This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/bd2005-fb7b-4052-b3f2-88fa3b6eb006/1/0-_KEwfGDTNwHdSgUbwBMPxm-H4.roa
File:                     0-_KEwfGDTNwHdSgUbwBMPxm-H4.roa (raw, json)
Hash identifier:          QNpvEdlXn1tbeawFkp/72lvQ/Tvq+GYwI8aOmCSawGI=
Subject key identifier:   D3:EF:CA:13:07:C6:0D:33:70:1D:D4:A0:51:BC:01:30:FC:66:F8:7E
Certificate issuer:       /CN=926587a7c42c261fa254b0b82e7bc0719cc64812
Certificate serial:       019B118778B67352E15EE63C1164E6B81253
Authority key identifier: 92:65:87:A7:C4:2C:26:1F:A2:54:B0:B8:2E:7B:C0:71:9C:C6:48:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kmWHp8QsJh-iVLC4LnvAcZzGSBI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/bd2005-fb7b-4052-b3f2-88fa3b6eb006/1/0-_KEwfGDTNwHdSgUbwBMPxm-H4.roa
Signing time:             Fri 12 Dec 2025 07:47:29 +0000
ROA not before:           Fri 12 Dec 2025 07:47:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20724
IP address blocks:        91.239.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/bd2005-fb7b-4052-b3f2-88fa3b6eb006/1/kmWHp8QsJh-iVLC4LnvAcZzGSBI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/bd2005-fb7b-4052-b3f2-88fa3b6eb006/1/kmWHp8QsJh-iVLC4LnvAcZzGSBI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kmWHp8QsJh-iVLC4LnvAcZzGSBI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Dec 2025 16:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:11:87:78:b6:73:52:e1:5e:e6:3c:11:64:e6:b8:12:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=926587a7c42c261fa254b0b82e7bc0719cc64812
        Validity
            Not Before: Dec 12 07:47:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d3efca1307c60d33701dd4a051bc0130fc66f87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:85:60:a9:be:46:63:2a:65:aa:98:ec:11:fd:
                    44:a7:47:f9:65:af:89:16:54:f5:81:40:ea:ed:0c:
                    61:ec:6f:68:03:5b:fc:71:30:31:b4:a0:37:23:e6:
                    80:27:7c:8b:c5:95:06:31:a7:2a:da:b7:e2:da:af:
                    5f:94:ac:9c:7f:cc:48:ad:03:4b:39:da:10:72:6f:
                    02:9a:ca:2c:37:b2:3e:da:7f:76:04:5d:bb:40:d7:
                    3d:c8:c2:84:90:95:ba:59:92:f2:5f:d0:57:21:49:
                    80:9c:fe:5b:70:a3:b7:70:87:67:f1:8a:85:e6:c8:
                    c6:31:db:33:18:83:9b:2b:69:1a:23:9a:3e:50:f4:
                    db:4a:19:21:dd:13:d2:ea:b2:ab:0a:b1:96:e7:02:
                    8b:5d:cf:76:27:fa:ea:3b:b5:01:f8:34:12:26:15:
                    33:96:79:44:d9:93:a1:8c:83:4e:9a:0f:8a:71:8d:
                    2d:e2:ec:86:9e:b7:06:2e:03:56:ea:35:88:83:80:
                    74:f6:43:ef:25:78:a7:7e:08:1e:40:20:5a:fd:d1:
                    cb:1b:a2:54:cc:fe:1c:8a:61:48:a2:dd:52:f8:cd:
                    1e:e9:b8:7e:05:1b:cf:aa:f3:42:d8:f3:db:ca:15:
                    58:ac:e9:9f:71:05:86:c8:b8:cc:2c:a1:42:25:0d:
                    73:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:EF:CA:13:07:C6:0D:33:70:1D:D4:A0:51:BC:01:30:FC:66:F8:7E
            X509v3 Authority Key Identifier:
                keyid:92:65:87:A7:C4:2C:26:1F:A2:54:B0:B8:2E:7B:C0:71:9C:C6:48:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kmWHp8QsJh-iVLC4LnvAcZzGSBI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/bd2005-fb7b-4052-b3f2-88fa3b6eb006/1/0-_KEwfGDTNwHdSgUbwBMPxm-H4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/bd2005-fb7b-4052-b3f2-88fa3b6eb006/1/kmWHp8QsJh-iVLC4LnvAcZzGSBI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:9b:34:62:1e:4f:bf:11:66:3e:65:3f:ba:b2:fb:40:dd:80:
         a7:ea:8a:0a:c6:10:87:d0:d3:30:c2:1d:79:62:95:5e:16:9d:
         df:23:c7:9e:51:b7:a4:71:85:d4:25:5f:89:d7:e2:02:ea:07:
         cc:3b:ac:ca:69:17:3d:91:46:72:a0:47:70:b9:8a:e2:36:73:
         e2:78:0e:a9:0a:26:57:db:34:c0:79:37:1c:e4:50:04:1e:d6:
         f6:d5:08:19:5e:d0:95:f7:e3:51:89:4a:c2:b9:dd:9e:4b:6f:
         e5:ed:54:4f:b1:57:36:56:26:50:cc:a2:68:8d:3b:82:7c:11:
         70:e4:97:d4:f7:7b:60:d9:59:62:bc:56:73:06:5a:84:51:06:
         4a:bb:7a:68:42:ce:1f:1b:bc:e7:c1:91:cc:e9:57:e6:d5:6f:
         52:2e:19:dc:aa:b7:55:bc:2d:83:4f:1e:7a:01:49:45:f5:4e:
         bb:66:c7:d1:80:fa:8e:ee:5d:de:25:3f:49:a5:50:90:63:4b:
         27:18:af:ba:c4:c5:18:8f:18:5b:f9:4d:a9:92:fb:6c:1a:5e:
         bf:9f:a5:c0:88:62:f8:cd:88:a6:e4:9a:9d:76:a8:8f:78:2c:
         76:65:a9:eb:86:4a:32:34:97:3a:d4:2a:3e:80:47:f5:85:55:
         19:55:5e:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZsRh3i2c1LhXuY8EWTmuBJTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyNjU4N2E3YzQyYzI2MWZhMjU0YjBiODJlN2JjMDcxOWNj
NjQ4MTIwHhcNMjUxMjEyMDc0NzI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2VmY2ExMzA3YzYwZDMzNzAxZGQ0YTA1MWJjMDEzMGZjNjZmODdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw4Vgqb5GYyplqpjsEf1Ep0f5Za+J
FlT1gUDq7Qxh7G9oA1v8cTAxtKA3I+aAJ3yLxZUGMacq2rfi2q9flKycf8xIrQNL
OdoQcm8CmsosN7I+2n92BF27QNc9yMKEkJW6WZLyX9BXIUmAnP5bcKO3cIdn8YqF
5sjGMdszGIObK2kaI5o+UPTbShkh3RPS6rKrCrGW5wKLXc92J/rqO7UB+DQSJhUz
lnlE2ZOhjINOmg+KcY0t4uyGnrcGLgNW6jWIg4B09kPvJXinfggeQCBa/dHLG6JU
zP4cimFIot1S+M0e6bh+BRvPqvNC2PPbyhVYrOmfcQWGyLjMLKFCJQ1zCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNPvyhMHxg0zcB3UoFG8ATD8Zvh+MB8GA1UdIwQY
MBaAFJJlh6fELCYfolSwuC57wHGcxkgSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva21XSHA4UXNKaC1pVkxDNExudkFjWnpHU0JJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9iZDIwMDUtZmI3Yi00MDUyLWIzZjIt
ODhmYTNiNmViMDA2LzEvMC1fS0V3ZkdEVE53SGRTZ1Vid0JNUHhtLUg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9iZDIwMDUtZmI3Yi00MDUyLWIzZjItODhmYTNiNmViMDA2
LzEva21XSHA4UXNKaC1pVkxDNExudkFjWnpHU0JJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+/YMA0G
CSqGSIb3DQEBCwUAA4IBAQATmzRiHk+/EWY+ZT+6svtA3YCn6ooKxhCH0NMwwh15
YpVeFp3fI8eeUbekcYXUJV+J1+IC6gfMO6zKaRc9kUZyoEdwuYriNnPieA6pCiZX
2zTAeTcc5FAEHtb21QgZXtCV9+NRiUrCud2eS2/l7VRPsVc2ViZQzKJojTuCfBFw
5JfU93tg2VlivFZzBlqEUQZKu3poQs4fG7znwZHM6Vfm1W9SLhncqrdVvC2DTx56
AUlF9U67ZsfRgPqO7l3eJT9JpVCQY0snGK+6xMUYjxhb+U2pkvtsGl6/n6XAiGL4
zYim5JqddqiPeCx2ZanrhkoyNJc61Co+gEf1hVUZVV7V
-----END CERTIFICATE-----