This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/6ee2f5-9f60-47dc-8cd9-cd5255733304/1/pfoAptjf90KHppVYfbniqr79bWQ.roa
File:                     pfoAptjf90KHppVYfbniqr79bWQ.roa (raw, json)
Hash identifier:          nzU7SasV7epGNnZEN6voJrWpKWaW62VKhMj/SG20B44=
Subject key identifier:   A5:FA:00:A6:D8:DF:F7:42:87:A6:95:58:7D:B9:E2:AA:BE:FD:6D:64
Certificate issuer:       /CN=08f46bfa2046fbc98e627f403483271123beca0a
Certificate serial:       019B7CEDA2BCDD3B3A03721ACFF050EBB52B
Authority key identifier: 08:F4:6B:FA:20:46:FB:C9:8E:62:7F:40:34:83:27:11:23:BE:CA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPRr-iBG-8mOYn9ANIMnESO-ygo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/6ee2f5-9f60-47dc-8cd9-cd5255733304/1/pfoAptjf90KHppVYfbniqr79bWQ.roa
Signing time:             Fri 02 Jan 2026 04:18:27 +0000
ROA not before:           Fri 02 Jan 2026 04:18:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31477
IP address blocks:        91.196.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/6ee2f5-9f60-47dc-8cd9-cd5255733304/1/CPRr-iBG-8mOYn9ANIMnESO-ygo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/6ee2f5-9f60-47dc-8cd9-cd5255733304/1/CPRr-iBG-8mOYn9ANIMnESO-ygo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPRr-iBG-8mOYn9ANIMnESO-ygo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Feb 2026 00:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:a2:bc:dd:3b:3a:03:72:1a:cf:f0:50:eb:b5:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08f46bfa2046fbc98e627f403483271123beca0a
        Validity
            Not Before: Jan  2 04:18:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a5fa00a6d8dff74287a695587db9e2aabefd6d64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:ee:26:1f:f0:ba:9d:28:f7:ac:31:44:ea:92:
                    91:75:f2:b9:75:91:55:f1:de:94:6a:4f:21:53:ae:
                    d2:b2:65:78:e6:b4:07:2d:0b:e9:dd:7c:3c:cf:5a:
                    62:b4:da:62:f4:fb:f0:6c:e9:4c:91:71:c0:e6:6e:
                    21:6a:19:ef:4e:1c:b2:99:31:e3:e6:1f:b3:72:33:
                    67:b8:7a:9c:a5:3e:90:15:16:d1:4e:56:72:7c:c4:
                    45:66:5e:b6:2a:4d:5f:07:35:15:17:a4:46:7f:99:
                    10:5e:35:41:a2:ab:12:85:00:f1:ba:bf:ea:03:c8:
                    8f:76:e1:c3:12:68:b0:c2:03:5f:cc:7b:10:b1:07:
                    f7:1b:0c:e8:2f:38:38:2c:0e:8a:bb:78:f5:80:39:
                    1b:df:50:ca:66:f0:94:9a:28:e2:d4:3f:49:29:33:
                    dd:cf:0c:c6:49:e3:cc:4b:ed:84:6b:3c:7f:15:43:
                    da:66:f3:8d:c8:47:7a:36:93:59:a4:62:ec:0d:7a:
                    72:87:ca:ea:0d:f2:28:90:8e:33:4b:9e:6d:32:da:
                    1f:c9:8c:81:73:f3:12:6a:77:07:ee:04:bd:17:8c:
                    89:a2:7e:52:9a:c0:22:9e:68:57:c5:66:65:d5:e5:
                    d5:f2:a9:a0:61:ad:8c:38:c9:8b:20:4b:49:ea:ad:
                    35:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:FA:00:A6:D8:DF:F7:42:87:A6:95:58:7D:B9:E2:AA:BE:FD:6D:64
            X509v3 Authority Key Identifier:
                keyid:08:F4:6B:FA:20:46:FB:C9:8E:62:7F:40:34:83:27:11:23:BE:CA:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPRr-iBG-8mOYn9ANIMnESO-ygo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/6ee2f5-9f60-47dc-8cd9-cd5255733304/1/pfoAptjf90KHppVYfbniqr79bWQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/6ee2f5-9f60-47dc-8cd9-cd5255733304/1/CPRr-iBG-8mOYn9ANIMnESO-ygo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.196.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:f7:ed:1b:e0:70:15:2e:5a:26:5c:e0:7a:15:ec:27:ca:6d:
         46:08:b6:4f:45:d7:f0:4b:16:c7:ec:1d:37:7c:f4:13:89:af:
         57:e5:49:51:5f:3c:b4:0a:2d:c7:38:f0:bc:1e:ea:0d:6a:03:
         b2:67:b6:98:2d:ad:09:4f:11:e3:0e:15:3b:01:4b:a9:9f:e1:
         d6:b1:e0:37:de:93:86:49:17:85:63:1d:6c:ca:36:a5:8f:78:
         36:74:b2:2a:1a:94:d0:d5:ec:1f:34:62:1b:34:30:29:23:5b:
         07:d1:d3:14:85:44:95:06:ea:e3:b5:7d:6b:ef:ce:78:6f:46:
         00:df:78:0d:8e:d5:71:c3:6a:6f:2a:5a:fd:08:f9:01:5b:d3:
         3b:8d:d1:d0:97:a0:b9:9d:6d:79:a4:5e:fc:17:57:3e:4a:d1:
         3f:6c:9f:89:76:ad:e9:9f:9d:c4:9c:4d:52:1c:c5:56:95:44:
         6b:38:87:0d:ab:8b:38:d8:a7:ff:64:80:2f:b4:05:fc:30:60:
         bc:3b:b7:ec:fd:5f:35:3e:ca:e9:3a:2e:ff:7c:3c:72:79:29:
         ab:a9:e2:9c:03:2e:b2:1a:5a:03:4a:a7:d4:10:a1:56:80:c8:
         22:e2:86:6e:3e:07:75:0f:39:9f:fb:44:67:06:15:a0:eb:ee:
         ac:b5:a1:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87aK83Ts6A3Iaz/BQ67UrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ZjQ2YmZhMjA0NmZiYzk4ZTYyN2Y0MDM0ODMyNzExMjNi
ZWNhMGEwHhcNMjYwMTAyMDQxODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWZhMDBhNmQ4ZGZmNzQyODdhNjk1NTg3ZGI5ZTJhYWJlZmQ2ZDY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnu4mH/C6nSj3rDFE6pKRdfK5dZFV
8d6Uak8hU67SsmV45rQHLQvp3Xw8z1pitNpi9PvwbOlMkXHA5m4hahnvThyymTHj
5h+zcjNnuHqcpT6QFRbRTlZyfMRFZl62Kk1fBzUVF6RGf5kQXjVBoqsShQDxur/q
A8iPduHDEmiwwgNfzHsQsQf3GwzoLzg4LA6Ku3j1gDkb31DKZvCUmiji1D9JKTPd
zwzGSePMS+2Eazx/FUPaZvONyEd6NpNZpGLsDXpyh8rqDfIokI4zS55tMtofyYyB
c/MSancH7gS9F4yJon5SmsAinmhXxWZl1eXV8qmgYa2MOMmLIEtJ6q01swIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKX6AKbY3/dCh6aVWH254qq+/W1kMB8GA1UdIwQY
MBaAFAj0a/ogRvvJjmJ/QDSDJxEjvsoKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1BSci1pQkctOG1PWW45QU5JTW5FU08teWdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS82ZWUyZjUtOWY2MC00N2RjLThjZDkt
Y2Q1MjU1NzMzMzA0LzEvcGZvQXB0amY5MEtIcHBWWWZibmlxcjc5YldRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS82ZWUyZjUtOWY2MC00N2RjLThjZDktY2Q1MjU1NzMzMzA0
LzEvQ1BSci1pQkctOG1PWW45QU5JTW5FU08teWdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8RrMA0G
CSqGSIb3DQEBCwUAA4IBAQBa9+0b4HAVLlomXOB6Fewnym1GCLZPRdfwSxbH7B03
fPQTia9X5UlRXzy0Ci3HOPC8HuoNagOyZ7aYLa0JTxHjDhU7AUupn+HWseA33pOG
SReFYx1syjalj3g2dLIqGpTQ1ewfNGIbNDApI1sH0dMUhUSVBurjtX1r7854b0YA
33gNjtVxw2pvKlr9CPkBW9M7jdHQl6C5nW15pF78F1c+StE/bJ+Jdq3pn53EnE1S
HMVWlURrOIcNq4s42Kf/ZIAvtAX8MGC8O7fs/V81PsrpOi7/fDxyeSmrqeKcAy6y
GloDSqfUEKFWgMgi4oZuPgd1Dzmf+0RnBhWg6+6staE9
-----END CERTIFICATE-----