This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/dd1331-622a-4848-b340-d3163e9b0136/1/icdH-LJXbo2xaSAjuAjUfjqOQ0Y.roa
File:                     icdH-LJXbo2xaSAjuAjUfjqOQ0Y.roa (raw, json)
Hash identifier:          oPFP3MCPVdDHLd6BStfD/RkJTA6ZSTAQ6B6cIgyyspY=
Subject key identifier:   89:C7:47:F8:B2:57:6E:8D:B1:69:20:23:B8:08:D4:7E:3A:8E:43:46
Certificate issuer:       /CN=d55d3921850a5fff07eca260a36ef92101f2d85c
Certificate serial:       019B79113F7DDB55567EBDA58F91899CDD0C
Authority key identifier: D5:5D:39:21:85:0A:5F:FF:07:EC:A2:60:A3:6E:F9:21:01:F2:D8:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1V05IYUKX_8H7KJgo275IQHy2Fw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/dd1331-622a-4848-b340-d3163e9b0136/1/icdH-LJXbo2xaSAjuAjUfjqOQ0Y.roa
Signing time:             Thu 01 Jan 2026 10:18:52 +0000
ROA not before:           Thu 01 Jan 2026 10:18:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44730
IP address blocks:        91.213.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/dd1331-622a-4848-b340-d3163e9b0136/1/1V05IYUKX_8H7KJgo275IQHy2Fw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/dd1331-622a-4848-b340-d3163e9b0136/1/1V05IYUKX_8H7KJgo275IQHy2Fw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1V05IYUKX_8H7KJgo275IQHy2Fw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 10:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:11:3f:7d:db:55:56:7e:bd:a5:8f:91:89:9c:dd:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d55d3921850a5fff07eca260a36ef92101f2d85c
        Validity
            Not Before: Jan  1 10:18:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=89c747f8b2576e8db1692023b808d47e3a8e4346
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:0e:a4:54:dc:4e:8d:a5:a3:a2:5b:2b:a6:cd:
                    b4:c3:f6:c8:74:b3:d4:ca:da:f9:98:8f:14:67:34:
                    25:ee:5d:87:ee:4c:1a:d7:4b:c4:46:2c:94:8f:92:
                    a0:5e:d8:2b:83:5e:e7:75:bf:1c:3f:c3:99:d8:bf:
                    42:ae:17:49:c0:02:d4:90:ea:a3:d1:74:5b:9d:5a:
                    2c:07:89:d8:fc:03:2a:5e:d6:3c:b4:6b:bd:5f:32:
                    f8:91:61:bb:7f:52:8e:99:cf:b1:a3:b9:d3:38:e6:
                    ba:94:0c:87:c6:9a:87:c9:4a:37:4c:0a:53:df:f6:
                    8b:99:1d:4d:60:a7:3c:e3:25:70:5c:f1:09:75:b8:
                    27:89:8b:6e:c7:97:8d:db:d0:f1:33:e6:10:76:2c:
                    6d:b5:b7:21:b4:fc:20:fb:cf:43:b5:06:c8:73:9b:
                    33:2b:ec:72:a7:30:f3:68:b0:14:bb:46:52:76:71:
                    77:b0:11:1c:49:1e:f8:d4:4c:cf:5a:32:ed:e0:fd:
                    17:01:14:e4:64:a5:64:1d:3f:da:25:ad:14:fb:73:
                    87:6c:9f:14:83:65:09:23:b3:6b:ab:64:c4:52:88:
                    ef:c0:19:0e:6f:e4:f7:8a:21:59:79:64:97:15:41:
                    05:30:c0:ec:5d:f4:59:3b:42:bb:0c:6d:88:ff:55:
                    9e:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:C7:47:F8:B2:57:6E:8D:B1:69:20:23:B8:08:D4:7E:3A:8E:43:46
            X509v3 Authority Key Identifier:
                keyid:D5:5D:39:21:85:0A:5F:FF:07:EC:A2:60:A3:6E:F9:21:01:F2:D8:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1V05IYUKX_8H7KJgo275IQHy2Fw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/dd1331-622a-4848-b340-d3163e9b0136/1/icdH-LJXbo2xaSAjuAjUfjqOQ0Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/dd1331-622a-4848-b340-d3163e9b0136/1/1V05IYUKX_8H7KJgo275IQHy2Fw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c0:13:60:82:6b:f4:e8:e5:5e:95:5b:cf:01:45:21:bf:d3:7a:
         45:77:ad:d9:ef:dd:82:24:38:4a:2a:2d:74:11:f5:ef:f7:f2:
         5a:23:bf:88:b1:ce:39:a9:ed:1d:01:43:d7:6f:69:bf:ef:ef:
         dc:d1:2d:d1:ec:7f:c6:73:bf:16:f0:4b:5f:29:3e:d4:d1:be:
         4b:a3:41:c0:5c:18:bf:f9:ff:dd:eb:c1:a7:16:e3:14:94:7a:
         63:9a:a9:a1:72:bc:f1:cd:81:9b:11:bb:da:fd:eb:70:1a:74:
         ba:bb:fb:6d:40:21:29:08:fe:56:51:5c:b0:a6:15:58:d6:89:
         cb:d1:d4:b9:ff:90:4e:ce:5a:6a:e1:46:ab:f7:c0:8b:14:1d:
         72:63:31:02:8b:ce:e9:fc:3a:c8:49:d9:e4:3d:b6:af:af:f4:
         37:7c:88:69:00:e4:87:58:73:e4:78:14:f5:b8:c6:87:d3:ec:
         40:f7:2b:d7:87:a5:e4:17:79:af:8c:72:6a:65:06:3a:2e:9e:
         e7:8b:4b:b2:af:e5:46:0e:ff:20:c9:78:8e:ae:cb:1d:ad:57:
         01:e1:98:65:91:98:d1:55:97:44:2e:05:7b:5f:0c:2d:37:4e:
         92:44:87:73:e7:96:17:0d:4d:a5:95:ea:87:c9:a8:a6:13:12:
         6c:e5:4d:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5ET9921VWfr2lj5GJnN0MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NWQzOTIxODUwYTVmZmYwN2VjYTI2MGEzNmVmOTIxMDFm
MmQ4NWMwHhcNMjYwMTAxMTAxODUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWM3NDdmOGIyNTc2ZThkYjE2OTIwMjNiODA4ZDQ3ZTNhOGU0MzQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwA6kVNxOjaWjolsrps20w/bIdLPU
ytr5mI8UZzQl7l2H7kwa10vERiyUj5KgXtgrg17ndb8cP8OZ2L9CrhdJwALUkOqj
0XRbnVosB4nY/AMqXtY8tGu9XzL4kWG7f1KOmc+xo7nTOOa6lAyHxpqHyUo3TApT
3/aLmR1NYKc84yVwXPEJdbgniYtux5eN29DxM+YQdixttbchtPwg+89DtQbIc5sz
K+xypzDzaLAUu0ZSdnF3sBEcSR741EzPWjLt4P0XARTkZKVkHT/aJa0U+3OHbJ8U
g2UJI7Nrq2TEUojvwBkOb+T3iiFZeWSXFUEFMMDsXfRZO0K7DG2I/1WeuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFInHR/iyV26NsWkgI7gI1H46jkNGMB8GA1UdIwQY
MBaAFNVdOSGFCl//B+yiYKNu+SEB8thcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVYwNUlZVUtYXzhIN0tKZ28yNzVJUUh5MkZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9kZDEzMzEtNjIyYS00ODQ4LWIzNDAt
ZDMxNjNlOWIwMTM2LzEvaWNkSC1MSlhibzJ4YVNBanVBalVmanFPUTBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9kZDEzMzEtNjIyYS00ODQ4LWIzNDAtZDMxNjNlOWIwMTM2
LzEvMVYwNUlZVUtYXzhIN0tKZ28yNzVJUUh5MkZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9XxMA0G
CSqGSIb3DQEBCwUAA4IBAQDAE2CCa/To5V6VW88BRSG/03pFd63Z792CJDhKKi10
EfXv9/JaI7+Isc45qe0dAUPXb2m/7+/c0S3R7H/Gc78W8EtfKT7U0b5Lo0HAXBi/
+f/d68GnFuMUlHpjmqmhcrzxzYGbEbva/etwGnS6u/ttQCEpCP5WUVywphVY1onL
0dS5/5BOzlpq4Uar98CLFB1yYzECi87p/DrISdnkPbavr/Q3fIhpAOSHWHPkeBT1
uMaH0+xA9yvXh6XkF3mvjHJqZQY6Lp7ni0uyr+VGDv8gyXiOrssdrVcB4ZhlkZjR
VZdELgV7XwwtN06SRIdz55YXDU2lleqHyaimExJs5U2x
-----END CERTIFICATE-----