This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/1e7f96-e936-42c8-ac62-40669ad19fb9/1/Z0h4r8Cw7__xchKsVvU8nksAU0w.roa
File:                     Z0h4r8Cw7__xchKsVvU8nksAU0w.roa (raw, json)
Hash identifier:          eVMH7lIJbIBD17QayaS20VTBZM68VJbN4Trnh4+uUoY=
Subject key identifier:   67:48:78:AF:C0:B0:EF:FF:F1:72:12:AC:56:F5:3C:9E:4B:00:53:4C
Certificate issuer:       /CN=3613022dedc1f8f013aa6e390fa23bd22f1fe392
Certificate serial:       019B79102E1F9E351F166ADEEFBC7380372A
Authority key identifier: 36:13:02:2D:ED:C1:F8:F0:13:AA:6E:39:0F:A2:3B:D2:2F:1F:E3:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NhMCLe3B-PATqm45D6I70i8f45I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/1e7f96-e936-42c8-ac62-40669ad19fb9/1/Z0h4r8Cw7__xchKsVvU8nksAU0w.roa
Signing time:             Thu 01 Jan 2026 10:17:42 +0000
ROA not before:           Thu 01 Jan 2026 10:17:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     19905
IP address blocks:        91.220.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/1e7f96-e936-42c8-ac62-40669ad19fb9/1/NhMCLe3B-PATqm45D6I70i8f45I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/1e7f96-e936-42c8-ac62-40669ad19fb9/1/NhMCLe3B-PATqm45D6I70i8f45I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NhMCLe3B-PATqm45D6I70i8f45I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:2e:1f:9e:35:1f:16:6a:de:ef:bc:73:80:37:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3613022dedc1f8f013aa6e390fa23bd22f1fe392
        Validity
            Not Before: Jan  1 10:17:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=674878afc0b0effff17212ac56f53c9e4b00534c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:18:ab:da:8a:77:b4:fe:77:8b:2a:f2:3f:e6:
                    26:82:9f:a5:5b:a4:b0:bc:1a:cf:4b:2a:c8:50:8a:
                    29:53:c5:88:3c:55:17:df:b2:6e:37:3e:fb:a0:ce:
                    11:f2:54:08:27:c5:a2:ae:6d:7e:99:1f:d1:59:90:
                    14:30:6e:55:3b:a5:dd:75:9f:eb:eb:9d:21:32:2a:
                    55:b1:a9:dd:9c:79:3e:46:53:1b:b4:c6:cf:e4:50:
                    91:0f:9b:4e:e0:fa:ea:97:2e:46:f5:6d:f5:f3:78:
                    45:af:16:14:8c:ae:af:af:86:7e:4f:f1:48:1f:f5:
                    2e:a6:a2:8c:60:10:d2:8d:45:ed:c6:64:3d:d2:6a:
                    b5:d5:ea:ac:91:39:99:1b:01:f9:c3:63:9a:1d:01:
                    82:da:7c:b1:05:72:9b:80:49:04:db:b1:fb:dc:11:
                    ce:a4:72:30:0b:bf:de:96:cb:31:58:1f:ce:21:72:
                    b8:bf:19:a4:bb:6c:0c:3e:0e:d6:6f:4b:21:2c:20:
                    28:22:c9:4d:10:53:e1:b0:43:68:45:19:b2:8a:7a:
                    6c:73:49:cf:48:fd:7a:36:9d:24:99:54:95:83:0f:
                    01:d3:0e:54:ba:ca:4b:0c:c9:07:87:fb:76:65:39:
                    46:a1:63:a1:01:5f:10:45:46:bd:17:a8:3d:d3:bc:
                    49:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:48:78:AF:C0:B0:EF:FF:F1:72:12:AC:56:F5:3C:9E:4B:00:53:4C
            X509v3 Authority Key Identifier:
                keyid:36:13:02:2D:ED:C1:F8:F0:13:AA:6E:39:0F:A2:3B:D2:2F:1F:E3:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NhMCLe3B-PATqm45D6I70i8f45I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/1e7f96-e936-42c8-ac62-40669ad19fb9/1/Z0h4r8Cw7__xchKsVvU8nksAU0w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/1e7f96-e936-42c8-ac62-40669ad19fb9/1/NhMCLe3B-PATqm45D6I70i8f45I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:d2:23:b0:0b:f4:b2:5a:6c:8b:f3:02:f9:f0:db:98:e2:1e:
         d6:97:f9:ee:57:66:fc:6d:8d:8a:f4:0c:4d:78:cf:55:45:27:
         ce:9f:a2:2a:1a:55:59:0f:d6:bb:28:e3:13:84:8c:d7:4d:52:
         fb:19:19:3c:91:f8:5a:e8:fd:27:30:69:c2:f6:e6:04:31:54:
         8c:32:d5:30:ea:33:40:1b:ff:c1:f0:d7:1b:dd:48:46:1c:1b:
         10:d4:70:8e:e7:71:82:9e:be:aa:9d:0f:ec:13:1f:71:4e:c2:
         16:d5:e2:a0:34:11:55:60:73:cb:1d:39:8e:22:35:46:f4:93:
         b3:0a:68:f7:10:56:87:a6:6d:9f:ee:94:83:ed:44:ff:aa:4c:
         c7:97:fc:98:3a:ce:7a:bd:4f:ad:bd:75:a3:8b:49:32:79:cb:
         3a:86:53:b6:35:1c:04:1b:9c:71:20:26:97:2c:1d:42:0c:2a:
         dc:5b:5e:92:b5:67:3a:54:8b:5e:5a:5a:99:96:f0:cb:43:91:
         e9:d0:2e:ab:58:50:c1:a9:a9:d6:71:d8:ff:82:63:0f:ba:ef:
         07:56:5c:ba:2a:51:0b:ff:97:9d:04:2a:f3:a8:99:67:24:4f:
         1d:a5:93:b8:40:9d:78:bf:d7:4e:a1:a1:8a:2c:eb:54:25:a8:
         e9:ee:c2:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EC4fnjUfFmre77xzgDcqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2MTMwMjJkZWRjMWY4ZjAxM2FhNmUzOTBmYTIzYmQyMmYx
ZmUzOTIwHhcNMjYwMTAxMTAxNzQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzQ4NzhhZmMwYjBlZmZmZjE3MjEyYWM1NmY1M2M5ZTRiMDA1MzRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBir2op3tP53iyryP+Ymgp+lW6Sw
vBrPSyrIUIopU8WIPFUX37JuNz77oM4R8lQIJ8Wirm1+mR/RWZAUMG5VO6XddZ/r
650hMipVsandnHk+RlMbtMbP5FCRD5tO4Prqly5G9W3183hFrxYUjK6vr4Z+T/FI
H/UupqKMYBDSjUXtxmQ90mq11eqskTmZGwH5w2OaHQGC2nyxBXKbgEkE27H73BHO
pHIwC7/elssxWB/OIXK4vxmku2wMPg7Wb0shLCAoIslNEFPhsENoRRmyinpsc0nP
SP16Np0kmVSVgw8B0w5UuspLDMkHh/t2ZTlGoWOhAV8QRUa9F6g907xJZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGdIeK/AsO//8XISrFb1PJ5LAFNMMB8GA1UdIwQY
MBaAFDYTAi3twfjwE6puOQ+iO9IvH+OSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmhNQ0xlM0ItUEFUcW00NUQ2STcwaThmNDVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8xZTdmOTYtZTkzNi00MmM4LWFjNjIt
NDA2NjlhZDE5ZmI5LzEvWjBoNHI4Q3c3X194Y2hLc1Z2VThua3NBVTB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8xZTdmOTYtZTkzNi00MmM4LWFjNjItNDA2NjlhZDE5ZmI5
LzEvTmhNQ0xlM0ItUEFUcW00NUQ2STcwaThmNDVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9wpMA0G
CSqGSIb3DQEBCwUAA4IBAQAF0iOwC/SyWmyL8wL58NuY4h7Wl/nuV2b8bY2K9AxN
eM9VRSfOn6IqGlVZD9a7KOMThIzXTVL7GRk8kfha6P0nMGnC9uYEMVSMMtUw6jNA
G//B8Ncb3UhGHBsQ1HCO53GCnr6qnQ/sEx9xTsIW1eKgNBFVYHPLHTmOIjVG9JOz
Cmj3EFaHpm2f7pSD7UT/qkzHl/yYOs56vU+tvXWji0kyecs6hlO2NRwEG5xxICaX
LB1CDCrcW16StWc6VIteWlqZlvDLQ5Hp0C6rWFDBqanWcdj/gmMPuu8HVly6KlEL
/5edBCrzqJlnJE8dpZO4QJ14v9dOoaGKLOtUJajp7sLJ
-----END CERTIFICATE-----