This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/e74595-d657-4ab4-8309-0d57c9410127/1/Tft6fYI7IwQURHwYjYKIwFhMDC0.roa
File:                     Tft6fYI7IwQURHwYjYKIwFhMDC0.roa (raw, json)
Hash identifier:          +bnAa7jh9Xpe/pFLp2vv5BR8Wn0rICOOXWCAdKaw8W4=
Subject key identifier:   4D:FB:7A:7D:82:3B:23:04:14:44:7C:18:8D:82:88:C0:58:4C:0C:2D
Certificate issuer:       /CN=3a48c2701735cd5d2317d10ac63d7f2ec6618ce0
Certificate serial:       019B7758EFEDF316D7E26AF4746D928CC1A3
Authority key identifier: 3A:48:C2:70:17:35:CD:5D:23:17:D1:0A:C6:3D:7F:2E:C6:61:8C:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OkjCcBc1zV0jF9EKxj1_LsZhjOA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/e74595-d657-4ab4-8309-0d57c9410127/1/Tft6fYI7IwQURHwYjYKIwFhMDC0.roa
Signing time:             Thu 01 Jan 2026 02:17:55 +0000
ROA not before:           Thu 01 Jan 2026 02:17:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396982
IP address blocks:        91.199.181.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/e74595-d657-4ab4-8309-0d57c9410127/1/OkjCcBc1zV0jF9EKxj1_LsZhjOA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/e74595-d657-4ab4-8309-0d57c9410127/1/OkjCcBc1zV0jF9EKxj1_LsZhjOA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OkjCcBc1zV0jF9EKxj1_LsZhjOA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 Jan 2026 21:02:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:ef:ed:f3:16:d7:e2:6a:f4:74:6d:92:8c:c1:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a48c2701735cd5d2317d10ac63d7f2ec6618ce0
        Validity
            Not Before: Jan  1 02:17:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4dfb7a7d823b230414447c188d8288c0584c0c2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:cb:17:81:ab:73:fc:54:c7:79:db:56:79:e9:
                    7e:02:33:df:00:6c:9f:e0:61:17:b3:23:dd:97:80:
                    bd:3c:19:8f:13:26:9f:ab:a5:49:3b:d3:2e:89:cb:
                    81:ff:41:b0:0f:73:33:08:9b:31:31:7e:26:f1:23:
                    51:70:9a:6a:1a:51:c7:f2:ad:c9:58:6b:ea:58:45:
                    7e:0d:ba:c1:f4:03:bc:6a:45:d5:1e:7e:86:1b:d9:
                    c7:e5:0d:80:eb:bd:8e:6a:17:24:28:72:24:2b:3c:
                    f6:9d:d1:83:12:68:64:a7:f4:99:1b:cc:35:c7:c1:
                    80:8b:35:a5:05:cc:f9:47:b5:9d:f5:68:a5:3e:a0:
                    30:f1:23:13:fc:e3:ec:28:59:cc:ff:63:d4:b3:ad:
                    7f:fd:71:1a:8b:e7:32:aa:84:98:a9:59:b6:62:9b:
                    4b:cb:cb:45:cf:a4:3d:2c:0b:49:e5:fd:7f:17:29:
                    84:d6:b1:d4:ff:09:15:b0:4e:d7:8d:66:b2:06:4b:
                    63:2b:6a:c5:e0:37:a1:d7:9c:29:f6:96:29:ec:2e:
                    d9:81:39:e4:9a:3b:42:d5:b1:90:c6:17:e3:21:e3:
                    75:de:ed:ef:98:01:ce:9c:6d:e9:34:92:f8:fe:01:
                    1e:46:ba:67:76:c2:6d:df:ca:9e:95:c6:c3:d9:c4:
                    b5:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:FB:7A:7D:82:3B:23:04:14:44:7C:18:8D:82:88:C0:58:4C:0C:2D
            X509v3 Authority Key Identifier:
                keyid:3A:48:C2:70:17:35:CD:5D:23:17:D1:0A:C6:3D:7F:2E:C6:61:8C:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OkjCcBc1zV0jF9EKxj1_LsZhjOA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/e74595-d657-4ab4-8309-0d57c9410127/1/Tft6fYI7IwQURHwYjYKIwFhMDC0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/e74595-d657-4ab4-8309-0d57c9410127/1/OkjCcBc1zV0jF9EKxj1_LsZhjOA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:88:0d:6f:3c:42:84:e5:26:12:5c:a8:0d:28:6e:91:54:9f:
         a5:12:fd:50:09:0f:5b:72:b7:c9:36:e5:77:b7:da:d7:58:63:
         ad:aa:01:1a:8c:d6:c1:ed:44:85:06:69:be:b9:03:73:81:3e:
         e5:b3:f9:77:8f:af:a7:81:14:13:c0:0f:6c:1f:c0:6c:17:c4:
         5e:df:79:1b:0f:3e:a4:f6:f8:2d:ea:b0:40:88:e7:20:21:2a:
         0f:59:b7:16:55:e3:e7:27:37:3c:1f:e6:0f:61:61:1e:b1:2a:
         53:9b:f5:1b:84:10:54:cd:ef:bd:6f:4b:46:6f:30:6d:bf:9d:
         b9:28:a3:c7:c9:6f:6e:d5:61:3c:ce:56:04:60:df:13:3d:e3:
         49:6e:96:ed:be:91:4b:70:72:86:49:a8:45:73:97:eb:c9:5f:
         b1:22:7c:4d:bc:25:8a:67:e1:a6:ce:a8:0f:b5:65:1b:03:6e:
         21:12:68:a2:e8:fb:bf:f3:2c:c6:09:26:ab:d9:5c:67:4a:ff:
         a1:53:c7:08:2a:fb:39:3a:43:86:f9:f1:6a:d7:e5:65:8b:50:
         1b:c7:67:29:33:1c:ce:c1:af:48:1c:bc:2e:bd:fd:7e:a8:8a:
         9b:dd:f5:67:ec:53:31:61:9a:95:86:d3:9d:31:44:1d:77:2b:
         42:c4:45:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WO/t8xbX4mr0dG2SjMGjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhNDhjMjcwMTczNWNkNWQyMzE3ZDEwYWM2M2Q3ZjJlYzY2
MThjZTAwHhcNMjYwMTAxMDIxNzU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGZiN2E3ZDgyM2IyMzA0MTQ0NDdjMTg4ZDgyODhjMDU4NGMwYzJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA48sXgatz/FTHedtWeel+AjPfAGyf
4GEXsyPdl4C9PBmPEyafq6VJO9MuicuB/0GwD3MzCJsxMX4m8SNRcJpqGlHH8q3J
WGvqWEV+DbrB9AO8akXVHn6GG9nH5Q2A672OahckKHIkKzz2ndGDEmhkp/SZG8w1
x8GAizWlBcz5R7Wd9WilPqAw8SMT/OPsKFnM/2PUs61//XEai+cyqoSYqVm2YptL
y8tFz6Q9LAtJ5f1/FymE1rHU/wkVsE7XjWayBktjK2rF4Deh15wp9pYp7C7ZgTnk
mjtC1bGQxhfjIeN13u3vmAHOnG3pNJL4/gEeRrpndsJt38qelcbD2cS1UwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE37en2COyMEFER8GI2CiMBYTAwtMB8GA1UdIwQY
MBaAFDpIwnAXNc1dIxfRCsY9fy7GYYzgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2tqQ2NCYzF6VjBqRjlFS3hqMV9Mc1poak9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9lNzQ1OTUtZDY1Ny00YWI0LTgzMDkt
MGQ1N2M5NDEwMTI3LzEvVGZ0NmZZSTdJd1FVUkh3WWpZS0l3RmhNREMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9lNzQ1OTUtZDY1Ny00YWI0LTgzMDktMGQ1N2M5NDEwMTI3
LzEvT2tqQ2NCYzF6VjBqRjlFS3hqMV9Mc1poak9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8e1MA0G
CSqGSIb3DQEBCwUAA4IBAQCeiA1vPEKE5SYSXKgNKG6RVJ+lEv1QCQ9bcrfJNuV3
t9rXWGOtqgEajNbB7USFBmm+uQNzgT7ls/l3j6+ngRQTwA9sH8BsF8Re33kbDz6k
9vgt6rBAiOcgISoPWbcWVePnJzc8H+YPYWEesSpTm/UbhBBUze+9b0tGbzBtv525
KKPHyW9u1WE8zlYEYN8TPeNJbpbtvpFLcHKGSahFc5fryV+xInxNvCWKZ+GmzqgP
tWUbA24hEmii6Pu/8yzGCSar2VxnSv+hU8cIKvs5OkOG+fFq1+Vli1Abx2cpMxzO
wa9IHLwuvf1+qIqb3fVn7FMxYZqVhtOdMUQddytCxEWC
-----END CERTIFICATE-----