This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/Jt1l3PmmzdbcYP2rfmhzsDtcPhI.roa
File:                     Jt1l3PmmzdbcYP2rfmhzsDtcPhI.roa (raw, json)
Hash identifier:          zt/605nd1EgOMLhSVE8EHytRNsfa1q/ziCZNE0ebjzg=
Subject key identifier:   26:DD:65:DC:F9:A6:CD:D6:DC:60:FD:AB:7E:68:73:B0:3B:5C:3E:12
Certificate issuer:       /CN=8b37183341a2ab6df3c59ec827ed71200b5a6244
Certificate serial:       019B7AC7CF8A2DF18A91A03815ACECAF0A5C
Authority key identifier: 8B:37:18:33:41:A2:AB:6D:F3:C5:9E:C8:27:ED:71:20:0B:5A:62:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/Jt1l3PmmzdbcYP2rfmhzsDtcPhI.roa
Signing time:             Thu 01 Jan 2026 18:17:53 +0000
ROA not before:           Thu 01 Jan 2026 18:17:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211440
IP address blocks:        91.217.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c7:cf:8a:2d:f1:8a:91:a0:38:15:ac:ec:af:0a:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b37183341a2ab6df3c59ec827ed71200b5a6244
        Validity
            Not Before: Jan  1 18:17:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=26dd65dcf9a6cdd6dc60fdab7e6873b03b5c3e12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:02:7e:cf:c2:93:cf:53:7c:e2:33:4d:ed:45:
                    a2:e0:12:a3:6c:47:2b:e7:81:56:1e:66:63:e7:45:
                    59:39:06:c9:b5:20:34:df:0e:59:54:47:c1:1f:b2:
                    69:a9:5d:d2:55:e4:3e:1c:8a:1c:5c:65:13:93:20:
                    d5:a5:ed:a3:f1:25:63:7a:ce:d2:13:ca:40:a2:55:
                    aa:b9:64:86:2a:f1:49:2d:6e:25:e4:65:55:f1:92:
                    78:b4:e5:b2:34:ad:55:e7:20:45:20:93:27:2b:7a:
                    ff:ee:22:43:3e:01:b3:d9:48:1b:22:1e:e8:46:4c:
                    f8:1f:3e:e5:3e:7a:55:09:21:ec:9a:3d:7d:0f:bc:
                    a6:fc:ef:97:a6:9f:46:01:fb:a7:94:3e:4c:0b:d1:
                    94:7c:50:05:8c:80:33:3c:e8:d3:f3:d3:d1:ed:d4:
                    4d:ed:00:f3:03:35:41:5a:2c:b4:b2:69:14:0f:fa:
                    9f:e6:c7:8f:34:1e:e5:7a:58:8d:64:0b:cf:a2:48:
                    ae:ed:fe:7b:cd:f8:9a:b8:07:81:41:6d:cd:ad:43:
                    c6:41:28:5f:26:c9:4c:46:27:34:3c:fa:a9:a7:ca:
                    d8:f3:e0:5a:b1:e0:4d:aa:ce:53:23:d7:93:4f:9e:
                    75:69:3d:d7:6a:25:e3:78:69:0a:fc:3e:de:b1:52:
                    45:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:DD:65:DC:F9:A6:CD:D6:DC:60:FD:AB:7E:68:73:B0:3B:5C:3E:12
            X509v3 Authority Key Identifier:
                keyid:8B:37:18:33:41:A2:AB:6D:F3:C5:9E:C8:27:ED:71:20:0B:5A:62:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/Jt1l3PmmzdbcYP2rfmhzsDtcPhI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:3e:83:21:9b:c1:08:b8:89:08:69:d5:35:78:b9:33:ce:0a:
         c5:1d:4f:7b:37:5d:36:ed:f0:76:a4:a0:87:b4:1c:51:16:8a:
         66:77:b3:9a:99:a4:02:d7:a4:7a:26:b9:6f:6a:9d:c6:de:4b:
         5f:32:34:98:05:be:e5:40:31:f0:d2:75:ea:92:b5:27:4f:55:
         8b:fc:15:49:e1:33:ad:5c:d9:c5:7f:ef:b9:2e:f7:7b:2a:8b:
         b5:3a:f2:37:29:6e:11:eb:8b:ce:86:a6:a6:30:15:4a:ff:50:
         6a:8c:3a:ed:0e:65:39:07:bf:a9:d7:f5:5d:7c:bb:94:9e:78:
         7b:e9:42:e1:bd:42:6a:03:47:c7:93:35:f7:de:26:d1:ba:c5:
         1f:2f:2c:71:b7:da:92:0d:cd:18:63:30:e3:98:86:86:ee:37:
         5d:80:f2:78:d6:77:c4:45:d3:15:75:d9:af:9a:59:a2:b3:8b:
         72:10:3f:5e:a4:cd:7b:d4:54:71:0e:69:2d:50:ef:f8:c1:d6:
         82:74:b4:09:3b:32:c3:b0:2b:d1:28:b0:e5:a0:2d:22:ea:05:
         b2:c5:24:52:95:01:72:52:a8:7b:0c:a0:42:61:07:11:bb:c1:
         80:39:1a:1d:5e:5e:1b:c1:37:17:8e:be:46:6b:4a:4b:76:9a:
         46:8e:d8:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6x8+KLfGKkaA4FazsrwpcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiMzcxODMzNDFhMmFiNmRmM2M1OWVjODI3ZWQ3MTIwMGI1
YTYyNDQwHhcNMjYwMTAxMTgxNzUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmRkNjVkY2Y5YTZjZGQ2ZGM2MGZkYWI3ZTY4NzNiMDNiNWMzZTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmQJ+z8KTz1N84jNN7UWi4BKjbEcr
54FWHmZj50VZOQbJtSA03w5ZVEfBH7JpqV3SVeQ+HIocXGUTkyDVpe2j8SVjes7S
E8pAolWquWSGKvFJLW4l5GVV8ZJ4tOWyNK1V5yBFIJMnK3r/7iJDPgGz2UgbIh7o
Rkz4Hz7lPnpVCSHsmj19D7ym/O+Xpp9GAfunlD5MC9GUfFAFjIAzPOjT89PR7dRN
7QDzAzVBWiy0smkUD/qf5sePNB7leliNZAvPokiu7f57zfiauAeBQW3NrUPGQShf
JslMRic0PPqpp8rY8+BaseBNqs5TI9eTT551aT3XaiXjeGkK/D7esVJFmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCbdZdz5ps3W3GD9q35oc7A7XD4SMB8GA1UdIwQY
MBaAFIs3GDNBoqtt88WeyCftcSALWmJEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXpjWU0wR2lxMjN6eFo3SUotMXhJQXRhWWtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8xYzc4ZTMtNjdkNi00ZTkwLWFlYjUt
MDg1MmNiMzUzMjkzLzEvSnQxbDNQbW16ZGJjWVAycmZtaHpzRHRjUGhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8xYzc4ZTMtNjdkNi00ZTkwLWFlYjUtMDg1MmNiMzUzMjkz
LzEvaXpjWU0wR2lxMjN6eFo3SUotMXhJQXRhWWtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9mnMA0G
CSqGSIb3DQEBCwUAA4IBAQA0PoMhm8EIuIkIadU1eLkzzgrFHU97N1027fB2pKCH
tBxRFopmd7OamaQC16R6Jrlvap3G3ktfMjSYBb7lQDHw0nXqkrUnT1WL/BVJ4TOt
XNnFf++5Lvd7Kou1OvI3KW4R64vOhqamMBVK/1BqjDrtDmU5B7+p1/VdfLuUnnh7
6ULhvUJqA0fHkzX33ibRusUfLyxxt9qSDc0YYzDjmIaG7jddgPJ41nfERdMVddmv
mlmis4tyED9epM171FRxDmktUO/4wdaCdLQJOzLDsCvRKLDloC0i6gWyxSRSlQFy
Uqh7DKBCYQcRu8GAORodXl4bwTcXjr5Ga0pLdppGjth+
-----END CERTIFICATE-----