This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/16e022-4da8-4684-85e6-f4f1f93e0467/1/60wJ4Ifb12thZkTYydBMGCHyhjU.roa
File:                     60wJ4Ifb12thZkTYydBMGCHyhjU.roa (raw, json)
Hash identifier:          loGVk4GY7PqMyMndtxYwq4ib8ZW1ZuV/iu1LnLyoy/k=
Subject key identifier:   EB:4C:09:E0:87:DB:D7:6B:61:66:44:D8:C9:D0:4C:18:21:F2:86:35
Certificate issuer:       /CN=543c5c34a62ffbed8fc0f0ec01b42c0c50ee7ef7
Certificate serial:       019B7AC8FD77265060E5D32422833147A5B7
Authority key identifier: 54:3C:5C:34:A6:2F:FB:ED:8F:C0:F0:EC:01:B4:2C:0C:50:EE:7E:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VDxcNKYv--2PwPDsAbQsDFDufvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/16e022-4da8-4684-85e6-f4f1f93e0467/1/60wJ4Ifb12thZkTYydBMGCHyhjU.roa
Signing time:             Thu 01 Jan 2026 18:19:11 +0000
ROA not before:           Thu 01 Jan 2026 18:19:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197695
IP address blocks:        91.204.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/16e022-4da8-4684-85e6-f4f1f93e0467/1/VDxcNKYv--2PwPDsAbQsDFDufvc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/16e022-4da8-4684-85e6-f4f1f93e0467/1/VDxcNKYv--2PwPDsAbQsDFDufvc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VDxcNKYv--2PwPDsAbQsDFDufvc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 28 Jan 2026 09:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:fd:77:26:50:60:e5:d3:24:22:83:31:47:a5:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=543c5c34a62ffbed8fc0f0ec01b42c0c50ee7ef7
        Validity
            Not Before: Jan  1 18:19:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=eb4c09e087dbd76b616644d8c9d04c1821f28635
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:e7:bb:c6:d9:bd:57:92:fb:13:ea:21:b8:09:
                    6a:d8:d4:31:ba:55:53:5c:f3:65:c2:39:39:9e:07:
                    4d:82:e9:a8:23:7f:ee:7f:bd:50:b1:be:0e:35:8b:
                    18:b8:f1:0d:b0:42:ab:de:fe:0b:38:1a:53:e2:58:
                    bd:da:70:e7:e2:fc:2f:86:d3:65:8f:21:c8:00:bc:
                    3b:b8:ec:68:71:b8:14:1d:81:ad:40:b3:0d:a6:eb:
                    25:bc:4f:21:d3:09:ba:04:bd:f8:cc:37:51:d5:ca:
                    5b:1a:f3:17:e2:17:c3:ed:19:7b:a8:86:79:68:1f:
                    e6:fd:b6:2f:e7:de:e1:39:59:52:b0:f0:1a:a7:b1:
                    82:39:e4:74:c5:65:f5:0c:05:2c:cf:ce:15:6e:f2:
                    8b:c3:ad:7f:01:f0:d5:57:81:96:21:05:e8:07:7a:
                    16:3a:fc:ee:fc:79:61:b5:7a:3b:59:21:5d:c5:04:
                    62:1f:e4:f0:1b:13:61:d2:de:b8:0d:ea:44:04:89:
                    61:f9:20:81:1d:00:86:34:68:a2:e1:84:fb:f6:70:
                    33:19:67:ec:d3:10:06:43:dc:88:ac:6d:19:fa:7d:
                    c6:99:eb:ef:1c:1b:15:0d:c3:f4:21:d6:7d:aa:39:
                    53:80:14:c8:1e:e3:96:d9:33:30:cd:3f:fa:3d:fc:
                    11:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:4C:09:E0:87:DB:D7:6B:61:66:44:D8:C9:D0:4C:18:21:F2:86:35
            X509v3 Authority Key Identifier:
                keyid:54:3C:5C:34:A6:2F:FB:ED:8F:C0:F0:EC:01:B4:2C:0C:50:EE:7E:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VDxcNKYv--2PwPDsAbQsDFDufvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/16e022-4da8-4684-85e6-f4f1f93e0467/1/60wJ4Ifb12thZkTYydBMGCHyhjU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/16e022-4da8-4684-85e6-f4f1f93e0467/1/VDxcNKYv--2PwPDsAbQsDFDufvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.204.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:88:c0:4d:e3:3b:18:89:a9:36:fa:e9:57:a6:c1:07:11:0c:
         bd:d7:a5:1c:7b:89:f2:bd:73:a4:d2:60:3a:22:c2:2b:3b:72:
         1b:cf:e1:13:04:65:3e:e5:6b:bb:44:53:9a:4b:9a:fa:07:c6:
         e8:08:3f:4c:f3:bc:d3:0f:78:b7:4e:41:40:c3:6a:30:dd:93:
         c8:b1:17:d3:d3:2d:11:b9:42:e5:e4:79:43:b8:e3:f1:88:8b:
         59:e1:83:c8:ef:c7:60:bf:70:96:a6:68:00:09:06:de:a6:b3:
         7d:2d:ff:47:04:ea:3c:80:d1:85:b1:f7:d5:ed:ea:d1:d9:df:
         80:09:f5:2e:56:e9:8e:ec:29:ab:7f:fd:5d:de:d9:14:3e:78:
         1b:69:58:69:a8:1e:8a:33:82:bb:f9:db:8e:87:fd:46:c1:a8:
         cb:85:d4:fc:d6:11:e4:2a:38:cf:6e:6d:41:b7:29:37:f7:8e:
         d3:b4:cf:6f:06:0b:d5:3d:7a:a1:e7:e4:52:83:41:19:c1:da:
         4a:13:4d:de:19:f9:28:4f:4b:41:9a:9c:d1:ec:54:57:bd:15:
         11:a5:8e:94:68:4f:a4:18:aa:33:e2:ce:8a:43:98:70:95:0c:
         98:fd:58:f6:a1:d4:fd:d0:81:4f:fe:e6:1d:38:d2:97:f0:6d:
         1c:20:6c:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yP13JlBg5dMkIoMxR6W3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0M2M1YzM0YTYyZmZiZWQ4ZmMwZjBlYzAxYjQyYzBjNTBl
ZTdlZjcwHhcNMjYwMTAxMTgxOTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjRjMDllMDg3ZGJkNzZiNjE2NjQ0ZDhjOWQwNGMxODIxZjI4NjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuOe7xtm9V5L7E+ohuAlq2NQxulVT
XPNlwjk5ngdNgumoI3/uf71Qsb4ONYsYuPENsEKr3v4LOBpT4li92nDn4vwvhtNl
jyHIALw7uOxocbgUHYGtQLMNpuslvE8h0wm6BL34zDdR1cpbGvMX4hfD7Rl7qIZ5
aB/m/bYv597hOVlSsPAap7GCOeR0xWX1DAUsz84VbvKLw61/AfDVV4GWIQXoB3oW
Ovzu/HlhtXo7WSFdxQRiH+TwGxNh0t64DepEBIlh+SCBHQCGNGii4YT79nAzGWfs
0xAGQ9yIrG0Z+n3GmevvHBsVDcP0IdZ9qjlTgBTIHuOW2TMwzT/6PfwRXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOtMCeCH29drYWZE2MnQTBgh8oY1MB8GA1UdIwQY
MBaAFFQ8XDSmL/vtj8Dw7AG0LAxQ7n73MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkR4Y05LWXYtLTJQd1BEc0FiUXNERkR1ZnZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS8xNmUwMjItNGRhOC00Njg0LTg1ZTYt
ZjRmMWY5M2UwNDY3LzEvNjB3SjRJZmIxMnRoWmtUWXlkQk1HQ0h5aGpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS8xNmUwMjItNGRhOC00Njg0LTg1ZTYtZjRmMWY5M2UwNDY3
LzEvVkR4Y05LWXYtLTJQd1BEc0FiUXNERkR1ZnZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8xIMA0G
CSqGSIb3DQEBCwUAA4IBAQCYiMBN4zsYiak2+ulXpsEHEQy916Uce4nyvXOk0mA6
IsIrO3Ibz+ETBGU+5Wu7RFOaS5r6B8boCD9M87zTD3i3TkFAw2ow3ZPIsRfT0y0R
uULl5HlDuOPxiItZ4YPI78dgv3CWpmgACQbeprN9Lf9HBOo8gNGFsffV7erR2d+A
CfUuVumO7Cmrf/1d3tkUPngbaVhpqB6KM4K7+duOh/1GwajLhdT81hHkKjjPbm1B
tyk3947TtM9vBgvVPXqh5+RSg0EZwdpKE03eGfkoT0tBmpzR7FRXvRURpY6UaE+k
GKoz4s6KQ5hwlQyY/Vj2odT90IFP/uYdONKX8G0cIGy6
-----END CERTIFICATE-----