This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/b5559e-950b-48f4-a2ab-b26f1a70af0d/1/DN7ZfyoDKyJXUkj1EC6pJ1I4DkQ.roa
File:                     DN7ZfyoDKyJXUkj1EC6pJ1I4DkQ.roa (raw, json)
Hash identifier:          bY5wbQ98GBM8x3W74YxZg+qztKUip/POgTeTbjHHMZI=
Subject key identifier:   0C:DE:D9:7F:2A:03:2B:22:57:52:48:F5:10:2E:A9:27:52:38:0E:44
Certificate issuer:       /CN=e31722d79bff4384a597cb544d9e7974490d8734
Certificate serial:       019B7EA7109905F14DA4036F2A0A5AAC69A3
Authority key identifier: E3:17:22:D7:9B:FF:43:84:A5:97:CB:54:4D:9E:79:74:49:0D:87:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4xci15v_Q4Sll8tUTZ55dEkNhzQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/b5559e-950b-48f4-a2ab-b26f1a70af0d/1/DN7ZfyoDKyJXUkj1EC6pJ1I4DkQ.roa
Signing time:             Fri 02 Jan 2026 12:20:36 +0000
ROA not before:           Fri 02 Jan 2026 12:20:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198459
IP address blocks:        91.239.53.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/b5559e-950b-48f4-a2ab-b26f1a70af0d/1/4xci15v_Q4Sll8tUTZ55dEkNhzQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/b5559e-950b-48f4-a2ab-b26f1a70af0d/1/4xci15v_Q4Sll8tUTZ55dEkNhzQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4xci15v_Q4Sll8tUTZ55dEkNhzQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a7:10:99:05:f1:4d:a4:03:6f:2a:0a:5a:ac:69:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e31722d79bff4384a597cb544d9e7974490d8734
        Validity
            Not Before: Jan  2 12:20:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0cded97f2a032b22575248f5102ea92752380e44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:3d:1c:d5:17:08:a6:72:7f:e4:1e:a4:6e:5d:
                    99:ec:c9:50:30:2e:4a:2e:9a:85:dc:7a:91:af:6a:
                    b4:d6:a8:1d:9b:c6:66:66:04:09:e4:30:0b:59:ef:
                    c4:7a:3b:62:32:8b:3d:a2:4d:49:a8:24:08:91:01:
                    6e:35:ab:32:be:2b:56:37:ac:ab:3d:a6:2d:23:f8:
                    dd:e1:d2:cf:9e:62:d6:22:9f:e0:3e:d4:38:89:a7:
                    8c:c4:f5:d9:ac:05:53:85:95:e1:5b:66:a8:37:76:
                    ab:f6:89:7d:e7:90:2d:63:51:08:53:14:c4:41:34:
                    13:24:6c:6c:d1:b8:f7:52:38:c5:b9:45:54:36:b0:
                    e8:05:46:fa:60:d1:20:9e:79:eb:da:f1:3d:e3:19:
                    ce:81:c0:d6:9b:79:28:1c:1a:36:92:5f:00:8e:b0:
                    44:71:52:a4:b8:32:68:ab:99:58:2d:11:34:0a:cc:
                    5a:3f:52:61:2e:47:b8:08:ec:7f:ce:dc:02:a3:ea:
                    d7:1e:2c:f6:d3:3c:49:f3:05:43:cf:ae:40:08:d8:
                    38:d9:e4:28:39:14:b5:7d:e8:74:4e:8e:2d:52:9d:
                    b0:ab:fb:6f:85:3c:66:cb:4a:ca:d6:fe:21:4b:d4:
                    1a:5a:97:cd:91:25:a2:42:88:62:fd:48:b0:4d:33:
                    27:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:DE:D9:7F:2A:03:2B:22:57:52:48:F5:10:2E:A9:27:52:38:0E:44
            X509v3 Authority Key Identifier:
                keyid:E3:17:22:D7:9B:FF:43:84:A5:97:CB:54:4D:9E:79:74:49:0D:87:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4xci15v_Q4Sll8tUTZ55dEkNhzQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/b5559e-950b-48f4-a2ab-b26f1a70af0d/1/DN7ZfyoDKyJXUkj1EC6pJ1I4DkQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/b5559e-950b-48f4-a2ab-b26f1a70af0d/1/4xci15v_Q4Sll8tUTZ55dEkNhzQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:85:a9:cb:6f:7a:1a:88:1e:d2:90:f2:bc:04:36:0f:82:fc:
         be:67:a2:7f:b4:1f:bf:9c:bb:62:fa:8c:0b:e8:15:80:04:43:
         34:d6:81:6b:36:3c:37:39:27:7c:60:93:8d:22:c7:d2:0c:49:
         67:2c:bd:a8:f9:69:49:9b:77:08:2c:f0:6b:8e:0f:06:d9:ca:
         1f:7e:f6:cb:9e:2c:44:5d:f9:cb:62:a1:41:5d:41:36:56:0a:
         30:53:95:8b:d5:04:36:90:d4:9c:96:a7:02:bf:cc:3a:14:48:
         79:16:bd:89:17:e8:0f:35:25:24:26:b3:b4:65:25:31:22:18:
         d2:3e:b4:85:55:b8:09:d2:8c:c4:88:c0:35:6a:c7:d7:78:32:
         fb:f1:39:eb:93:e1:06:c1:bf:0d:89:e4:77:79:1d:44:f2:e3:
         2b:00:d8:8c:c6:7e:cc:f5:0c:c0:d8:43:46:47:f7:c4:be:47:
         e0:e2:23:e3:77:ec:b8:2a:88:f8:2d:de:e2:53:af:9d:56:07:
         48:ac:28:6d:3b:ae:eb:d7:10:11:3c:4a:ff:ec:08:e5:e0:20:
         84:2c:7a:7e:f6:67:ab:f1:5d:fd:44:b5:6b:0b:4c:af:f2:73:
         77:63:6c:6e:0d:81:27:eb:94:cf:15:d3:3e:5b:81:62:51:d0:
         67:08:ee:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pxCZBfFNpANvKgparGmjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzMTcyMmQ3OWJmZjQzODRhNTk3Y2I1NDRkOWU3OTc0NDkw
ZDg3MzQwHhcNMjYwMTAyMTIyMDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2RlZDk3ZjJhMDMyYjIyNTc1MjQ4ZjUxMDJlYTkyNzUyMzgwZTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjj0c1RcIpnJ/5B6kbl2Z7MlQMC5K
LpqF3HqRr2q01qgdm8ZmZgQJ5DALWe/EejtiMos9ok1JqCQIkQFuNasyvitWN6yr
PaYtI/jd4dLPnmLWIp/gPtQ4iaeMxPXZrAVThZXhW2aoN3ar9ol955AtY1EIUxTE
QTQTJGxs0bj3UjjFuUVUNrDoBUb6YNEgnnnr2vE94xnOgcDWm3koHBo2kl8AjrBE
cVKkuDJoq5lYLRE0CsxaP1JhLke4COx/ztwCo+rXHiz20zxJ8wVDz65ACNg42eQo
ORS1feh0To4tUp2wq/tvhTxmy0rK1v4hS9QaWpfNkSWiQohi/UiwTTMnyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAze2X8qAysiV1JI9RAuqSdSOA5EMB8GA1UdIwQY
MBaAFOMXIteb/0OEpZfLVE2eeXRJDYc0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHhjaTE1dl9RNFNsbDh0VVRaNTVkRWtOaHpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS9iNTU1OWUtOTUwYi00OGY0LWEyYWIt
YjI2ZjFhNzBhZjBkLzEvRE43WmZ5b0RLeUpYVWtqMUVDNnBKMUk0RGtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS9iNTU1OWUtOTUwYi00OGY0LWEyYWItYjI2ZjFhNzBhZjBk
LzEvNHhjaTE1dl9RNFNsbDh0VVRaNTVkRWtOaHpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+81MA0G
CSqGSIb3DQEBCwUAA4IBAQBPhanLb3oaiB7SkPK8BDYPgvy+Z6J/tB+/nLti+owL
6BWABEM01oFrNjw3OSd8YJONIsfSDElnLL2o+WlJm3cILPBrjg8G2coffvbLnixE
XfnLYqFBXUE2VgowU5WL1QQ2kNSclqcCv8w6FEh5Fr2JF+gPNSUkJrO0ZSUxIhjS
PrSFVbgJ0ozEiMA1asfXeDL78Tnrk+EGwb8NieR3eR1E8uMrANiMxn7M9QzA2ENG
R/fEvkfg4iPjd+y4Koj4Ld7iU6+dVgdIrChtO67r1xARPEr/7Ajl4CCELHp+9mer
8V39RLVrC0yv8nN3Y2xuDYEn65TPFdM+W4FiUdBnCO4f
-----END CERTIFICATE-----