This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/JHXRcwdGLV-x0tFgIpk_GdvVv9E.roa
File:                     JHXRcwdGLV-x0tFgIpk_GdvVv9E.roa (raw, json)
Hash identifier:          3yZYckxEFNC5HpjyWQ7bKTfulKrPrYVmR0yC4V1+t6Q=
Subject key identifier:   24:75:D1:73:07:46:2D:5F:B1:D2:D1:60:22:99:3F:19:DB:D5:BF:D1
Certificate issuer:       /CN=2d1caa69358f8c98f7a719f2597d5daddbd0018c
Certificate serial:       019B7F1433E736AF45A5379AC7F0AA759A71
Authority key identifier: 2D:1C:AA:69:35:8F:8C:98:F7:A7:19:F2:59:7D:5D:AD:DB:D0:01:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/JHXRcwdGLV-x0tFgIpk_GdvVv9E.roa
Signing time:             Fri 02 Jan 2026 14:19:49 +0000
ROA not before:           Fri 02 Jan 2026 14:19:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41745
IP address blocks:        91.92.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 08:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:14:33:e7:36:af:45:a5:37:9a:c7:f0:aa:75:9a:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d1caa69358f8c98f7a719f2597d5daddbd0018c
        Validity
            Not Before: Jan  2 14:19:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2475d17307462d5fb1d2d16022993f19dbd5bfd1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:67:b3:78:a0:cf:fc:88:d7:60:98:c4:03:ff:
                    42:d9:81:2d:be:30:7f:0b:73:bd:38:fb:5f:e5:43:
                    a0:1b:34:db:6a:c1:75:d7:7f:0c:79:ac:cb:37:14:
                    72:e8:b5:5e:9b:a8:19:a0:07:a0:b5:18:06:65:34:
                    e9:fa:c6:12:f4:88:2f:42:5b:d4:4c:76:78:9d:53:
                    79:de:42:20:97:9b:2b:9c:a8:fb:7d:24:f6:0f:54:
                    ff:a0:7a:31:61:07:3c:03:bd:d9:e4:8f:ec:b7:98:
                    48:bb:1f:b7:a1:68:02:aa:ef:a2:24:54:73:ca:b5:
                    bc:20:bb:38:62:4b:52:c8:fa:17:4e:8a:fb:4f:64:
                    68:5d:bf:bf:14:0c:bc:83:7a:aa:08:2d:69:57:6e:
                    45:38:d5:b1:6d:2e:fd:92:86:72:16:95:83:d9:17:
                    45:3c:f0:7f:fe:d7:df:65:e9:5e:4e:5e:f8:ea:20:
                    e1:2b:ca:8b:ce:62:a3:fb:5e:f6:f2:35:37:49:ff:
                    26:21:f2:c4:ca:f7:87:59:d5:54:88:fc:2d:4f:90:
                    ee:14:e5:ea:c7:04:fd:d9:b2:7b:00:ee:fb:0b:20:
                    4f:fe:d4:7f:48:20:fc:fe:fe:d1:cf:22:2a:3c:7b:
                    7b:b5:6c:e0:b7:48:9c:9b:ef:85:c5:df:d6:56:80:
                    c0:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:75:D1:73:07:46:2D:5F:B1:D2:D1:60:22:99:3F:19:DB:D5:BF:D1
            X509v3 Authority Key Identifier:
                keyid:2D:1C:AA:69:35:8F:8C:98:F7:A7:19:F2:59:7D:5D:AD:DB:D0:01:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/JHXRcwdGLV-x0tFgIpk_GdvVv9E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.92.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:06:a7:92:b5:9e:37:22:eb:f4:f2:68:84:d8:f7:a3:8d:0d:
         5b:0a:2a:c2:03:36:87:54:44:87:41:e3:51:8f:64:d4:8e:82:
         47:d8:fc:e9:7d:d1:31:18:d3:04:6a:c9:e9:ee:6b:ec:f8:ab:
         03:1c:df:e5:df:85:1a:22:c3:52:f9:36:44:c1:54:c2:56:dd:
         ea:9a:b5:5a:6a:ae:b7:9f:5d:d5:b4:96:3f:a5:84:e8:8e:75:
         9c:a3:23:85:59:5c:4a:7f:19:3e:48:d9:fd:64:d2:ab:01:1a:
         59:29:d2:0e:36:c6:f7:42:43:ae:ef:1e:57:76:e6:da:58:90:
         70:ea:9a:c5:ab:d0:1c:35:ec:73:2b:55:7f:fb:b4:b5:a2:a3:
         bb:8e:09:91:53:4d:56:07:bc:ad:33:de:b9:5e:9e:f8:0f:d0:
         38:06:61:30:0b:07:2a:19:d6:db:ae:85:40:ab:b1:46:a9:bd:
         db:9a:ca:c9:c6:d0:14:88:dd:19:5c:51:9d:66:46:a8:6f:10:
         99:96:83:c6:f1:5d:6f:27:82:a5:e5:bb:23:ff:1d:1b:82:0b:
         2f:03:35:40:a0:31:67:16:eb:6f:80:8e:c8:04:55:60:fb:fc:
         45:25:0a:58:ff:e9:51:fe:75:f2:7c:d9:c3:97:3b:6a:cb:4b:
         a0:33:e7:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FDPnNq9FpTeax/CqdZpxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMWNhYTY5MzU4ZjhjOThmN2E3MTlmMjU5N2Q1ZGFkZGJk
MDAxOGMwHhcNMjYwMTAyMTQxOTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDc1ZDE3MzA3NDYyZDVmYjFkMmQxNjAyMjk5M2YxOWRiZDViZmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2mezeKDP/IjXYJjEA/9C2YEtvjB/
C3O9OPtf5UOgGzTbasF1138MeazLNxRy6LVem6gZoAegtRgGZTTp+sYS9IgvQlvU
THZ4nVN53kIgl5srnKj7fST2D1T/oHoxYQc8A73Z5I/st5hIux+3oWgCqu+iJFRz
yrW8ILs4YktSyPoXTor7T2RoXb+/FAy8g3qqCC1pV25FONWxbS79koZyFpWD2RdF
PPB//tffZeleTl746iDhK8qLzmKj+1728jU3Sf8mIfLEyveHWdVUiPwtT5DuFOXq
xwT92bJ7AO77CyBP/tR/SCD8/v7RzyIqPHt7tWzgt0icm++Fxd/WVoDAgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCR10XMHRi1fsdLRYCKZPxnb1b/RMB8GA1UdIwQY
MBaAFC0cqmk1j4yY96cZ8ll9Xa3b0AGMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFJ5cWFUV1BqSmozcHhueVdYMWRyZHZRQVl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9hOTM2OTktMTg4Yi00NzBhLTk2Yjct
MjliMDg1ZGQyM2FkLzEvSkhYUmN3ZEdMVi14MHRGZ0lwa19HZHZWdjlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9hOTM2OTktMTg4Yi00NzBhLTk2YjctMjliMDg1ZGQyM2Fk
LzEvTFJ5cWFUV1BqSmozcHhueVdYMWRyZHZRQVl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW1wuMA0G
CSqGSIb3DQEBCwUAA4IBAQA1BqeStZ43Iuv08miE2PejjQ1bCirCAzaHVESHQeNR
j2TUjoJH2PzpfdExGNMEasnp7mvs+KsDHN/l34UaIsNS+TZEwVTCVt3qmrVaaq63
n13VtJY/pYTojnWcoyOFWVxKfxk+SNn9ZNKrARpZKdIONsb3QkOu7x5XdubaWJBw
6prFq9AcNexzK1V/+7S1oqO7jgmRU01WB7ytM965Xp74D9A4BmEwCwcqGdbbroVA
q7FGqb3bmsrJxtAUiN0ZXFGdZkaobxCZloPG8V1vJ4Kl5bsj/x0bggsvAzVAoDFn
FutvgI7IBFVg+/xFJQpY/+lR/nXyfNnDlztqy0ugM+cP
-----END CERTIFICATE-----