This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/ee42bb-1e49-4c21-a4d6-ec287e1d37e5/1/m4XAr0nFqrkR_Krsol9GLTXmNl4.roa
File:                     m4XAr0nFqrkR_Krsol9GLTXmNl4.roa (raw, json)
Hash identifier:          KY0dlSwMBxLcB3P/BTz3b2ZIcHyY+gMZLw7H5DbRMcY=
Subject key identifier:   9B:85:C0:AF:49:C5:AA:B9:11:FC:AA:EC:A2:5F:46:2D:35:E6:36:5E
Certificate issuer:       /CN=e316318247d211841f9620a9a1130010ddb486f2
Certificate serial:       019B7A5AC7BC1CCF82802594FAC39025D40E
Authority key identifier: E3:16:31:82:47:D2:11:84:1F:96:20:A9:A1:13:00:10:DD:B4:86:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4xYxgkfSEYQfliCpoRMAEN20hvI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/ee42bb-1e49-4c21-a4d6-ec287e1d37e5/1/m4XAr0nFqrkR_Krsol9GLTXmNl4.roa
Signing time:             Thu 01 Jan 2026 16:18:48 +0000
ROA not before:           Thu 01 Jan 2026 16:18:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48678
IP address blocks:        91.232.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/ee42bb-1e49-4c21-a4d6-ec287e1d37e5/1/4xYxgkfSEYQfliCpoRMAEN20hvI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/ee42bb-1e49-4c21-a4d6-ec287e1d37e5/1/4xYxgkfSEYQfliCpoRMAEN20hvI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4xYxgkfSEYQfliCpoRMAEN20hvI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 07:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:c7:bc:1c:cf:82:80:25:94:fa:c3:90:25:d4:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e316318247d211841f9620a9a1130010ddb486f2
        Validity
            Not Before: Jan  1 16:18:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9b85c0af49c5aab911fcaaeca25f462d35e6365e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:c6:5f:e3:9b:33:84:00:32:8d:78:fe:f5:22:
                    fb:08:54:ab:fc:e7:3f:7b:f0:73:07:84:f9:c6:09:
                    b0:df:49:0d:f9:06:42:46:a2:cb:21:4a:5f:55:fd:
                    25:75:bb:2a:95:57:6c:52:77:8a:f8:71:4b:f7:b7:
                    30:60:c7:91:8c:58:4a:bd:f6:82:3a:9d:34:86:34:
                    c5:fa:82:aa:fc:91:26:a1:c4:d2:16:e0:04:14:d5:
                    d5:93:e5:7e:8b:7f:b2:e9:80:67:19:41:1b:83:d1:
                    77:d4:78:14:a5:fd:75:e0:27:0a:ba:9c:a7:a0:19:
                    70:2b:8a:19:4b:a3:90:dc:bc:25:3f:ae:3b:7d:58:
                    35:58:4c:54:af:4f:2e:88:bf:c9:ca:29:5e:e5:f0:
                    98:36:de:83:96:93:2d:90:9d:06:7e:62:38:d9:61:
                    36:60:ef:2a:58:9f:dc:44:df:cd:b7:32:53:c7:02:
                    61:62:e7:7f:f3:59:b1:1f:60:f4:e5:2f:6c:6c:aa:
                    f8:d5:af:6a:e5:8b:92:65:b7:98:69:39:c6:2e:e4:
                    7f:a2:1d:78:85:c5:02:71:34:81:47:ab:c4:df:c5:
                    bb:ed:90:29:1c:65:06:f5:f6:d4:e3:24:fe:22:ba:
                    d4:9d:4c:4a:41:60:8b:75:bb:49:e8:97:99:41:7b:
                    41:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:85:C0:AF:49:C5:AA:B9:11:FC:AA:EC:A2:5F:46:2D:35:E6:36:5E
            X509v3 Authority Key Identifier:
                keyid:E3:16:31:82:47:D2:11:84:1F:96:20:A9:A1:13:00:10:DD:B4:86:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4xYxgkfSEYQfliCpoRMAEN20hvI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/ee42bb-1e49-4c21-a4d6-ec287e1d37e5/1/m4XAr0nFqrkR_Krsol9GLTXmNl4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/ee42bb-1e49-4c21-a4d6-ec287e1d37e5/1/4xYxgkfSEYQfliCpoRMAEN20hvI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.232.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:df:a6:ba:b0:82:12:4f:a8:95:4f:c4:71:93:57:f8:06:86:
         24:ef:5f:d3:a5:2f:b7:b6:bd:10:7d:e3:7e:10:ab:81:9f:9a:
         90:9d:78:59:79:44:2a:34:58:fc:4c:1d:b3:fc:9c:9d:fc:76:
         9e:71:81:47:eb:87:91:cd:1a:7b:a6:eb:64:2a:f2:bb:d9:f9:
         78:d6:ad:d2:a1:bf:fa:c4:da:bf:2d:53:46:bf:d7:54:82:50:
         37:59:4e:c6:e0:a2:ba:fa:f7:14:15:da:12:ca:0d:f1:40:2e:
         26:5a:36:83:fa:6c:95:79:aa:f9:8d:62:f1:fe:46:b7:f4:57:
         a0:53:b2:14:a9:96:2a:86:80:b0:d7:2f:0a:54:75:c2:97:c7:
         b7:74:ca:37:6d:89:b9:d9:5d:b4:98:76:17:13:c4:49:12:88:
         cc:f6:82:99:a7:bd:9c:62:7e:40:97:a2:a2:b6:9d:75:3a:c9:
         34:03:4c:ac:70:26:47:b7:79:4f:70:82:57:75:68:cb:24:11:
         08:c1:c7:c2:09:99:fa:6f:32:bc:5e:d8:30:92:eb:9a:ee:7d:
         75:f9:d8:fe:71:ab:aa:9e:bf:bf:f9:15:5f:3b:d0:2f:32:7e:
         ba:f8:7b:31:d1:fa:0f:ee:15:1b:b4:cf:7e:df:57:3a:01:c2:
         16:cc:54:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6Wse8HM+CgCWU+sOQJdQOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzMTYzMTgyNDdkMjExODQxZjk2MjBhOWExMTMwMDEwZGRi
NDg2ZjIwHhcNMjYwMTAxMTYxODQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Yjg1YzBhZjQ5YzVhYWI5MTFmY2FhZWNhMjVmNDYyZDM1ZTYzNjVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArcZf45szhAAyjXj+9SL7CFSr/Oc/
e/BzB4T5xgmw30kN+QZCRqLLIUpfVf0ldbsqlVdsUneK+HFL97cwYMeRjFhKvfaC
Op00hjTF+oKq/JEmocTSFuAEFNXVk+V+i3+y6YBnGUEbg9F31HgUpf114CcKupyn
oBlwK4oZS6OQ3LwlP647fVg1WExUr08uiL/Jyile5fCYNt6DlpMtkJ0GfmI42WE2
YO8qWJ/cRN/NtzJTxwJhYud/81mxH2D05S9sbKr41a9q5YuSZbeYaTnGLuR/oh14
hcUCcTSBR6vE38W77ZApHGUG9fbU4yT+IrrUnUxKQWCLdbtJ6JeZQXtBSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJuFwK9Jxaq5Efyq7KJfRi015jZeMB8GA1UdIwQY
MBaAFOMWMYJH0hGEH5YgqaETABDdtIbyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHhZeGdrZlNFWVFmbGlDcG9STUFFTjIwaHZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9lZTQyYmItMWU0OS00YzIxLWE0ZDYt
ZWMyODdlMWQzN2U1LzEvbTRYQXIwbkZxcmtSX0tyc29sOUdMVFhtTmw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9lZTQyYmItMWU0OS00YzIxLWE0ZDYtZWMyODdlMWQzN2U1
LzEvNHhZeGdrZlNFWVFmbGlDcG9STUFFTjIwaHZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+hnMA0G
CSqGSIb3DQEBCwUAA4IBAQBE36a6sIIST6iVT8Rxk1f4BoYk71/TpS+3tr0QfeN+
EKuBn5qQnXhZeUQqNFj8TB2z/Jyd/HaecYFH64eRzRp7putkKvK72fl41q3Sob/6
xNq/LVNGv9dUglA3WU7G4KK6+vcUFdoSyg3xQC4mWjaD+myVear5jWLx/ka39Feg
U7IUqZYqhoCw1y8KVHXCl8e3dMo3bYm52V20mHYXE8RJEojM9oKZp72cYn5Al6Ki
tp11Osk0A0yscCZHt3lPcIJXdWjLJBEIwcfCCZn6bzK8Xtgwkuua7n11+dj+cauq
nr+/+RVfO9AvMn66+Hsx0foP7hUbtM9+31c6AcIWzFTK
-----END CERTIFICATE-----