This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/96184d-5981-4702-9d32-6cc0daf341c4/1/bOTyO1jGNXvTUzXi3EztaGmz3K4.roa
File:                     bOTyO1jGNXvTUzXi3EztaGmz3K4.roa (raw, json)
Hash identifier:          5vKYEUvZMHjV6NuMxD9j9IkwxVI/1099N+1KTRpjjYo=
Subject key identifier:   6C:E4:F2:3B:58:C6:35:7B:D3:53:35:E2:DC:4C:ED:68:69:B3:DC:AE
Certificate issuer:       /CN=0ffe0011ebe4f216c58d3ab42812b98402be0b2c
Certificate serial:       019B78352EFE61263B3575F5C56394D45BC8
Authority key identifier: 0F:FE:00:11:EB:E4:F2:16:C5:8D:3A:B4:28:12:B9:84:02:BE:0B:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D_4AEevk8hbFjTq0KBK5hAK-Cyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/96184d-5981-4702-9d32-6cc0daf341c4/1/bOTyO1jGNXvTUzXi3EztaGmz3K4.roa
Signing time:             Thu 01 Jan 2026 06:18:29 +0000
ROA not before:           Thu 01 Jan 2026 06:18:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     24971
IP address blocks:        91.216.179.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/96184d-5981-4702-9d32-6cc0daf341c4/1/D_4AEevk8hbFjTq0KBK5hAK-Cyw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/96184d-5981-4702-9d32-6cc0daf341c4/1/D_4AEevk8hbFjTq0KBK5hAK-Cyw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D_4AEevk8hbFjTq0KBK5hAK-Cyw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:35:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:35:2e:fe:61:26:3b:35:75:f5:c5:63:94:d4:5b:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ffe0011ebe4f216c58d3ab42812b98402be0b2c
        Validity
            Not Before: Jan  1 06:18:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6ce4f23b58c6357bd35335e2dc4ced6869b3dcae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:f4:96:93:09:15:4f:ac:32:f8:8c:ec:66:52:
                    f5:b2:79:f5:ed:90:d2:cf:4b:53:c7:1b:41:6b:13:
                    8b:25:5c:31:58:89:b7:2b:a1:ff:70:6f:78:18:5f:
                    c9:fc:b0:69:93:da:54:f0:4f:59:1e:1e:1a:95:65:
                    d7:de:87:9d:12:60:f1:c9:71:32:3c:1e:4f:fd:67:
                    10:dd:5d:3d:91:ec:3f:bb:76:bc:d4:61:3e:77:4c:
                    a7:d1:9b:db:d5:b1:04:cc:72:06:a6:ae:5e:4c:a1:
                    5a:25:6d:2e:cb:e1:12:aa:82:d5:49:2b:0b:b2:dc:
                    9d:c9:9f:ba:50:4a:ad:3d:f2:8d:fd:d8:79:80:7d:
                    44:97:37:56:fd:9e:ce:e2:48:12:2c:da:7c:f7:ea:
                    6c:fc:63:f3:de:40:38:a7:ab:74:e8:53:6a:01:fa:
                    e0:97:b5:15:2e:19:54:b5:31:37:b4:bd:d7:e0:e6:
                    1b:d5:b6:12:1e:80:73:a1:07:a1:f4:75:30:72:84:
                    a1:eb:27:02:f3:e5:81:90:b2:09:7a:34:cc:f2:dc:
                    9d:a0:d2:7d:1f:63:14:76:a5:ff:09:ae:91:78:be:
                    ce:ed:6f:88:09:f8:75:92:5d:a2:4e:8a:61:7d:f1:
                    e6:4a:9c:9e:fc:55:84:16:4d:ee:61:93:2c:7a:c5:
                    a3:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:E4:F2:3B:58:C6:35:7B:D3:53:35:E2:DC:4C:ED:68:69:B3:DC:AE
            X509v3 Authority Key Identifier:
                keyid:0F:FE:00:11:EB:E4:F2:16:C5:8D:3A:B4:28:12:B9:84:02:BE:0B:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D_4AEevk8hbFjTq0KBK5hAK-Cyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/96184d-5981-4702-9d32-6cc0daf341c4/1/bOTyO1jGNXvTUzXi3EztaGmz3K4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/96184d-5981-4702-9d32-6cc0daf341c4/1/D_4AEevk8hbFjTq0KBK5hAK-Cyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:d9:f6:a3:ce:c3:ac:02:34:c1:9a:e0:73:14:06:99:76:d2:
         ae:56:fa:ad:18:d8:1b:ab:d9:c4:75:d3:51:bc:40:40:b3:d4:
         90:7e:ea:75:40:8b:89:11:46:df:2c:7e:00:15:5a:8d:8f:11:
         f1:d2:aa:d9:8f:bf:23:91:82:fe:84:c3:cc:f4:3e:52:52:9e:
         77:63:2b:9d:69:f1:fe:7a:9f:94:ae:15:bc:6e:d2:09:48:da:
         3a:c4:42:57:a3:d8:c4:f9:84:dd:c8:0a:32:0f:ca:aa:81:3a:
         76:2b:52:0e:bc:31:8b:0f:aa:e7:99:7c:5d:61:5c:b0:7c:c7:
         4a:94:de:2a:dd:eb:e4:c6:d0:78:9f:3b:20:a0:55:0f:65:7e:
         84:64:3b:50:22:8b:56:4e:5f:c9:79:a0:26:01:ce:b9:3f:1a:
         e7:81:c1:a8:c4:17:25:94:fa:59:93:52:80:5f:ec:cf:14:12:
         a4:42:25:dc:c8:9c:37:80:a5:40:ce:ab:1f:2e:54:ca:c2:80:
         08:c4:a7:dc:80:33:24:a0:6e:fb:02:4d:a9:4e:1c:9f:38:b5:
         f9:92:f7:3c:f9:c4:77:52:2e:cb:fb:67:35:7d:97:f5:a8:6e:
         0b:bc:ec:7f:92:9a:09:cb:e3:03:af:f3:35:34:d1:4c:a1:f1:
         64:eb:de:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NS7+YSY7NXX1xWOU1FvIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZmUwMDExZWJlNGYyMTZjNThkM2FiNDI4MTJiOTg0MDJi
ZTBiMmMwHhcNMjYwMTAxMDYxODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2U0ZjIzYjU4YzYzNTdiZDM1MzM1ZTJkYzRjZWQ2ODY5YjNkY2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApvSWkwkVT6wy+IzsZlL1snn17ZDS
z0tTxxtBaxOLJVwxWIm3K6H/cG94GF/J/LBpk9pU8E9ZHh4alWXX3oedEmDxyXEy
PB5P/WcQ3V09kew/u3a81GE+d0yn0Zvb1bEEzHIGpq5eTKFaJW0uy+ESqoLVSSsL
stydyZ+6UEqtPfKN/dh5gH1ElzdW/Z7O4kgSLNp89+ps/GPz3kA4p6t06FNqAfrg
l7UVLhlUtTE3tL3X4OYb1bYSHoBzoQeh9HUwcoSh6ycC8+WBkLIJejTM8tydoNJ9
H2MUdqX/Ca6ReL7O7W+ICfh1kl2iTophffHmSpye/FWEFk3uYZMsesWjSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGzk8jtYxjV701M14txM7Whps9yuMB8GA1UdIwQY
MBaAFA/+ABHr5PIWxY06tCgSuYQCvgssMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRF80QUVldms4aGJGalRxMEtCSzVoQUstQ3l3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS85NjE4NGQtNTk4MS00NzAyLTlkMzIt
NmNjMGRhZjM0MWM0LzEvYk9UeU8xakdOWHZUVXpYaTNFenRhR216M0s0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS85NjE4NGQtNTk4MS00NzAyLTlkMzItNmNjMGRhZjM0MWM0
LzEvRF80QUVldms4aGJGalRxMEtCSzVoQUstQ3l3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9izMA0G
CSqGSIb3DQEBCwUAA4IBAQCX2fajzsOsAjTBmuBzFAaZdtKuVvqtGNgbq9nEddNR
vEBAs9SQfup1QIuJEUbfLH4AFVqNjxHx0qrZj78jkYL+hMPM9D5SUp53YyudafH+
ep+UrhW8btIJSNo6xEJXo9jE+YTdyAoyD8qqgTp2K1IOvDGLD6rnmXxdYVywfMdK
lN4q3evkxtB4nzsgoFUPZX6EZDtQIotWTl/JeaAmAc65PxrngcGoxBcllPpZk1KA
X+zPFBKkQiXcyJw3gKVAzqsfLlTKwoAIxKfcgDMkoG77Ak2pThyfOLX5kvc8+cR3
Ui7L+2c1fZf1qG4LvOx/kpoJy+MDr/M1NNFMofFk6958
-----END CERTIFICATE-----