This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/0c14db-8620-4996-afae-b9cf40094640/1/ppk17F6OyNc0EwSbu1kw3GGU0jI.roa
File:                     ppk17F6OyNc0EwSbu1kw3GGU0jI.roa (raw, json)
Hash identifier:          XKo5gTm78DhZYG3mOTajWDGyeUuNj7w2rAJKRuCr/xk=
Subject key identifier:   A6:99:35:EC:5E:8E:C8:D7:34:13:04:9B:BB:59:30:DC:61:94:D2:32
Certificate issuer:       /CN=6f94587c1199a2c3df40197b19f3650c617de145
Certificate serial:       019B775894289AE69FBA87E2D44D2516B2B7
Authority key identifier: 6F:94:58:7C:11:99:A2:C3:DF:40:19:7B:19:F3:65:0C:61:7D:E1:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b5RYfBGZosPfQBl7GfNlDGF94UU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/0c14db-8620-4996-afae-b9cf40094640/1/ppk17F6OyNc0EwSbu1kw3GGU0jI.roa
Signing time:             Thu 01 Jan 2026 02:17:32 +0000
ROA not before:           Thu 01 Jan 2026 02:17:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198716
IP address blocks:        91.236.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/0c14db-8620-4996-afae-b9cf40094640/1/b5RYfBGZosPfQBl7GfNlDGF94UU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/0c14db-8620-4996-afae-b9cf40094640/1/b5RYfBGZosPfQBl7GfNlDGF94UU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b5RYfBGZosPfQBl7GfNlDGF94UU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:94:28:9a:e6:9f:ba:87:e2:d4:4d:25:16:b2:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f94587c1199a2c3df40197b19f3650c617de145
        Validity
            Not Before: Jan  1 02:17:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a69935ec5e8ec8d73413049bbb5930dc6194d232
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:b2:f1:cb:47:11:45:73:ef:ef:19:96:db:42:
                    31:93:df:1b:20:39:29:51:15:fd:b2:47:59:73:27:
                    91:cf:b0:c8:64:ec:a8:3b:b7:ab:f0:51:ef:19:09:
                    2e:82:54:9e:1f:99:41:d7:c2:4a:3a:82:34:90:9c:
                    1e:71:0b:a8:29:83:ac:91:ac:46:a8:cc:55:9b:ff:
                    3c:1b:84:7e:b7:43:7d:a5:bd:1c:c9:ce:67:ec:20:
                    9d:3e:b3:9d:5f:9f:e5:49:c2:17:d3:ce:b8:26:43:
                    3a:15:48:40:c5:8f:0b:be:a0:40:05:21:16:81:21:
                    fa:60:f0:f2:24:83:e9:d7:3e:3f:80:d7:7e:da:f0:
                    62:58:d1:b5:17:56:46:53:ef:95:17:0a:40:89:da:
                    af:8f:b0:bc:5b:53:ba:84:15:73:0f:31:58:30:a8:
                    47:4d:79:d2:8c:5e:c2:99:e1:13:70:07:20:a5:52:
                    f7:5c:f1:44:e2:d0:d9:73:b2:6b:bb:15:1a:2c:ec:
                    a7:b0:d8:97:81:17:2c:62:94:5a:b1:ca:1d:87:e8:
                    07:dc:19:d5:f4:10:7a:fd:d4:8f:e8:a5:db:b1:6b:
                    47:41:8c:2f:0e:a8:b4:a3:49:03:f2:8e:b6:4e:72:
                    ae:8b:c1:54:ed:97:de:3d:24:f2:53:ea:70:06:47:
                    71:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:99:35:EC:5E:8E:C8:D7:34:13:04:9B:BB:59:30:DC:61:94:D2:32
            X509v3 Authority Key Identifier:
                keyid:6F:94:58:7C:11:99:A2:C3:DF:40:19:7B:19:F3:65:0C:61:7D:E1:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5RYfBGZosPfQBl7GfNlDGF94UU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/0c14db-8620-4996-afae-b9cf40094640/1/ppk17F6OyNc0EwSbu1kw3GGU0jI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/0c14db-8620-4996-afae-b9cf40094640/1/b5RYfBGZosPfQBl7GfNlDGF94UU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:8d:c0:4f:8e:b9:06:ec:03:5d:d5:ce:d0:7e:d6:cd:3f:95:
         21:16:8e:63:1d:73:17:88:a2:99:de:4f:cb:8b:8e:21:f8:cf:
         fc:c2:68:9e:2b:f3:af:6e:a7:29:44:08:ce:9e:bd:9c:11:5f:
         10:fe:57:4f:d5:a3:80:be:dd:b5:ed:35:7f:c0:2c:a5:bd:78:
         7a:52:52:e6:3f:29:f4:34:8d:c2:6f:c3:1c:10:ee:f2:1f:b4:
         cb:51:8f:c0:5e:a1:56:62:15:39:ff:20:40:73:4a:31:6c:b6:
         e9:d8:42:b2:bb:29:0c:90:5e:15:63:27:2e:b6:e8:45:c3:c8:
         e7:51:36:43:06:1c:7b:1e:4c:f9:1a:65:c9:3c:7e:1f:a4:55:
         3d:17:e9:ab:c0:be:23:0d:96:83:f8:64:28:ef:a1:01:f0:09:
         48:fa:69:49:36:97:d1:e0:3f:04:bd:0f:cf:de:58:1b:a8:c8:
         1e:0e:51:4b:4e:9b:5c:e6:04:c9:49:21:f2:2e:e4:21:7d:fe:
         17:13:27:ed:55:43:1b:74:d6:0e:17:a1:a3:02:de:db:9f:56:
         31:bc:bd:d1:08:01:8b:86:32:a2:4e:b5:45:81:e1:c5:f9:54:
         8f:e8:be:5e:77:9b:16:ed:d1:a3:62:8f:3a:ad:e6:cb:d7:b0:
         a1:4b:fa:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WJQomuafuofi1E0lFrK3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmOTQ1ODdjMTE5OWEyYzNkZjQwMTk3YjE5ZjM2NTBjNjE3
ZGUxNDUwHhcNMjYwMTAxMDIxNzMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjk5MzVlYzVlOGVjOGQ3MzQxMzA0OWJiYjU5MzBkYzYxOTRkMjMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1rLxy0cRRXPv7xmW20Ixk98bIDkp
URX9skdZcyeRz7DIZOyoO7er8FHvGQkuglSeH5lB18JKOoI0kJwecQuoKYOskaxG
qMxVm/88G4R+t0N9pb0cyc5n7CCdPrOdX5/lScIX0864JkM6FUhAxY8LvqBABSEW
gSH6YPDyJIPp1z4/gNd+2vBiWNG1F1ZGU++VFwpAidqvj7C8W1O6hBVzDzFYMKhH
TXnSjF7CmeETcAcgpVL3XPFE4tDZc7JruxUaLOynsNiXgRcsYpRascodh+gH3BnV
9BB6/dSP6KXbsWtHQYwvDqi0o0kD8o62TnKui8FU7ZfePSTyU+pwBkdx+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKaZNexejsjXNBMEm7tZMNxhlNIyMB8GA1UdIwQY
MBaAFG+UWHwRmaLD30AZexnzZQxhfeFFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjVSWWZCR1pvc1BmUUJsN0dmTmxER0Y5NFVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi8wYzE0ZGItODYyMC00OTk2LWFmYWUt
YjljZjQwMDk0NjQwLzEvcHBrMTdGNk95TmMwRXdTYnUxa3czR0dVMGpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi8wYzE0ZGItODYyMC00OTk2LWFmYWUtYjljZjQwMDk0NjQw
LzEvYjVSWWZCR1pvc1BmUUJsN0dmTmxER0Y5NFVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+zrMA0G
CSqGSIb3DQEBCwUAA4IBAQBajcBPjrkG7ANd1c7QftbNP5UhFo5jHXMXiKKZ3k/L
i44h+M/8wmieK/OvbqcpRAjOnr2cEV8Q/ldP1aOAvt217TV/wCylvXh6UlLmPyn0
NI3Cb8McEO7yH7TLUY/AXqFWYhU5/yBAc0oxbLbp2EKyuykMkF4VYycutuhFw8jn
UTZDBhx7Hkz5GmXJPH4fpFU9F+mrwL4jDZaD+GQo76EB8AlI+mlJNpfR4D8EvQ/P
3lgbqMgeDlFLTptc5gTJSSHyLuQhff4XEyftVUMbdNYOF6GjAt7bn1YxvL3RCAGL
hjKiTrVFgeHF+VSP6L5ed5sW7dGjYo86rebL17ChS/og
-----END CERTIFICATE-----