This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/jhNeq8F74HLxlveTBbzaaCRj4f0.roa
File:                     jhNeq8F74HLxlveTBbzaaCRj4f0.roa (raw, json)
Hash identifier:          eNN4d/UC0dbWyQLcKplM93t4iP+APNUiaoJo6+HNCFs=
Subject key identifier:   8E:13:5E:AB:C1:7B:E0:72:F1:96:F7:93:05:BC:DA:68:24:63:E1:FD
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       019B7D5B0A1FEB6113914F6C263AF61563D9
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/jhNeq8F74HLxlveTBbzaaCRj4f0.roa
Signing time:             Fri 02 Jan 2026 06:17:56 +0000
ROA not before:           Fri 02 Jan 2026 06:17:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     40065
IP address blocks:        91.148.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 20:29:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5b:0a:1f:eb:61:13:91:4f:6c:26:3a:f6:15:63:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jan  2 06:17:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8e135eabc17be072f196f79305bcda682463e1fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:f5:37:28:a9:e1:7f:25:1d:2b:00:a5:e0:fe:
                    25:61:89:3b:ea:b4:11:84:b3:66:33:c3:b4:0a:9a:
                    20:d3:36:f6:bf:a1:17:4a:67:bf:72:af:62:ff:c8:
                    ed:73:0a:11:aa:7a:65:22:69:7a:9c:51:3a:6c:17:
                    b6:41:8e:06:1d:7e:5f:fc:63:87:b7:f7:1a:4d:1e:
                    af:77:60:66:e0:41:53:c2:ab:d2:1b:64:02:2c:b2:
                    2e:7a:48:b9:13:c2:75:de:1b:01:07:54:4c:07:ca:
                    51:e7:6b:f2:e9:cd:bb:63:d2:d3:81:ab:e2:23:da:
                    eb:4b:74:f4:4c:12:cd:fe:5f:81:36:3d:36:22:54:
                    42:96:17:4d:fc:17:6b:8c:31:54:a0:1a:2c:c8:10:
                    0d:7c:f0:5e:ad:19:73:cf:42:c2:ec:53:b1:87:d1:
                    c3:84:14:7c:ec:64:05:06:a0:5d:23:37:4d:15:ae:
                    0b:8b:8b:fd:b2:ab:db:e0:d3:f1:83:bb:42:45:5e:
                    f3:19:43:c0:af:ab:30:b9:12:90:c5:5a:8d:ed:e7:
                    31:9b:a2:e7:11:f8:03:dd:98:01:31:e1:cb:e5:6a:
                    0c:7c:f1:f6:a4:4c:02:e7:ed:a3:c0:4e:5d:b9:f4:
                    c1:11:10:9e:a9:31:0c:4d:d7:c7:05:19:7f:98:86:
                    e1:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:13:5E:AB:C1:7B:E0:72:F1:96:F7:93:05:BC:DA:68:24:63:E1:FD
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/jhNeq8F74HLxlveTBbzaaCRj4f0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.148.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:cf:f7:7f:88:2b:66:66:e5:ea:3f:5a:18:b0:c6:a7:32:9b:
         7f:5b:5e:88:85:25:1c:6e:f4:c1:7c:3a:a5:71:da:f8:2b:f1:
         84:fc:bb:a0:f4:09:4e:b4:12:13:e0:ad:be:9e:9e:b8:77:5e:
         99:8c:96:6a:3e:a8:1c:a1:44:55:a1:25:69:21:cb:39:68:9e:
         58:49:8b:4e:25:79:7f:6d:bd:d4:86:2a:46:a9:20:64:22:74:
         94:f4:a4:1a:91:33:0b:1a:25:6a:1e:f1:7f:2d:00:9c:1a:58:
         88:e4:43:d8:ea:9d:09:4a:9e:c9:ba:ac:99:dc:b5:39:50:64:
         ca:dc:01:b8:2c:a3:3a:47:be:0a:91:da:27:ce:0f:35:72:e7:
         19:07:44:f7:c4:14:83:77:75:79:17:c8:31:77:2b:c6:0b:b8:
         5f:11:12:87:41:1f:ca:2e:86:38:f6:d8:cd:5e:9f:48:fb:d4:
         fd:39:22:3f:72:72:6f:16:a1:da:47:45:3f:b5:6e:b9:d3:c6:
         fe:dc:f9:d3:ff:20:b2:98:aa:34:7a:dd:f7:01:03:d2:d1:05:
         54:b6:ac:0f:a8:ec:8c:c8:fa:7c:9b:6f:cf:50:b4:38:86:22:
         78:9e:b0:d5:66:43:76:54:d1:91:6b:bd:5a:58:be:b4:8f:a8:
         61:ab:a5:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9Wwof62ETkU9sJjr2FWPZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjYwMTAyMDYxNzU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTEzNWVhYmMxN2JlMDcyZjE5NmY3OTMwNWJjZGE2ODI0NjNlMWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnPU3KKnhfyUdKwCl4P4lYYk76rQR
hLNmM8O0Cpog0zb2v6EXSme/cq9i/8jtcwoRqnplIml6nFE6bBe2QY4GHX5f/GOH
t/caTR6vd2Bm4EFTwqvSG2QCLLIueki5E8J13hsBB1RMB8pR52vy6c27Y9LTgavi
I9rrS3T0TBLN/l+BNj02IlRClhdN/BdrjDFUoBosyBANfPBerRlzz0LC7FOxh9HD
hBR87GQFBqBdIzdNFa4Li4v9sqvb4NPxg7tCRV7zGUPAr6swuRKQxVqN7ecxm6Ln
EfgD3ZgBMeHL5WoMfPH2pEwC5+2jwE5dufTBERCeqTEMTdfHBRl/mIbhbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI4TXqvBe+By8Zb3kwW82mgkY+H9MB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvamhOZXE4Rjc0SEx4bHZlVEJiemFhQ1JqNGYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW5SFMA0G
CSqGSIb3DQEBCwUAA4IBAQC0z/d/iCtmZuXqP1oYsManMpt/W16IhSUcbvTBfDql
cdr4K/GE/Lug9AlOtBIT4K2+np64d16ZjJZqPqgcoURVoSVpIcs5aJ5YSYtOJXl/
bb3UhipGqSBkInSU9KQakTMLGiVqHvF/LQCcGliI5EPY6p0JSp7JuqyZ3LU5UGTK
3AG4LKM6R74Kkdonzg81cucZB0T3xBSDd3V5F8gxdyvGC7hfERKHQR/KLoY49tjN
Xp9I+9T9OSI/cnJvFqHaR0U/tW6508b+3PnT/yCymKo0et33AQPS0QVUtqwPqOyM
yPp8m2/PULQ4hiJ4nrDVZkN2VNGRa71aWL60j6hhq6Uk
-----END CERTIFICATE-----