This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/46d8b4-8f47-4e93-acc2-50d005782fab/1/cHwhEhAGxzfypZx4-M1NRLg_x6g.roa
File:                     cHwhEhAGxzfypZx4-M1NRLg_x6g.roa (raw, json)
Hash identifier:          iI8gUBUQGaxZbo8P6CcEli8I0PR4IRfA40i94puh4EU=
Subject key identifier:   70:7C:21:12:10:06:C7:37:F2:A5:9C:78:F8:CD:4D:44:B8:3F:C7:A8
Certificate issuer:       /CN=284427dcebab40ebc19839f2d25eea2ce0a562ff
Certificate serial:       019B7C1223CBB0E57324FB8C29435CECAB0E
Authority key identifier: 28:44:27:DC:EB:AB:40:EB:C1:98:39:F2:D2:5E:EA:2C:E0:A5:62:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KEQn3OurQOvBmDny0l7qLOClYv8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/46d8b4-8f47-4e93-acc2-50d005782fab/1/cHwhEhAGxzfypZx4-M1NRLg_x6g.roa
Signing time:             Fri 02 Jan 2026 00:18:41 +0000
ROA not before:           Fri 02 Jan 2026 00:18:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48620
IP address blocks:        91.220.178.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/46d8b4-8f47-4e93-acc2-50d005782fab/1/KEQn3OurQOvBmDny0l7qLOClYv8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/46d8b4-8f47-4e93-acc2-50d005782fab/1/KEQn3OurQOvBmDny0l7qLOClYv8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KEQn3OurQOvBmDny0l7qLOClYv8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:23:cb:b0:e5:73:24:fb:8c:29:43:5c:ec:ab:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=284427dcebab40ebc19839f2d25eea2ce0a562ff
        Validity
            Not Before: Jan  2 00:18:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=707c21121006c737f2a59c78f8cd4d44b83fc7a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:e4:d4:57:68:3a:62:35:cf:7b:d4:9e:e1:f1:
                    dc:1a:b9:9a:10:15:86:8d:a8:b6:47:f7:26:40:9d:
                    17:e9:0a:8a:b0:88:8d:22:ea:c9:b1:fb:ef:f4:26:
                    cb:79:7e:37:16:69:be:6b:87:cd:87:c2:7a:a2:d1:
                    c0:b6:af:c5:9c:e0:54:f5:56:36:9d:34:40:2a:61:
                    0f:6f:74:8c:e6:dc:13:55:d1:5c:e4:9f:66:11:fc:
                    55:1c:a4:e7:a6:c7:0a:e6:4d:58:1b:df:8a:a8:60:
                    d6:90:18:30:36:46:b4:7f:be:02:93:cc:4d:86:ba:
                    c2:44:a7:b9:f4:74:7e:73:7e:bb:0e:13:0a:9d:29:
                    d1:d9:37:6e:f9:19:77:22:6d:ed:87:f6:60:99:47:
                    1f:5d:1a:2a:60:45:bf:5a:94:b2:94:dd:d6:f3:c9:
                    1e:c2:56:96:23:a6:44:6d:ac:fb:7d:1e:88:07:9e:
                    61:2c:11:1b:df:b5:4d:30:67:21:4a:ae:a2:8d:2e:
                    72:03:1f:6a:2a:9f:cd:51:2a:df:26:31:51:72:33:
                    33:da:36:8b:f9:c0:02:42:e4:19:0e:d6:4f:e4:e7:
                    9f:95:b4:e4:95:dc:b5:e2:df:40:2d:07:c7:be:3a:
                    7b:69:fe:59:fb:9e:fe:78:76:f5:9b:b7:9e:7c:fe:
                    e1:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:7C:21:12:10:06:C7:37:F2:A5:9C:78:F8:CD:4D:44:B8:3F:C7:A8
            X509v3 Authority Key Identifier:
                keyid:28:44:27:DC:EB:AB:40:EB:C1:98:39:F2:D2:5E:EA:2C:E0:A5:62:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KEQn3OurQOvBmDny0l7qLOClYv8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/46d8b4-8f47-4e93-acc2-50d005782fab/1/cHwhEhAGxzfypZx4-M1NRLg_x6g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/46d8b4-8f47-4e93-acc2-50d005782fab/1/KEQn3OurQOvBmDny0l7qLOClYv8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:57:31:91:d4:0d:27:cb:bb:fc:04:a9:6b:ff:4f:54:92:e3:
         1e:fa:80:7c:94:6e:bc:aa:fd:d3:25:7d:7b:f8:00:08:92:6f:
         ec:c3:32:4c:46:b8:cd:2a:23:f2:41:85:16:5b:d9:79:9f:78:
         83:0d:67:79:92:a9:30:6c:fa:62:35:83:17:ae:23:de:81:2a:
         a1:e5:06:b0:be:57:01:ef:7f:32:f3:bd:2e:66:3c:c0:d2:7c:
         ff:93:8e:20:9a:70:8a:32:e3:de:21:e5:9c:d8:a6:7e:66:df:
         83:63:78:98:b8:3f:a9:3b:74:c3:2a:cd:95:a3:f6:3a:c8:9e:
         71:44:83:56:cb:8b:f1:b6:55:63:21:b0:ef:3d:fc:03:75:79:
         82:bb:5a:04:31:79:5d:5d:d0:69:ad:54:5a:c4:34:d8:61:36:
         e2:25:92:e6:8e:98:95:5a:60:f3:72:fd:56:8c:21:4c:23:bb:
         a2:e5:04:73:bf:44:e1:ac:9b:a5:df:4f:73:22:04:58:c2:9c:
         cc:89:3a:eb:29:dc:8f:97:43:6f:88:58:39:b7:69:36:8b:5c:
         3a:1d:84:72:29:09:34:5a:30:c8:97:e9:8e:39:4f:20:ac:cc:
         e6:6c:49:49:8e:a9:b3:20:76:05:d9:c4:52:36:3c:2f:df:31:
         db:bd:39:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EiPLsOVzJPuMKUNc7KsOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4NDQyN2RjZWJhYjQwZWJjMTk4MzlmMmQyNWVlYTJjZTBh
NTYyZmYwHhcNMjYwMTAyMDAxODQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDdjMjExMjEwMDZjNzM3ZjJhNTljNzhmOGNkNGQ0NGI4M2ZjN2E4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAluTUV2g6YjXPe9Se4fHcGrmaEBWG
jai2R/cmQJ0X6QqKsIiNIurJsfvv9CbLeX43Fmm+a4fNh8J6otHAtq/FnOBU9VY2
nTRAKmEPb3SM5twTVdFc5J9mEfxVHKTnpscK5k1YG9+KqGDWkBgwNka0f74Ck8xN
hrrCRKe59HR+c367DhMKnSnR2Tdu+Rl3Im3th/ZgmUcfXRoqYEW/WpSylN3W88ke
wlaWI6ZEbaz7fR6IB55hLBEb37VNMGchSq6ijS5yAx9qKp/NUSrfJjFRcjMz2jaL
+cACQuQZDtZP5OeflbTkldy14t9ALQfHvjp7af5Z+57+eHb1m7eefP7hawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHB8IRIQBsc38qWcePjNTUS4P8eoMB8GA1UdIwQY
MBaAFChEJ9zrq0DrwZg58tJe6izgpWL/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0VRbjNPdXJRT3ZCbURueTBsN3FMT0NsWXY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS80NmQ4YjQtOGY0Ny00ZTkzLWFjYzIt
NTBkMDA1NzgyZmFiLzEvY0h3aEVoQUd4emZ5cFp4NC1NMU5STGdfeDZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS80NmQ4YjQtOGY0Ny00ZTkzLWFjYzItNTBkMDA1NzgyZmFi
LzEvS0VRbjNPdXJRT3ZCbURueTBsN3FMT0NsWXY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9yyMA0G
CSqGSIb3DQEBCwUAA4IBAQBNVzGR1A0ny7v8BKlr/09UkuMe+oB8lG68qv3TJX17
+AAIkm/swzJMRrjNKiPyQYUWW9l5n3iDDWd5kqkwbPpiNYMXriPegSqh5QawvlcB
738y870uZjzA0nz/k44gmnCKMuPeIeWc2KZ+Zt+DY3iYuD+pO3TDKs2Vo/Y6yJ5x
RINWy4vxtlVjIbDvPfwDdXmCu1oEMXldXdBprVRaxDTYYTbiJZLmjpiVWmDzcv1W
jCFMI7ui5QRzv0ThrJul309zIgRYwpzMiTrrKdyPl0NviFg5t2k2i1w6HYRyKQk0
WjDIl+mOOU8grMzmbElJjqmzIHYF2cRSNjwv3zHbvTl6
-----END CERTIFICATE-----