This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/52daab-6829-45fa-967e-01f4606c65ec/1/p4UM29YUDWHWrbkHAV81tJBbgCs.roa
File:                     p4UM29YUDWHWrbkHAV81tJBbgCs.roa (raw, json)
Hash identifier:          oM1os/f+fACahPg4Bvsa30+59M1gjbkWOEO/sAa/Tqg=
Subject key identifier:   A7:85:0C:DB:D6:14:0D:61:D6:AD:B9:07:01:5F:35:B4:90:5B:80:2B
Certificate issuer:       /CN=0011400d548fa21af819a0c6e23e77a6012eb5e9
Certificate serial:       019B7F137DF156BD7F9B8BFEE20C4D87D7FC
Authority key identifier: 00:11:40:0D:54:8F:A2:1A:F8:19:A0:C6:E2:3E:77:A6:01:2E:B5:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ABFADVSPohr4GaDG4j53pgEutek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/52daab-6829-45fa-967e-01f4606c65ec/1/p4UM29YUDWHWrbkHAV81tJBbgCs.roa
Signing time:             Fri 02 Jan 2026 14:19:02 +0000
ROA not before:           Fri 02 Jan 2026 14:19:02 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6798
IP address blocks:        91.199.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/52daab-6829-45fa-967e-01f4606c65ec/1/ABFADVSPohr4GaDG4j53pgEutek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/52daab-6829-45fa-967e-01f4606c65ec/1/ABFADVSPohr4GaDG4j53pgEutek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ABFADVSPohr4GaDG4j53pgEutek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:13:7d:f1:56:bd:7f:9b:8b:fe:e2:0c:4d:87:d7:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0011400d548fa21af819a0c6e23e77a6012eb5e9
        Validity
            Not Before: Jan  2 14:19:02 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a7850cdbd6140d61d6adb907015f35b4905b802b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:d2:72:ab:2c:a1:50:5a:67:cb:94:f7:41:55:
                    12:00:b4:d0:94:67:cc:b7:bf:a6:e2:8c:e6:a1:62:
                    1d:da:84:03:b0:54:46:ac:ab:45:ee:c3:ca:71:39:
                    70:87:be:03:af:3e:f2:53:26:f5:01:36:d6:a1:ff:
                    9f:b6:9c:f4:26:cc:60:c5:0a:4a:3f:7b:c1:bc:0c:
                    d7:83:13:dc:06:9d:18:92:23:a4:98:e4:07:1c:a1:
                    42:f6:39:a1:e7:27:3c:c2:c9:eb:4f:31:ba:b1:86:
                    c9:fc:b9:76:d0:4f:1b:cc:c1:7f:0c:6f:b3:e0:4a:
                    d8:30:c4:1a:f2:75:e1:66:8a:14:40:7e:7d:db:b1:
                    f4:49:c9:3d:a7:b7:16:d8:2d:bb:f2:28:f9:4b:67:
                    c3:8c:52:7b:13:87:bd:d3:4a:6c:eb:bb:22:95:ec:
                    46:01:33:e0:3c:dc:1f:ef:39:b0:b2:65:8e:7c:bc:
                    43:ac:00:37:dc:cc:47:a9:3d:f9:f5:dc:f6:dc:ec:
                    a9:0f:bc:c3:83:04:de:e0:0b:93:a4:d7:fe:65:ed:
                    5e:8e:57:9b:53:c3:87:d5:53:75:eb:23:13:bb:2c:
                    52:31:80:e3:47:39:5b:75:36:b4:31:e8:53:af:ea:
                    1b:dd:65:23:1b:8a:75:41:9d:14:79:bc:ef:40:d6:
                    12:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:85:0C:DB:D6:14:0D:61:D6:AD:B9:07:01:5F:35:B4:90:5B:80:2B
            X509v3 Authority Key Identifier:
                keyid:00:11:40:0D:54:8F:A2:1A:F8:19:A0:C6:E2:3E:77:A6:01:2E:B5:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ABFADVSPohr4GaDG4j53pgEutek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/52daab-6829-45fa-967e-01f4606c65ec/1/p4UM29YUDWHWrbkHAV81tJBbgCs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/52daab-6829-45fa-967e-01f4606c65ec/1/ABFADVSPohr4GaDG4j53pgEutek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:29:e2:15:75:67:98:a8:6e:13:c6:5c:67:88:06:f5:ca:38:
         e6:f8:02:44:3c:5d:7c:00:e9:b7:40:65:f9:6d:37:80:f6:ce:
         42:3c:59:90:d8:c5:85:f8:ce:2e:73:9b:30:39:b1:0d:9f:f9:
         b7:e6:3d:3d:47:2a:d4:36:a4:08:5d:48:92:59:36:ce:ac:69:
         6d:95:d7:f8:80:b2:ae:b6:5e:37:71:5c:4b:c7:43:e0:84:da:
         7d:37:95:d4:32:86:10:83:f2:91:0e:09:e8:d2:f4:67:e1:18:
         e3:50:5c:2f:13:e0:77:e7:8f:8d:0d:f1:54:05:0e:c0:3a:5b:
         92:6d:e2:c7:76:d5:54:92:9e:fe:db:37:d8:93:06:21:f5:bb:
         40:81:46:7b:01:4f:b9:82:0e:8a:16:a0:0c:5e:07:c1:24:be:
         10:ec:51:c7:4a:c2:47:bf:5a:52:e6:95:ae:65:3a:78:7a:4a:
         50:06:01:b8:8b:dc:68:e8:d5:ed:9b:05:a2:f2:24:bd:7f:f1:
         3b:6d:da:37:4b:85:32:4f:4e:f5:46:46:03:ba:cf:ac:36:d5:
         5d:54:05:fd:c9:c3:09:f4:20:86:ca:66:0c:31:e2:04:c3:42:
         f1:3e:a2:b3:c7:28:85:a4:95:ab:f8:43:4c:2c:20:b7:73:c1:
         3b:a4:7f:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/E33xVr1/m4v+4gxNh9f8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwMTE0MDBkNTQ4ZmEyMWFmODE5YTBjNmUyM2U3N2E2MDEy
ZWI1ZTkwHhcNMjYwMTAyMTQxOTAyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzg1MGNkYmQ2MTQwZDYxZDZhZGI5MDcwMTVmMzViNDkwNWI4MDJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt9JyqyyhUFpny5T3QVUSALTQlGfM
t7+m4ozmoWId2oQDsFRGrKtF7sPKcTlwh74Drz7yUyb1ATbWof+ftpz0JsxgxQpK
P3vBvAzXgxPcBp0YkiOkmOQHHKFC9jmh5yc8wsnrTzG6sYbJ/Ll20E8bzMF/DG+z
4ErYMMQa8nXhZooUQH5927H0Sck9p7cW2C278ij5S2fDjFJ7E4e900ps67silexG
ATPgPNwf7zmwsmWOfLxDrAA33MxHqT359dz23OypD7zDgwTe4AuTpNf+Ze1ejleb
U8OH1VN16yMTuyxSMYDjRzlbdTa0MehTr+ob3WUjG4p1QZ0UebzvQNYSqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKeFDNvWFA1h1q25BwFfNbSQW4ArMB8GA1UdIwQY
MBaAFAARQA1Uj6Ia+BmgxuI+d6YBLrXpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUJGQURWU1BvaHI0R2FERzRqNTNwZ0V1dGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy81MmRhYWItNjgyOS00NWZhLTk2N2Ut
MDFmNDYwNmM2NWVjLzEvcDRVTTI5WVVEV0hXcmJrSEFWODF0SkJiZ0NzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy81MmRhYWItNjgyOS00NWZhLTk2N2UtMDFmNDYwNmM2NWVj
LzEvQUJGQURWU1BvaHI0R2FERzRqNTNwZ0V1dGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8dGMA0G
CSqGSIb3DQEBCwUAA4IBAQAVKeIVdWeYqG4TxlxniAb1yjjm+AJEPF18AOm3QGX5
bTeA9s5CPFmQ2MWF+M4uc5swObENn/m35j09RyrUNqQIXUiSWTbOrGltldf4gLKu
tl43cVxLx0PghNp9N5XUMoYQg/KRDgno0vRn4RjjUFwvE+B354+NDfFUBQ7AOluS
beLHdtVUkp7+2zfYkwYh9btAgUZ7AU+5gg6KFqAMXgfBJL4Q7FHHSsJHv1pS5pWu
ZTp4ekpQBgG4i9xo6NXtmwWi8iS9f/E7bdo3S4UyT071RkYDus+sNtVdVAX9ycMJ
9CCGymYMMeIEw0LxPqKzxyiFpJWr+ENMLCC3c8E7pH9q
-----END CERTIFICATE-----