This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.


Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/246d03-e090-4325-82f1-0bd095da78ef/1/v1Q5deDRNaYN2rkW1eCtdP2QCKw.roa
File:                     v1Q5deDRNaYN2rkW1eCtdP2QCKw.roa (raw, json)
Hash identifier:          h5DLp92XQ3AvM1H/BlIZUWuG5teJsgAD0mDg6kM2v3U=
Subject key identifier:   BF:54:39:75:E0:D1:35:A6:0D:DA:B9:16:D5:E0:AD:74:FD:90:08:AC
Certificate issuer:       /CN=47bf2ffeda381e54818df07052cf67e222515f89
Certificate serial:       019B7DCACDD067A91EC09BB0929597D49BFD
Authority key identifier: 47:BF:2F:FE:DA:38:1E:54:81:8D:F0:70:52:CF:67:E2:22:51:5F:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R78v_to4HlSBjfBwUs9n4iJRX4k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/246d03-e090-4325-82f1-0bd095da78ef/1/v1Q5deDRNaYN2rkW1eCtdP2QCKw.roa
Signing time:             Fri 02 Jan 2026 08:20:01 +0000
ROA not before:           Fri 02 Jan 2026 08:20:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396982
IP address blocks:        80.91.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/246d03-e090-4325-82f1-0bd095da78ef/1/R78v_to4HlSBjfBwUs9n4iJRX4k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/246d03-e090-4325-82f1-0bd095da78ef/1/R78v_to4HlSBjfBwUs9n4iJRX4k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R78v_to4HlSBjfBwUs9n4iJRX4k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 Jan 2026 21:02:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:cd:d0:67:a9:1e:c0:9b:b0:92:95:97:d4:9b:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=47bf2ffeda381e54818df07052cf67e222515f89
        Validity
            Not Before: Jan  2 08:20:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bf543975e0d135a60ddab916d5e0ad74fd9008ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:f3:6b:02:ed:ae:7c:28:2b:82:c6:6b:f0:92:
                    6e:94:e5:d3:13:d4:a7:7a:67:ad:68:02:04:d3:ed:
                    19:6c:08:dc:26:43:ec:13:01:f3:fc:7e:7b:b5:c3:
                    a8:b3:a2:26:80:4f:70:63:c2:22:4b:de:c8:59:d1:
                    3a:0e:17:1a:a4:b5:d3:a0:5d:44:33:86:cb:1b:b3:
                    ce:70:c6:81:b2:02:22:2a:b8:73:af:d3:6e:2c:58:
                    0b:5e:58:9f:0b:3c:d5:37:b5:a3:8d:5f:c1:59:57:
                    7d:1d:88:69:6f:7f:b2:34:46:3e:cc:d9:6c:69:cb:
                    fd:b4:5a:30:ff:dd:5a:fc:04:3c:df:5d:59:7d:5c:
                    b6:0f:f3:0d:fa:8d:b6:10:4f:d4:d3:39:4d:63:18:
                    81:48:b5:33:8e:a1:09:b7:36:5d:a0:5d:e1:d3:0e:
                    bb:14:eb:c4:32:fc:e1:b7:a2:48:4a:0b:74:46:6e:
                    23:33:78:3a:09:1f:56:cc:e9:46:8e:a4:84:86:28:
                    48:df:25:93:41:c7:51:b5:71:0d:bb:73:61:50:ed:
                    57:50:4d:87:a8:23:d1:a8:08:2c:f0:e0:8f:9a:61:
                    11:78:2b:95:ac:01:b3:aa:41:20:72:79:06:39:4a:
                    45:bb:5e:57:bb:aa:6b:f0:51:6f:b7:fd:9e:41:2f:
                    74:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:54:39:75:E0:D1:35:A6:0D:DA:B9:16:D5:E0:AD:74:FD:90:08:AC
            X509v3 Authority Key Identifier:
                keyid:47:BF:2F:FE:DA:38:1E:54:81:8D:F0:70:52:CF:67:E2:22:51:5F:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R78v_to4HlSBjfBwUs9n4iJRX4k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/246d03-e090-4325-82f1-0bd095da78ef/1/v1Q5deDRNaYN2rkW1eCtdP2QCKw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/246d03-e090-4325-82f1-0bd095da78ef/1/R78v_to4HlSBjfBwUs9n4iJRX4k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.91.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:8c:38:8c:ad:78:0e:4e:cf:48:b9:73:90:e6:03:95:22:18:
         6f:37:45:8e:df:47:f3:80:00:58:78:ba:11:2d:f9:4b:a8:c2:
         83:da:1e:32:c5:4b:27:44:79:ab:de:de:df:ef:6a:f2:56:0c:
         f0:4c:70:0f:75:6f:36:5b:af:2c:ff:90:50:98:eb:64:59:b3:
         83:62:a7:69:80:b6:6b:b9:9d:e1:a6:fd:10:2b:3b:bc:0b:47:
         a1:43:07:06:a5:07:4c:9b:17:d1:ba:6c:01:41:2b:49:8c:c5:
         19:b4:bc:bf:8c:7e:e4:d1:bd:72:16:14:56:31:de:8f:e0:9d:
         7f:86:12:31:18:61:f7:99:fa:51:74:8b:f4:c6:8b:04:a1:32:
         77:aa:a1:61:b2:52:1e:0d:a4:5a:94:a5:10:ff:2f:f0:0a:be:
         93:88:c6:ae:2f:7f:91:d1:f1:5a:d0:a8:6d:15:76:0c:40:48:
         86:98:17:fc:1d:cc:27:8f:00:f5:9f:88:3d:09:85:ae:c2:64:
         40:2d:e0:bc:55:70:13:97:c2:80:8e:cb:dd:e5:61:ab:1a:8d:
         2a:d2:c5:03:0d:7f:e6:54:e2:3a:d8:83:c4:91:50:85:1e:09:
         51:47:37:52:01:e7:e2:75:08:86:a9:cd:f1:c2:fe:1a:05:f9:
         fb:f7:fc:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9ys3QZ6kewJuwkpWX1Jv9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3YmYyZmZlZGEzODFlNTQ4MThkZjA3MDUyY2Y2N2UyMjI1
MTVmODkwHhcNMjYwMTAyMDgyMDAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjU0Mzk3NWUwZDEzNWE2MGRkYWI5MTZkNWUwYWQ3NGZkOTAwOGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPNrAu2ufCgrgsZr8JJulOXTE9Sn
emetaAIE0+0ZbAjcJkPsEwHz/H57tcOos6ImgE9wY8IiS97IWdE6DhcapLXToF1E
M4bLG7POcMaBsgIiKrhzr9NuLFgLXlifCzzVN7WjjV/BWVd9HYhpb3+yNEY+zNls
acv9tFow/91a/AQ8311ZfVy2D/MN+o22EE/U0zlNYxiBSLUzjqEJtzZdoF3h0w67
FOvEMvzht6JISgt0Rm4jM3g6CR9WzOlGjqSEhihI3yWTQcdRtXENu3NhUO1XUE2H
qCPRqAgs8OCPmmEReCuVrAGzqkEgcnkGOUpFu15Xu6pr8FFvt/2eQS90iQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL9UOXXg0TWmDdq5FtXgrXT9kAisMB8GA1UdIwQY
MBaAFEe/L/7aOB5UgY3wcFLPZ+IiUV+JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjc4dl90bzRIbFNCamZCd1VzOW40aUpSWDRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy8yNDZkMDMtZTA5MC00MzI1LTgyZjEt
MGJkMDk1ZGE3OGVmLzEvdjFRNWRlRFJOYVlOMnJrVzFlQ3RkUDJRQ0t3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy8yNDZkMDMtZTA5MC00MzI1LTgyZjEtMGJkMDk1ZGE3OGVm
LzEvUjc4dl90bzRIbFNCamZCd1VzOW40aUpSWDRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUFvhMA0G
CSqGSIb3DQEBCwUAA4IBAQCRjDiMrXgOTs9IuXOQ5gOVIhhvN0WO30fzgABYeLoR
LflLqMKD2h4yxUsnRHmr3t7f72ryVgzwTHAPdW82W68s/5BQmOtkWbODYqdpgLZr
uZ3hpv0QKzu8C0ehQwcGpQdMmxfRumwBQStJjMUZtLy/jH7k0b1yFhRWMd6P4J1/
hhIxGGH3mfpRdIv0xosEoTJ3qqFhslIeDaRalKUQ/y/wCr6TiMauL3+R0fFa0Kht
FXYMQEiGmBf8HcwnjwD1n4g9CYWuwmRALeC8VXATl8KAjsvd5WGrGo0q0sUDDX/m
VOI62IPEkVCFHglRRzdSAefidQiGqc3xwv4aBfn79/yf
-----END CERTIFICATE-----
Generated at Fri Jan 9 06:24:36 2026 by rpki-client