This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/3be899-a52f-43ad-8e89-f1cd9fa28cc5/1/clFIubjbLQqxbnoigbE4pHEFWAU.roa
File:                     clFIubjbLQqxbnoigbE4pHEFWAU.roa (raw, json)
Hash identifier:          1t4DJkKFGPggpFIGiXnW0fwPm80oShJdtzZrjtLGtZQ=
Subject key identifier:   72:51:48:B9:B8:DB:2D:0A:B1:6E:7A:22:81:B1:38:A4:71:05:58:05
Certificate issuer:       /CN=b79de9458d190e634329f9df1503b5222c1624ee
Certificate serial:       019B9240311F00A57DB7B8978266937A1FF7
Authority key identifier: B7:9D:E9:45:8D:19:0E:63:43:29:F9:DF:15:03:B5:22:2C:16:24:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t53pRY0ZDmNDKfnfFQO1IiwWJO4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/3be899-a52f-43ad-8e89-f1cd9fa28cc5/1/clFIubjbLQqxbnoigbE4pHEFWAU.roa
Signing time:             Tue 06 Jan 2026 07:40:38 +0000
ROA not before:           Tue 06 Jan 2026 07:40:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213418
IP address blocks:        91.198.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/3be899-a52f-43ad-8e89-f1cd9fa28cc5/1/t53pRY0ZDmNDKfnfFQO1IiwWJO4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/3be899-a52f-43ad-8e89-f1cd9fa28cc5/1/t53pRY0ZDmNDKfnfFQO1IiwWJO4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t53pRY0ZDmNDKfnfFQO1IiwWJO4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Feb 2026 21:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:92:40:31:1f:00:a5:7d:b7:b8:97:82:66:93:7a:1f:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b79de9458d190e634329f9df1503b5222c1624ee
        Validity
            Not Before: Jan  6 07:40:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=725148b9b8db2d0ab16e7a2281b138a471055805
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:de:08:41:b2:56:ad:c5:f3:48:29:29:13:f2:
                    16:dd:f0:55:6e:f8:72:b3:c4:f9:34:f1:33:6f:31:
                    a1:30:56:9d:a1:9a:c5:11:f8:44:11:b1:4b:be:52:
                    8c:ae:51:f9:83:fc:94:0d:c4:57:2a:c5:41:9c:e5:
                    4c:63:db:77:f6:3a:55:e3:7c:bb:6e:a5:1f:58:b1:
                    2e:71:a5:38:f0:63:cf:9d:44:54:1f:4b:3f:04:4e:
                    08:2b:b8:51:04:56:da:3a:d7:9f:16:fc:92:96:eb:
                    bd:f5:87:12:aa:a3:1d:b5:a1:0f:d5:51:8f:3c:37:
                    a3:34:c3:a3:26:30:05:bb:94:5c:ff:ae:8b:ed:aa:
                    03:5e:b5:92:59:da:b6:4e:50:20:55:d2:a7:c0:71:
                    91:86:9a:1d:f8:8a:2d:4d:84:ba:56:90:9d:53:cf:
                    54:a4:68:b1:6a:a1:bc:ec:c6:9f:ff:46:6a:0d:74:
                    0b:1b:e3:83:ad:eb:b9:12:bb:6e:27:10:c7:d8:0f:
                    33:c8:1a:7e:b4:88:3d:b0:ee:60:84:05:38:f5:eb:
                    0a:f5:58:e3:a2:3f:29:f6:28:92:58:2f:00:52:4f:
                    b2:09:d4:8d:ab:52:82:da:f3:06:9b:94:54:ab:c7:
                    18:9d:57:19:73:0b:6b:97:49:19:d8:64:cf:ee:55:
                    d0:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:51:48:B9:B8:DB:2D:0A:B1:6E:7A:22:81:B1:38:A4:71:05:58:05
            X509v3 Authority Key Identifier:
                keyid:B7:9D:E9:45:8D:19:0E:63:43:29:F9:DF:15:03:B5:22:2C:16:24:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t53pRY0ZDmNDKfnfFQO1IiwWJO4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/3be899-a52f-43ad-8e89-f1cd9fa28cc5/1/clFIubjbLQqxbnoigbE4pHEFWAU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/3be899-a52f-43ad-8e89-f1cd9fa28cc5/1/t53pRY0ZDmNDKfnfFQO1IiwWJO4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:db:29:a2:b4:71:04:30:8d:65:99:5d:41:30:09:8f:b2:94:
         b2:12:d9:e8:c6:1b:41:53:3b:07:66:13:e3:ab:18:dd:a5:9c:
         83:8e:ed:2b:5c:32:bf:36:ce:97:f1:3e:9d:ba:3d:63:42:af:
         fe:2a:1e:03:81:b7:40:f4:dc:aa:7c:76:72:34:27:43:8b:9e:
         57:5a:94:a1:ce:87:d5:5e:34:b1:d0:d1:8c:7e:c8:31:72:40:
         e0:80:9c:a6:77:66:f3:a7:57:ff:03:35:ff:03:81:b9:83:5a:
         f8:bd:a7:41:10:a5:ab:fc:fe:99:89:4f:3f:c4:93:c6:b4:2a:
         3b:7c:f5:df:71:37:80:f6:cc:e3:d7:4f:65:c5:7a:76:09:63:
         23:74:df:e4:0b:61:9a:c0:59:59:49:54:6f:0a:e1:2d:98:9b:
         3d:2d:98:b8:25:1b:d3:aa:86:91:bb:95:7f:d6:a4:13:c0:e3:
         51:dd:0c:1b:43:6e:ff:9d:4d:83:35:e4:a0:d3:aa:76:ca:a5:
         af:2d:5f:56:98:5f:2b:77:90:af:83:af:a6:43:1b:09:b9:25:
         3e:b4:53:ea:e5:99:53:38:6e:5a:8b:3d:82:04:1d:d9:e7:45:
         a3:ab:b5:3a:0f:ad:6c:11:23:43:27:19:24:d3:f7:16:b2:b2:
         35:67:e8:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZuSQDEfAKV9t7iXgmaTeh/3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3OWRlOTQ1OGQxOTBlNjM0MzI5ZjlkZjE1MDNiNTIyMmMx
NjI0ZWUwHhcNMjYwMTA2MDc0MDM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjUxNDhiOWI4ZGIyZDBhYjE2ZTdhMjI4MWIxMzhhNDcxMDU1ODA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyt4IQbJWrcXzSCkpE/IW3fBVbvhy
s8T5NPEzbzGhMFadoZrFEfhEEbFLvlKMrlH5g/yUDcRXKsVBnOVMY9t39jpV43y7
bqUfWLEucaU48GPPnURUH0s/BE4IK7hRBFbaOtefFvySluu99YcSqqMdtaEP1VGP
PDejNMOjJjAFu5Rc/66L7aoDXrWSWdq2TlAgVdKnwHGRhpod+IotTYS6VpCdU89U
pGixaqG87Maf/0ZqDXQLG+ODreu5ErtuJxDH2A8zyBp+tIg9sO5ghAU49esK9Vjj
oj8p9iiSWC8AUk+yCdSNq1KC2vMGm5RUq8cYnVcZcwtrl0kZ2GTP7lXQXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHJRSLm42y0KsW56IoGxOKRxBVgFMB8GA1UdIwQY
MBaAFLed6UWNGQ5jQyn53xUDtSIsFiTuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDUzcFJZMFpEbU5ES2ZuZkZRTzFJaXdXSk80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS8zYmU4OTktYTUyZi00M2FkLThlODkt
ZjFjZDlmYTI4Y2M1LzEvY2xGSXViamJMUXF4Ym5vaWdiRTRwSEVGV0FVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS8zYmU4OTktYTUyZi00M2FkLThlODktZjFjZDlmYTI4Y2M1
LzEvdDUzcFJZMFpEbU5ES2ZuZkZRTzFJaXdXSk80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8ZmMA0G
CSqGSIb3DQEBCwUAA4IBAQBK2ymitHEEMI1lmV1BMAmPspSyEtnoxhtBUzsHZhPj
qxjdpZyDju0rXDK/Ns6X8T6duj1jQq/+Kh4DgbdA9NyqfHZyNCdDi55XWpShzofV
XjSx0NGMfsgxckDggJymd2bzp1f/AzX/A4G5g1r4vadBEKWr/P6ZiU8/xJPGtCo7
fPXfcTeA9szj109lxXp2CWMjdN/kC2GawFlZSVRvCuEtmJs9LZi4JRvTqoaRu5V/
1qQTwONR3QwbQ27/nU2DNeSg06p2yqWvLV9WmF8rd5Cvg6+mQxsJuSU+tFPq5ZlT
OG5aiz2CBB3Z50Wjq7U6D61sESNDJxkk0/cWsrI1Z+iL
-----END CERTIFICATE-----