This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/483241-3dba-4392-aab0-39765a3f9dbc/1/hsS_dQVQFPV5hLzgsOTPdvSM2Go.roa
File:                     hsS_dQVQFPV5hLzgsOTPdvSM2Go.roa (raw, json)
Hash identifier:          ATrYNNXfTceiohlPFSe9W4JtggiaqmzTnSYR0lAfwkI=
Subject key identifier:   86:C4:BF:75:05:50:14:F5:79:84:BC:E0:B0:E4:CF:76:F4:8C:D8:6A
Certificate issuer:       /CN=75d0ebd8f566e3fab7e2354b714060c6fa47e254
Certificate serial:       019B7B36BC3F67025FCBB22D6144AEB44377
Authority key identifier: 75:D0:EB:D8:F5:66:E3:FA:B7:E2:35:4B:71:40:60:C6:FA:47:E2:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ddDr2PVm4_q34jVLcUBgxvpH4lQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/483241-3dba-4392-aab0-39765a3f9dbc/1/hsS_dQVQFPV5hLzgsOTPdvSM2Go.roa
Signing time:             Thu 01 Jan 2026 20:19:03 +0000
ROA not before:           Thu 01 Jan 2026 20:19:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60510
IP address blocks:        91.238.34.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/483241-3dba-4392-aab0-39765a3f9dbc/1/ddDr2PVm4_q34jVLcUBgxvpH4lQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/483241-3dba-4392-aab0-39765a3f9dbc/1/ddDr2PVm4_q34jVLcUBgxvpH4lQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ddDr2PVm4_q34jVLcUBgxvpH4lQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:bc:3f:67:02:5f:cb:b2:2d:61:44:ae:b4:43:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=75d0ebd8f566e3fab7e2354b714060c6fa47e254
        Validity
            Not Before: Jan  1 20:19:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=86c4bf75055014f57984bce0b0e4cf76f48cd86a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:65:e9:b5:15:15:b4:d8:bf:77:6a:bb:9f:28:
                    f1:97:81:0a:03:a9:e1:a7:91:41:08:b3:2e:a3:12:
                    76:76:35:38:9d:be:78:64:0a:41:50:b8:c9:30:a0:
                    aa:c3:93:ca:1f:e9:59:d6:ed:df:90:b4:f2:d4:36:
                    66:40:3c:f3:94:38:e6:0d:34:59:dc:0a:52:51:b0:
                    65:71:5e:eb:e2:69:0b:89:4d:9f:69:f5:73:f5:8e:
                    2b:ee:af:e7:9a:c3:5d:5e:04:68:9d:fa:a7:b4:3a:
                    65:e5:e0:e9:e3:55:28:a5:06:95:5e:1f:0a:b0:7c:
                    df:d0:27:b1:46:93:6d:e0:e0:aa:8a:2c:51:5b:39:
                    ed:39:52:a3:0b:fd:72:15:06:c0:aa:e0:f6:9d:2a:
                    07:3d:61:d7:79:a2:0a:58:b0:96:d8:83:13:cc:0d:
                    f2:df:2d:bc:e1:81:b9:e8:02:a2:99:a8:d3:4b:af:
                    26:d9:9c:c0:f3:7a:49:11:0b:cf:2e:2f:ed:da:06:
                    34:24:51:67:99:e6:a2:0e:d3:6f:0e:1a:f9:b9:e2:
                    c2:5e:9c:42:9c:2a:81:11:f5:a3:75:5f:15:08:13:
                    2c:03:59:ed:d8:b9:4c:8f:23:0a:9e:cd:d5:da:7a:
                    d8:95:74:61:eb:17:81:00:48:4b:24:0e:6e:e3:91:
                    3f:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:C4:BF:75:05:50:14:F5:79:84:BC:E0:B0:E4:CF:76:F4:8C:D8:6A
            X509v3 Authority Key Identifier:
                keyid:75:D0:EB:D8:F5:66:E3:FA:B7:E2:35:4B:71:40:60:C6:FA:47:E2:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ddDr2PVm4_q34jVLcUBgxvpH4lQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/483241-3dba-4392-aab0-39765a3f9dbc/1/hsS_dQVQFPV5hLzgsOTPdvSM2Go.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/483241-3dba-4392-aab0-39765a3f9dbc/1/ddDr2PVm4_q34jVLcUBgxvpH4lQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.238.34.0/23

    Signature Algorithm: sha256WithRSAEncryption
         23:29:a7:79:80:4c:24:e6:c9:c6:ff:ba:0f:6f:e9:d0:3d:de:
         7d:9c:09:66:9b:e0:2e:3f:8e:f0:ab:1a:fd:4f:4f:8b:9a:ee:
         2f:0d:6e:9b:be:6d:a2:cf:67:f1:ff:fc:43:2b:a6:a2:cf:70:
         fd:7f:a5:c5:b4:26:ac:1f:61:58:98:a9:a6:ee:60:11:90:7f:
         6f:4b:8c:86:fc:a7:7a:96:95:ac:53:6b:5c:93:d7:e4:d7:5d:
         14:24:93:65:df:78:e6:92:48:9f:9d:28:4a:68:81:02:e9:2a:
         d8:85:48:35:59:4b:f8:12:09:70:02:65:8f:d6:2d:80:73:04:
         58:eb:e9:0c:10:01:8d:16:f4:90:e6:08:1b:0b:8a:60:78:f3:
         07:38:9c:66:24:11:3e:d2:99:ff:60:49:cb:3c:9e:5e:68:67:
         66:e6:88:21:fa:09:b8:5d:29:0f:ac:ba:cd:20:21:95:97:9f:
         1c:fe:36:1a:d8:97:dc:01:4c:77:57:28:7b:73:24:43:84:e3:
         a2:1f:c5:02:a0:70:27:b0:2d:8f:45:c1:b6:0c:20:65:ab:e7:
         40:fa:f6:cd:d8:17:aa:30:2c:37:b2:09:15:4c:5d:47:b8:0b:
         ba:1d:1b:0a:b0:b7:8b:7e:7f:ea:77:63:3d:de:0e:cb:74:89:
         dd:cd:2b:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7Nrw/ZwJfy7ItYUSutEN3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1ZDBlYmQ4ZjU2NmUzZmFiN2UyMzU0YjcxNDA2MGM2ZmE0
N2UyNTQwHhcNMjYwMTAxMjAxOTAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmM0YmY3NTA1NTAxNGY1Nzk4NGJjZTBiMGU0Y2Y3NmY0OGNkODZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA42XptRUVtNi/d2q7nyjxl4EKA6nh
p5FBCLMuoxJ2djU4nb54ZApBULjJMKCqw5PKH+lZ1u3fkLTy1DZmQDzzlDjmDTRZ
3ApSUbBlcV7r4mkLiU2fafVz9Y4r7q/nmsNdXgRonfqntDpl5eDp41UopQaVXh8K
sHzf0CexRpNt4OCqiixRWzntOVKjC/1yFQbAquD2nSoHPWHXeaIKWLCW2IMTzA3y
3y284YG56AKimajTS68m2ZzA83pJEQvPLi/t2gY0JFFnmeaiDtNvDhr5ueLCXpxC
nCqBEfWjdV8VCBMsA1nt2LlMjyMKns3V2nrYlXRh6xeBAEhLJA5u45E/3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIbEv3UFUBT1eYS84LDkz3b0jNhqMB8GA1UdIwQY
MBaAFHXQ69j1ZuP6t+I1S3FAYMb6R+JUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGREcjJQVm00X3EzNGpWTGNVQmd4dnBINGxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy80ODMyNDEtM2RiYS00MzkyLWFhYjAt
Mzk3NjVhM2Y5ZGJjLzEvaHNTX2RRVlFGUFY1aEx6Z3NPVFBkdlNNMkdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy80ODMyNDEtM2RiYS00MzkyLWFhYjAtMzk3NjVhM2Y5ZGJj
LzEvZGREcjJQVm00X3EzNGpWTGNVQmd4dnBINGxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+4iMA0G
CSqGSIb3DQEBCwUAA4IBAQAjKad5gEwk5snG/7oPb+nQPd59nAlmm+AuP47wqxr9
T0+Lmu4vDW6bvm2iz2fx//xDK6aiz3D9f6XFtCasH2FYmKmm7mARkH9vS4yG/Kd6
lpWsU2tck9fk110UJJNl33jmkkifnShKaIEC6SrYhUg1WUv4EglwAmWP1i2AcwRY
6+kMEAGNFvSQ5ggbC4pgePMHOJxmJBE+0pn/YEnLPJ5eaGdm5ogh+gm4XSkPrLrN
ICGVl58c/jYa2JfcAUx3Vyh7cyRDhOOiH8UCoHAnsC2PRcG2DCBlq+dA+vbN2Beq
MCw3sgkVTF1HuAu6HRsKsLeLfn/qd2M93g7LdIndzSvS
-----END CERTIFICATE-----