This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/1f5e07-32b6-4114-8b0d-d3b58f698148/1/CWyUYsYrHl5cCZr6qaohHLKpdJI.roa
File:                     CWyUYsYrHl5cCZr6qaohHLKpdJI.roa (raw, json)
Hash identifier:          IvmnQYp72Ns3lgs7TiLYlWSG657dtK8bI8cQG8CHOEM=
Subject key identifier:   09:6C:94:62:C6:2B:1E:5E:5C:09:9A:FA:A9:AA:21:1C:B2:A9:74:92
Certificate issuer:       /CN=acf910f36291c3c224ddb596d956543197f163de
Certificate serial:       019B79ED1BE05AFF5957250E0A0FC272110C
Authority key identifier: AC:F9:10:F3:62:91:C3:C2:24:DD:B5:96:D9:56:54:31:97:F1:63:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rPkQ82KRw8Ik3bWW2VZUMZfxY94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/1f5e07-32b6-4114-8b0d-d3b58f698148/1/CWyUYsYrHl5cCZr6qaohHLKpdJI.roa
Signing time:             Thu 01 Jan 2026 14:19:00 +0000
ROA not before:           Thu 01 Jan 2026 14:19:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15830
IP address blocks:        91.109.248.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/1f5e07-32b6-4114-8b0d-d3b58f698148/1/rPkQ82KRw8Ik3bWW2VZUMZfxY94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/1f5e07-32b6-4114-8b0d-d3b58f698148/1/rPkQ82KRw8Ik3bWW2VZUMZfxY94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rPkQ82KRw8Ik3bWW2VZUMZfxY94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 21:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:1b:e0:5a:ff:59:57:25:0e:0a:0f:c2:72:11:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=acf910f36291c3c224ddb596d956543197f163de
        Validity
            Not Before: Jan  1 14:19:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=096c9462c62b1e5e5c099afaa9aa211cb2a97492
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:a6:a9:5c:c1:9c:28:6e:a3:0f:30:fb:2c:56:
                    2a:3f:9a:70:ee:c0:e7:4d:bd:16:ce:c9:c7:4b:df:
                    80:75:7f:fb:0a:f7:33:65:31:7d:52:7b:cd:cd:62:
                    af:91:89:32:d8:20:66:aa:de:52:73:cd:d2:a2:81:
                    a7:b8:04:b0:13:c0:e7:0c:b4:47:12:09:23:cb:7d:
                    9f:6b:b6:ad:c9:76:74:0b:ae:48:25:28:19:06:af:
                    6b:23:79:2e:a1:11:93:28:5e:ed:74:2e:d7:8f:fa:
                    47:74:90:3e:c8:ec:bd:3b:3d:f2:96:e0:32:ee:16:
                    fa:36:3c:0f:b0:24:74:58:4a:5c:73:2c:1b:c1:7f:
                    40:e6:c8:1f:10:a6:02:c6:4a:cb:f8:53:8c:62:a1:
                    2a:42:6b:b4:9f:45:83:c0:df:59:f5:d5:4c:b5:20:
                    be:71:6d:0c:bf:e8:df:a5:37:94:a2:f2:30:bd:bf:
                    ea:4e:ae:d8:ad:68:77:e5:19:ca:26:ef:56:58:41:
                    68:f4:36:dc:73:82:c2:fd:6a:ac:54:19:c5:1a:2b:
                    74:91:5f:dc:9d:83:16:fe:ef:de:99:e7:6c:45:01:
                    ee:6e:2e:fa:47:c2:da:35:8a:41:67:2e:f5:97:d5:
                    22:b0:a1:ae:5d:53:00:13:f2:26:48:7e:4c:ab:4e:
                    c7:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:6C:94:62:C6:2B:1E:5E:5C:09:9A:FA:A9:AA:21:1C:B2:A9:74:92
            X509v3 Authority Key Identifier:
                keyid:AC:F9:10:F3:62:91:C3:C2:24:DD:B5:96:D9:56:54:31:97:F1:63:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rPkQ82KRw8Ik3bWW2VZUMZfxY94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/1f5e07-32b6-4114-8b0d-d3b58f698148/1/CWyUYsYrHl5cCZr6qaohHLKpdJI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/1f5e07-32b6-4114-8b0d-d3b58f698148/1/rPkQ82KRw8Ik3bWW2VZUMZfxY94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.109.248.0/21

    Signature Algorithm: sha256WithRSAEncryption
         4f:1d:2b:65:17:19:12:42:f1:3e:82:c1:b4:7d:e9:19:1f:b2:
         d6:a0:9b:0c:0a:32:37:06:bb:df:ab:c5:03:94:d2:27:db:06:
         00:63:c1:91:01:c0:fd:eb:8a:da:1b:d1:98:db:9c:cf:aa:40:
         69:48:86:8f:af:21:c5:27:db:9d:aa:94:e9:3b:48:f3:31:39:
         0b:ec:1e:fe:a6:d6:a1:c5:37:e5:13:49:fd:19:a8:f9:af:4a:
         ee:4b:9b:9a:fa:aa:87:c8:b8:09:e9:45:27:1b:fd:c0:7c:88:
         73:64:d6:19:d1:2b:fb:8d:41:cf:75:aa:3c:fa:d8:01:ed:a0:
         5e:80:68:a8:5b:7d:3d:26:a9:34:23:20:05:83:e5:d4:a9:5f:
         dd:34:87:ac:b7:db:ef:50:10:d1:71:e8:89:f3:f6:c7:39:49:
         ec:d7:15:e6:14:93:55:8e:47:2a:95:03:33:5f:5d:17:8d:a8:
         c9:91:b8:3e:4b:07:d6:ce:ce:fc:30:94:a3:7c:42:d2:31:ed:
         61:66:bc:1f:47:de:f3:a1:2c:98:eb:5c:95:69:50:94:c4:a9:
         e8:d7:d8:52:18:7a:2d:ed:d5:01:3b:6c:4b:95:39:d5:c8:9c:
         f2:e9:60:81:40:69:0f:89:fd:61:5f:22:1c:ea:ad:9d:1a:da:
         f2:06:51:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57RvgWv9ZVyUOCg/CchEMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjZjkxMGYzNjI5MWMzYzIyNGRkYjU5NmQ5NTY1NDMxOTdm
MTYzZGUwHhcNMjYwMTAxMTQxOTAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTZjOTQ2MmM2MmIxZTVlNWMwOTlhZmFhOWFhMjExY2IyYTk3NDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6qapXMGcKG6jDzD7LFYqP5pw7sDn
Tb0WzsnHS9+AdX/7CvczZTF9UnvNzWKvkYky2CBmqt5Sc83SooGnuASwE8DnDLRH
Egkjy32fa7atyXZ0C65IJSgZBq9rI3kuoRGTKF7tdC7Xj/pHdJA+yOy9Oz3yluAy
7hb6NjwPsCR0WEpccywbwX9A5sgfEKYCxkrL+FOMYqEqQmu0n0WDwN9Z9dVMtSC+
cW0Mv+jfpTeUovIwvb/qTq7YrWh35RnKJu9WWEFo9Dbcc4LC/WqsVBnFGit0kV/c
nYMW/u/emedsRQHubi76R8LaNYpBZy71l9UisKGuXVMAE/ImSH5Mq07HEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAlslGLGKx5eXAma+qmqIRyyqXSSMB8GA1UdIwQY
MBaAFKz5EPNikcPCJN21ltlWVDGX8WPeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclBrUTgyS1J3OElrM2JXVzJWWlVNWmZ4WTk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8xZjVlMDctMzJiNi00MTE0LThiMGQt
ZDNiNThmNjk4MTQ4LzEvQ1d5VVlzWXJIbDVjQ1pyNnFhb2hITEtwZEpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8xZjVlMDctMzJiNi00MTE0LThiMGQtZDNiNThmNjk4MTQ4
LzEvclBrUTgyS1J3OElrM2JXVzJWWlVNWmZ4WTk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDW234MA0G
CSqGSIb3DQEBCwUAA4IBAQBPHStlFxkSQvE+gsG0fekZH7LWoJsMCjI3Brvfq8UD
lNIn2wYAY8GRAcD964raG9GY25zPqkBpSIaPryHFJ9udqpTpO0jzMTkL7B7+ptah
xTflE0n9Gaj5r0ruS5ua+qqHyLgJ6UUnG/3AfIhzZNYZ0Sv7jUHPdao8+tgB7aBe
gGioW309Jqk0IyAFg+XUqV/dNIest9vvUBDRceiJ8/bHOUns1xXmFJNVjkcqlQMz
X10XjajJkbg+SwfWzs78MJSjfELSMe1hZrwfR97zoSyY61yVaVCUxKno19hSGHot
7dUBO2xLlTnVyJzy6WCBQGkPif1hXyIc6q2dGtryBlGo
-----END CERTIFICATE-----