This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/856c05-d7b2-499a-af39-39dfa48ea6b9/1/WxNi3FY5cr-Bjj8BRJGuFpl1ulQ.roa
File:                     WxNi3FY5cr-Bjj8BRJGuFpl1ulQ.roa (raw, json)
Hash identifier:          uM3IRzOQy7yokmWWB+yCvHyVpY0d0sa0ZM1vmaCKkO8=
Subject key identifier:   5B:13:62:DC:56:39:72:BF:81:8E:3F:01:44:91:AE:16:99:75:BA:54
Certificate issuer:       /CN=ca231a4362bc1ec0fdb4349901b61ccf9d679d65
Certificate serial:       019B7EA740C45956DA49D2E08154086A09BD
Authority key identifier: CA:23:1A:43:62:BC:1E:C0:FD:B4:34:99:01:B6:1C:CF:9D:67:9D:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yiMaQ2K8HsD9tDSZAbYcz51nnWU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/856c05-d7b2-499a-af39-39dfa48ea6b9/1/WxNi3FY5cr-Bjj8BRJGuFpl1ulQ.roa
Signing time:             Fri 02 Jan 2026 12:20:48 +0000
ROA not before:           Fri 02 Jan 2026 12:20:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44842
IP address blocks:        91.199.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/856c05-d7b2-499a-af39-39dfa48ea6b9/1/yiMaQ2K8HsD9tDSZAbYcz51nnWU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/856c05-d7b2-499a-af39-39dfa48ea6b9/1/yiMaQ2K8HsD9tDSZAbYcz51nnWU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yiMaQ2K8HsD9tDSZAbYcz51nnWU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a7:40:c4:59:56:da:49:d2:e0:81:54:08:6a:09:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca231a4362bc1ec0fdb4349901b61ccf9d679d65
        Validity
            Not Before: Jan  2 12:20:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5b1362dc563972bf818e3f014491ae169975ba54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:54:8e:1b:61:6b:1b:69:8f:25:bb:c7:59:47:
                    d7:fe:17:47:92:62:9f:5f:84:2c:aa:24:27:b0:d9:
                    af:ad:da:5a:4d:d2:97:d1:05:9e:d8:ea:12:4c:03:
                    b1:61:50:cb:7c:04:21:90:c0:c8:f1:bb:25:ad:30:
                    b9:5e:28:69:3a:a5:a2:10:a7:ea:71:8c:a4:97:ae:
                    57:e7:82:c0:2d:bd:61:52:ee:ff:ef:17:4d:76:6e:
                    80:9a:95:bc:63:cf:8b:d7:2e:69:a5:55:9e:7d:24:
                    54:96:a9:1a:43:ab:a7:eb:aa:d7:79:13:19:6a:b9:
                    3e:0a:52:56:78:72:49:7e:c9:58:54:39:4c:7d:0d:
                    5f:d5:d8:dc:ed:82:d3:d4:1f:b2:73:6c:ac:46:5f:
                    95:bd:7d:75:71:3c:37:88:77:7e:73:3c:10:09:84:
                    d6:a6:33:b3:ce:66:c4:3d:cd:99:2e:79:93:68:d3:
                    33:c9:06:7b:51:45:fa:30:11:6f:f8:bd:76:a9:52:
                    9f:32:06:0c:7e:c3:c8:37:14:12:fb:b5:60:94:f4:
                    ae:00:80:6e:c0:bf:0a:98:4e:b9:f3:b0:da:5f:af:
                    b8:28:b6:18:c0:55:a5:7a:1c:e1:e0:42:47:ca:99:
                    6e:7c:0e:90:1a:f2:bb:56:d6:69:3a:0d:8a:a5:03:
                    dc:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:13:62:DC:56:39:72:BF:81:8E:3F:01:44:91:AE:16:99:75:BA:54
            X509v3 Authority Key Identifier:
                keyid:CA:23:1A:43:62:BC:1E:C0:FD:B4:34:99:01:B6:1C:CF:9D:67:9D:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yiMaQ2K8HsD9tDSZAbYcz51nnWU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/856c05-d7b2-499a-af39-39dfa48ea6b9/1/WxNi3FY5cr-Bjj8BRJGuFpl1ulQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/856c05-d7b2-499a-af39-39dfa48ea6b9/1/yiMaQ2K8HsD9tDSZAbYcz51nnWU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:fa:86:ce:14:4c:cf:83:8b:25:27:de:c3:c2:f9:09:2c:3e:
         cc:5f:f4:a4:45:df:6e:44:30:49:89:1c:5f:1a:9c:1e:48:85:
         11:57:a9:81:1a:b9:ae:65:a2:ab:c6:1a:3a:e1:5c:8c:7e:4c:
         fb:ac:70:cd:38:4e:a7:8e:f6:57:a5:13:cc:30:e0:ba:70:04:
         aa:16:03:35:98:2a:9a:bd:e2:a4:8f:52:5f:3a:09:24:5c:d2:
         e7:d0:f7:04:6d:8e:0c:2b:ae:eb:ad:68:2e:d7:8d:ab:b3:d7:
         5e:65:c7:8d:b2:81:58:27:fc:c5:76:99:25:dc:0b:53:35:d9:
         f8:6d:16:f0:b8:ae:49:8c:d3:4c:45:b5:e6:c8:9a:84:f8:bc:
         09:f9:ca:21:ad:95:36:da:89:0a:84:8c:75:06:2d:a0:e9:db:
         e3:4d:a4:ec:a1:58:f8:b8:ec:07:ad:5c:ac:cf:2b:e2:58:c3:
         9a:d5:2a:a3:e7:b7:60:f2:a3:78:b5:79:da:e6:5f:14:76:53:
         37:88:2a:4f:ee:21:37:8f:fc:24:1c:4f:1e:0c:97:62:61:43:
         1c:07:99:ad:c4:5c:0f:fe:98:66:f9:12:cb:71:07:d0:c3:f6:
         d2:45:e5:d4:93:65:60:10:fa:34:a8:33:37:1c:21:50:45:e9:
         cc:5c:82:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+p0DEWVbaSdLggVQIagm9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhMjMxYTQzNjJiYzFlYzBmZGI0MzQ5OTAxYjYxY2NmOWQ2
NzlkNjUwHhcNMjYwMTAyMTIyMDQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjEzNjJkYzU2Mzk3MmJmODE4ZTNmMDE0NDkxYWUxNjk5NzViYTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFSOG2FrG2mPJbvHWUfX/hdHkmKf
X4QsqiQnsNmvrdpaTdKX0QWe2OoSTAOxYVDLfAQhkMDI8bslrTC5XihpOqWiEKfq
cYykl65X54LALb1hUu7/7xdNdm6AmpW8Y8+L1y5ppVWefSRUlqkaQ6un66rXeRMZ
ark+ClJWeHJJfslYVDlMfQ1f1djc7YLT1B+yc2ysRl+VvX11cTw3iHd+czwQCYTW
pjOzzmbEPc2ZLnmTaNMzyQZ7UUX6MBFv+L12qVKfMgYMfsPINxQS+7VglPSuAIBu
wL8KmE6587DaX6+4KLYYwFWlehzh4EJHyplufA6QGvK7VtZpOg2KpQPcJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFsTYtxWOXK/gY4/AUSRrhaZdbpUMB8GA1UdIwQY
MBaAFMojGkNivB7A/bQ0mQG2HM+dZ51lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWlNYVEySzhIc0Q5dERTWkFiWWN6NTFubldVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS84NTZjMDUtZDdiMi00OTlhLWFmMzkt
MzlkZmE0OGVhNmI5LzEvV3hOaTNGWTVjci1Camo4QlJKR3VGcGwxdWxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS84NTZjMDUtZDdiMi00OTlhLWFmMzktMzlkZmE0OGVhNmI5
LzEveWlNYVEySzhIc0Q5dERTWkFiWWN6NTFubldVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8fqMA0G
CSqGSIb3DQEBCwUAA4IBAQAL+obOFEzPg4slJ97DwvkJLD7MX/SkRd9uRDBJiRxf
GpweSIURV6mBGrmuZaKrxho64VyMfkz7rHDNOE6njvZXpRPMMOC6cASqFgM1mCqa
veKkj1JfOgkkXNLn0PcEbY4MK67rrWgu142rs9deZceNsoFYJ/zFdpkl3AtTNdn4
bRbwuK5JjNNMRbXmyJqE+LwJ+cohrZU22okKhIx1Bi2g6dvjTaTsoVj4uOwHrVys
zyviWMOa1Sqj57dg8qN4tXna5l8UdlM3iCpP7iE3j/wkHE8eDJdiYUMcB5mtxFwP
/phm+RLLcQfQw/bSReXUk2VgEPo0qDM3HCFQRenMXIJx
-----END CERTIFICATE-----