This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/115703-920b-4c51-b340-86cf06acbf41/1/utqV7JvD2fPW5q4tE2tywy7q_gU.roa
File:                     utqV7JvD2fPW5q4tE2tywy7q_gU.roa (raw, json)
Hash identifier:          rBBPe7YgsDv+7/FRm135TSdCTknOZAtf1EPjWsG38hY=
Subject key identifier:   BA:DA:95:EC:9B:C3:D9:F3:D6:E6:AE:2D:13:6B:72:C3:2E:EA:FE:05
Certificate issuer:       /CN=09c71460ea41d3e6565c4b410b26c9e78ce16f9f
Certificate serial:       019B7758E2C3E71BF45847D9C67B69C1275D
Authority key identifier: 09:C7:14:60:EA:41:D3:E6:56:5C:4B:41:0B:26:C9:E7:8C:E1:6F:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CccUYOpB0-ZWXEtBCybJ54zhb58.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/115703-920b-4c51-b340-86cf06acbf41/1/utqV7JvD2fPW5q4tE2tywy7q_gU.roa
Signing time:             Thu 01 Jan 2026 02:17:52 +0000
ROA not before:           Thu 01 Jan 2026 02:17:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2119
IP address blocks:        91.220.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/115703-920b-4c51-b340-86cf06acbf41/1/CccUYOpB0-ZWXEtBCybJ54zhb58.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/115703-920b-4c51-b340-86cf06acbf41/1/CccUYOpB0-ZWXEtBCybJ54zhb58.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CccUYOpB0-ZWXEtBCybJ54zhb58.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 09:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:e2:c3:e7:1b:f4:58:47:d9:c6:7b:69:c1:27:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09c71460ea41d3e6565c4b410b26c9e78ce16f9f
        Validity
            Not Before: Jan  1 02:17:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bada95ec9bc3d9f3d6e6ae2d136b72c32eeafe05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:12:12:da:cd:6e:ad:a6:ad:f5:5c:9f:05:b8:
                    c0:a3:83:34:a2:83:8c:c3:3b:9c:e3:76:d5:dc:86:
                    ef:9b:5b:8d:89:16:a4:08:7b:97:0b:bc:b7:87:f4:
                    e6:31:a0:92:89:7e:4d:58:65:ae:10:e2:4a:96:7c:
                    49:c4:9a:07:66:1c:74:16:d6:09:5b:cf:28:e1:ad:
                    a6:b7:15:9d:42:16:0b:61:77:c5:c1:3a:c0:08:29:
                    a4:36:46:0d:f2:d3:cd:97:73:82:85:84:5d:62:fb:
                    ee:d6:a2:7c:02:aa:c9:19:ea:a7:0f:43:08:c3:5c:
                    e8:0c:aa:f0:4a:be:ca:45:23:7e:5a:12:9a:b1:45:
                    4f:72:4c:0a:86:52:30:dc:67:a5:fa:df:a2:e5:af:
                    74:04:f9:2a:38:8f:a6:16:16:b9:f9:b4:26:a1:35:
                    56:a0:b3:60:19:1a:0e:e7:68:29:4a:43:0b:dc:ec:
                    47:db:30:62:95:06:c5:db:70:2a:cc:9d:a1:2e:3d:
                    e0:3b:19:1a:26:b3:dc:7b:61:b9:23:e9:22:ed:33:
                    3c:ca:b4:d1:ec:9f:69:46:fe:e7:fd:2f:dd:59:79:
                    5b:15:92:75:e4:f7:a0:ec:88:c0:05:e1:5f:ee:23:
                    fe:24:f8:0a:4f:32:39:32:6e:b1:ed:0f:a1:51:2f:
                    69:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:DA:95:EC:9B:C3:D9:F3:D6:E6:AE:2D:13:6B:72:C3:2E:EA:FE:05
            X509v3 Authority Key Identifier:
                keyid:09:C7:14:60:EA:41:D3:E6:56:5C:4B:41:0B:26:C9:E7:8C:E1:6F:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CccUYOpB0-ZWXEtBCybJ54zhb58.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/115703-920b-4c51-b340-86cf06acbf41/1/utqV7JvD2fPW5q4tE2tywy7q_gU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/115703-920b-4c51-b340-86cf06acbf41/1/CccUYOpB0-ZWXEtBCybJ54zhb58.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:e9:71:19:3d:b5:1a:da:1b:4d:0e:03:b2:6a:55:69:24:52:
         47:66:78:08:b8:be:84:8f:e5:c7:54:3e:82:67:66:69:c7:fb:
         f3:98:35:95:d3:77:4e:0f:0d:2c:11:74:34:0b:dc:39:d2:cd:
         cd:c2:ee:80:db:7e:00:48:f8:1f:78:8f:80:0b:4f:0c:e1:a2:
         33:bf:b7:ab:8f:7a:25:9d:23:88:48:8a:7d:bf:9e:e2:8d:3d:
         3c:93:23:78:0f:c7:67:e9:c8:12:3f:de:99:b7:38:1c:a2:3f:
         bc:67:8f:bf:00:f7:7a:54:3e:75:0b:90:0c:fe:74:1d:05:25:
         bd:4d:e2:2a:de:5b:ea:62:ce:76:d2:e9:0a:95:37:96:61:b2:
         c2:74:bd:8f:32:2f:ce:be:46:e3:a8:56:35:18:fa:37:23:47:
         0f:d6:dd:1c:ba:89:22:96:9b:df:fd:cb:04:ca:68:cb:77:51:
         48:21:0c:5c:10:07:5b:c5:0b:0c:e5:f5:63:b1:b3:f7:17:95:
         36:26:30:a4:4b:25:80:af:00:b9:03:c6:17:cc:1d:9f:27:ea:
         e2:6f:34:6a:ea:b9:13:40:23:7b:4b:b7:38:32:7a:84:e5:e3:
         5c:a7:82:57:b7:9b:25:46:53:96:f8:c5:3f:23:27:b8:1a:a6:
         62:62:00:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WOLD5xv0WEfZxntpwSddMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5YzcxNDYwZWE0MWQzZTY1NjVjNGI0MTBiMjZjOWU3OGNl
MTZmOWYwHhcNMjYwMTAxMDIxNzUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWRhOTVlYzliYzNkOWYzZDZlNmFlMmQxMzZiNzJjMzJlZWFmZTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwRIS2s1uraat9VyfBbjAo4M0ooOM
wzuc43bV3Ibvm1uNiRakCHuXC7y3h/TmMaCSiX5NWGWuEOJKlnxJxJoHZhx0FtYJ
W88o4a2mtxWdQhYLYXfFwTrACCmkNkYN8tPNl3OChYRdYvvu1qJ8AqrJGeqnD0MI
w1zoDKrwSr7KRSN+WhKasUVPckwKhlIw3Gel+t+i5a90BPkqOI+mFha5+bQmoTVW
oLNgGRoO52gpSkML3OxH2zBilQbF23AqzJ2hLj3gOxkaJrPce2G5I+ki7TM8yrTR
7J9pRv7n/S/dWXlbFZJ15Peg7IjABeFf7iP+JPgKTzI5Mm6x7Q+hUS9plwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLraleybw9nz1uauLRNrcsMu6v4FMB8GA1UdIwQY
MBaAFAnHFGDqQdPmVlxLQQsmyeeM4W+fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2NjVVlPcEIwLVpXWEV0QkN5Yko1NHpoYjU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS8xMTU3MDMtOTIwYi00YzUxLWIzNDAt
ODZjZjA2YWNiZjQxLzEvdXRxVjdKdkQyZlBXNXE0dEUydHl3eTdxX2dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS8xMTU3MDMtOTIwYi00YzUxLWIzNDAtODZjZjA2YWNiZjQx
LzEvQ2NjVVlPcEIwLVpXWEV0QkN5Yko1NHpoYjU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9zZMA0G
CSqGSIb3DQEBCwUAA4IBAQAV6XEZPbUa2htNDgOyalVpJFJHZngIuL6Ej+XHVD6C
Z2Zpx/vzmDWV03dODw0sEXQ0C9w50s3Nwu6A234ASPgfeI+AC08M4aIzv7erj3ol
nSOISIp9v57ijT08kyN4D8dn6cgSP96Ztzgcoj+8Z4+/APd6VD51C5AM/nQdBSW9
TeIq3lvqYs520ukKlTeWYbLCdL2PMi/OvkbjqFY1GPo3I0cP1t0cuokilpvf/csE
ymjLd1FIIQxcEAdbxQsM5fVjsbP3F5U2JjCkSyWArwC5A8YXzB2fJ+ribzRq6rkT
QCN7S7c4MnqE5eNcp4JXt5slRlOW+MU/Iye4GqZiYgAg
-----END CERTIFICATE-----