This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/11aa8c-9591-4cc8-a76a-698e6a8e6708/1/xyBwWE1V7pzMi_BB3s_8J8GEyes.roa
File:                     xyBwWE1V7pzMi_BB3s_8J8GEyes.roa (raw, json)
Hash identifier:          taqunFOi7PSx5Yj4Rqnf0/xGpAdLHU4niJLVDbS+7yI=
Subject key identifier:   C7:20:70:58:4D:55:EE:9C:CC:8B:F0:41:DE:CF:FC:27:C1:84:C9:EB
Certificate issuer:       /CN=e622f6539781c50bc497c7a0b6f5d505ef88b9d6
Certificate serial:       019B7CEE2051DBBE99190B298A348093EFC3
Authority key identifier: E6:22:F6:53:97:81:C5:0B:C4:97:C7:A0:B6:F5:D5:05:EF:88:B9:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5iL2U5eBxQvEl8egtvXVBe-IudY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/11aa8c-9591-4cc8-a76a-698e6a8e6708/1/xyBwWE1V7pzMi_BB3s_8J8GEyes.roa
Signing time:             Fri 02 Jan 2026 04:18:59 +0000
ROA not before:           Fri 02 Jan 2026 04:18:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47760
IP address blocks:        91.208.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/11aa8c-9591-4cc8-a76a-698e6a8e6708/1/5iL2U5eBxQvEl8egtvXVBe-IudY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/11aa8c-9591-4cc8-a76a-698e6a8e6708/1/5iL2U5eBxQvEl8egtvXVBe-IudY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5iL2U5eBxQvEl8egtvXVBe-IudY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ee:20:51:db:be:99:19:0b:29:8a:34:80:93:ef:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e622f6539781c50bc497c7a0b6f5d505ef88b9d6
        Validity
            Not Before: Jan  2 04:18:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c72070584d55ee9ccc8bf041decffc27c184c9eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:bf:20:53:b7:d0:46:7c:a9:f4:98:38:e4:65:
                    e3:14:21:2a:c5:28:22:25:5f:c6:47:de:a1:bb:29:
                    37:df:fb:81:a4:3a:8c:7b:db:e8:8f:f7:ad:62:a8:
                    50:5c:c5:9c:67:a9:f7:e4:59:7a:6f:e0:ba:c3:da:
                    df:92:2e:17:9f:94:e6:15:22:ab:00:9f:b7:cc:35:
                    79:7e:d2:72:1f:37:1b:9c:9b:0c:94:c6:47:0e:ef:
                    38:0b:29:d6:35:12:77:64:b9:ed:5c:2c:d8:fd:ba:
                    ba:12:6b:ba:73:10:bb:cb:f0:e8:e5:eb:0b:38:ee:
                    08:61:aa:62:f2:35:a3:ee:21:0a:e2:a8:9f:2a:04:
                    7f:99:88:92:2c:82:06:8f:96:d9:bc:1e:d7:f8:5a:
                    91:e2:cf:ac:01:2e:1f:70:72:92:da:c9:2e:6f:3c:
                    8b:bb:83:ee:4f:eb:68:3d:c3:5a:f2:5a:6b:86:cd:
                    ee:89:86:c2:07:a2:b4:0b:4b:49:80:68:ce:e7:19:
                    ec:8d:38:76:a6:95:7d:73:67:80:0e:21:2d:26:9f:
                    8c:d2:33:c9:6d:68:a4:d1:ee:2b:70:72:52:c6:c3:
                    3a:9a:dc:68:d7:66:3e:5f:c1:62:58:b7:3c:e7:4e:
                    d9:33:27:91:e8:73:fa:ee:45:f6:8a:77:14:95:9f:
                    26:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:20:70:58:4D:55:EE:9C:CC:8B:F0:41:DE:CF:FC:27:C1:84:C9:EB
            X509v3 Authority Key Identifier:
                keyid:E6:22:F6:53:97:81:C5:0B:C4:97:C7:A0:B6:F5:D5:05:EF:88:B9:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5iL2U5eBxQvEl8egtvXVBe-IudY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/11aa8c-9591-4cc8-a76a-698e6a8e6708/1/xyBwWE1V7pzMi_BB3s_8J8GEyes.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/11aa8c-9591-4cc8-a76a-698e6a8e6708/1/5iL2U5eBxQvEl8egtvXVBe-IudY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:68:c6:26:34:6a:07:06:a7:5e:01:35:c6:b5:43:da:02:10:
         0d:93:57:c6:58:07:4c:a1:51:b2:4e:a3:b4:94:39:76:0b:b8:
         4b:ea:ce:b4:dd:d0:c9:b5:88:48:f0:a1:d6:2a:19:ba:eb:a4:
         e1:28:cb:ce:ae:9f:52:b0:ad:29:bd:0f:fb:66:af:c2:14:8d:
         c5:0a:33:f0:6e:80:b9:f0:84:6c:b6:9b:11:3b:82:a2:7b:29:
         80:cf:94:07:e1:c3:54:5d:b0:cb:bc:aa:a0:b0:48:e7:02:e2:
         14:e2:8c:a7:9b:44:b7:0f:13:ef:3b:b5:51:fa:ba:01:53:e9:
         6f:a7:20:97:88:a7:ce:bc:ab:c1:58:fd:d1:6c:a2:64:53:96:
         0f:cb:3c:58:98:fc:a2:ab:db:d7:00:17:ef:46:95:64:e2:a2:
         74:11:a2:25:2e:c2:b4:48:18:cb:b4:16:e5:df:58:7e:66:7a:
         1e:e1:da:b2:ef:23:39:80:d2:c4:ee:33:f8:5e:13:7f:74:4f:
         52:18:97:94:5f:d6:49:66:ee:1e:74:f4:ec:58:e4:26:ec:56:
         82:a0:88:75:7e:f8:34:cb:b3:ab:5c:ca:da:30:f5:ab:3d:92:
         46:4b:cf:1c:7b:d2:03:7e:e2:ae:db:42:c0:24:33:d2:4d:b0:
         b9:f0:73:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87iBR276ZGQspijSAk+/DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2MjJmNjUzOTc4MWM1MGJjNDk3YzdhMGI2ZjVkNTA1ZWY4
OGI5ZDYwHhcNMjYwMTAyMDQxODU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzIwNzA1ODRkNTVlZTljY2M4YmYwNDFkZWNmZmMyN2MxODRjOWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAob8gU7fQRnyp9Jg45GXjFCEqxSgi
JV/GR96huyk33/uBpDqMe9voj/etYqhQXMWcZ6n35Fl6b+C6w9rfki4Xn5TmFSKr
AJ+3zDV5ftJyHzcbnJsMlMZHDu84CynWNRJ3ZLntXCzY/bq6Emu6cxC7y/Do5esL
OO4IYapi8jWj7iEK4qifKgR/mYiSLIIGj5bZvB7X+FqR4s+sAS4fcHKS2skubzyL
u4PuT+toPcNa8lprhs3uiYbCB6K0C0tJgGjO5xnsjTh2ppV9c2eADiEtJp+M0jPJ
bWik0e4rcHJSxsM6mtxo12Y+X8FiWLc8507ZMyeR6HP67kX2incUlZ8mOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMcgcFhNVe6czIvwQd7P/CfBhMnrMB8GA1UdIwQY
MBaAFOYi9lOXgcULxJfHoLb11QXviLnWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWlMMlU1ZUJ4UXZFbDhlZ3R2WFZCZS1JdWRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS8xMWFhOGMtOTU5MS00Y2M4LWE3NmEt
Njk4ZTZhOGU2NzA4LzEveHlCd1dFMVY3cHpNaV9CQjNzXzhKOEdFeWVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS8xMWFhOGMtOTU5MS00Y2M4LWE3NmEtNjk4ZTZhOGU2NzA4
LzEvNWlMMlU1ZUJ4UXZFbDhlZ3R2WFZCZS1JdWRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9BgMA0G
CSqGSIb3DQEBCwUAA4IBAQBbaMYmNGoHBqdeATXGtUPaAhANk1fGWAdMoVGyTqO0
lDl2C7hL6s603dDJtYhI8KHWKhm666ThKMvOrp9SsK0pvQ/7Zq/CFI3FCjPwboC5
8IRstpsRO4KieymAz5QH4cNUXbDLvKqgsEjnAuIU4oynm0S3DxPvO7VR+roBU+lv
pyCXiKfOvKvBWP3RbKJkU5YPyzxYmPyiq9vXABfvRpVk4qJ0EaIlLsK0SBjLtBbl
31h+Znoe4dqy7yM5gNLE7jP4XhN/dE9SGJeUX9ZJZu4edPTsWOQm7FaCoIh1fvg0
y7OrXMraMPWrPZJGS88ce9IDfuKu20LAJDPSTbC58HNz
-----END CERTIFICATE-----