This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/TyNK5jcDwu4OvCEkTpG9DCvvJNo.roa
File:                     TyNK5jcDwu4OvCEkTpG9DCvvJNo.roa (raw, json)
Hash identifier:          KgHof/eEPNXiTkToOF/2pvFjBSv+TU6i4CaKY5owoIU=
Subject key identifier:   4F:23:4A:E6:37:03:C2:EE:0E:BC:21:24:4E:91:BD:0C:2B:EF:24:DA
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019B7D5D4E7119498407B58E41EEC4A671D4
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/TyNK5jcDwu4OvCEkTpG9DCvvJNo.roa
Signing time:             Fri 02 Jan 2026 06:20:25 +0000
ROA not before:           Fri 02 Jan 2026 06:20:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198352
IP address blocks:        91.190.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 11:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5d:4e:71:19:49:84:07:b5:8e:41:ee:c4:a6:71:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  2 06:20:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4f234ae63703c2ee0ebc21244e91bd0c2bef24da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:0e:3d:8b:58:c1:a8:b6:d6:67:ec:7c:df:d1:
                    a2:df:4e:3b:d8:4c:84:59:0f:c8:94:04:9b:0f:a4:
                    a5:31:57:67:79:42:0a:09:86:ec:0e:58:b6:73:b1:
                    c4:80:0e:9c:f0:8d:b7:41:bb:54:a8:dc:df:9c:30:
                    27:b9:d6:5a:35:0d:c5:18:4f:c4:ad:f3:17:f9:1f:
                    9e:73:46:2e:8d:19:c8:3b:ec:fc:64:13:7c:79:4d:
                    af:be:70:46:e1:0c:b4:9d:c2:ac:4e:c8:68:d5:b5:
                    32:a4:e7:c8:72:78:e9:e6:6e:60:81:0d:05:ab:33:
                    d4:21:1d:1a:32:b2:74:02:47:5e:f7:a9:4c:ab:a9:
                    6b:8d:60:70:88:2b:80:28:5f:fb:48:70:55:70:08:
                    ec:8e:61:be:70:2f:6c:90:0a:c3:37:69:70:57:43:
                    62:18:34:58:d5:0c:c7:82:d5:94:fe:44:f5:80:ed:
                    13:7e:06:3b:7b:9f:12:3d:b0:c2:0a:5f:95:f3:ed:
                    bf:75:8f:14:7c:b9:a1:d0:8c:6f:3c:ed:e8:2e:7e:
                    32:b0:89:ad:2b:07:37:69:e5:3e:b4:87:1c:18:61:
                    f7:ad:68:70:4e:4b:1e:e4:ff:5d:7a:37:2c:33:5e:
                    f7:36:fc:bd:4d:dd:62:c1:52:89:10:2b:16:e3:e6:
                    eb:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:23:4A:E6:37:03:C2:EE:0E:BC:21:24:4E:91:BD:0C:2B:EF:24:DA
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/TyNK5jcDwu4OvCEkTpG9DCvvJNo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.190.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:b3:3f:f4:83:df:d1:fb:eb:99:2a:55:75:49:46:39:cc:fa:
         89:9c:8d:03:13:83:33:e5:51:2d:ec:a2:7e:50:e0:47:e3:7a:
         2c:a7:c1:f4:80:eb:df:f8:e0:f1:1a:eb:91:f4:59:fd:a5:02:
         b5:dd:31:5c:34:a9:e4:e0:43:2e:a2:27:02:3f:82:bb:a4:3c:
         2a:bb:da:d9:24:df:c9:bc:6f:b0:6c:8f:cb:fa:1e:06:3b:f3:
         8b:52:08:14:fe:6c:fc:25:53:0e:28:e9:e9:aa:6a:81:7b:f7:
         93:b5:6d:d0:a1:6b:0e:1c:0a:76:92:e3:00:7f:2b:9f:bb:9b:
         26:f5:18:8a:c0:97:e0:ce:3a:cc:4f:f1:54:20:17:96:e5:07:
         22:44:a1:ff:33:89:e0:0f:e4:e3:55:bb:c8:77:d9:7e:ae:ae:
         20:d8:05:a6:e5:a1:c6:44:a8:d1:27:e9:cb:d2:cb:76:13:54:
         9b:12:38:c8:66:0c:8f:cf:2b:c0:ce:56:15:43:e4:a2:00:74:
         86:72:c6:84:1d:81:0f:01:d9:5d:d3:f8:2e:1d:ec:7b:a6:3c:
         dc:55:7c:53:96:75:13:f6:7c:04:08:76:a5:f7:58:da:72:2e:
         c7:9f:0f:35:af:a3:8d:bf:1b:f2:47:27:6d:4a:2b:6d:d6:ee:
         b1:50:b0:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XU5xGUmEB7WOQe7EpnHUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjYwMTAyMDYyMDI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjIzNGFlNjM3MDNjMmVlMGViYzIxMjQ0ZTkxYmQwYzJiZWYyNGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtQ49i1jBqLbWZ+x839Gi30472EyE
WQ/IlASbD6SlMVdneUIKCYbsDli2c7HEgA6c8I23QbtUqNzfnDAnudZaNQ3FGE/E
rfMX+R+ec0YujRnIO+z8ZBN8eU2vvnBG4Qy0ncKsTsho1bUypOfIcnjp5m5ggQ0F
qzPUIR0aMrJ0Akde96lMq6lrjWBwiCuAKF/7SHBVcAjsjmG+cC9skArDN2lwV0Ni
GDRY1QzHgtWU/kT1gO0TfgY7e58SPbDCCl+V8+2/dY8UfLmh0IxvPO3oLn4ysImt
Kwc3aeU+tIccGGH3rWhwTkse5P9dejcsM173Nvy9Td1iwVKJECsW4+brXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE8jSuY3A8LuDrwhJE6RvQwr7yTaMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvVHlOSzVqY0R3dTRPdkNFa1RwRzlEQ3Z2Sk5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW75iMA0G
CSqGSIb3DQEBCwUAA4IBAQCCsz/0g9/R++uZKlV1SUY5zPqJnI0DE4Mz5VEt7KJ+
UOBH43osp8H0gOvf+ODxGuuR9Fn9pQK13TFcNKnk4EMuoicCP4K7pDwqu9rZJN/J
vG+wbI/L+h4GO/OLUggU/mz8JVMOKOnpqmqBe/eTtW3QoWsOHAp2kuMAfyufu5sm
9RiKwJfgzjrMT/FUIBeW5QciRKH/M4ngD+TjVbvId9l+rq4g2AWm5aHGRKjRJ+nL
0st2E1SbEjjIZgyPzyvAzlYVQ+SiAHSGcsaEHYEPAdld0/guHex7pjzcVXxTlnUT
9nwECHal91jaci7Hnw81r6ONvxvyRydtSitt1u6xULA+
-----END CERTIFICATE-----