This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/ca0898-2979-43ae-8b89-fb9741359727/1/pG1q5nAL-cGnJU_6__TqJaRLon0.roa
File:                     pG1q5nAL-cGnJU_6__TqJaRLon0.roa (raw, json)
Hash identifier:          brTouy8lyh5LkULXwzYt5uqnpGWf2jgORTWC0J3Zrr4=
Subject key identifier:   A4:6D:6A:E6:70:0B:F9:C1:A7:25:4F:FA:FF:F4:EA:25:A4:4B:A2:7D
Certificate issuer:       /CN=e575def18a75eb45c440771ace246c50e8a9d316
Certificate serial:       019B7B3638EC699A564FF9F7E33303A06B77
Authority key identifier: E5:75:DE:F1:8A:75:EB:45:C4:40:77:1A:CE:24:6C:50:E8:A9:D3:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5XXe8Yp160XEQHcaziRsUOip0xY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/ca0898-2979-43ae-8b89-fb9741359727/1/pG1q5nAL-cGnJU_6__TqJaRLon0.roa
Signing time:             Thu 01 Jan 2026 20:18:29 +0000
ROA not before:           Thu 01 Jan 2026 20:18:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57601
IP address blocks:        91.233.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/ca0898-2979-43ae-8b89-fb9741359727/1/5XXe8Yp160XEQHcaziRsUOip0xY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/ca0898-2979-43ae-8b89-fb9741359727/1/5XXe8Yp160XEQHcaziRsUOip0xY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5XXe8Yp160XEQHcaziRsUOip0xY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 20:39:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:38:ec:69:9a:56:4f:f9:f7:e3:33:03:a0:6b:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e575def18a75eb45c440771ace246c50e8a9d316
        Validity
            Not Before: Jan  1 20:18:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a46d6ae6700bf9c1a7254ffafff4ea25a44ba27d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:07:72:70:4c:68:15:b1:8a:15:b4:74:d3:0e:
                    5d:b0:15:b0:2b:e8:f6:db:18:e2:a3:81:e1:69:98:
                    de:1a:33:6f:36:11:a3:47:55:0e:3a:7e:64:fd:e4:
                    6b:d0:5f:c0:ff:c0:a8:b3:e5:1a:2a:3f:9f:09:4a:
                    59:cf:56:82:b8:b5:77:a5:c0:b1:08:72:d5:6d:e9:
                    8c:d7:b8:b3:13:10:ba:ab:fb:11:00:5a:72:00:bb:
                    77:59:17:da:f5:e4:01:0c:bc:66:ce:69:17:8f:a3:
                    24:d2:0c:8e:4e:d3:3f:70:f6:da:29:0f:22:86:b9:
                    50:ac:ca:4d:5b:b7:5f:80:8d:39:50:53:68:ad:65:
                    a3:84:74:20:5f:82:1a:da:a1:5b:4e:13:5f:47:5d:
                    5d:74:a6:2a:ba:42:0b:9c:b3:94:d5:99:80:03:bb:
                    5d:1e:85:59:b5:bc:b8:ed:14:ee:2b:8a:b6:d6:71:
                    4d:6b:71:23:52:64:ce:ed:ff:a7:67:cd:ee:d2:3f:
                    e7:df:1f:09:d6:15:2a:47:20:58:f8:3a:10:0d:f2:
                    9d:db:75:80:af:5c:3f:3d:2d:ce:92:f5:5d:46:c8:
                    e1:56:45:35:35:02:1d:78:75:44:a0:ce:e2:c8:05:
                    80:7d:98:40:a0:9f:93:79:fb:98:a1:18:4f:68:24:
                    a7:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:6D:6A:E6:70:0B:F9:C1:A7:25:4F:FA:FF:F4:EA:25:A4:4B:A2:7D
            X509v3 Authority Key Identifier:
                keyid:E5:75:DE:F1:8A:75:EB:45:C4:40:77:1A:CE:24:6C:50:E8:A9:D3:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5XXe8Yp160XEQHcaziRsUOip0xY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/ca0898-2979-43ae-8b89-fb9741359727/1/pG1q5nAL-cGnJU_6__TqJaRLon0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/ca0898-2979-43ae-8b89-fb9741359727/1/5XXe8Yp160XEQHcaziRsUOip0xY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.233.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:5c:04:37:8c:79:ad:ed:9c:33:56:44:8d:53:6a:fc:df:b0:
         ba:ae:00:42:ef:bc:2a:78:e8:11:ad:78:3e:52:1d:be:8e:cf:
         20:48:5b:ff:b8:b2:77:d2:df:ce:c4:54:20:41:28:18:cf:82:
         2e:81:04:29:44:e3:59:47:64:91:c5:bd:56:69:1a:d8:6b:0b:
         64:d0:44:56:45:52:89:2c:9b:25:79:76:9a:18:05:c9:2b:2b:
         7a:88:27:18:aa:91:7a:77:26:7b:91:68:90:50:22:27:bb:48:
         27:ec:ef:34:8c:2a:76:75:26:48:77:19:1e:4c:93:29:2d:63:
         15:c7:ff:36:c9:b1:82:17:db:96:e2:22:7e:ad:45:f5:b0:68:
         07:c2:24:b4:90:fc:e3:ca:c5:03:fe:cf:e9:f4:bc:b0:ff:6f:
         e1:d3:aa:44:03:0d:6e:28:13:df:e3:60:7f:5f:e5:2c:1c:e8:
         62:54:6b:f2:e3:53:e2:83:37:3f:c6:63:b8:eb:d0:c0:32:4e:
         b8:92:85:c5:6b:93:88:58:2d:fd:ac:b3:a6:20:03:ed:75:2d:
         28:e4:db:1b:47:85:95:1b:7f:d1:ac:05:6f:9f:df:0e:1f:15:
         09:32:f9:6d:02:56:dd:aa:b2:d4:c9:37:c4:e6:02:bc:ca:7f:
         69:c4:78:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NjjsaZpWT/n34zMDoGt3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1NzVkZWYxOGE3NWViNDVjNDQwNzcxYWNlMjQ2YzUwZThh
OWQzMTYwHhcNMjYwMTAxMjAxODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDZkNmFlNjcwMGJmOWMxYTcyNTRmZmFmZmY0ZWEyNWE0NGJhMjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6AdycExoFbGKFbR00w5dsBWwK+j2
2xjio4HhaZjeGjNvNhGjR1UOOn5k/eRr0F/A/8Cos+UaKj+fCUpZz1aCuLV3pcCx
CHLVbemM17izExC6q/sRAFpyALt3WRfa9eQBDLxmzmkXj6Mk0gyOTtM/cPbaKQ8i
hrlQrMpNW7dfgI05UFNorWWjhHQgX4Ia2qFbThNfR11ddKYqukILnLOU1ZmAA7td
HoVZtby47RTuK4q21nFNa3EjUmTO7f+nZ83u0j/n3x8J1hUqRyBY+DoQDfKd23WA
r1w/PS3OkvVdRsjhVkU1NQIdeHVEoM7iyAWAfZhAoJ+TefuYoRhPaCSnWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKRtauZwC/nBpyVP+v/06iWkS6J9MB8GA1UdIwQY
MBaAFOV13vGKdetFxEB3Gs4kbFDoqdMWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVhYZThZcDE2MFhFUUhjYXppUnNVT2lwMHhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9jYTA4OTgtMjk3OS00M2FlLThiODkt
ZmI5NzQxMzU5NzI3LzEvcEcxcTVuQUwtY0duSlVfNl9fVHFKYVJMb24wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9jYTA4OTgtMjk3OS00M2FlLThiODktZmI5NzQxMzU5NzI3
LzEvNVhYZThZcDE2MFhFUUhjYXppUnNVT2lwMHhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+lnMA0G
CSqGSIb3DQEBCwUAA4IBAQBCXAQ3jHmt7ZwzVkSNU2r837C6rgBC77wqeOgRrXg+
Uh2+js8gSFv/uLJ30t/OxFQgQSgYz4IugQQpRONZR2SRxb1WaRrYawtk0ERWRVKJ
LJsleXaaGAXJKyt6iCcYqpF6dyZ7kWiQUCInu0gn7O80jCp2dSZIdxkeTJMpLWMV
x/82ybGCF9uW4iJ+rUX1sGgHwiS0kPzjysUD/s/p9Lyw/2/h06pEAw1uKBPf42B/
X+UsHOhiVGvy41Pigzc/xmO469DAMk64koXFa5OIWC39rLOmIAPtdS0o5NsbR4WV
G3/RrAVvn98OHxUJMvltAlbdqrLUyTfE5gK8yn9pxHih
-----END CERTIFICATE-----