This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/hvdGPqGZACKBGf93rntej67lv54.roa
File:                     hvdGPqGZACKBGf93rntej67lv54.roa (raw, json)
Hash identifier:          Zz0VuDlVsJON1ndmUKaTXSvLDIjjSSZLp4ke0HjSjws=
Subject key identifier:   86:F7:46:3E:A1:99:00:22:81:19:FF:77:AE:7B:5E:8F:AE:E5:BF:9E
Certificate issuer:       /CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
Certificate serial:       019B76EB16B5B65A26BE163A34F5188919DC
Authority key identifier: C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/hvdGPqGZACKBGf93rntej67lv54.roa
Signing time:             Thu 01 Jan 2026 00:17:56 +0000
ROA not before:           Thu 01 Jan 2026 00:17:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     30058
IP address blocks:        91.108.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 03:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:16:b5:b6:5a:26:be:16:3a:34:f5:18:89:19:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
        Validity
            Not Before: Jan  1 00:17:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=86f7463ea19900228119ff77ae7b5e8faee5bf9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:e4:8d:85:de:fd:97:f1:cc:e7:22:19:aa:f2:
                    08:4c:31:d3:7b:d5:b8:f4:89:7e:00:8c:d0:9f:96:
                    73:73:6a:74:55:15:16:72:ae:70:9e:35:02:a1:79:
                    f0:43:58:60:3f:16:0d:e1:99:52:ce:b6:88:44:89:
                    5f:28:b0:7b:14:e4:4f:d0:8a:2f:35:36:47:7a:52:
                    49:23:b7:e3:70:ad:11:2a:d5:4d:48:a2:90:08:ef:
                    94:23:a0:54:d0:b8:82:d6:af:7c:36:56:8c:d4:2e:
                    38:ec:ac:e8:b8:84:8f:83:bd:f5:35:af:d7:15:12:
                    12:36:51:bb:b7:2a:19:c1:ed:62:84:f7:49:d9:66:
                    5a:89:1a:0d:6e:b3:bf:8a:71:b0:b8:08:2b:02:65:
                    00:75:31:99:22:13:1e:b3:a0:71:40:71:ef:16:88:
                    c9:88:ff:07:8d:e3:36:f0:52:09:e7:ca:97:1f:c9:
                    2d:76:02:da:2c:83:98:cb:35:b8:00:25:81:d0:bd:
                    1c:69:81:b8:b2:32:6c:84:43:8b:f2:af:b2:e3:d7:
                    a3:f2:6f:e4:98:4c:06:1f:64:e0:23:db:23:36:f4:
                    40:ce:5e:8d:cd:6e:db:95:d4:a0:3c:9c:e4:54:5e:
                    06:3d:13:c0:71:ba:61:6f:91:c8:01:61:0d:83:a0:
                    e3:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:F7:46:3E:A1:99:00:22:81:19:FF:77:AE:7B:5E:8F:AE:E5:BF:9E
            X509v3 Authority Key Identifier:
                keyid:C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/hvdGPqGZACKBGf93rntej67lv54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.108.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:94:14:bb:d9:57:b2:9a:a2:e1:65:35:0b:ce:26:48:e9:bc:
         e3:31:1d:2e:3e:9c:45:af:f5:6a:7b:bc:8a:8b:cd:94:3b:5f:
         af:da:17:d5:0b:e9:05:b7:b9:14:7d:51:3d:51:07:2c:30:4b:
         df:75:1e:71:2d:c3:a9:33:59:cd:e0:3e:cd:e8:5f:a0:a9:f1:
         d6:94:0d:e5:4d:b2:3e:99:46:d1:c3:ad:77:57:d2:80:0c:88:
         5b:cc:2e:94:38:92:e0:65:d4:2e:29:bb:47:e0:d1:ed:44:d5:
         55:a6:d2:fa:0c:6d:ea:33:97:11:b9:f5:ed:d9:22:92:f3:c5:
         87:e0:ce:15:d4:62:d5:e6:80:60:b7:0c:2b:d5:1e:5a:84:97:
         ac:b3:8e:81:7d:9f:66:95:bd:c4:61:b4:ac:74:50:e9:b1:be:
         d2:1c:10:b1:58:4f:a6:29:e4:eb:e6:30:e3:a5:9a:f7:71:63:
         52:8a:57:a6:29:a0:b9:04:ef:cb:d9:ac:fa:1f:1f:01:c7:93:
         18:d0:95:f9:3e:71:d0:81:fd:7f:92:0e:5e:3a:b4:4b:19:6a:
         08:6c:22:83:d7:ab:75:89:2f:f1:7a:22:5a:fe:56:2c:26:f8:
         26:6b:bf:fc:48:8a:14:d5:9d:5a:54:bf:13:a4:ca:06:ca:d6:
         f3:af:af:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26xa1tlomvhY6NPUYiRncMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZWU0NTQyNmUxMmU1MGZlMzBlOGZmYzM5ZTA0NDg1ZDhm
NzMzMzkwHhcNMjYwMTAxMDAxNzU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmY3NDYzZWExOTkwMDIyODExOWZmNzdhZTdiNWU4ZmFlZTViZjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAieSNhd79l/HM5yIZqvIITDHTe9W4
9Il+AIzQn5Zzc2p0VRUWcq5wnjUCoXnwQ1hgPxYN4ZlSzraIRIlfKLB7FORP0Iov
NTZHelJJI7fjcK0RKtVNSKKQCO+UI6BU0LiC1q98NlaM1C447KzouISPg731Na/X
FRISNlG7tyoZwe1ihPdJ2WZaiRoNbrO/inGwuAgrAmUAdTGZIhMes6BxQHHvFojJ
iP8HjeM28FIJ58qXH8ktdgLaLIOYyzW4ACWB0L0caYG4sjJshEOL8q+y49ej8m/k
mEwGH2TgI9sjNvRAzl6NzW7bldSgPJzkVF4GPRPAcbphb5HIAWENg6DjswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIb3Rj6hmQAigRn/d657Xo+u5b+eMB8GA1UdIwQY
MBaAFMLuRUJuEuUP4w6P/DngRIXY9zM5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUt
ZGE3NTQzMGIxNmY2LzEvaHZkR1BxR1pBQ0tCR2Y5M3JudGVqNjdsdjU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUtZGE3NTQzMGIxNmY2
LzEvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW2zyMA0G
CSqGSIb3DQEBCwUAA4IBAQAAlBS72VeymqLhZTULziZI6bzjMR0uPpxFr/Vqe7yK
i82UO1+v2hfVC+kFt7kUfVE9UQcsMEvfdR5xLcOpM1nN4D7N6F+gqfHWlA3lTbI+
mUbRw613V9KADIhbzC6UOJLgZdQuKbtH4NHtRNVVptL6DG3qM5cRufXt2SKS88WH
4M4V1GLV5oBgtwwr1R5ahJess46BfZ9mlb3EYbSsdFDpsb7SHBCxWE+mKeTr5jDj
pZr3cWNSilemKaC5BO/L2az6Hx8Bx5MY0JX5PnHQgf1/kg5eOrRLGWoIbCKD16t1
iS/xeiJa/lYsJvgma7/8SIoU1Z1aVL8TpMoGytbzr6+a
-----END CERTIFICATE-----