This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/1ca39c-201c-41fd-9cb0-8236e57264bf/1/oQtEQsDloQjn_yHhdWK48mAuP_0.roa
File:                     oQtEQsDloQjn_yHhdWK48mAuP_0.roa (raw, json)
Hash identifier:          IBQycGDwnrvsxVfFQ3rFUHD2uAasJQXEOZ891wf4Qks=
Subject key identifier:   A1:0B:44:42:C0:E5:A1:08:E7:FF:21:E1:75:62:B8:F2:60:2E:3F:FD
Certificate issuer:       /CN=143cdee146b13b9667deff3f7b30e9a1aa334c83
Certificate serial:       019B7B368EF08BF611F0E0518638DB1901B9
Authority key identifier: 14:3C:DE:E1:46:B1:3B:96:67:DE:FF:3F:7B:30:E9:A1:AA:33:4C:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FDze4UaxO5Zn3v8_ezDpoaozTIM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/1ca39c-201c-41fd-9cb0-8236e57264bf/1/oQtEQsDloQjn_yHhdWK48mAuP_0.roa
Signing time:             Thu 01 Jan 2026 20:18:51 +0000
ROA not before:           Thu 01 Jan 2026 20:18:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198251
IP address blocks:        91.232.240.0/24 maxlen: 24
                          91.232.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/1ca39c-201c-41fd-9cb0-8236e57264bf/1/FDze4UaxO5Zn3v8_ezDpoaozTIM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/1ca39c-201c-41fd-9cb0-8236e57264bf/1/FDze4UaxO5Zn3v8_ezDpoaozTIM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FDze4UaxO5Zn3v8_ezDpoaozTIM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:8e:f0:8b:f6:11:f0:e0:51:86:38:db:19:01:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=143cdee146b13b9667deff3f7b30e9a1aa334c83
        Validity
            Not Before: Jan  1 20:18:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a10b4442c0e5a108e7ff21e17562b8f2602e3ffd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:01:58:a7:a2:4d:fb:c5:01:6a:e7:72:56:7e:
                    1f:ea:27:d7:74:35:a8:dc:25:66:5c:9a:c7:6e:83:
                    6f:84:9f:59:f3:9c:0c:fb:1e:65:9b:e5:54:2e:b7:
                    df:4c:f8:9d:9d:3b:4e:04:7c:3c:3f:6e:8e:a3:b9:
                    b0:60:d2:c2:50:7b:a7:da:a8:25:d0:d9:d2:6a:1e:
                    74:58:f5:a8:2f:0b:25:e2:76:44:bb:9c:a6:eb:ce:
                    6b:04:f7:a8:b7:60:ca:4b:22:68:f8:2f:d8:9d:ec:
                    d3:3d:ec:8c:88:0f:5c:60:ed:7e:a8:e7:bd:49:8d:
                    d2:47:ae:3f:21:ff:a5:e1:c8:0d:a7:1c:bb:46:b2:
                    66:91:8d:96:1b:f0:46:eb:5c:40:8c:eb:11:24:c0:
                    53:bf:f1:00:37:11:39:02:9b:81:4a:81:b7:ed:15:
                    bc:16:0f:42:b1:69:30:09:3d:e4:3e:52:6a:e6:44:
                    54:3b:c9:86:e6:6a:dc:96:19:8e:72:81:c3:81:f4:
                    28:27:5b:68:86:9f:b5:d9:89:b8:b5:1c:e1:af:d6:
                    27:e7:a5:12:aa:69:ed:76:44:81:5e:a6:3f:62:cd:
                    e1:0d:bb:18:26:9d:25:6b:0f:a6:a8:12:97:5c:c4:
                    f9:d7:1a:fe:31:cc:3f:74:b9:ca:0c:38:68:e1:63:
                    af:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:0B:44:42:C0:E5:A1:08:E7:FF:21:E1:75:62:B8:F2:60:2E:3F:FD
            X509v3 Authority Key Identifier:
                keyid:14:3C:DE:E1:46:B1:3B:96:67:DE:FF:3F:7B:30:E9:A1:AA:33:4C:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FDze4UaxO5Zn3v8_ezDpoaozTIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/1ca39c-201c-41fd-9cb0-8236e57264bf/1/oQtEQsDloQjn_yHhdWK48mAuP_0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/1ca39c-201c-41fd-9cb0-8236e57264bf/1/FDze4UaxO5Zn3v8_ezDpoaozTIM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.232.240.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8b:e3:80:69:d0:c2:4d:1f:06:d7:19:7c:e0:06:3a:5f:19:a8:
         8f:f5:f8:e1:27:55:9f:da:66:68:59:58:6e:8e:11:82:0e:99:
         19:42:fc:30:56:b0:f8:f1:10:ae:0c:1b:21:41:38:d6:70:9e:
         d9:69:15:5b:e1:e8:c3:e8:41:63:8e:77:00:4e:ca:59:1b:6e:
         69:5f:67:13:3d:74:42:20:09:39:09:44:f3:55:13:48:06:6a:
         e7:b6:14:10:23:6a:5d:94:ce:cf:56:11:00:e7:21:90:96:43:
         e5:3e:3b:80:f4:d0:45:e3:f1:ad:c4:3c:16:db:f7:60:a7:eb:
         db:7d:cc:74:b6:bd:79:54:ca:bf:2a:9a:06:97:67:5b:5b:51:
         1e:d3:df:95:05:a0:31:be:5e:9c:e8:09:c4:99:ac:a0:3a:1e:
         f7:f4:66:6a:df:33:f1:fa:77:ab:ac:2e:ce:89:53:76:a7:62:
         3e:62:70:9d:83:b1:14:3a:99:3c:8d:b3:38:b7:f3:88:9a:08:
         19:85:b2:f0:1d:d3:2a:74:f2:9e:1b:13:ff:03:57:f4:0c:03:
         3b:84:bf:58:54:3c:ae:5f:b5:e8:c2:cb:7f:8e:85:2d:33:d3:
         a9:d5:e6:59:da:67:10:fd:ce:01:74:28:4c:47:f5:9d:ee:18:
         1f:0e:67:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7No7wi/YR8OBRhjjbGQG5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0M2NkZWUxNDZiMTNiOTY2N2RlZmYzZjdiMzBlOWExYWEz
MzRjODMwHhcNMjYwMTAxMjAxODUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTBiNDQ0MmMwZTVhMTA4ZTdmZjIxZTE3NTYyYjhmMjYwMmUzZmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkgFYp6JN+8UBaudyVn4f6ifXdDWo
3CVmXJrHboNvhJ9Z85wM+x5lm+VULrffTPidnTtOBHw8P26Oo7mwYNLCUHun2qgl
0NnSah50WPWoLwsl4nZEu5ym685rBPeot2DKSyJo+C/YnezTPeyMiA9cYO1+qOe9
SY3SR64/If+l4cgNpxy7RrJmkY2WG/BG61xAjOsRJMBTv/EANxE5ApuBSoG37RW8
Fg9CsWkwCT3kPlJq5kRUO8mG5mrclhmOcoHDgfQoJ1tohp+12Ym4tRzhr9Yn56US
qmntdkSBXqY/Ys3hDbsYJp0law+mqBKXXMT51xr+Mcw/dLnKDDho4WOvcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKELRELA5aEI5/8h4XViuPJgLj/9MB8GA1UdIwQY
MBaAFBQ83uFGsTuWZ97/P3sw6aGqM0yDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRkR6ZTRVYXhPNVpuM3Y4X2V6RHBvYW96VElNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC8xY2EzOWMtMjAxYy00MWZkLTljYjAt
ODIzNmU1NzI2NGJmLzEvb1F0RVFzRGxvUWpuX3lIaGRXSzQ4bUF1UF8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC8xY2EzOWMtMjAxYy00MWZkLTljYjAtODIzNmU1NzI2NGJm
LzEvRkR6ZTRVYXhPNVpuM3Y4X2V6RHBvYW96VElNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+jwMA0G
CSqGSIb3DQEBCwUAA4IBAQCL44Bp0MJNHwbXGXzgBjpfGaiP9fjhJ1Wf2mZoWVhu
jhGCDpkZQvwwVrD48RCuDBshQTjWcJ7ZaRVb4ejD6EFjjncATspZG25pX2cTPXRC
IAk5CUTzVRNIBmrnthQQI2pdlM7PVhEA5yGQlkPlPjuA9NBF4/GtxDwW2/dgp+vb
fcx0tr15VMq/KpoGl2dbW1Ee09+VBaAxvl6c6AnEmaygOh739GZq3zPx+nerrC7O
iVN2p2I+YnCdg7EUOpk8jbM4t/OImggZhbLwHdMqdPKeGxP/A1f0DAM7hL9YVDyu
X7Xowst/joUtM9Op1eZZ2mcQ/c4BdChMR/Wd7hgfDmeS
-----END CERTIFICATE-----