This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/626525-6ac4-4ad3-b8d2-9c3000245676/1/aYkOORdOjghP0b0H8Khztmylcj0.roa
File:                     aYkOORdOjghP0b0H8Khztmylcj0.roa (raw, json)
Hash identifier:          cftGer896cxsIKx2zfTmvwrI4NNvGaw6Mpm7/zfzAB4=
Subject key identifier:   69:89:0E:39:17:4E:8E:08:4F:D1:BD:07:F0:A8:73:B6:6C:A5:72:3D
Certificate issuer:       /CN=2f920d9912b3a728b94818188ef3e3e57f8d3f9c
Certificate serial:       019B7C7FEBABED3B34F4BCCB272B37EC85FC
Authority key identifier: 2F:92:0D:99:12:B3:A7:28:B9:48:18:18:8E:F3:E3:E5:7F:8D:3F:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L5INmRKzpyi5SBgYjvPj5X-NP5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/626525-6ac4-4ad3-b8d2-9c3000245676/1/aYkOORdOjghP0b0H8Khztmylcj0.roa
Signing time:             Fri 02 Jan 2026 02:18:36 +0000
ROA not before:           Fri 02 Jan 2026 02:18:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204991
IP address blocks:        91.203.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/626525-6ac4-4ad3-b8d2-9c3000245676/1/L5INmRKzpyi5SBgYjvPj5X-NP5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/626525-6ac4-4ad3-b8d2-9c3000245676/1/L5INmRKzpyi5SBgYjvPj5X-NP5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L5INmRKzpyi5SBgYjvPj5X-NP5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:7f:eb:ab:ed:3b:34:f4:bc:cb:27:2b:37:ec:85:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f920d9912b3a728b94818188ef3e3e57f8d3f9c
        Validity
            Not Before: Jan  2 02:18:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=69890e39174e8e084fd1bd07f0a873b66ca5723d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:48:41:fb:12:0f:f3:55:2c:bf:2f:7b:8d:6c:
                    3b:63:f1:a8:55:e3:48:b4:17:ed:46:e4:27:27:d2:
                    a2:b9:7b:df:c4:2c:b7:5c:2c:98:cf:ab:a6:91:dd:
                    60:7c:b7:b0:cb:52:91:9f:a3:a1:b4:84:78:16:1a:
                    94:02:78:d1:67:93:aa:97:55:65:79:9e:2e:f3:5b:
                    ed:c7:90:48:7c:49:b2:59:49:47:d9:22:8b:84:a7:
                    c2:59:12:4e:d9:60:19:27:2a:21:d9:6f:96:a6:8a:
                    df:e3:db:24:92:34:a0:b4:93:52:bb:57:c4:2d:cf:
                    7c:7e:b3:20:51:aa:f1:ce:3a:58:a8:46:66:35:8c:
                    75:84:60:d2:b5:43:16:c3:97:bd:c5:75:b5:34:86:
                    08:94:b9:7d:b9:5b:67:59:d6:97:a0:0b:76:b5:f9:
                    01:e2:e8:d7:ee:49:8e:11:f4:3a:03:b8:f1:06:2b:
                    01:1a:b8:f3:2a:10:69:37:20:b2:81:17:aa:d8:1d:
                    3d:64:ae:3e:5b:06:02:43:a9:54:81:5b:09:1d:88:
                    d4:50:d0:b5:8a:7c:6e:53:e0:8b:14:59:73:6b:0d:
                    13:47:8c:d9:d6:a9:15:b6:cb:41:f0:4d:7f:e8:5c:
                    fe:27:97:e9:13:a6:b4:7e:2e:9c:3b:6b:4a:e2:27:
                    60:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:89:0E:39:17:4E:8E:08:4F:D1:BD:07:F0:A8:73:B6:6C:A5:72:3D
            X509v3 Authority Key Identifier:
                keyid:2F:92:0D:99:12:B3:A7:28:B9:48:18:18:8E:F3:E3:E5:7F:8D:3F:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L5INmRKzpyi5SBgYjvPj5X-NP5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/626525-6ac4-4ad3-b8d2-9c3000245676/1/aYkOORdOjghP0b0H8Khztmylcj0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/626525-6ac4-4ad3-b8d2-9c3000245676/1/L5INmRKzpyi5SBgYjvPj5X-NP5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.203.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:ea:aa:50:5f:03:dd:e7:98:80:a8:c0:73:24:cc:b5:8d:6f:
         03:49:12:af:cb:87:84:37:e4:2a:1b:b9:29:7a:ee:48:56:4a:
         43:70:d1:04:10:03:4c:48:6f:67:61:24:ee:62:be:c2:05:aa:
         03:46:af:9b:9e:75:0c:90:1c:e0:bb:a2:a6:45:c1:44:b4:c9:
         dc:2d:bd:e9:8b:85:47:ee:92:86:4a:25:ee:6d:45:bc:68:9a:
         75:57:b4:b9:ca:3f:69:b7:34:6d:b5:15:4e:cc:c6:56:32:77:
         80:b1:89:38:81:a6:d6:99:de:6e:a9:f5:b4:d7:e1:18:1d:3f:
         09:28:bc:4c:68:0d:0f:a7:be:db:69:16:c0:e7:a6:53:cc:1c:
         12:f0:4e:1e:df:b8:f2:42:09:c7:b5:2b:e9:9d:91:ce:49:d9:
         03:e6:bd:52:39:57:35:70:d5:0c:35:45:be:c1:49:5e:e1:79:
         0b:1a:ee:8b:52:50:4e:19:57:f0:ea:54:1e:d2:c9:26:48:9d:
         62:98:f9:a1:41:ab:a5:4d:1b:68:a4:d1:0e:59:6b:9f:36:2b:
         63:c0:fb:c1:91:42:03:3b:cf:ab:fe:56:27:da:f5:2a:b6:66:
         cc:b1:5e:81:88:9d:e7:a8:0e:5d:28:e9:99:1c:ce:6e:ef:a1:
         45:cb:8b:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8f+ur7Ts09LzLJys37IX8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmOTIwZDk5MTJiM2E3MjhiOTQ4MTgxODhlZjNlM2U1N2Y4
ZDNmOWMwHhcNMjYwMTAyMDIxODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTg5MGUzOTE3NGU4ZTA4NGZkMWJkMDdmMGE4NzNiNjZjYTU3MjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyUhB+xIP81Usvy97jWw7Y/GoVeNI
tBftRuQnJ9KiuXvfxCy3XCyYz6umkd1gfLewy1KRn6OhtIR4FhqUAnjRZ5Oql1Vl
eZ4u81vtx5BIfEmyWUlH2SKLhKfCWRJO2WAZJyoh2W+Wporf49skkjSgtJNSu1fE
Lc98frMgUarxzjpYqEZmNYx1hGDStUMWw5e9xXW1NIYIlLl9uVtnWdaXoAt2tfkB
4ujX7kmOEfQ6A7jxBisBGrjzKhBpNyCygReq2B09ZK4+WwYCQ6lUgVsJHYjUUNC1
inxuU+CLFFlzaw0TR4zZ1qkVtstB8E1/6Fz+J5fpE6a0fi6cO2tK4idgdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGmJDjkXTo4IT9G9B/Coc7ZspXI9MB8GA1UdIwQY
MBaAFC+SDZkSs6couUgYGI7z4+V/jT+cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDVJTm1SS3pweWk1U0JnWWp2UGo1WC1OUDV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi82MjY1MjUtNmFjNC00YWQzLWI4ZDIt
OWMzMDAwMjQ1Njc2LzEvYVlrT09SZE9qZ2hQMGIwSDhLaHp0bXlsY2owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi82MjY1MjUtNmFjNC00YWQzLWI4ZDItOWMzMDAwMjQ1Njc2
LzEvTDVJTm1SS3pweWk1U0JnWWp2UGo1WC1OUDV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8viMA0G
CSqGSIb3DQEBCwUAA4IBAQBG6qpQXwPd55iAqMBzJMy1jW8DSRKvy4eEN+QqG7kp
eu5IVkpDcNEEEANMSG9nYSTuYr7CBaoDRq+bnnUMkBzgu6KmRcFEtMncLb3pi4VH
7pKGSiXubUW8aJp1V7S5yj9ptzRttRVOzMZWMneAsYk4gabWmd5uqfW01+EYHT8J
KLxMaA0Pp77baRbA56ZTzBwS8E4e37jyQgnHtSvpnZHOSdkD5r1SOVc1cNUMNUW+
wUle4XkLGu6LUlBOGVfw6lQe0skmSJ1imPmhQaulTRtopNEOWWufNitjwPvBkUID
O8+r/lYn2vUqtmbMsV6BiJ3nqA5dKOmZHM5u76FFy4v4
-----END CERTIFICATE-----