This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/FH0_TzoEk5nS3S1J3a0ZmGSxjwM.roa
File:                     FH0_TzoEk5nS3S1J3a0ZmGSxjwM.roa (raw, json)
Hash identifier:          5/T/8UbsNGAmRjKQBlCTQrMUbwBJkauL8/xu9407QxU=
Subject key identifier:   14:7D:3F:4F:3A:04:93:99:D2:DD:2D:49:DD:AD:19:98:64:B1:8F:03
Certificate issuer:       /CN=56b98f83ccbda7c19f004151c98b57c59d268f54
Certificate serial:       019B78A216AF9F866FC5B949D48BA3EDADFB
Authority key identifier: 56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/FH0_TzoEk5nS3S1J3a0ZmGSxjwM.roa
Signing time:             Thu 01 Jan 2026 08:17:27 +0000
ROA not before:           Thu 01 Jan 2026 08:17:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199760
IP address blocks:        91.239.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 21:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:16:af:9f:86:6f:c5:b9:49:d4:8b:a3:ed:ad:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56b98f83ccbda7c19f004151c98b57c59d268f54
        Validity
            Not Before: Jan  1 08:17:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=147d3f4f3a049399d2dd2d49ddad199864b18f03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:fb:af:81:0e:e7:e5:ed:31:0b:da:be:d3:24:
                    f7:71:72:8a:fb:92:d8:be:7b:4e:2f:26:56:1c:a0:
                    bb:4b:d2:9f:42:59:64:4b:24:2c:19:85:2f:41:c5:
                    d1:58:d5:1b:0d:d5:c0:d5:88:47:45:71:d1:49:13:
                    b4:ab:d9:e7:fe:0d:e7:ea:f7:02:dd:30:58:93:7a:
                    e9:be:f8:98:27:f3:17:56:76:83:fe:c3:b4:01:39:
                    d0:92:9a:5e:c5:cd:5c:8f:2c:d1:b9:9f:16:d7:18:
                    95:bf:f4:10:5e:ad:07:dd:5f:7e:b7:3e:fb:df:6a:
                    70:7c:84:27:93:ac:4c:13:ed:b2:b5:f8:49:36:e6:
                    1a:11:fc:f8:24:45:1a:ef:b9:35:ec:b1:2d:c2:52:
                    e8:10:2b:8a:29:3f:52:e7:39:de:47:8a:6e:42:34:
                    be:3b:95:de:d3:a6:83:ff:28:80:9e:f6:24:37:fc:
                    53:e5:67:ef:5b:cd:4b:61:b9:e3:2f:b4:5d:7d:aa:
                    d5:cf:58:2d:f0:37:6b:90:d8:70:3a:ad:b2:10:95:
                    9a:91:48:de:31:f2:02:a7:70:87:e0:51:f1:7a:fe:
                    3a:c2:b4:dc:cc:8e:86:fb:ea:18:ee:7b:37:1f:76:
                    91:51:bb:7b:0c:bf:d9:12:eb:95:02:0a:fd:aa:fa:
                    9d:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:7D:3F:4F:3A:04:93:99:D2:DD:2D:49:DD:AD:19:98:64:B1:8F:03
            X509v3 Authority Key Identifier:
                keyid:56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/FH0_TzoEk5nS3S1J3a0ZmGSxjwM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:a9:b7:9a:9e:d5:6f:c4:c9:5c:e7:b0:02:ab:d4:89:f8:71:
         ec:79:b2:d3:70:a5:44:84:9d:6c:50:b7:05:ed:3d:00:e3:19:
         f1:1f:9f:2e:1f:6a:e6:8e:bf:39:54:41:4a:9e:1c:a1:62:ba:
         ff:47:83:04:a8:7f:3f:da:a0:52:9a:4e:12:88:19:1f:8c:b0:
         31:63:df:6f:e3:0f:58:ee:78:74:dd:66:ce:8a:99:49:ed:70:
         4f:97:b9:55:94:1b:d0:a1:e1:39:16:54:81:16:29:2b:b8:1a:
         b3:e6:a4:12:f4:47:71:f9:f3:c9:59:ea:74:fc:a3:5b:0d:94:
         d8:ac:e1:d0:ab:dd:53:36:85:02:60:50:e1:81:3c:3c:63:98:
         98:8a:25:b4:c8:89:45:32:20:23:0c:d2:11:a6:a1:64:15:85:
         42:ed:c3:9f:74:c3:fb:b2:32:58:4e:c8:93:d4:a5:20:ce:c5:
         e6:17:ab:66:bb:be:a0:7b:4b:47:5a:80:0f:b3:c8:45:72:b0:
         ed:91:58:47:47:20:e0:9b:8b:79:df:b5:ff:be:5a:b7:36:7d:
         fa:31:f8:83:d4:bb:35:48:8b:8e:b2:63:08:97:a3:3a:f9:a0:
         27:eb:17:01:2d:7a:be:d4:25:24:9c:7f:e8:f6:e9:08:ea:90:
         58:fd:3a:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4ohavn4ZvxblJ1Iuj7a37MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2Yjk4ZjgzY2NiZGE3YzE5ZjAwNDE1MWM5OGI1N2M1OWQy
NjhmNTQwHhcNMjYwMTAxMDgxNzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDdkM2Y0ZjNhMDQ5Mzk5ZDJkZDJkNDlkZGFkMTk5ODY0YjE4ZjAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0fuvgQ7n5e0xC9q+0yT3cXKK+5LY
vntOLyZWHKC7S9KfQllkSyQsGYUvQcXRWNUbDdXA1YhHRXHRSRO0q9nn/g3n6vcC
3TBYk3rpvviYJ/MXVnaD/sO0ATnQkppexc1cjyzRuZ8W1xiVv/QQXq0H3V9+tz77
32pwfIQnk6xME+2ytfhJNuYaEfz4JEUa77k17LEtwlLoECuKKT9S5zneR4puQjS+
O5Xe06aD/yiAnvYkN/xT5WfvW81LYbnjL7RdfarVz1gt8DdrkNhwOq2yEJWakUje
MfICp3CH4FHxev46wrTczI6G++oY7ns3H3aRUbt7DL/ZEuuVAgr9qvqdiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBR9P086BJOZ0t0tSd2tGZhksY8DMB8GA1UdIwQY
MBaAFFa5j4PMvafBnwBBUcmLV8WdJo9UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2Yt
N2FhN2ZjMzU5NjU1LzEvRkgwX1R6b0VrNW5TM1MxSjNhMFptR1N4andNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2YtN2FhN2ZjMzU5NjU1
LzEvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+/ZMA0G
CSqGSIb3DQEBCwUAA4IBAQAGqbeantVvxMlc57ACq9SJ+HHsebLTcKVEhJ1sULcF
7T0A4xnxH58uH2rmjr85VEFKnhyhYrr/R4MEqH8/2qBSmk4SiBkfjLAxY99v4w9Y
7nh03WbOiplJ7XBPl7lVlBvQoeE5FlSBFikruBqz5qQS9Edx+fPJWep0/KNbDZTY
rOHQq91TNoUCYFDhgTw8Y5iYiiW0yIlFMiAjDNIRpqFkFYVC7cOfdMP7sjJYTsiT
1KUgzsXmF6tmu76ge0tHWoAPs8hFcrDtkVhHRyDgm4t537X/vlq3Nn36MfiD1Ls1
SIuOsmMIl6M6+aAn6xcBLXq+1CUknH/o9ukI6pBY/TrQ
-----END CERTIFICATE-----