This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/775190-cb94-4063-8c1a-ad147d915791/1/DnWfHELWv6ZXmwtakQ_6GSkBnMs.roa
File:                     DnWfHELWv6ZXmwtakQ_6GSkBnMs.roa (raw, json)
Hash identifier:          sD3OKMp3tJ9sJrkja6bcQY3bU7GkERVJF54ua1KO+ik=
Subject key identifier:   0E:75:9F:1C:42:D6:BF:A6:57:9B:0B:5A:91:0F:FA:19:29:01:9C:CB
Certificate issuer:       /CN=4f8477e569d1d7d60f0469a7cc8a7f4746039bb7
Certificate serial:       019B7DC891F16DC000E74A9AAC7E8EFC5FC8
Authority key identifier: 4F:84:77:E5:69:D1:D7:D6:0F:04:69:A7:CC:8A:7F:47:46:03:9B:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T4R35WnR19YPBGmnzIp_R0YDm7c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/775190-cb94-4063-8c1a-ad147d915791/1/DnWfHELWv6ZXmwtakQ_6GSkBnMs.roa
Signing time:             Fri 02 Jan 2026 08:17:35 +0000
ROA not before:           Fri 02 Jan 2026 08:17:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197386
IP address blocks:        91.220.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/775190-cb94-4063-8c1a-ad147d915791/1/T4R35WnR19YPBGmnzIp_R0YDm7c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/775190-cb94-4063-8c1a-ad147d915791/1/T4R35WnR19YPBGmnzIp_R0YDm7c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T4R35WnR19YPBGmnzIp_R0YDm7c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:c8:91:f1:6d:c0:00:e7:4a:9a:ac:7e:8e:fc:5f:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f8477e569d1d7d60f0469a7cc8a7f4746039bb7
        Validity
            Not Before: Jan  2 08:17:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0e759f1c42d6bfa6579b0b5a910ffa1929019ccb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:c5:a1:b4:69:38:be:94:f8:f2:aa:c3:b8:a0:
                    71:d1:e3:74:20:09:9a:6a:8a:10:63:ce:e8:ae:05:
                    2b:4f:59:11:92:5e:db:80:85:07:b5:68:b6:78:17:
                    b2:3f:43:da:1c:46:80:ff:43:7c:4b:ad:fb:ca:3d:
                    46:c0:4c:ed:da:2d:5c:c7:e7:68:71:cf:d5:b3:8a:
                    e5:d9:89:38:4c:7f:eb:b4:73:b4:83:40:49:bc:32:
                    e7:3b:7d:40:cb:89:df:18:15:d2:8a:41:ba:7b:31:
                    69:b4:6c:1c:70:0f:cc:5e:2c:bf:d0:88:87:42:9e:
                    51:86:b1:ef:a1:f0:3f:bc:d6:0b:14:fa:db:5c:86:
                    1a:6f:a4:1d:76:5b:b9:85:83:dd:39:00:d9:25:9a:
                    df:10:ee:85:ac:91:f9:4d:c2:84:96:75:82:d8:2a:
                    4f:d6:50:2d:af:0b:6c:f6:32:fb:fb:4d:62:9e:c4:
                    d8:64:5a:96:ff:e7:19:8a:0b:bd:f3:3c:22:f9:21:
                    34:62:e4:f1:46:bc:05:49:85:4a:f9:38:23:15:94:
                    82:1f:62:a2:89:f5:f0:6f:41:d8:3f:81:ae:d4:ed:
                    af:ac:4f:b1:71:3a:0d:d2:f4:7a:b0:bc:8c:cc:4c:
                    ff:09:99:6e:c8:58:c5:1d:35:31:06:b7:d9:e3:64:
                    7c:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:75:9F:1C:42:D6:BF:A6:57:9B:0B:5A:91:0F:FA:19:29:01:9C:CB
            X509v3 Authority Key Identifier:
                keyid:4F:84:77:E5:69:D1:D7:D6:0F:04:69:A7:CC:8A:7F:47:46:03:9B:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T4R35WnR19YPBGmnzIp_R0YDm7c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/775190-cb94-4063-8c1a-ad147d915791/1/DnWfHELWv6ZXmwtakQ_6GSkBnMs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/775190-cb94-4063-8c1a-ad147d915791/1/T4R35WnR19YPBGmnzIp_R0YDm7c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:4b:a2:83:d4:57:66:a0:4e:e4:07:41:d0:5e:a9:5c:6e:69:
         47:54:ef:e5:37:cf:25:ed:f5:03:0e:af:0a:d6:7f:0c:0e:b3:
         38:14:ec:a9:6a:94:56:a0:7a:46:6c:0c:77:33:9f:d7:79:f7:
         cd:9f:71:c7:fc:bf:1a:92:c6:e2:de:ad:57:9a:c6:fa:8f:39:
         2b:83:6a:d3:e3:78:5f:dc:fa:59:f4:df:61:a8:1a:fa:b3:b1:
         46:48:dc:64:57:90:c1:e7:a5:76:61:19:8b:73:1f:19:80:92:
         a2:ae:87:2e:89:b8:94:ea:fc:e6:89:b6:31:c7:7e:cd:1a:b0:
         6b:6a:88:73:c6:49:dd:05:d4:b7:fd:c4:d0:ef:dc:90:90:f3:
         f4:cf:fc:da:c7:27:da:13:4a:6b:e8:88:db:b2:29:10:33:b3:
         d0:7d:e2:0a:c5:a2:67:63:a3:e3:7e:f0:74:d7:bd:74:67:d9:
         d4:8b:b0:f0:cf:0e:42:f0:ff:8d:dc:73:c9:cc:8f:b6:42:41:
         01:23:03:de:0b:b0:04:bd:a1:f8:de:c4:36:8b:ae:eb:28:52:
         cb:89:b1:63:b1:42:ad:38:ea:a4:21:7d:ec:86:37:20:dc:96:
         10:4f:89:e1:56:80:5c:d8:80:8e:de:8a:00:2c:6c:ae:3c:fc:
         56:0d:2e:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yJHxbcAA50qarH6O/F/IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmODQ3N2U1NjlkMWQ3ZDYwZjA0NjlhN2NjOGE3ZjQ3NDYw
MzliYjcwHhcNMjYwMTAyMDgxNzM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTc1OWYxYzQyZDZiZmE2NTc5YjBiNWE5MTBmZmExOTI5MDE5Y2NiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0MWhtGk4vpT48qrDuKBx0eN0IAma
aooQY87orgUrT1kRkl7bgIUHtWi2eBeyP0PaHEaA/0N8S637yj1GwEzt2i1cx+do
cc/Vs4rl2Yk4TH/rtHO0g0BJvDLnO31Ay4nfGBXSikG6ezFptGwccA/MXiy/0IiH
Qp5RhrHvofA/vNYLFPrbXIYab6Qddlu5hYPdOQDZJZrfEO6FrJH5TcKElnWC2CpP
1lAtrwts9jL7+01insTYZFqW/+cZigu98zwi+SE0YuTxRrwFSYVK+TgjFZSCH2Ki
ifXwb0HYP4Gu1O2vrE+xcToN0vR6sLyMzEz/CZluyFjFHTUxBrfZ42R8hwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA51nxxC1r+mV5sLWpEP+hkpAZzLMB8GA1UdIwQY
MBaAFE+Ed+Vp0dfWDwRpp8yKf0dGA5u3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDRSMzVXblIxOVlQQkdtbnpJcF9SMFlEbTdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC83NzUxOTAtY2I5NC00MDYzLThjMWEt
YWQxNDdkOTE1NzkxLzEvRG5XZkhFTFd2NlpYbXd0YWtRXzZHU2tCbk1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC83NzUxOTAtY2I5NC00MDYzLThjMWEtYWQxNDdkOTE1Nzkx
LzEvVDRSMzVXblIxOVlQQkdtbnpJcF9SMFlEbTdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9wyMA0G
CSqGSIb3DQEBCwUAA4IBAQA4S6KD1FdmoE7kB0HQXqlcbmlHVO/lN88l7fUDDq8K
1n8MDrM4FOypapRWoHpGbAx3M5/XeffNn3HH/L8aksbi3q1Xmsb6jzkrg2rT43hf
3PpZ9N9hqBr6s7FGSNxkV5DB56V2YRmLcx8ZgJKirocuibiU6vzmibYxx37NGrBr
aohzxkndBdS3/cTQ79yQkPP0z/zaxyfaE0pr6IjbsikQM7PQfeIKxaJnY6PjfvB0
1710Z9nUi7Dwzw5C8P+N3HPJzI+2QkEBIwPeC7AEvaH43sQ2i67rKFLLibFjsUKt
OOqkIX3shjcg3JYQT4nhVoBc2ICO3ooALGyuPPxWDS50
-----END CERTIFICATE-----