:0e:
         dc:8e:c8:16:7c:ca:5f:4c:6c:ac:7d:c2:c3:ab:c7:d1:b9:9b:
         28:ff:ae:2e:67:5f:b1:a1:b6:68:10:84:90:8a:87:4a:20:26:
         6d:79:5c:e1:9d:97:df:0f:5c:84:d0:8a:b1:c8:d7:19:b8:a0:
         39:69:7f:4f:95:8a:cf:17:22:52:e7:09:41:7e:b1:43:bf:da:
         91:ad:4a:ef:ef:62:04:50:bb:5d:26:53:5a:46:04:e7:5a:bf:
         57:39:b6:3c:69:83:cb:ea:6f:b1:52:28:35:8c:b0:42:b1:00:
         e5:6e:4f:88:f8:0d:e4:b7:d0:7f:07:5d:e9:a7:57:7f:aa:41:
         19:f4:aa:1a:cf:f5:11:fa:c6:7e:4d:1a:9f:8f:75:37:0e:ec:
         0c:7a:bc:2f:e7:65:68:81:ba:7c:8b:14:65:ec:6f:cd:88:55:
         4e:42:c7:ef:f9:46:cd:d4:6d:da:c0:f4:df:4a:f4:3a:93:3d:
         f4:79:84:d3:cc:fb:e8:b6:f4:5c:0d:ef:61:76:c1:8a:61:36:
         80:fd:50:25:35:16:c6:ed:2f:92:f5:a1:82:ad:06:eb:3b:e5:
         b6:c4:0a:6a:43:dd:49:9d:1d:be:58:df:5f:c9:8e:71:a7:5a:
         eb:16:bf:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pIPNf7esE9Ffirzda4sBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMWM0Y2U2NjNlMWVjMjQ1ZTc0N2NkODQ2ZjFhNjlkZGI4
MzRiM2IwHhcNMjYwMTAxMjIxODU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWE2ZmQ0YjMwYjQzYTk1OTU2ZDUxMzMxNDAyNjU2MzdiOTc3MDExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwyuqpXTNZU22eAr/ywzHlCGtr0/l
twTPKMrpZDGKSk6ODo4YfUbo6INaIK541kyzyJQ+o6ytMIuFrqikru9wfbZBvuUz
X91i7A2ZqhVTD6a6pXiOYwk9bWACM5xnWWGLUq+TliL8QU5JpTApW2zNitwOxpI8
4aKdT9sFnlySu/y4xEnDwIxZZTE/BdVBR7XooUnw3wFIRqr+QMrTlk9xLQcpGGt7
JiWN3mgHVj1iSlgJPFrXTDGv4NU0JFdGWfnwG6hi/0LFfnRYjgeUOWCRtRyWpIad
c2jvcvPgwwxfH4osERFMByhE/JRjxzKdnP9YSRMO54eBKZvtzxk2pfkoewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPWm/UswtDqVlW1RMxQCZWN7l3ARMB8GA1UdIwQY
MBaAFLMcTOZj4ewkXnR82Ebxpp3bg0s7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3h4TTVtUGg3Q1JlZEh6WVJ2R21uZHVEU3pzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy84NGQ0NzYtMzIzMy00MTMxLThmZmMt
NDY1YWRjMjk1OWYyLzEvOWFiOVN6QzBPcFdWYlZFekZBSmxZM3VYY0JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy84NGQ0NzYtMzIzMy00MTMxLThmZmMtNDY1YWRjMjk1OWYy
LzEvc3h4TTVtUGg3Q1JlZEh6WVJ2R21uZHVEU3pzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9hHMA0G
CSqGSIb3DQEBCwUAA4IBAQADiCIrVX+hzm1tmFHbw8Psug7cjsgWfMpfTGysfcLD
q8fRuZso/64uZ1+xobZoEISQiodKICZteVzhnZffD1yE0IqxyNcZuKA5aX9PlYrP
FyJS5wlBfrFDv9qRrUrv72IEULtdJlNaRgTnWr9XObY8aYPL6m+xUig1jLBCsQDl
bk+I+A3kt9B/B13pp1d/qkEZ9Koaz/UR+sZ+TRqfj3U3DuwMerwv52Vogbp8ixRl
7G/NiFVOQsfv+UbN1G3awPTfSvQ6kz30eYTTzPvotvRcDe9hdsGKYTaA/VAlNRbG
7S+S9aGCrQbrO+W2xApqQ91JnR2+WN9fyY5xp1rrFr+P
-----END CERTIFICATE-----