This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/0kMqt-CPfgtjYdaZtK0l7K4Ure0.roa
File:                     0kMqt-CPfgtjYdaZtK0l7K4Ure0.roa (raw, json)
Hash identifier:          KGaaMrvGH34iblBGGLnwSzs+JaREEUUOumEoCywsnd8=
Subject key identifier:   D2:43:2A:B7:E0:8F:7E:0B:63:61:D6:99:B4:AD:25:EC:AE:14:AD:ED
Certificate issuer:       /CN=8452b03e1b01709638940d9592983cde77ecab77
Certificate serial:       019B78A21C8E8C15B688FA0D4DF4F63DF269
Authority key identifier: 84:52:B0:3E:1B:01:70:96:38:94:0D:95:92:98:3C:DE:77:EC:AB:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hFKwPhsBcJY4lA2Vkpg83nfsq3c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/0kMqt-CPfgtjYdaZtK0l7K4Ure0.roa
Signing time:             Thu 01 Jan 2026 08:17:28 +0000
ROA not before:           Thu 01 Jan 2026 08:17:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61317
IP address blocks:        91.223.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/hFKwPhsBcJY4lA2Vkpg83nfsq3c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/hFKwPhsBcJY4lA2Vkpg83nfsq3c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hFKwPhsBcJY4lA2Vkpg83nfsq3c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 Jan 2026 02:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:1c:8e:8c:15:b6:88:fa:0d:4d:f4:f6:3d:f2:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8452b03e1b01709638940d9592983cde77ecab77
        Validity
            Not Before: Jan  1 08:17:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d2432ab7e08f7e0b6361d699b4ad25ecae14aded
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:2d:cf:57:d4:c9:27:7c:cd:e7:7b:1c:5a:d0:
                    e2:3a:cb:bc:36:3f:dd:cd:4a:ad:36:43:65:0b:34:
                    30:83:3d:32:ef:ce:bc:57:fd:a2:75:6d:b6:73:20:
                    b5:b9:bb:b0:b0:2a:9b:ef:ff:59:2d:84:70:e9:6e:
                    9e:f4:3a:d1:d1:09:15:48:cb:67:0f:64:95:44:e6:
                    4e:87:cf:98:2e:77:99:85:5b:04:bc:b8:f1:9f:4e:
                    c2:97:bb:71:4e:76:93:35:8d:19:58:74:17:d6:49:
                    15:fc:8b:78:4d:0a:91:3c:a3:8c:7b:c4:9a:82:1b:
                    35:9b:24:5e:5b:f1:e2:ca:1e:b6:3c:e6:f4:62:92:
                    58:16:ac:f4:84:3b:23:74:9f:24:04:ac:c5:f4:4b:
                    99:c0:ef:f4:d9:75:71:34:53:a3:69:ce:ce:aa:a0:
                    b3:ac:52:38:eb:7a:c6:62:3c:8d:56:f2:a1:4e:e9:
                    65:d0:f9:bf:2b:1a:5a:68:28:78:73:39:3b:fa:be:
                    64:83:3c:71:be:d2:11:44:a5:88:e3:51:84:59:31:
                    51:9e:54:1d:e9:0e:e0:7c:4b:35:73:26:9a:6d:df:
                    94:dc:1b:b8:5e:2a:5e:85:3a:9f:49:17:5f:e7:c4:
                    11:5b:c0:fc:f2:de:2b:68:03:96:e2:2b:d5:36:26:
                    b2:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:43:2A:B7:E0:8F:7E:0B:63:61:D6:99:B4:AD:25:EC:AE:14:AD:ED
            X509v3 Authority Key Identifier:
                keyid:84:52:B0:3E:1B:01:70:96:38:94:0D:95:92:98:3C:DE:77:EC:AB:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hFKwPhsBcJY4lA2Vkpg83nfsq3c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/0kMqt-CPfgtjYdaZtK0l7K4Ure0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/hFKwPhsBcJY4lA2Vkpg83nfsq3c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:2d:fc:b9:a3:a4:be:cf:55:d6:07:7f:f1:1f:f2:e5:d9:59:
         34:09:51:9c:da:7c:c8:0d:21:3f:ca:fb:f3:a3:c4:29:52:d1:
         28:2a:a9:e9:33:f3:37:6a:9d:a1:53:47:b6:9f:c2:12:14:a1:
         43:70:68:32:2d:a9:ea:53:08:0d:2a:df:e0:62:c9:eb:03:f9:
         fc:31:9c:fc:08:f4:57:02:d2:f2:cc:c8:0e:83:4a:7f:d1:0e:
         99:83:5c:c1:a5:f8:4f:d4:72:45:66:27:d8:d8:50:d9:6e:c0:
         fb:0f:b5:30:85:b4:df:22:11:23:7f:d7:d3:ea:0a:22:47:4e:
         98:7a:fa:52:2e:3b:ba:3f:bb:22:4c:b8:38:69:74:bc:14:ae:
         5d:45:bc:f8:58:c7:d5:dd:ea:7f:a0:9d:e1:00:eb:24:54:3c:
         03:5b:bd:b0:c8:31:7c:55:14:79:f0:f7:ad:95:92:de:d2:a8:
         7d:88:f2:3b:ca:45:78:e7:54:e2:cd:66:61:8d:48:ab:e3:1b:
         a8:cd:b6:79:80:bc:1a:05:d2:25:70:81:d7:9b:4e:3a:cb:cc:
         01:83:37:46:0f:2c:93:24:e0:12:40:0d:9f:f6:06:36:38:4e:
         15:ea:ab:99:cf:e6:46:a0:ab:4e:5b:61:56:83:f4:20:0a:71:
         34:bf:5e:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4ohyOjBW2iPoNTfT2PfJpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NTJiMDNlMWIwMTcwOTYzODk0MGQ5NTkyOTgzY2RlNzdl
Y2FiNzcwHhcNMjYwMTAxMDgxNzI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjQzMmFiN2UwOGY3ZTBiNjM2MWQ2OTliNGFkMjVlY2FlMTRhZGVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmC3PV9TJJ3zN53scWtDiOsu8Nj/d
zUqtNkNlCzQwgz0y7868V/2idW22cyC1ubuwsCqb7/9ZLYRw6W6e9DrR0QkVSMtn
D2SVROZOh8+YLneZhVsEvLjxn07Cl7txTnaTNY0ZWHQX1kkV/It4TQqRPKOMe8Sa
ghs1myReW/Hiyh62POb0YpJYFqz0hDsjdJ8kBKzF9EuZwO/02XVxNFOjac7OqqCz
rFI463rGYjyNVvKhTull0Pm/KxpaaCh4czk7+r5kgzxxvtIRRKWI41GEWTFRnlQd
6Q7gfEs1cyaabd+U3Bu4XipehTqfSRdf58QRW8D88t4raAOW4ivVNiayZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNJDKrfgj34LY2HWmbStJeyuFK3tMB8GA1UdIwQY
MBaAFIRSsD4bAXCWOJQNlZKYPN537Kt3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEZLd1Boc0JjSlk0bEEyVmtwZzgzbmZzcTNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8wMTFmNmUtZTkyOC00ZjJiLWFhMjQt
MjAwZmMyNzRjYjAxLzEvMGtNcXQtQ1BmZ3RqWWRhWnRLMGw3SzRVcmUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8wMTFmNmUtZTkyOC00ZjJiLWFhMjQtMjAwZmMyNzRjYjAx
LzEvaEZLd1Boc0JjSlk0bEEyVmtwZzgzbmZzcTNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW99eMA0G
CSqGSIb3DQEBCwUAA4IBAQAALfy5o6S+z1XWB3/xH/Ll2Vk0CVGc2nzIDSE/yvvz
o8QpUtEoKqnpM/M3ap2hU0e2n8ISFKFDcGgyLanqUwgNKt/gYsnrA/n8MZz8CPRX
AtLyzMgOg0p/0Q6Zg1zBpfhP1HJFZifY2FDZbsD7D7UwhbTfIhEjf9fT6goiR06Y
evpSLju6P7siTLg4aXS8FK5dRbz4WMfV3ep/oJ3hAOskVDwDW72wyDF8VRR58Pet
lZLe0qh9iPI7ykV451TizWZhjUir4xuozbZ5gLwaBdIlcIHXm046y8wBgzdGDyyT
JOASQA2f9gY2OE4V6quZz+ZGoKtOW2FWg/QgCnE0v14D
-----END CERTIFICATE-----