This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/6f9283-b4d4-44cd-a69b-c73201df9995/1/4ZPiF2VO9a8aU0a0A0t3ypNdZ_4.roa
File:                     4ZPiF2VO9a8aU0a0A0t3ypNdZ_4.roa (raw, json)
Hash identifier:          T/Mc1/RVrNSXXxPaHTxn7Si+vyAXxTkGBmRnuF/YEqM=
Subject key identifier:   E1:93:E2:17:65:4E:F5:AF:1A:53:46:B4:03:4B:77:CA:93:5D:67:FE
Certificate issuer:       /CN=761acfd649c8eead8551942781fa16f68dbd10f3
Certificate serial:       019B7DCAB4DF99B07AE85ADA450BEAE2673B
Authority key identifier: 76:1A:CF:D6:49:C8:EE:AD:85:51:94:27:81:FA:16:F6:8D:BD:10:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhrP1knI7q2FUZQngfoW9o29EPM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/6f9283-b4d4-44cd-a69b-c73201df9995/1/4ZPiF2VO9a8aU0a0A0t3ypNdZ_4.roa
Signing time:             Fri 02 Jan 2026 08:19:55 +0000
ROA not before:           Fri 02 Jan 2026 08:19:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41836
IP address blocks:        91.224.72.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/6f9283-b4d4-44cd-a69b-c73201df9995/1/dhrP1knI7q2FUZQngfoW9o29EPM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/6f9283-b4d4-44cd-a69b-c73201df9995/1/dhrP1knI7q2FUZQngfoW9o29EPM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhrP1knI7q2FUZQngfoW9o29EPM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:b4:df:99:b0:7a:e8:5a:da:45:0b:ea:e2:67:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761acfd649c8eead8551942781fa16f68dbd10f3
        Validity
            Not Before: Jan  2 08:19:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e193e217654ef5af1a5346b4034b77ca935d67fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:c1:81:f7:10:00:d3:88:2d:a7:32:c4:e3:83:
                    62:2f:e5:14:e2:b6:82:6e:84:0c:0f:98:d2:ea:60:
                    1e:a4:0a:39:1f:3f:c7:4c:dd:74:5d:d0:1e:91:1b:
                    f2:35:5d:f7:d0:80:5e:83:9f:14:ba:44:d6:45:19:
                    c5:69:a5:4f:1b:bb:38:12:ad:28:ba:4b:2e:92:d6:
                    d1:79:7d:5e:36:2b:e8:a7:d4:a6:b6:83:ee:c2:bd:
                    f4:f8:24:88:47:8c:92:58:42:69:b5:1f:e5:24:61:
                    bd:2f:57:08:6f:e8:b4:21:01:42:f0:40:0d:fd:7b:
                    45:ec:1b:dd:9a:cd:82:a6:03:d6:b9:d0:41:7b:b9:
                    b9:00:3d:f8:17:76:48:9a:07:ae:15:27:36:c6:b9:
                    62:a5:71:5e:7b:11:65:5a:20:38:af:2a:3d:16:e1:
                    f5:64:47:a4:ea:e3:5d:23:88:89:81:ad:b9:d9:e5:
                    15:6c:6e:b2:1d:73:26:d2:65:96:f0:74:9e:23:9b:
                    ae:d1:bd:b8:35:77:1d:b0:b1:b7:b2:a6:61:6e:7c:
                    48:d8:e1:1d:8e:d9:cb:d3:ab:a5:56:b8:e7:ca:3f:
                    bc:8b:6e:ce:8e:3a:d8:27:5e:3a:06:3a:d8:e8:ce:
                    2f:56:e2:aa:97:bd:3c:4e:20:04:59:2b:99:6a:55:
                    1c:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:93:E2:17:65:4E:F5:AF:1A:53:46:B4:03:4B:77:CA:93:5D:67:FE
            X509v3 Authority Key Identifier:
                keyid:76:1A:CF:D6:49:C8:EE:AD:85:51:94:27:81:FA:16:F6:8D:BD:10:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhrP1knI7q2FUZQngfoW9o29EPM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/6f9283-b4d4-44cd-a69b-c73201df9995/1/4ZPiF2VO9a8aU0a0A0t3ypNdZ_4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/6f9283-b4d4-44cd-a69b-c73201df9995/1/dhrP1knI7q2FUZQngfoW9o29EPM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.224.72.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7e:70:c7:1a:35:0d:4b:6f:93:e7:52:0e:9e:a3:49:56:b5:67:
         c4:11:30:d7:96:c7:dd:4b:79:b1:40:e3:ea:98:7b:be:04:7e:
         57:d6:16:b9:e6:79:b4:c4:50:c1:7c:72:dc:70:68:a3:c5:98:
         a5:d9:40:9c:71:31:cf:3f:83:f1:a2:da:a3:e8:42:90:6c:89:
         56:3c:ea:29:fa:f7:ed:a5:af:cd:fa:6a:dc:f3:90:9c:3c:c3:
         98:d0:46:50:e3:b1:0f:29:b8:ca:8b:92:4d:54:8c:01:73:69:
         a9:98:cf:28:51:5f:9f:46:b5:80:cf:38:4d:b4:27:a2:76:36:
         d2:d7:b1:db:37:63:15:03:ab:d3:69:24:13:ba:0a:6c:ad:61:
         c9:a9:a9:de:df:5b:4c:a1:ee:5a:c0:97:3a:b6:8f:dc:38:77:
         3b:66:8b:57:4a:0b:64:24:bd:56:52:03:8b:bb:39:5e:54:39:
         f5:09:8f:30:6d:44:7c:12:b2:b1:dc:a1:e5:05:84:d7:97:48:
         84:86:61:97:4b:b7:75:27:31:7d:02:06:bc:4d:70:4a:4d:09:
         8c:52:1e:7c:a9:98:fa:45:d6:33:8a:55:ee:8c:89:9e:d7:df:
         06:64:9e:91:7e:be:de:a9:7c:5e:1c:21:c8:bf:8d:78:0b:b9:
         a4:4c:d1:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yrTfmbB66FraRQvq4mc7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2MWFjZmQ2NDljOGVlYWQ4NTUxOTQyNzgxZmExNmY2OGRi
ZDEwZjMwHhcNMjYwMTAyMDgxOTU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTkzZTIxNzY1NGVmNWFmMWE1MzQ2YjQwMzRiNzdjYTkzNWQ2N2ZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2cGB9xAA04gtpzLE44NiL+UU4raC
boQMD5jS6mAepAo5Hz/HTN10XdAekRvyNV330IBeg58UukTWRRnFaaVPG7s4Eq0o
uksuktbReX1eNivop9SmtoPuwr30+CSIR4ySWEJptR/lJGG9L1cIb+i0IQFC8EAN
/XtF7Bvdms2CpgPWudBBe7m5AD34F3ZImgeuFSc2xrlipXFeexFlWiA4ryo9FuH1
ZEek6uNdI4iJga252eUVbG6yHXMm0mWW8HSeI5uu0b24NXcdsLG3sqZhbnxI2OEd
jtnL06ulVrjnyj+8i27OjjrYJ146BjrY6M4vVuKql708TiAEWSuZalUc/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOGT4hdlTvWvGlNGtANLd8qTXWf+MB8GA1UdIwQY
MBaAFHYaz9ZJyO6thVGUJ4H6FvaNvRDzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGhyUDFrbkk3cTJGVVpRbmdmb1c5bzI5RVBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC82ZjkyODMtYjRkNC00NGNkLWE2OWIt
YzczMjAxZGY5OTk1LzEvNFpQaUYyVk85YThhVTBhMEEwdDN5cE5kWl80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC82ZjkyODMtYjRkNC00NGNkLWE2OWItYzczMjAxZGY5OTk1
LzEvZGhyUDFrbkk3cTJGVVpRbmdmb1c5bzI5RVBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+BIMA0G
CSqGSIb3DQEBCwUAA4IBAQB+cMcaNQ1Lb5PnUg6eo0lWtWfEETDXlsfdS3mxQOPq
mHu+BH5X1ha55nm0xFDBfHLccGijxZil2UCccTHPP4Pxotqj6EKQbIlWPOop+vft
pa/N+mrc85CcPMOY0EZQ47EPKbjKi5JNVIwBc2mpmM8oUV+fRrWAzzhNtCeidjbS
17HbN2MVA6vTaSQTugpsrWHJqane31tMoe5awJc6to/cOHc7ZotXSgtkJL1WUgOL
uzleVDn1CY8wbUR8ErKx3KHlBYTXl0iEhmGXS7d1JzF9Aga8TXBKTQmMUh58qZj6
RdYzilXujIme198GZJ6Rfr7eqXxeHCHIv414C7mkTNGg
-----END CERTIFICATE-----