This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/25daa4-f7fa-40fa-9250-996326ca7dd6/1/FOZyNBk5qscMis-9FzsyuX10OZ4.roa
File:                     FOZyNBk5qscMis-9FzsyuX10OZ4.roa (raw, json)
Hash identifier:          o+pJe9mj3hblMbWE+RFJ1FoJSPltMRx3Pyr1PBvX55Q=
Subject key identifier:   14:E6:72:34:19:39:AA:C7:0C:8A:CF:BD:17:3B:32:B9:7D:74:39:9E
Certificate issuer:       /CN=46f3f9b41f45a0f97b2a6a811ca67a0402a0477f
Certificate serial:       019B7D5B2FF95D4F6BA09AB8C2CA9A25C5FD
Authority key identifier: 46:F3:F9:B4:1F:45:A0:F9:7B:2A:6A:81:1C:A6:7A:04:02:A0:47:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RvP5tB9FoPl7KmqBHKZ6BAKgR38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/25daa4-f7fa-40fa-9250-996326ca7dd6/1/FOZyNBk5qscMis-9FzsyuX10OZ4.roa
Signing time:             Fri 02 Jan 2026 06:18:06 +0000
ROA not before:           Fri 02 Jan 2026 06:18:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43663
IP address blocks:        91.198.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/25daa4-f7fa-40fa-9250-996326ca7dd6/1/RvP5tB9FoPl7KmqBHKZ6BAKgR38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/25daa4-f7fa-40fa-9250-996326ca7dd6/1/RvP5tB9FoPl7KmqBHKZ6BAKgR38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RvP5tB9FoPl7KmqBHKZ6BAKgR38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5b:2f:f9:5d:4f:6b:a0:9a:b8:c2:ca:9a:25:c5:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=46f3f9b41f45a0f97b2a6a811ca67a0402a0477f
        Validity
            Not Before: Jan  2 06:18:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=14e672341939aac70c8acfbd173b32b97d74399e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:b7:11:57:ae:07:8c:46:b3:b5:59:d6:75:41:
                    57:a3:5c:65:0c:66:72:52:b6:c5:9a:a0:a8:98:01:
                    f7:f2:85:d4:46:6f:d7:f9:cd:9e:e4:d8:60:0e:a6:
                    5d:05:85:d1:2a:53:c3:0e:75:40:4b:b9:65:87:a6:
                    47:a0:ac:0b:e0:7b:da:4f:c0:58:6d:fb:eb:f7:92:
                    0d:9e:0c:e1:e5:f3:29:1a:95:39:f7:d2:4b:e9:0a:
                    d5:f9:c7:3e:ae:1d:84:39:0c:eb:ef:d4:50:1d:05:
                    7f:33:5f:4d:6f:f4:eb:41:01:da:c6:89:b4:67:15:
                    34:8d:9c:23:5c:62:61:7f:ee:25:d8:ff:dc:eb:17:
                    67:33:4c:1a:9f:cd:7d:b9:9d:68:f3:55:dc:c5:10:
                    2e:a6:9d:02:e0:26:0c:1c:0a:da:15:67:77:0a:ab:
                    0f:29:e1:a8:b3:44:e2:84:87:6c:55:7a:73:70:ec:
                    25:78:56:5d:b5:da:ed:6d:ff:d3:52:c6:a4:4e:61:
                    2e:53:53:88:3c:4d:a8:ca:51:27:d1:72:4e:e6:49:
                    a1:e4:8b:18:cb:22:91:d3:2a:3c:dc:e0:9f:bc:9b:
                    79:ef:71:18:fb:e8:11:bf:1a:72:14:0a:b5:fe:66:
                    8e:99:37:cb:07:0b:18:ae:01:22:6e:f7:de:bb:57:
                    d6:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:E6:72:34:19:39:AA:C7:0C:8A:CF:BD:17:3B:32:B9:7D:74:39:9E
            X509v3 Authority Key Identifier:
                keyid:46:F3:F9:B4:1F:45:A0:F9:7B:2A:6A:81:1C:A6:7A:04:02:A0:47:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RvP5tB9FoPl7KmqBHKZ6BAKgR38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/25daa4-f7fa-40fa-9250-996326ca7dd6/1/FOZyNBk5qscMis-9FzsyuX10OZ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/25daa4-f7fa-40fa-9250-996326ca7dd6/1/RvP5tB9FoPl7KmqBHKZ6BAKgR38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:b6:62:dd:bc:32:ee:4e:4a:38:f7:f3:80:27:07:a5:97:da:
         d5:35:64:b5:0a:33:44:95:8d:93:e9:52:61:27:c5:89:31:f6:
         c6:aa:9e:e9:46:57:1b:94:e1:46:62:74:ca:ab:cb:5f:9b:a0:
         f4:2d:b7:ae:dd:c1:b9:b6:60:97:67:55:de:76:7d:50:7c:c2:
         41:87:2e:5d:17:53:8c:4d:64:7d:54:18:cb:1f:39:85:95:0b:
         58:06:7a:65:c2:24:a7:4d:7b:86:9c:4f:be:56:16:d5:bc:4c:
         57:57:04:02:b2:c8:d3:0d:37:27:fe:7f:8c:f2:bf:dc:ad:1f:
         57:39:68:30:a8:81:9a:23:91:b5:34:9b:d2:83:f7:5b:f5:b3:
         1a:d0:e4:25:c0:da:12:5a:1b:65:8d:8e:2d:bc:a1:fb:40:6c:
         34:80:96:60:46:55:27:b7:a3:94:04:9d:a0:f4:3c:fc:33:e3:
         05:0b:c9:f5:37:aa:24:25:6d:3e:09:37:09:fa:9c:a9:42:e5:
         f6:49:de:b2:1e:2f:39:a3:a4:63:cc:3c:6e:08:4f:63:3e:12:
         6a:92:fd:66:c7:13:e4:55:37:5c:ef:9c:96:7d:52:51:17:53:
         7d:9f:2d:84:cc:b4:1a:06:b1:55:f0:52:f0:8f:26:48:16:52:
         aa:ff:0c:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9Wy/5XU9roJq4wsqaJcX9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2ZjNmOWI0MWY0NWEwZjk3YjJhNmE4MTFjYTY3YTA0MDJh
MDQ3N2YwHhcNMjYwMTAyMDYxODA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGU2NzIzNDE5MzlhYWM3MGM4YWNmYmQxNzNiMzJiOTdkNzQzOTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbcRV64HjEaztVnWdUFXo1xlDGZy
UrbFmqComAH38oXURm/X+c2e5NhgDqZdBYXRKlPDDnVAS7llh6ZHoKwL4HvaT8BY
bfvr95INngzh5fMpGpU599JL6QrV+cc+rh2EOQzr79RQHQV/M19Nb/TrQQHaxom0
ZxU0jZwjXGJhf+4l2P/c6xdnM0wan819uZ1o81XcxRAupp0C4CYMHAraFWd3CqsP
KeGos0TihIdsVXpzcOwleFZdtdrtbf/TUsakTmEuU1OIPE2oylEn0XJO5kmh5IsY
yyKR0yo83OCfvJt573EY++gRvxpyFAq1/maOmTfLBwsYrgEibvfeu1fWkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBTmcjQZOarHDIrPvRc7Mrl9dDmeMB8GA1UdIwQY
MBaAFEbz+bQfRaD5eypqgRymegQCoEd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnZQNXRCOUZvUGw3S21xQkhLWjZCQUtnUjM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS8yNWRhYTQtZjdmYS00MGZhLTkyNTAt
OTk2MzI2Y2E3ZGQ2LzEvRk9aeU5CazVxc2NNaXMtOUZ6c3l1WDEwT1o0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS8yNWRhYTQtZjdmYS00MGZhLTkyNTAtOTk2MzI2Y2E3ZGQ2
LzEvUnZQNXRCOUZvUGw3S21xQkhLWjZCQUtnUjM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8ZgMA0G
CSqGSIb3DQEBCwUAA4IBAQCYtmLdvDLuTko49/OAJwell9rVNWS1CjNElY2T6VJh
J8WJMfbGqp7pRlcblOFGYnTKq8tfm6D0Lbeu3cG5tmCXZ1Xedn1QfMJBhy5dF1OM
TWR9VBjLHzmFlQtYBnplwiSnTXuGnE++VhbVvExXVwQCssjTDTcn/n+M8r/crR9X
OWgwqIGaI5G1NJvSg/db9bMa0OQlwNoSWhtljY4tvKH7QGw0gJZgRlUnt6OUBJ2g
9Dz8M+MFC8n1N6okJW0+CTcJ+pypQuX2Sd6yHi85o6RjzDxuCE9jPhJqkv1mxxPk
VTdc75yWfVJRF1N9ny2EzLQaBrFV8FLwjyZIFlKq/wwi
-----END CERTIFICATE-----