This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/1aafa0-0278-4dd6-8807-5726c2b5148d/1/CUoKG5KBfZLY81B9VMINCtlfS6U.roa
File:                     CUoKG5KBfZLY81B9VMINCtlfS6U.roa (raw, json)
Hash identifier:          LS0KYy/ZBd62NqsUCQ3fjoY3u1OJXGmBPSRbAnObypM=
Subject key identifier:   09:4A:0A:1B:92:81:7D:92:D8:F3:50:7D:54:C2:0D:0A:D9:5F:4B:A5
Certificate issuer:       /CN=da296bd0031d6dada6c73073608f3d11e445ce44
Certificate serial:       019B78354882790DADEFB1FD221CC92D5AE9
Authority key identifier: DA:29:6B:D0:03:1D:6D:AD:A6:C7:30:73:60:8F:3D:11:E4:45:CE:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2ilr0AMdba2mxzBzYI89EeRFzkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/1aafa0-0278-4dd6-8807-5726c2b5148d/1/CUoKG5KBfZLY81B9VMINCtlfS6U.roa
Signing time:             Thu 01 Jan 2026 06:18:36 +0000
ROA not before:           Thu 01 Jan 2026 06:18:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57536
IP address blocks:        91.232.190.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/1aafa0-0278-4dd6-8807-5726c2b5148d/1/2ilr0AMdba2mxzBzYI89EeRFzkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/1aafa0-0278-4dd6-8807-5726c2b5148d/1/2ilr0AMdba2mxzBzYI89EeRFzkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2ilr0AMdba2mxzBzYI89EeRFzkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Feb 2026 17:32:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:35:48:82:79:0d:ad:ef:b1:fd:22:1c:c9:2d:5a:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da296bd0031d6dada6c73073608f3d11e445ce44
        Validity
            Not Before: Jan  1 06:18:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=094a0a1b92817d92d8f3507d54c20d0ad95f4ba5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:d7:7c:e7:84:21:b4:e8:28:aa:7d:c9:36:a8:
                    b0:ec:32:d2:67:d5:8c:de:ca:13:dd:08:15:8f:2b:
                    ba:10:60:37:d5:e0:98:6e:88:ae:a1:78:42:64:1b:
                    ce:bb:9c:46:f6:cb:cb:be:01:9a:72:2c:93:b8:ff:
                    34:45:72:bb:05:13:a3:23:41:da:69:14:8f:04:a4:
                    41:e7:3e:94:c1:5f:84:e9:28:95:dc:92:f0:0e:83:
                    0f:a7:1b:bc:4e:7f:f5:14:67:14:fc:4a:98:e6:78:
                    9b:ce:be:2b:1e:7e:74:6b:29:84:e9:cb:a5:30:b3:
                    91:48:e7:3e:8a:54:be:70:d9:ed:3a:d5:d6:98:5f:
                    f7:e9:bb:63:f6:3b:eb:b0:df:0f:4e:0b:db:97:17:
                    03:72:77:e6:53:34:ff:06:0e:87:c4:9f:14:22:44:
                    d5:19:33:37:3f:66:08:06:13:76:79:26:8f:b9:31:
                    20:91:de:c0:69:94:ce:c7:93:2a:92:8f:ab:0b:33:
                    f3:f5:20:c7:d9:ff:1b:51:72:93:6c:e4:57:f9:48:
                    58:a4:5b:d3:f3:e1:38:31:61:60:12:3d:6f:68:c2:
                    c6:94:e6:d7:63:b7:dd:60:50:01:91:37:d2:16:38:
                    46:87:56:c6:2b:bc:ef:ae:b5:7a:64:30:00:1c:0f:
                    1f:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:4A:0A:1B:92:81:7D:92:D8:F3:50:7D:54:C2:0D:0A:D9:5F:4B:A5
            X509v3 Authority Key Identifier:
                keyid:DA:29:6B:D0:03:1D:6D:AD:A6:C7:30:73:60:8F:3D:11:E4:45:CE:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2ilr0AMdba2mxzBzYI89EeRFzkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/1aafa0-0278-4dd6-8807-5726c2b5148d/1/CUoKG5KBfZLY81B9VMINCtlfS6U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/1aafa0-0278-4dd6-8807-5726c2b5148d/1/2ilr0AMdba2mxzBzYI89EeRFzkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.232.190.0/23

    Signature Algorithm: sha256WithRSAEncryption
         32:01:05:a6:ae:4a:e3:e9:72:d4:57:6d:8d:66:e2:77:01:ba:
         63:1f:cb:95:bd:e4:fe:d4:94:e9:8e:c0:1d:50:69:dc:38:ef:
         d1:1a:71:c5:9d:b8:a7:6e:8f:f0:97:2c:92:0c:ce:1a:c3:af:
         e1:ad:35:47:bf:73:45:97:09:24:85:8e:37:94:d5:b2:ac:31:
         0c:01:3f:a6:ff:1e:f2:ed:e7:7d:b0:6a:90:01:5b:94:15:82:
         e8:a3:2d:a1:07:a0:b4:c5:27:2f:37:92:bf:4f:08:5b:27:ea:
         24:24:ae:ce:f7:9f:7a:c7:19:06:b3:67:a0:f3:3b:1a:d2:84:
         5d:d9:69:f2:0d:ca:49:11:cc:f6:b2:7b:1c:73:ee:c9:7f:b3:
         b0:46:8f:70:33:57:18:a1:f4:cf:9b:19:f0:bf:b9:2d:65:2a:
         c8:0b:48:37:26:7a:d1:5a:62:12:e5:2e:53:94:2e:e1:af:f0:
         f6:01:f7:c5:92:63:14:17:a3:77:59:cf:a2:d6:02:b8:5c:eb:
         4c:4e:83:4a:e2:e5:7b:b3:17:52:91:2a:2a:56:be:63:af:b1:
         15:89:0f:2a:4d:3e:60:10:ce:1b:4e:d0:12:8b:47:17:b8:ee:
         33:8d:05:fd:ce:ff:0b:eb:cf:83:be:36:ac:98:dd:a1:0b:b2:
         c5:2b:c5:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NUiCeQ2t77H9IhzJLVrpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMjk2YmQwMDMxZDZkYWRhNmM3MzA3MzYwOGYzZDExZTQ0
NWNlNDQwHhcNMjYwMTAxMDYxODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTRhMGExYjkyODE3ZDkyZDhmMzUwN2Q1NGMyMGQwYWQ5NWY0YmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzNd854QhtOgoqn3JNqiw7DLSZ9WM
3soT3QgVjyu6EGA31eCYboiuoXhCZBvOu5xG9svLvgGaciyTuP80RXK7BROjI0Ha
aRSPBKRB5z6UwV+E6SiV3JLwDoMPpxu8Tn/1FGcU/EqY5nibzr4rHn50aymE6cul
MLORSOc+ilS+cNntOtXWmF/36btj9jvrsN8PTgvblxcDcnfmUzT/Bg6HxJ8UIkTV
GTM3P2YIBhN2eSaPuTEgkd7AaZTOx5Mqko+rCzPz9SDH2f8bUXKTbORX+UhYpFvT
8+E4MWFgEj1vaMLGlObXY7fdYFABkTfSFjhGh1bGK7zvrrV6ZDAAHA8fPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAlKChuSgX2S2PNQfVTCDQrZX0ulMB8GA1UdIwQY
MBaAFNopa9ADHW2tpscwc2CPPRHkRc5EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmlscjBBTWRiYTJteHpCellJODlFZVJGemtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC8xYWFmYTAtMDI3OC00ZGQ2LTg4MDct
NTcyNmMyYjUxNDhkLzEvQ1VvS0c1S0JmWkxZODFCOVZNSU5DdGxmUzZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC8xYWFmYTAtMDI3OC00ZGQ2LTg4MDctNTcyNmMyYjUxNDhk
LzEvMmlscjBBTWRiYTJteHpCellJODlFZVJGemtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+i+MA0G
CSqGSIb3DQEBCwUAA4IBAQAyAQWmrkrj6XLUV22NZuJ3AbpjH8uVveT+1JTpjsAd
UGncOO/RGnHFnbinbo/wlyySDM4aw6/hrTVHv3NFlwkkhY43lNWyrDEMAT+m/x7y
7ed9sGqQAVuUFYLooy2hB6C0xScvN5K/TwhbJ+okJK7O9596xxkGs2eg8zsa0oRd
2WnyDcpJEcz2snscc+7Jf7OwRo9wM1cYofTPmxnwv7ktZSrIC0g3JnrRWmIS5S5T
lC7hr/D2AffFkmMUF6N3Wc+i1gK4XOtMToNK4uV7sxdSkSoqVr5jr7EViQ8qTT5g
EM4bTtASi0cXuO4zjQX9zv8L68+DvjasmN2hC7LFK8U/
-----END CERTIFICATE-----