This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/b0b6e7-3e23-4426-8c84-fab83d403558/1/wFYmGE5l1chJ5-wTECpTY_pMIXM.roa
File:                     wFYmGE5l1chJ5-wTECpTY_pMIXM.roa (raw, json)
Hash identifier:          hK07/sPk/5vCM2raR2H19xhYBW6r/31Luy7kDtFVbII=
Subject key identifier:   C0:56:26:18:4E:65:D5:C8:49:E7:EC:13:10:2A:53:63:FA:4C:21:73
Certificate issuer:       /CN=d6dbaa1b52f3a73289ff768acb7baa7f387f955f
Certificate serial:       019B79ECFFD0794A64A72A5C83C9E6E35B3C
Authority key identifier: D6:DB:AA:1B:52:F3:A7:32:89:FF:76:8A:CB:7B:AA:7F:38:7F:95:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1tuqG1LzpzKJ_3aKy3uqfzh_lV8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/b0b6e7-3e23-4426-8c84-fab83d403558/1/wFYmGE5l1chJ5-wTECpTY_pMIXM.roa
Signing time:             Thu 01 Jan 2026 14:18:53 +0000
ROA not before:           Thu 01 Jan 2026 14:18:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        91.208.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/b0b6e7-3e23-4426-8c84-fab83d403558/1/1tuqG1LzpzKJ_3aKy3uqfzh_lV8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/b0b6e7-3e23-4426-8c84-fab83d403558/1/1tuqG1LzpzKJ_3aKy3uqfzh_lV8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1tuqG1LzpzKJ_3aKy3uqfzh_lV8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 02 Jan 2026 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:ff:d0:79:4a:64:a7:2a:5c:83:c9:e6:e3:5b:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6dbaa1b52f3a73289ff768acb7baa7f387f955f
        Validity
            Not Before: Jan  1 14:18:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c05626184e65d5c849e7ec13102a5363fa4c2173
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:b6:55:14:f4:48:d1:91:97:2c:00:8c:6f:1f:
                    f3:84:7b:26:38:de:6f:b7:4a:1e:92:28:c5:09:96:
                    3b:58:10:79:c8:0f:0c:b7:31:9c:b4:a0:1e:e0:73:
                    f2:f4:0c:2a:04:23:d7:c9:cf:49:9c:d6:76:d9:c6:
                    1d:dd:ef:dc:6f:79:aa:e7:a6:6a:38:0b:24:0b:86:
                    a9:cb:c5:56:cd:1b:0e:cb:85:57:bc:ce:19:80:fd:
                    ac:41:28:cf:f8:b4:ab:1d:73:9d:07:c5:30:63:a5:
                    0c:7e:30:26:95:fd:57:fe:ec:58:e9:04:fa:d5:bf:
                    ec:82:f9:a9:f3:16:da:ae:06:45:54:f8:26:4b:12:
                    5d:b8:4e:8d:2a:49:22:dc:ed:56:8f:6c:ad:59:8d:
                    72:2e:72:d8:03:fe:ed:ad:36:68:71:48:c9:86:95:
                    ec:9f:5c:e7:b5:20:2f:f9:86:20:05:32:06:1b:ae:
                    c2:4b:8a:36:a3:a0:23:d4:1e:ef:74:b6:cd:28:70:
                    1f:5b:69:d6:4d:4b:e4:ef:f8:c2:6c:84:dc:79:2b:
                    58:23:39:a1:d3:c0:af:a6:f3:bf:28:86:1b:1a:69:
                    26:ba:10:51:9b:2c:45:b0:0f:64:db:65:e6:c9:77:
                    a2:6d:a5:20:85:7a:82:4f:37:3b:af:cb:93:1a:69:
                    0c:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:56:26:18:4E:65:D5:C8:49:E7:EC:13:10:2A:53:63:FA:4C:21:73
            X509v3 Authority Key Identifier:
                keyid:D6:DB:AA:1B:52:F3:A7:32:89:FF:76:8A:CB:7B:AA:7F:38:7F:95:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1tuqG1LzpzKJ_3aKy3uqfzh_lV8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/b0b6e7-3e23-4426-8c84-fab83d403558/1/wFYmGE5l1chJ5-wTECpTY_pMIXM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/b0b6e7-3e23-4426-8c84-fab83d403558/1/1tuqG1LzpzKJ_3aKy3uqfzh_lV8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:7b:33:9a:f9:0c:da:e5:82:d6:b9:0c:69:a6:80:cd:68:1c:
         1e:fc:e8:78:3a:3d:93:50:6b:53:cb:57:5f:c5:c4:c8:65:77:
         28:e5:f0:fe:e3:cf:56:47:f0:70:0d:ed:39:75:e8:f3:39:ef:
         84:ee:7f:b3:09:6d:a0:45:63:4a:90:3c:e8:26:62:db:32:c7:
         92:7a:cc:54:1e:8b:0f:01:e4:51:ff:3a:fd:f1:1c:12:d7:03:
         40:d4:1a:f2:14:c1:ff:5e:ca:2c:6f:2f:e0:d7:b3:cc:cc:47:
         46:1f:c9:79:4a:7f:da:d2:c0:b8:50:45:28:63:f3:5a:65:93:
         7b:5d:c5:14:b0:8e:d8:5f:9c:7b:2c:20:6c:e8:2c:d0:b5:f5:
         01:14:1f:f7:ff:50:dc:18:75:2e:71:48:1a:36:bd:50:f9:8c:
         30:66:0b:26:63:2f:a7:78:78:ba:9b:8d:f8:93:8f:48:cd:8b:
         3d:67:c5:f3:15:36:6f:95:9a:07:d4:40:c8:77:78:e5:d6:0c:
         a9:c5:71:13:6b:08:18:35:1d:c3:7c:25:f5:e6:ce:09:b9:5b:
         5e:1f:4e:5f:a5:2a:6a:d4:45:47:e9:4c:a2:c8:a7:9d:14:cf:
         8a:26:7d:3e:8f:4a:33:4d:3d:11:fa:f9:37:d0:e9:b6:d7:24:
         15:53:ab:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57P/QeUpkpypcg8nm41s8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2ZGJhYTFiNTJmM2E3MzI4OWZmNzY4YWNiN2JhYTdmMzg3
Zjk1NWYwHhcNMjYwMTAxMTQxODUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDU2MjYxODRlNjVkNWM4NDllN2VjMTMxMDJhNTM2M2ZhNGMyMTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrZVFPRI0ZGXLACMbx/zhHsmON5v
t0oekijFCZY7WBB5yA8MtzGctKAe4HPy9AwqBCPXyc9JnNZ22cYd3e/cb3mq56Zq
OAskC4apy8VWzRsOy4VXvM4ZgP2sQSjP+LSrHXOdB8UwY6UMfjAmlf1X/uxY6QT6
1b/sgvmp8xbargZFVPgmSxJduE6NKkki3O1Wj2ytWY1yLnLYA/7trTZocUjJhpXs
n1zntSAv+YYgBTIGG67CS4o2o6Aj1B7vdLbNKHAfW2nWTUvk7/jCbITceStYIzmh
08CvpvO/KIYbGmkmuhBRmyxFsA9k22XmyXeibaUghXqCTzc7r8uTGmkMtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMBWJhhOZdXISefsExAqU2P6TCFzMB8GA1UdIwQY
MBaAFNbbqhtS86cyif92ist7qn84f5VfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXR1cUcxTHpwektKXzNhS3kzdXFmemhfbFY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9iMGI2ZTctM2UyMy00NDI2LThjODQt
ZmFiODNkNDAzNTU4LzEvd0ZZbUdFNWwxY2hKNS13VEVDcFRZX3BNSVhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9iMGI2ZTctM2UyMy00NDI2LThjODQtZmFiODNkNDAzNTU4
LzEvMXR1cUcxTHpwektKXzNhS3kzdXFmemhfbFY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9AVMA0G
CSqGSIb3DQEBCwUAA4IBAQA2ezOa+Qza5YLWuQxppoDNaBwe/Oh4Oj2TUGtTy1df
xcTIZXco5fD+489WR/BwDe05dejzOe+E7n+zCW2gRWNKkDzoJmLbMseSesxUHosP
AeRR/zr98RwS1wNA1BryFMH/Xsosby/g17PMzEdGH8l5Sn/a0sC4UEUoY/NaZZN7
XcUUsI7YX5x7LCBs6CzQtfUBFB/3/1DcGHUucUgaNr1Q+YwwZgsmYy+neHi6m434
k49IzYs9Z8XzFTZvlZoH1EDId3jl1gypxXETawgYNR3DfCX15s4JuVteH05fpSpq
1EVH6UyiyKedFM+KJn0+j0ozTT0R+vk30Om21yQVU6uk
-----END CERTIFICATE-----