This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/db0b0e-97f1-48bd-ac2b-7e89f41b266b/1/kUzQjhLo2G6JI_dgKaScwOHdOPY.roa
File:                     kUzQjhLo2G6JI_dgKaScwOHdOPY.roa (raw, json)
Hash identifier:          5Mxtgv4b+Zf5ryrgeJIOrybvkQo9Xz3usdN2WR4EOAc=
Subject key identifier:   91:4C:D0:8E:12:E8:D8:6E:89:23:F7:60:29:A4:9C:C0:E1:DD:38:F6
Certificate issuer:       /CN=aa00ca862956f19d4dc95468aa616f9b167d9b39
Certificate serial:       019B7C111479739DFBA2E2918AC6AF147EBD
Authority key identifier: AA:00:CA:86:29:56:F1:9D:4D:C9:54:68:AA:61:6F:9B:16:7D:9B:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qgDKhilW8Z1NyVRoqmFvmxZ9mzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/db0b0e-97f1-48bd-ac2b-7e89f41b266b/1/kUzQjhLo2G6JI_dgKaScwOHdOPY.roa
Signing time:             Fri 02 Jan 2026 00:17:32 +0000
ROA not before:           Fri 02 Jan 2026 00:17:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48012
IP address blocks:        91.208.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/db0b0e-97f1-48bd-ac2b-7e89f41b266b/1/qgDKhilW8Z1NyVRoqmFvmxZ9mzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/db0b0e-97f1-48bd-ac2b-7e89f41b266b/1/qgDKhilW8Z1NyVRoqmFvmxZ9mzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qgDKhilW8Z1NyVRoqmFvmxZ9mzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:11:14:79:73:9d:fb:a2:e2:91:8a:c6:af:14:7e:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa00ca862956f19d4dc95468aa616f9b167d9b39
        Validity
            Not Before: Jan  2 00:17:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=914cd08e12e8d86e8923f76029a49cc0e1dd38f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:e3:b4:55:fe:52:1a:6c:00:8c:d2:2c:2e:eb:
                    df:2d:f0:0e:81:d6:2c:19:8c:f1:2d:d4:90:07:1b:
                    f8:7b:d5:51:59:4a:0b:6d:b6:ab:68:fc:c5:1a:e3:
                    39:0f:b1:28:3e:fd:80:b3:fa:9c:19:2e:d2:66:1f:
                    91:11:c6:c5:33:7a:f7:b3:cc:62:3f:33:d9:25:c7:
                    3d:be:4e:3b:6a:98:d0:2d:bf:cd:a5:ca:59:a4:47:
                    ab:97:82:7d:5e:71:42:ce:e6:70:b1:da:5e:b9:d0:
                    fa:7b:6f:fb:c2:e1:14:5c:dd:cb:ee:ed:2c:40:ac:
                    ea:3a:10:53:32:ad:24:17:dc:63:ae:cc:35:cd:d4:
                    22:7b:70:2b:7d:6d:14:22:f2:fe:5a:b0:c8:8c:7a:
                    10:de:d4:6f:77:53:de:0e:4e:23:85:97:28:45:90:
                    05:3b:00:a0:f3:a1:3f:db:80:54:df:1d:9c:02:4a:
                    92:dd:07:53:14:7e:97:02:24:96:e0:a0:fe:40:c6:
                    be:51:a3:8c:87:bb:54:5c:e7:0a:e9:b5:37:67:14:
                    93:d7:28:a9:46:96:4d:21:d2:d2:85:2f:30:c9:fb:
                    16:d8:3a:43:21:d7:b8:73:36:31:68:cb:08:a2:66:
                    df:37:9e:7a:75:de:18:33:09:cd:7b:5f:52:b4:9d:
                    62:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:4C:D0:8E:12:E8:D8:6E:89:23:F7:60:29:A4:9C:C0:E1:DD:38:F6
            X509v3 Authority Key Identifier:
                keyid:AA:00:CA:86:29:56:F1:9D:4D:C9:54:68:AA:61:6F:9B:16:7D:9B:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qgDKhilW8Z1NyVRoqmFvmxZ9mzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/db0b0e-97f1-48bd-ac2b-7e89f41b266b/1/kUzQjhLo2G6JI_dgKaScwOHdOPY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/db0b0e-97f1-48bd-ac2b-7e89f41b266b/1/qgDKhilW8Z1NyVRoqmFvmxZ9mzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:9c:5b:1e:48:56:72:b9:a8:2c:8a:80:c8:fc:d0:4a:79:64:
         5a:ad:32:2c:0c:d4:b3:bb:bd:95:da:c2:76:27:c2:bb:96:66:
         96:68:c7:0c:a8:d1:84:86:42:3e:c4:e7:76:98:67:1e:28:8e:
         39:da:da:34:08:97:2d:8a:3d:f0:f5:b0:78:c0:f4:9d:0c:8a:
         a4:3b:68:2e:37:8f:66:e8:c1:52:07:3a:ea:82:7a:a3:c1:f4:
         ee:75:27:5c:53:d8:f1:ee:56:ce:aa:23:26:3a:43:ea:5a:b8:
         d4:98:d6:52:59:c5:ef:c8:d9:90:19:2e:96:db:30:fa:79:96:
         ab:9a:86:51:b3:97:6b:92:a6:df:42:86:61:aa:37:8b:89:ec:
         b3:8d:cd:a5:f8:01:2e:e2:5c:71:1f:ca:41:c3:54:ba:31:a3:
         e6:11:cb:66:74:6a:f1:38:6c:98:73:83:72:5e:8b:88:a7:a1:
         a8:4c:2a:06:3c:6e:6b:c3:4c:e5:76:d5:bf:32:78:94:95:97:
         64:ec:62:34:bd:4f:6a:7c:3d:a7:b1:a7:2a:8a:40:0c:1d:a4:
         6e:e4:ee:e3:58:84:68:0b:96:aa:ad:44:e2:70:3d:72:8b:2b:
         71:a5:19:f4:92:fa:15:80:ff:32:96:da:bd:59:14:3c:5f:46:
         61:5e:21:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8ERR5c537ouKRisavFH69MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhMDBjYTg2Mjk1NmYxOWQ0ZGM5NTQ2OGFhNjE2ZjliMTY3
ZDliMzkwHhcNMjYwMTAyMDAxNzMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTRjZDA4ZTEyZThkODZlODkyM2Y3NjAyOWE0OWNjMGUxZGQzOGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6eO0Vf5SGmwAjNIsLuvfLfAOgdYs
GYzxLdSQBxv4e9VRWUoLbbaraPzFGuM5D7EoPv2As/qcGS7SZh+REcbFM3r3s8xi
PzPZJcc9vk47apjQLb/NpcpZpEerl4J9XnFCzuZwsdpeudD6e2/7wuEUXN3L7u0s
QKzqOhBTMq0kF9xjrsw1zdQie3ArfW0UIvL+WrDIjHoQ3tRvd1PeDk4jhZcoRZAF
OwCg86E/24BU3x2cAkqS3QdTFH6XAiSW4KD+QMa+UaOMh7tUXOcK6bU3ZxST1yip
RpZNIdLShS8wyfsW2DpDIde4czYxaMsIombfN556dd4YMwnNe19StJ1iMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJFM0I4S6NhuiSP3YCmknMDh3Tj2MB8GA1UdIwQY
MBaAFKoAyoYpVvGdTclUaKphb5sWfZs5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWdES2hpbFc4WjFOeVZSb3FtRnZteFo5bXprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9kYjBiMGUtOTdmMS00OGJkLWFjMmIt
N2U4OWY0MWIyNjZiLzEva1V6UWpoTG8yRzZKSV9kZ0thU2N3T0hkT1BZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9kYjBiMGUtOTdmMS00OGJkLWFjMmItN2U4OWY0MWIyNjZi
LzEvcWdES2hpbFc4WjFOeVZSb3FtRnZteFo5bXprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9DqMA0G
CSqGSIb3DQEBCwUAA4IBAQCDnFseSFZyuagsioDI/NBKeWRarTIsDNSzu72V2sJ2
J8K7lmaWaMcMqNGEhkI+xOd2mGceKI452to0CJctij3w9bB4wPSdDIqkO2guN49m
6MFSBzrqgnqjwfTudSdcU9jx7lbOqiMmOkPqWrjUmNZSWcXvyNmQGS6W2zD6eZar
moZRs5drkqbfQoZhqjeLieyzjc2l+AEu4lxxH8pBw1S6MaPmEctmdGrxOGyYc4Ny
XouIp6GoTCoGPG5rw0zldtW/MniUlZdk7GI0vU9qfD2nsacqikAMHaRu5O7jWIRo
C5aqrUTicD1yiytxpRn0kvoVgP8yltq9WRQ8X0ZhXiHl
-----END CERTIFICATE-----