This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/rkni80Or2w2QygXy0RTlNsvlL8E.roa
File:                     rkni80Or2w2QygXy0RTlNsvlL8E.roa (raw, json)
Hash identifier:          gMQ3ViXeTKyCOOddnGlJIocGpXYE80FbVoVgkMfQtjU=
Subject key identifier:   AE:49:E2:F3:43:AB:DB:0D:90:CA:05:F2:D1:14:E5:36:CB:E5:2F:C1
Certificate issuer:       /CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
Certificate serial:       019B76EB184FC78D370BD94CF64CBA8F24D9
Authority key identifier: C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/rkni80Or2w2QygXy0RTlNsvlL8E.roa
Signing time:             Thu 01 Jan 2026 00:17:57 +0000
ROA not before:           Thu 01 Jan 2026 00:17:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50124
IP address blocks:        91.108.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 12:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:18:4f:c7:8d:37:0b:d9:4c:f6:4c:ba:8f:24:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
        Validity
            Not Before: Jan  1 00:17:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ae49e2f343abdb0d90ca05f2d114e536cbe52fc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:7a:52:31:dc:04:ea:7d:b5:95:25:9a:04:3d:
                    1f:65:a7:56:89:57:9e:ab:92:f6:7a:fe:0e:68:da:
                    d6:89:1d:31:8c:38:b4:16:22:8c:18:96:e9:6b:fd:
                    06:e9:38:a2:5a:1f:0a:0c:f8:80:55:ef:10:8a:0d:
                    45:4b:c1:6b:3a:b5:84:5d:a6:69:a3:f6:d4:8c:d3:
                    8a:7d:d4:19:48:9d:94:9c:82:a6:56:ae:75:9f:31:
                    e3:1f:42:99:1e:30:81:3e:d7:24:f4:25:56:cd:97:
                    b7:e9:c0:51:79:c0:f8:27:d0:77:d5:28:ad:63:77:
                    e9:bc:a2:b4:5c:b5:80:2b:55:f1:6e:f1:72:e0:3e:
                    72:5a:96:da:7d:1c:99:74:d4:0b:ff:47:1c:78:1b:
                    c4:10:6e:08:18:fb:62:c7:3f:54:a0:4e:39:39:2f:
                    fa:04:00:9a:ab:5c:15:d8:a3:35:ba:ba:59:1a:bf:
                    39:91:86:9c:20:8f:e5:37:18:55:33:24:1b:ee:a5:
                    00:c2:62:6e:9b:d3:a6:ce:d4:0e:33:0b:a9:f3:66:
                    97:70:5b:5c:67:de:54:9a:eb:75:5d:4e:f5:48:a2:
                    47:ff:db:af:ad:eb:ac:76:66:7f:1c:25:bf:b0:74:
                    d6:60:84:18:6f:a2:74:62:c7:61:a1:41:26:c6:6d:
                    f1:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:49:E2:F3:43:AB:DB:0D:90:CA:05:F2:D1:14:E5:36:CB:E5:2F:C1
            X509v3 Authority Key Identifier:
                keyid:C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/rkni80Or2w2QygXy0RTlNsvlL8E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.108.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:0f:bf:c4:9a:e6:21:27:ae:2d:53:d0:a1:34:fb:65:8f:ed:
         33:f5:84:ea:53:f1:f7:ea:53:57:1a:cb:4f:f7:03:4e:c4:a4:
         f2:b8:f4:65:b8:2e:87:67:5b:28:73:b4:ad:f6:6e:a5:5e:c1:
         76:fe:d5:8e:10:aa:3a:e5:72:f0:24:98:e2:23:9a:0e:e6:0a:
         04:28:c9:41:69:cc:d0:14:fd:15:ca:f7:1c:84:6c:85:a2:d0:
         ff:2c:4f:ad:e5:b1:9d:80:4b:78:d6:bb:b6:d2:c1:f5:a2:84:
         00:5c:23:0b:fb:b0:0a:cf:0b:9b:3f:03:10:9f:a9:58:d5:dd:
         18:16:e9:27:b4:b8:f5:db:c8:89:a2:c2:7c:e4:0d:e7:a9:b5:
         82:f9:95:76:f0:3c:d1:a2:7a:52:50:e3:4f:23:c6:c2:82:2d:
         b8:42:3a:35:25:3c:5e:27:54:59:84:77:4d:a6:97:90:5b:29:
         c7:2c:46:6e:f5:90:c6:65:cb:a3:50:fd:5b:7d:5e:23:21:e7:
         c0:1b:14:5a:98:ef:1c:6b:ba:8d:1a:71:02:bf:53:7b:b8:1a:
         ed:54:b2:5d:2d:c5:f4:3b:60:41:27:a1:26:b3:95:fe:d5:e1:
         14:1f:98:70:0e:db:3c:85:91:92:bc:aa:fd:30:7a:e0:a5:4d:
         33:e6:89:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26xhPx403C9lM9ky6jyTZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZWU0NTQyNmUxMmU1MGZlMzBlOGZmYzM5ZTA0NDg1ZDhm
NzMzMzkwHhcNMjYwMTAxMDAxNzU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTQ5ZTJmMzQzYWJkYjBkOTBjYTA1ZjJkMTE0ZTUzNmNiZTUyZmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXpSMdwE6n21lSWaBD0fZadWiVee
q5L2ev4OaNrWiR0xjDi0FiKMGJbpa/0G6TiiWh8KDPiAVe8Qig1FS8FrOrWEXaZp
o/bUjNOKfdQZSJ2UnIKmVq51nzHjH0KZHjCBPtck9CVWzZe36cBRecD4J9B31Sit
Y3fpvKK0XLWAK1XxbvFy4D5yWpbafRyZdNQL/0cceBvEEG4IGPtixz9UoE45OS/6
BACaq1wV2KM1urpZGr85kYacII/lNxhVMyQb7qUAwmJum9OmztQOMwup82aXcFtc
Z95Umut1XU71SKJH/9uvreusdmZ/HCW/sHTWYIQYb6J0YsdhoUEmxm3xuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK5J4vNDq9sNkMoF8tEU5TbL5S/BMB8GA1UdIwQY
MBaAFMLuRUJuEuUP4w6P/DngRIXY9zM5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUt
ZGE3NTQzMGIxNmY2LzEvcmtuaTgwT3IydzJReWdYeTBSVGxOc3ZsTDhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUtZGE3NTQzMGIxNmY2
LzEvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW2z9MA0G
CSqGSIb3DQEBCwUAA4IBAQCqD7/EmuYhJ64tU9ChNPtlj+0z9YTqU/H36lNXGstP
9wNOxKTyuPRluC6HZ1soc7St9m6lXsF2/tWOEKo65XLwJJjiI5oO5goEKMlBaczQ
FP0VyvcchGyFotD/LE+t5bGdgEt41ru20sH1ooQAXCML+7AKzwubPwMQn6lY1d0Y
FukntLj128iJosJ85A3nqbWC+ZV28DzRonpSUONPI8bCgi24Qjo1JTxeJ1RZhHdN
ppeQWynHLEZu9ZDGZcujUP1bfV4jIefAGxRamO8ca7qNGnECv1N7uBrtVLJdLcX0
O2BBJ6Ems5X+1eEUH5hwDts8hZGSvKr9MHrgpU0z5okq
-----END CERTIFICATE-----