This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/sSe9vjQhLXz0LCDCrOhG3-q5jrA.roa
File:                     sSe9vjQhLXz0LCDCrOhG3-q5jrA.roa (raw, json)
Hash identifier:          Ks/R2WS3cda1aUMFkl1JkdwTxi5reAccOsu/QKsp7Og=
Subject key identifier:   B1:27:BD:BE:34:21:2D:7C:F4:2C:20:C2:AC:E8:46:DF:EA:B9:8E:B0
Certificate issuer:       /CN=2c71c96005e13a84a3f31ef1d991777f4b6e31a7
Certificate serial:       019B7EA733B3D3165F56F0DC792662AAAFB3
Authority key identifier: 2C:71:C9:60:05:E1:3A:84:A3:F3:1E:F1:D9:91:77:7F:4B:6E:31:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/sSe9vjQhLXz0LCDCrOhG3-q5jrA.roa
Signing time:             Fri 02 Jan 2026 12:20:45 +0000
ROA not before:           Fri 02 Jan 2026 12:20:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57045
IP address blocks:        91.221.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 06:01:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a7:33:b3:d3:16:5f:56:f0:dc:79:26:62:aa:af:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c71c96005e13a84a3f31ef1d991777f4b6e31a7
        Validity
            Not Before: Jan  2 12:20:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b127bdbe34212d7cf42c20c2ace846dfeab98eb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:9c:fc:f8:3e:d4:2e:60:78:76:a4:58:f8:e3:
                    f2:e6:83:af:44:fc:e2:3f:ed:7f:ec:28:e3:f3:87:
                    46:6a:1a:cd:2a:07:1f:c8:09:91:fd:e9:db:e2:ba:
                    3f:a1:fd:df:80:a7:20:22:b1:15:61:ad:73:83:56:
                    de:90:2e:ca:e3:e2:65:97:f4:3d:95:c2:ae:72:7d:
                    01:e8:fc:10:23:40:16:10:86:da:3d:2a:29:2e:a8:
                    bd:59:56:28:61:99:a5:88:c9:ad:37:20:06:25:fd:
                    8d:d6:40:37:29:03:0e:ef:30:4a:7b:97:5e:6a:8a:
                    4e:32:7c:5f:f0:f1:99:f6:11:a0:a4:b0:c4:4f:f4:
                    e1:4b:36:60:d7:d4:28:06:94:85:0b:19:b6:4f:89:
                    74:45:8d:b8:4b:90:6f:e6:4d:be:6d:ca:ad:40:05:
                    ad:ca:01:b4:30:ff:3c:e4:2b:f9:42:b5:84:88:b3:
                    8b:bf:63:9a:16:2f:eb:04:81:8f:07:bb:01:d2:86:
                    18:7d:b5:a0:96:78:e4:41:66:31:1d:a9:88:68:39:
                    73:a2:06:56:d3:84:51:1c:de:25:cf:99:6e:c2:f4:
                    da:26:5e:c3:db:86:01:35:b9:1d:ca:55:9e:61:49:
                    d0:a2:4f:bf:bf:a0:21:20:fa:49:7a:de:17:b7:33:
                    9a:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:27:BD:BE:34:21:2D:7C:F4:2C:20:C2:AC:E8:46:DF:EA:B9:8E:B0
            X509v3 Authority Key Identifier:
                keyid:2C:71:C9:60:05:E1:3A:84:A3:F3:1E:F1:D9:91:77:7F:4B:6E:31:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/sSe9vjQhLXz0LCDCrOhG3-q5jrA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:74:8b:66:a3:04:2b:5c:85:d2:80:3f:84:a4:fe:a9:e7:2d:
         d4:b2:69:e4:4b:39:98:75:19:6f:dc:1d:73:4b:a3:3a:8a:73:
         e2:34:00:a8:29:f9:e9:e7:84:d2:e7:b7:88:c8:0d:bb:cd:c0:
         71:65:62:4f:eb:39:49:62:8d:c8:0d:55:9f:9e:e2:9e:43:ec:
         ef:a8:16:62:cc:e0:15:89:4d:65:c0:0d:15:4e:47:a1:fc:f3:
         6f:ba:fc:86:c5:61:6e:f4:04:85:90:36:c3:5c:24:73:c2:78:
         ae:77:17:a6:07:93:76:3d:c2:ac:6e:32:f8:d3:1c:78:c5:d8:
         97:e8:91:ec:46:c4:33:0d:24:ae:82:74:c0:e6:21:ed:9c:98:
         85:bd:56:54:e6:8f:b8:30:e2:c1:48:bf:b7:b3:17:69:c1:dd:
         64:c1:fb:fe:d6:57:0f:ab:1f:78:2c:d9:09:55:f3:b5:3e:e5:
         16:5c:2b:b4:b5:86:1e:7d:05:5d:2e:7a:f0:e3:b2:fd:ec:7c:
         cc:56:45:5e:a2:af:0d:ae:85:f4:7a:54:f5:ac:02:09:ba:0c:
         86:ce:f2:af:e1:90:34:d6:f7:6b:dd:33:cc:0f:07:fa:e3:64:
         89:d1:6c:43:7d:64:f0:e2:06:03:c4:0a:7f:66:78:37:84:57:
         7d:6d:bf:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pzOz0xZfVvDceSZiqq+zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjNzFjOTYwMDVlMTNhODRhM2YzMWVmMWQ5OTE3NzdmNGI2
ZTMxYTcwHhcNMjYwMTAyMTIyMDQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTI3YmRiZTM0MjEyZDdjZjQyYzIwYzJhY2U4NDZkZmVhYjk4ZWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm5z8+D7ULmB4dqRY+OPy5oOvRPzi
P+1/7Cjj84dGahrNKgcfyAmR/enb4ro/of3fgKcgIrEVYa1zg1bekC7K4+Jll/Q9
lcKucn0B6PwQI0AWEIbaPSopLqi9WVYoYZmliMmtNyAGJf2N1kA3KQMO7zBKe5de
aopOMnxf8PGZ9hGgpLDET/ThSzZg19QoBpSFCxm2T4l0RY24S5Bv5k2+bcqtQAWt
ygG0MP885Cv5QrWEiLOLv2OaFi/rBIGPB7sB0oYYfbWglnjkQWYxHamIaDlzogZW
04RRHN4lz5luwvTaJl7D24YBNbkdylWeYUnQok+/v6AhIPpJet4XtzOaDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLEnvb40IS189CwgwqzoRt/quY6wMB8GA1UdIwQY
MBaAFCxxyWAF4TqEo/Me8dmRd39LbjGnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEhISllBWGhPb1NqOHg3eDJaRjNmMHR1TWFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9mYTM1NDQtMTAyNS00ZThmLWE4ZmUt
N2EyOGFmMjljZGMyLzEvc1NlOXZqUWhMWHowTENEQ3JPaEczLXE1anJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9mYTM1NDQtMTAyNS00ZThmLWE4ZmUtN2EyOGFmMjljZGMy
LzEvTEhISllBWGhPb1NqOHg3eDJaRjNmMHR1TWFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW90rMA0G
CSqGSIb3DQEBCwUAA4IBAQCcdItmowQrXIXSgD+EpP6p5y3UsmnkSzmYdRlv3B1z
S6M6inPiNACoKfnp54TS57eIyA27zcBxZWJP6zlJYo3IDVWfnuKeQ+zvqBZizOAV
iU1lwA0VTkeh/PNvuvyGxWFu9ASFkDbDXCRzwniudxemB5N2PcKsbjL40xx4xdiX
6JHsRsQzDSSugnTA5iHtnJiFvVZU5o+4MOLBSL+3sxdpwd1kwfv+1lcPqx94LNkJ
VfO1PuUWXCu0tYYefQVdLnrw47L97HzMVkVeoq8NroX0elT1rAIJugyGzvKv4ZA0
1vdr3TPMDwf642SJ0WxDfWTw4gYDxAp/Zng3hFd9bb9N
-----END CERTIFICATE-----