This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/ac598f-5f52-4330-b013-57069e0803b5/1/avNEwpL_11H5YSsomwm0HOp9pcY.roa
File:                     avNEwpL_11H5YSsomwm0HOp9pcY.roa (raw, json)
Hash identifier:          W9XdBIvP8KNer4n6RxTSErrCF+Uq5P5iFTsq9VlqdFo=
Subject key identifier:   6A:F3:44:C2:92:FF:D7:51:F9:61:2B:28:9B:09:B4:1C:EA:7D:A5:C6
Certificate issuer:       /CN=e37a20a7f28a824f67315a566e59244aaa8c7d4a
Certificate serial:       019B7DCAA474B9B6936CE16DE2A0DB24A2A6
Authority key identifier: E3:7A:20:A7:F2:8A:82:4F:67:31:5A:56:6E:59:24:4A:AA:8C:7D:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/43ogp_KKgk9nMVpWblkkSqqMfUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/ac598f-5f52-4330-b013-57069e0803b5/1/avNEwpL_11H5YSsomwm0HOp9pcY.roa
Signing time:             Fri 02 Jan 2026 08:19:50 +0000
ROA not before:           Fri 02 Jan 2026 08:19:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56399
IP address blocks:        91.225.164.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/ac598f-5f52-4330-b013-57069e0803b5/1/43ogp_KKgk9nMVpWblkkSqqMfUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/ac598f-5f52-4330-b013-57069e0803b5/1/43ogp_KKgk9nMVpWblkkSqqMfUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/43ogp_KKgk9nMVpWblkkSqqMfUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 14:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:a4:74:b9:b6:93:6c:e1:6d:e2:a0:db:24:a2:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e37a20a7f28a824f67315a566e59244aaa8c7d4a
        Validity
            Not Before: Jan  2 08:19:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6af344c292ffd751f9612b289b09b41cea7da5c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:6b:d8:5f:89:2e:1b:21:7e:35:e3:05:c8:63:
                    41:72:98:2c:5f:b2:41:6e:e9:e9:76:9f:6c:38:96:
                    33:5b:58:42:c8:25:5b:17:c5:8f:5d:23:2c:7c:50:
                    c3:9c:da:0d:fe:c6:32:f1:49:8c:25:48:1f:1a:e6:
                    19:73:ff:0a:f2:63:66:d6:04:38:a5:5c:f1:5f:3f:
                    86:fc:f3:70:e9:4e:7c:b0:ca:e4:07:e2:06:f5:08:
                    ed:c4:a3:ef:b0:f2:62:9d:6c:6a:0f:f0:2c:3e:08:
                    d3:2a:21:7d:a1:f5:26:41:51:f3:84:8e:27:f7:cd:
                    a8:6d:69:a4:6c:0d:bf:71:a8:0a:c3:92:e1:0e:44:
                    b3:f4:86:ed:28:cd:60:18:0f:8f:07:a7:6d:36:bc:
                    45:3d:0a:75:cc:99:d6:a9:c9:44:bc:24:28:c0:e8:
                    3f:05:8d:3d:56:0a:5b:e5:92:c4:34:79:8e:33:07:
                    d9:af:43:0b:53:64:98:06:a6:12:a5:9a:16:43:ea:
                    17:3d:11:bc:01:60:f9:f5:83:46:cb:63:62:8f:2d:
                    76:93:0b:a5:d3:14:1f:2d:c6:33:e3:fb:48:73:09:
                    42:70:a7:36:fb:79:01:76:eb:e6:8b:90:52:bf:4d:
                    71:64:2d:64:24:75:e7:01:a6:e7:13:7c:31:46:2c:
                    8b:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:F3:44:C2:92:FF:D7:51:F9:61:2B:28:9B:09:B4:1C:EA:7D:A5:C6
            X509v3 Authority Key Identifier:
                keyid:E3:7A:20:A7:F2:8A:82:4F:67:31:5A:56:6E:59:24:4A:AA:8C:7D:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/43ogp_KKgk9nMVpWblkkSqqMfUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/ac598f-5f52-4330-b013-57069e0803b5/1/avNEwpL_11H5YSsomwm0HOp9pcY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/ac598f-5f52-4330-b013-57069e0803b5/1/43ogp_KKgk9nMVpWblkkSqqMfUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.225.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6e:ba:e3:25:d2:dd:32:3a:d9:cb:ec:60:70:6a:0c:85:1a:c0:
         a4:be:f3:79:8e:5d:1d:b3:a0:2e:61:8a:75:e1:d8:99:e4:f6:
         de:41:22:f6:af:0a:4d:a7:e4:c0:19:93:95:e8:61:52:65:26:
         fc:d1:7e:da:f2:ca:39:45:46:33:47:c3:0f:9d:87:2c:86:72:
         13:f7:23:07:13:9f:68:b3:2e:4c:df:fb:4a:6d:89:b7:3a:0e:
         dd:57:6c:a3:7a:bd:8a:1c:04:da:b8:87:2c:a0:64:e7:91:fc:
         29:fe:59:44:41:68:48:d0:6d:5b:12:1f:9f:6c:95:e1:04:99:
         c0:cc:62:d5:51:13:40:34:7d:81:09:0c:03:12:b8:bd:11:23:
         ff:0c:48:33:42:3f:23:5d:69:c4:b0:af:28:30:f6:68:e2:cd:
         79:0b:f7:56:3d:7f:5b:e0:61:fd:c5:5a:ce:67:7e:c1:25:57:
         2a:80:23:e9:dc:da:37:fb:f7:bd:8b:9e:60:ef:ca:08:f4:50:
         9e:b7:2f:9a:6f:5f:b0:05:15:ee:31:9b:43:5d:f2:b8:f0:dc:
         13:76:fe:9b:9b:2f:9c:c0:b1:0a:68:6f:c2:95:94:e3:b1:6b:
         9b:51:e9:3a:32:4d:8b:fe:04:5a:e0:bb:17:cd:b4:04:7e:6a:
         99:f7:2f:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yqR0ubaTbOFt4qDbJKKmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzN2EyMGE3ZjI4YTgyNGY2NzMxNWE1NjZlNTkyNDRhYWE4
YzdkNGEwHhcNMjYwMTAyMDgxOTUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWYzNDRjMjkyZmZkNzUxZjk2MTJiMjg5YjA5YjQxY2VhN2RhNWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2vYX4kuGyF+NeMFyGNBcpgsX7JB
bunpdp9sOJYzW1hCyCVbF8WPXSMsfFDDnNoN/sYy8UmMJUgfGuYZc/8K8mNm1gQ4
pVzxXz+G/PNw6U58sMrkB+IG9QjtxKPvsPJinWxqD/AsPgjTKiF9ofUmQVHzhI4n
982obWmkbA2/cagKw5LhDkSz9IbtKM1gGA+PB6dtNrxFPQp1zJnWqclEvCQowOg/
BY09Vgpb5ZLENHmOMwfZr0MLU2SYBqYSpZoWQ+oXPRG8AWD59YNGy2Nijy12kwul
0xQfLcYz4/tIcwlCcKc2+3kBduvmi5BSv01xZC1kJHXnAabnE3wxRiyLNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGrzRMKS/9dR+WErKJsJtBzqfaXGMB8GA1UdIwQY
MBaAFON6IKfyioJPZzFaVm5ZJEqqjH1KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDNvZ3BfS0tnazluTVZwV2Jsa2tTcXFNZlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC9hYzU5OGYtNWY1Mi00MzMwLWIwMTMt
NTcwNjllMDgwM2I1LzEvYXZORXdwTF8xMUg1WVNzb213bTBIT3A5cGNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC9hYzU5OGYtNWY1Mi00MzMwLWIwMTMtNTcwNjllMDgwM2I1
LzEvNDNvZ3BfS0tnazluTVZwV2Jsa2tTcXFNZlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW+GkMA0G
CSqGSIb3DQEBCwUAA4IBAQBuuuMl0t0yOtnL7GBwagyFGsCkvvN5jl0ds6AuYYp1
4diZ5PbeQSL2rwpNp+TAGZOV6GFSZSb80X7a8so5RUYzR8MPnYcshnIT9yMHE59o
sy5M3/tKbYm3Og7dV2yjer2KHATauIcsoGTnkfwp/llEQWhI0G1bEh+fbJXhBJnA
zGLVURNANH2BCQwDEri9ESP/DEgzQj8jXWnEsK8oMPZo4s15C/dWPX9b4GH9xVrO
Z37BJVcqgCPp3No3+/e9i55g78oI9FCety+ab1+wBRXuMZtDXfK48NwTdv6bmy+c
wLEKaG/ClZTjsWubUek6Mk2L/gRa4LsXzbQEfmqZ9y/T
-----END CERTIFICATE-----