This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/e5e2d0-f439-45e4-8540-f19600c7ad54/1/_znAllcUhDUk5vaonzcpuUajgfo.roa
File:                     _znAllcUhDUk5vaonzcpuUajgfo.roa (raw, json)
Hash identifier:          qYtkv42oHHUxBFtOZdOaS3DV/fsi8LFPD+D7XK8B1uc=
Subject key identifier:   FF:39:C0:96:57:14:84:35:24:E6:F6:A8:9F:37:29:B9:46:A3:81:FA
Certificate issuer:       /CN=81060a518528e86a8ea77f188a0263790c08f6b9
Certificate serial:       019B797E78DEB8FEEFEB598DA6D164DD1C03
Authority key identifier: 81:06:0A:51:85:28:E8:6A:8E:A7:7F:18:8A:02:63:79:0C:08:F6:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gQYKUYUo6GqOp38YigJjeQwI9rk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/e5e2d0-f439-45e4-8540-f19600c7ad54/1/_znAllcUhDUk5vaonzcpuUajgfo.roa
Signing time:             Thu 01 Jan 2026 12:18:10 +0000
ROA not before:           Thu 01 Jan 2026 12:18:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5603
IP address blocks:        91.217.126.0/24 maxlen: 24
                          91.217.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/e5e2d0-f439-45e4-8540-f19600c7ad54/1/gQYKUYUo6GqOp38YigJjeQwI9rk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/e5e2d0-f439-45e4-8540-f19600c7ad54/1/gQYKUYUo6GqOp38YigJjeQwI9rk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gQYKUYUo6GqOp38YigJjeQwI9rk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 12:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:78:de:b8:fe:ef:eb:59:8d:a6:d1:64:dd:1c:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81060a518528e86a8ea77f188a0263790c08f6b9
        Validity
            Not Before: Jan  1 12:18:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ff39c0965714843524e6f6a89f3729b946a381fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:55:4f:4b:07:e4:1f:c7:09:6f:ad:9f:c0:ef:
                    5d:d5:23:b5:b7:45:c9:b5:4c:f1:31:c9:05:1d:3c:
                    f8:a0:b9:71:35:22:dc:9b:c4:08:7f:1e:20:47:0e:
                    bc:a9:69:76:50:85:18:ef:b5:42:99:50:e8:2d:61:
                    6f:e2:ce:f1:35:1c:6c:ad:d5:a9:22:f1:f6:85:37:
                    fd:fc:c9:16:4d:66:5c:54:fc:23:ec:72:9a:ec:57:
                    8c:5a:2a:55:88:28:4e:75:f9:41:e9:60:20:0c:a9:
                    76:2e:66:a4:a2:1c:21:21:54:e6:e7:fe:68:ba:bd:
                    2c:99:10:98:ea:55:0b:73:f4:93:3b:b5:19:e1:68:
                    c4:d0:4b:0d:1a:e5:bf:44:e5:04:2e:b1:77:d1:38:
                    bf:30:ea:c5:47:4a:cc:ab:fc:67:3e:ce:bc:58:aa:
                    a3:16:e4:87:4e:56:6e:02:42:50:70:55:82:55:bb:
                    50:d5:97:25:ea:56:1b:2b:61:c5:f8:db:f4:9e:70:
                    9b:f8:89:c4:45:da:f9:22:be:69:88:76:a4:b7:f4:
                    4d:03:ed:a7:97:f7:4a:ef:05:e6:3a:a3:cd:7c:6a:
                    2d:92:13:26:be:f6:f3:40:23:20:88:a3:1f:42:e9:
                    d4:7b:62:a2:08:39:f9:34:05:b0:91:04:51:db:37:
                    a6:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:39:C0:96:57:14:84:35:24:E6:F6:A8:9F:37:29:B9:46:A3:81:FA
            X509v3 Authority Key Identifier:
                keyid:81:06:0A:51:85:28:E8:6A:8E:A7:7F:18:8A:02:63:79:0C:08:F6:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gQYKUYUo6GqOp38YigJjeQwI9rk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/e5e2d0-f439-45e4-8540-f19600c7ad54/1/_znAllcUhDUk5vaonzcpuUajgfo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/e5e2d0-f439-45e4-8540-f19600c7ad54/1/gQYKUYUo6GqOp38YigJjeQwI9rk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.126.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3a:ae:c8:ff:05:e6:22:45:c2:27:ad:b7:eb:4a:c5:fb:d5:1c:
         3f:a1:17:85:00:a6:03:c7:e5:71:88:09:0d:9f:fd:a0:d1:91:
         ab:ab:93:57:cb:80:cd:f9:57:74:c8:e8:dd:5e:73:2b:10:4e:
         ce:18:80:c3:f6:bb:09:3f:1d:ba:e9:59:bd:01:1a:7b:49:99:
         0a:78:52:ce:2a:ed:3f:e8:f2:5b:72:e2:30:f6:73:11:2f:03:
         6a:f6:7a:2a:6e:bb:aa:4a:0b:60:f3:f6:1f:48:fa:d0:5a:b2:
         2f:f1:83:16:11:0e:75:f4:d6:5b:3b:54:fb:48:6e:f7:15:41:
         b5:3d:87:05:6f:1e:18:0d:2c:57:9d:37:87:77:f2:d9:35:b6:
         36:a9:59:c2:29:87:5c:7e:bd:03:b4:0f:cf:5c:1f:29:71:ff:
         f3:e5:f7:2c:4c:ab:78:24:87:50:b9:02:0c:71:89:86:df:62:
         83:fc:6d:2c:4c:ab:f7:b3:ab:b8:67:be:b8:00:54:09:bc:81:
         07:e9:cb:04:32:6a:c9:57:91:2f:8c:df:23:2d:f5:06:c3:13:
         73:ce:52:3f:c6:05:00:ab:66:4d:76:64:76:c5:94:f1:7f:45:
         e0:13:72:c6:24:4c:be:b0:45:99:48:f3:f2:13:81:a0:9e:33:
         fd:c5:bc:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fnjeuP7v61mNptFk3RwDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxMDYwYTUxODUyOGU4NmE4ZWE3N2YxODhhMDI2Mzc5MGMw
OGY2YjkwHhcNMjYwMTAxMTIxODEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjM5YzA5NjU3MTQ4NDM1MjRlNmY2YTg5ZjM3MjliOTQ2YTM4MWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAylVPSwfkH8cJb62fwO9d1SO1t0XJ
tUzxMckFHTz4oLlxNSLcm8QIfx4gRw68qWl2UIUY77VCmVDoLWFv4s7xNRxsrdWp
IvH2hTf9/MkWTWZcVPwj7HKa7FeMWipViChOdflB6WAgDKl2LmakohwhIVTm5/5o
ur0smRCY6lULc/STO7UZ4WjE0EsNGuW/ROUELrF30Ti/MOrFR0rMq/xnPs68WKqj
FuSHTlZuAkJQcFWCVbtQ1Zcl6lYbK2HF+Nv0nnCb+InERdr5Ir5piHakt/RNA+2n
l/dK7wXmOqPNfGotkhMmvvbzQCMgiKMfQunUe2KiCDn5NAWwkQRR2zemNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP85wJZXFIQ1JOb2qJ83KblGo4H6MB8GA1UdIwQY
MBaAFIEGClGFKOhqjqd/GIoCY3kMCPa5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1FZS1VZVW82R3FPcDM4WWlnSmplUXdJOXJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9lNWUyZDAtZjQzOS00NWU0LTg1NDAt
ZjE5NjAwYzdhZDU0LzEvX3puQWxsY1VoRFVrNXZhb256Y3B1VWFqZ2ZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9lNWUyZDAtZjQzOS00NWU0LTg1NDAtZjE5NjAwYzdhZDU0
LzEvZ1FZS1VZVW82R3FPcDM4WWlnSmplUXdJOXJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW9l+MA0G
CSqGSIb3DQEBCwUAA4IBAQA6rsj/BeYiRcInrbfrSsX71Rw/oReFAKYDx+VxiAkN
n/2g0ZGrq5NXy4DN+Vd0yOjdXnMrEE7OGIDD9rsJPx266Vm9ARp7SZkKeFLOKu0/
6PJbcuIw9nMRLwNq9noqbruqSgtg8/YfSPrQWrIv8YMWEQ519NZbO1T7SG73FUG1
PYcFbx4YDSxXnTeHd/LZNbY2qVnCKYdcfr0DtA/PXB8pcf/z5fcsTKt4JIdQuQIM
cYmG32KD/G0sTKv3s6u4Z764AFQJvIEH6csEMmrJV5EvjN8jLfUGwxNzzlI/xgUA
q2ZNdmR2xZTxf0XgE3LGJEy+sEWZSPPyE4GgnjP9xbwZ
-----END CERTIFICATE-----