This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/d64b83-bb87-4954-8943-63eeb981a3bd/1/H5y8W3DjLSpPDDBPhCGT2Zyd0zQ.roa
File:                     H5y8W3DjLSpPDDBPhCGT2Zyd0zQ.roa (raw, json)
Hash identifier:          bIrNHA0Zr/4VPYN5nN8uLLN9SjreKStFG26DJGxbUGQ=
Subject key identifier:   1F:9C:BC:5B:70:E3:2D:2A:4F:0C:30:4F:84:21:93:D9:9C:9D:D3:34
Certificate issuer:       /CN=611bb6e31eee3b72ade7b1a590e2e62aaf5c3eb0
Certificate serial:       019B313F48D178BA20D8C972699B84E3C7BF
Authority key identifier: 61:1B:B6:E3:1E:EE:3B:72:AD:E7:B1:A5:90:E2:E6:2A:AF:5C:3E:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YRu24x7uO3Kt57GlkOLmKq9cPrA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/d64b83-bb87-4954-8943-63eeb981a3bd/1/H5y8W3DjLSpPDDBPhCGT2Zyd0zQ.roa
Signing time:             Thu 18 Dec 2025 11:36:29 +0000
ROA not before:           Thu 18 Dec 2025 11:36:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30781
IP address blocks:        91.212.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/d64b83-bb87-4954-8943-63eeb981a3bd/1/YRu24x7uO3Kt57GlkOLmKq9cPrA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/d64b83-bb87-4954-8943-63eeb981a3bd/1/YRu24x7uO3Kt57GlkOLmKq9cPrA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YRu24x7uO3Kt57GlkOLmKq9cPrA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Dec 2025 15:46:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:31:3f:48:d1:78:ba:20:d8:c9:72:69:9b:84:e3:c7:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=611bb6e31eee3b72ade7b1a590e2e62aaf5c3eb0
        Validity
            Not Before: Dec 18 11:36:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1f9cbc5b70e32d2a4f0c304f842193d99c9dd334
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:95:f2:9d:74:09:0b:7f:38:69:97:db:89:eb:
                    91:2c:4d:f4:cc:ae:23:ed:73:43:dc:d1:fe:40:f4:
                    20:08:67:ef:7a:17:72:58:e9:9e:c2:30:c1:0e:f1:
                    1e:61:e9:b8:35:32:71:df:b3:dc:bd:38:0b:d9:78:
                    92:4e:b9:7c:83:c7:c4:bb:cf:b4:a1:dd:1e:ab:56:
                    f0:a8:98:79:c3:8b:00:42:c4:59:7f:82:88:59:69:
                    36:b2:fc:8c:0e:04:ce:17:0e:40:15:76:5f:e4:d8:
                    57:fd:22:cd:e7:67:a7:9c:4c:8a:de:71:fe:fe:55:
                    f9:8c:19:ec:ab:a5:b5:84:6a:ea:ab:d8:14:06:fb:
                    32:7b:21:d4:0b:47:49:72:ea:61:65:4c:a3:44:97:
                    40:84:6b:49:93:ea:ff:3b:a5:4f:1a:9a:e7:8f:bc:
                    18:fd:ab:e7:50:e9:78:08:84:88:e7:32:7b:76:04:
                    84:a6:a8:b0:53:f9:33:38:a2:78:c5:fc:2c:6a:60:
                    b1:98:70:c1:0b:ab:ec:6b:23:ab:01:a8:28:c4:4b:
                    7a:3c:be:73:7b:6e:d4:db:fb:90:23:0a:24:16:60:
                    48:f0:bc:39:0a:7a:13:57:a7:da:af:ba:a4:b2:1a:
                    01:80:9b:0d:f3:d9:da:25:a7:10:b8:df:e7:f4:01:
                    d4:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:9C:BC:5B:70:E3:2D:2A:4F:0C:30:4F:84:21:93:D9:9C:9D:D3:34
            X509v3 Authority Key Identifier:
                keyid:61:1B:B6:E3:1E:EE:3B:72:AD:E7:B1:A5:90:E2:E6:2A:AF:5C:3E:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YRu24x7uO3Kt57GlkOLmKq9cPrA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/d64b83-bb87-4954-8943-63eeb981a3bd/1/H5y8W3DjLSpPDDBPhCGT2Zyd0zQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/d64b83-bb87-4954-8943-63eeb981a3bd/1/YRu24x7uO3Kt57GlkOLmKq9cPrA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:71:cd:ac:0a:41:78:73:af:14:e4:9e:49:f6:f7:8a:a9:32:
         7c:5c:35:47:7e:28:bd:d2:68:a7:36:e8:dd:48:cd:1a:22:53:
         1a:7a:62:1a:9a:e6:2a:15:e4:65:fb:28:5b:f4:fd:6a:c4:7a:
         04:83:5a:2d:cf:01:2c:33:b5:66:a5:bd:b2:ae:26:55:1c:cf:
         53:29:11:77:21:a7:5c:42:b6:8a:3a:f5:81:5f:38:e9:f2:39:
         c3:19:19:29:6b:e3:5f:fa:f1:eb:85:18:0c:48:a4:2b:d0:af:
         a9:1f:27:3f:17:04:1b:d1:b2:4b:27:a7:9e:37:49:44:f2:42:
         8b:6a:fe:db:f9:15:76:83:6e:68:ce:59:d1:be:13:29:2c:52:
         0e:7b:bb:46:38:87:a2:ba:3a:b8:bd:9e:f6:2d:14:a0:42:b2:
         1f:dd:fa:f7:c4:0d:cf:35:fc:35:95:37:5f:ac:1a:23:82:f2:
         47:98:1e:88:3a:fb:41:d6:26:ef:06:3a:f7:3d:7b:28:e7:02:
         0d:23:11:ac:02:96:88:fa:57:74:a5:db:b5:a0:d1:d0:a6:ef:
         12:11:51:18:36:93:7e:4e:4c:ca:60:5c:8e:da:e3:ec:80:bc:
         27:4d:04:e9:c6:12:01:6b:cf:1e:eb:c5:ac:a0:6a:44:2f:67:
         25:6e:a8:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZsxP0jReLog2MlyaZuE48e/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxMWJiNmUzMWVlZTNiNzJhZGU3YjFhNTkwZTJlNjJhYWY1
YzNlYjAwHhcNMjUxMjE4MTEzNjI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjljYmM1YjcwZTMyZDJhNGYwYzMwNGY4NDIxOTNkOTljOWRkMzM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5JXynXQJC384aZfbieuRLE30zK4j
7XND3NH+QPQgCGfvehdyWOmewjDBDvEeYem4NTJx37PcvTgL2XiSTrl8g8fEu8+0
od0eq1bwqJh5w4sAQsRZf4KIWWk2svyMDgTOFw5AFXZf5NhX/SLN52ennEyK3nH+
/lX5jBnsq6W1hGrqq9gUBvsyeyHUC0dJcuphZUyjRJdAhGtJk+r/O6VPGprnj7wY
/avnUOl4CISI5zJ7dgSEpqiwU/kzOKJ4xfwsamCxmHDBC6vsayOrAagoxEt6PL5z
e27U2/uQIwokFmBI8Lw5CnoTV6far7qkshoBgJsN89naJacQuN/n9AHUDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB+cvFtw4y0qTwwwT4Qhk9mcndM0MB8GA1UdIwQY
MBaAFGEbtuMe7jtyreexpZDi5iqvXD6wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVJ1MjR4N3VPM0t0NTdHbGtPTG1LcTljUHJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My9kNjRiODMtYmI4Ny00OTU0LTg5NDMt
NjNlZWI5ODFhM2JkLzEvSDV5OFczRGpMU3BQRERCUGhDR1QyWnlkMHpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My9kNjRiODMtYmI4Ny00OTU0LTg5NDMtNjNlZWI5ODFhM2Jk
LzEvWVJ1MjR4N3VPM0t0NTdHbGtPTG1LcTljUHJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9TuMA0G
CSqGSIb3DQEBCwUAA4IBAQA6cc2sCkF4c68U5J5J9veKqTJ8XDVHfii90minNujd
SM0aIlMaemIamuYqFeRl+yhb9P1qxHoEg1otzwEsM7Vmpb2yriZVHM9TKRF3Iadc
QraKOvWBXzjp8jnDGRkpa+Nf+vHrhRgMSKQr0K+pHyc/FwQb0bJLJ6eeN0lE8kKL
av7b+RV2g25ozlnRvhMpLFIOe7tGOIeiujq4vZ72LRSgQrIf3fr3xA3PNfw1lTdf
rBojgvJHmB6IOvtB1ibvBjr3PXso5wINIxGsApaI+ld0pdu1oNHQpu8SEVEYNpN+
TkzKYFyO2uPsgLwnTQTpxhIBa88e68WsoGpEL2clbqhW
-----END CERTIFICATE-----