This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/546dd9-aa48-445e-be60-0907ad34cb9f/1/q5b2DuF1EAMOC22AlAeZQWFkxpU.roa
File:                     q5b2DuF1EAMOC22AlAeZQWFkxpU.roa (raw, json)
Hash identifier:          6KXA/tbOOb8+a5Q0zFi+dIBOh0aAYoOzdzGbwggmS5w=
Subject key identifier:   AB:96:F6:0E:E1:75:10:03:0E:0B:6D:80:94:07:99:41:61:64:C6:95
Certificate issuer:       /CN=d33e131008def705a417f0d40d148a36f25a1a39
Certificate serial:       019B7DCA64FC80D868091500A590B44EC615
Authority key identifier: D3:3E:13:10:08:DE:F7:05:A4:17:F0:D4:0D:14:8A:36:F2:5A:1A:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0z4TEAje9wWkF_DUDRSKNvJaGjk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/546dd9-aa48-445e-be60-0907ad34cb9f/1/q5b2DuF1EAMOC22AlAeZQWFkxpU.roa
Signing time:             Fri 02 Jan 2026 08:19:34 +0000
ROA not before:           Fri 02 Jan 2026 08:19:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197326
IP address blocks:        91.220.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/546dd9-aa48-445e-be60-0907ad34cb9f/1/0z4TEAje9wWkF_DUDRSKNvJaGjk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/546dd9-aa48-445e-be60-0907ad34cb9f/1/0z4TEAje9wWkF_DUDRSKNvJaGjk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0z4TEAje9wWkF_DUDRSKNvJaGjk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 28 Jan 2026 00:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:64:fc:80:d8:68:09:15:00:a5:90:b4:4e:c6:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d33e131008def705a417f0d40d148a36f25a1a39
        Validity
            Not Before: Jan  2 08:19:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ab96f60ee17510030e0b6d80940799416164c695
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:e2:92:07:88:65:b6:70:f4:81:15:cd:8b:fa:
                    f5:b9:db:bf:bd:e7:e0:03:74:17:87:3b:bc:af:25:
                    aa:5e:7f:9d:8e:c4:7c:1a:b3:c8:e7:4a:51:ab:67:
                    d7:03:53:a3:41:92:4f:d1:3f:70:c5:5b:56:63:e5:
                    27:b0:ac:dd:b9:d6:8f:4b:f1:1b:f8:bc:df:28:4f:
                    3a:1d:53:b2:79:82:8c:4d:07:47:61:20:6f:bc:93:
                    57:09:74:42:26:9e:83:92:d7:79:b2:fb:70:12:3c:
                    a3:b2:b6:1a:50:dc:69:b4:da:73:c6:aa:f1:1c:ae:
                    5c:7a:e5:4f:62:8c:85:1e:42:6e:5e:e2:33:f3:5d:
                    dd:c4:da:a5:21:5c:61:2b:b5:93:3d:57:d8:98:d8:
                    f5:4c:da:cc:6a:f6:7c:c9:58:22:72:b7:87:e5:be:
                    18:0e:5c:5a:19:db:e0:03:12:39:2a:26:76:90:3d:
                    84:4a:d4:31:13:54:e7:11:57:b3:81:87:3f:00:fb:
                    70:10:46:49:6a:84:0e:1f:e4:f6:12:bf:33:0e:03:
                    c5:c4:20:b5:8f:69:3c:b3:11:c4:c2:13:49:e4:60:
                    9a:02:f1:e2:7c:21:97:f9:7d:46:7c:1f:07:a2:c3:
                    03:34:07:e5:4d:2f:02:bd:78:64:36:24:0a:9e:2c:
                    de:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:96:F6:0E:E1:75:10:03:0E:0B:6D:80:94:07:99:41:61:64:C6:95
            X509v3 Authority Key Identifier:
                keyid:D3:3E:13:10:08:DE:F7:05:A4:17:F0:D4:0D:14:8A:36:F2:5A:1A:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0z4TEAje9wWkF_DUDRSKNvJaGjk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/546dd9-aa48-445e-be60-0907ad34cb9f/1/q5b2DuF1EAMOC22AlAeZQWFkxpU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/546dd9-aa48-445e-be60-0907ad34cb9f/1/0z4TEAje9wWkF_DUDRSKNvJaGjk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:a1:72:0d:31:c9:b0:a5:a1:83:b8:43:b5:1e:38:9b:e4:8d:
         a6:c0:a2:f5:15:0b:46:d4:11:32:c9:3e:5d:dc:28:7e:f3:7e:
         32:a8:8f:ea:c0:8c:67:a1:7e:d4:f2:bb:89:0c:b4:aa:32:7e:
         b0:d9:1e:b7:28:50:f3:e8:fd:4b:46:ca:3a:e3:39:b9:16:75:
         f6:45:da:c2:1e:2e:27:29:ce:1a:ca:17:25:87:a2:9c:04:e3:
         44:ab:16:54:0e:61:2c:36:ed:8c:eb:71:b0:02:2e:4d:bb:d8:
         4e:d5:13:e4:21:76:d5:3a:41:af:2a:4a:d2:16:d8:34:69:76:
         00:03:c5:c3:92:d2:f8:6f:16:d3:5c:82:6a:52:e9:98:2c:23:
         f6:57:a4:f1:c7:2b:56:22:02:8d:b0:86:46:7d:2a:17:6e:fd:
         46:de:06:d6:0d:07:b8:53:6f:1c:c2:2a:ba:cc:5b:3b:86:ce:
         e1:62:8d:5d:df:c4:e8:59:e5:96:d2:98:bc:95:98:83:d6:3d:
         67:95:4c:6d:8f:0f:92:2a:13:86:1c:de:80:0e:d2:c2:d0:8b:
         91:c5:49:7c:1a:29:3d:ce:da:a4:4c:7d:23:14:23:51:e7:b0:
         ba:a1:2e:6d:fd:20:1e:70:17:07:c6:43:9b:cd:71:95:c0:54:
         b6:ac:82:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9ymT8gNhoCRUApZC0TsYVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzM2UxMzEwMDhkZWY3MDVhNDE3ZjBkNDBkMTQ4YTM2ZjI1
YTFhMzkwHhcNMjYwMTAyMDgxOTM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjk2ZjYwZWUxNzUxMDAzMGUwYjZkODA5NDA3OTk0MTYxNjRjNjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtuKSB4hltnD0gRXNi/r1udu/vefg
A3QXhzu8ryWqXn+djsR8GrPI50pRq2fXA1OjQZJP0T9wxVtWY+UnsKzdudaPS/Eb
+LzfKE86HVOyeYKMTQdHYSBvvJNXCXRCJp6Dktd5svtwEjyjsrYaUNxptNpzxqrx
HK5ceuVPYoyFHkJuXuIz813dxNqlIVxhK7WTPVfYmNj1TNrMavZ8yVgicreH5b4Y
DlxaGdvgAxI5KiZ2kD2EStQxE1TnEVezgYc/APtwEEZJaoQOH+T2Er8zDgPFxCC1
j2k8sxHEwhNJ5GCaAvHifCGX+X1GfB8HosMDNAflTS8CvXhkNiQKnizeLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKuW9g7hdRADDgttgJQHmUFhZMaVMB8GA1UdIwQY
MBaAFNM+ExAI3vcFpBfw1A0UijbyWho5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHo0VEVBamU5d1drRl9EVURSU0tOdkphR2prLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC81NDZkZDktYWE0OC00NDVlLWJlNjAt
MDkwN2FkMzRjYjlmLzEvcTViMkR1RjFFQU1PQzIyQWxBZVpRV0ZreHBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC81NDZkZDktYWE0OC00NDVlLWJlNjAtMDkwN2FkMzRjYjlm
LzEvMHo0VEVBamU5d1drRl9EVURSU0tOdkphR2prLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9w3MA0G
CSqGSIb3DQEBCwUAA4IBAQCdoXINMcmwpaGDuEO1Hjib5I2mwKL1FQtG1BEyyT5d
3Ch+834yqI/qwIxnoX7U8ruJDLSqMn6w2R63KFDz6P1LRso64zm5FnX2RdrCHi4n
Kc4ayhclh6KcBONEqxZUDmEsNu2M63GwAi5Nu9hO1RPkIXbVOkGvKkrSFtg0aXYA
A8XDktL4bxbTXIJqUumYLCP2V6TxxytWIgKNsIZGfSoXbv1G3gbWDQe4U28cwiq6
zFs7hs7hYo1d38ToWeWW0pi8lZiD1j1nlUxtjw+SKhOGHN6ADtLC0IuRxUl8Gik9
ztqkTH0jFCNR57C6oS5t/SAecBcHxkObzXGVwFS2rIK5
-----END CERTIFICATE-----