This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/107195-cc51-471b-8da2-e005543f0374/1/cbfZrsYOtkfTsvATyxudQ2krwIc.roa
File:                     cbfZrsYOtkfTsvATyxudQ2krwIc.roa (raw, json)
Hash identifier:          LFDpBEhBWBZpbTCNf+xEuq+zB73JcCsNfl6NSUtgKtY=
Subject key identifier:   71:B7:D9:AE:C6:0E:B6:47:D3:B2:F0:13:CB:1B:9D:43:69:2B:C0:87
Certificate issuer:       /CN=780de16eee947b0a8c75714fc5da6a0259ca1b90
Certificate serial:       019B7B368180083B5E26CE5CA3710F2FBCDB
Authority key identifier: 78:0D:E1:6E:EE:94:7B:0A:8C:75:71:4F:C5:DA:6A:02:59:CA:1B:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eA3hbu6UewqMdXFPxdpqAlnKG5A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/107195-cc51-471b-8da2-e005543f0374/1/cbfZrsYOtkfTsvATyxudQ2krwIc.roa
Signing time:             Thu 01 Jan 2026 20:18:48 +0000
ROA not before:           Thu 01 Jan 2026 20:18:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8455
IP address blocks:        91.208.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/107195-cc51-471b-8da2-e005543f0374/1/eA3hbu6UewqMdXFPxdpqAlnKG5A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/107195-cc51-471b-8da2-e005543f0374/1/eA3hbu6UewqMdXFPxdpqAlnKG5A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eA3hbu6UewqMdXFPxdpqAlnKG5A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 18:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:81:80:08:3b:5e:26:ce:5c:a3:71:0f:2f:bc:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=780de16eee947b0a8c75714fc5da6a0259ca1b90
        Validity
            Not Before: Jan  1 20:18:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=71b7d9aec60eb647d3b2f013cb1b9d43692bc087
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:9d:4a:77:5e:15:71:42:7c:eb:88:4d:48:bf:
                    4c:e8:ef:87:06:f4:1f:cc:5a:b8:f4:b7:b7:f1:d4:
                    6e:66:c5:45:f8:f1:0c:3c:6b:07:bc:34:0a:6e:32:
                    bf:db:07:14:72:c6:5e:5e:24:47:e4:2d:48:74:be:
                    cf:89:a3:7c:e8:85:68:9b:64:7c:53:a0:71:5e:8b:
                    8b:34:e9:46:2e:cb:23:70:1c:c3:cf:fa:b5:57:64:
                    8f:e8:b1:b0:5f:79:20:0c:20:b3:18:3a:c5:57:0d:
                    5b:dc:9a:7b:29:23:6f:fd:e9:01:8e:33:bd:81:a6:
                    b3:31:c0:b5:75:e6:3f:0f:80:21:5f:d3:73:3a:5f:
                    49:3c:8d:e0:63:5f:94:b2:ae:ce:a7:ce:35:81:bb:
                    21:dc:9f:7d:58:57:f5:05:c3:55:a4:99:f5:bf:72:
                    7e:63:ef:1e:4d:03:eb:9f:46:51:6e:dc:92:80:85:
                    16:cc:b7:04:91:7c:cb:bb:b9:f9:d6:48:77:20:f7:
                    83:37:97:18:c4:1b:2a:70:a7:25:7b:f3:78:5d:06:
                    21:b0:af:d3:38:29:93:08:81:a3:0f:d6:3c:29:ea:
                    6c:fc:2d:1d:6e:5e:21:0e:83:85:e2:eb:5e:33:f7:
                    7b:92:d9:f1:b4:93:7f:b4:76:1e:50:74:2c:f8:a5:
                    a2:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:B7:D9:AE:C6:0E:B6:47:D3:B2:F0:13:CB:1B:9D:43:69:2B:C0:87
            X509v3 Authority Key Identifier:
                keyid:78:0D:E1:6E:EE:94:7B:0A:8C:75:71:4F:C5:DA:6A:02:59:CA:1B:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eA3hbu6UewqMdXFPxdpqAlnKG5A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/107195-cc51-471b-8da2-e005543f0374/1/cbfZrsYOtkfTsvATyxudQ2krwIc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/107195-cc51-471b-8da2-e005543f0374/1/eA3hbu6UewqMdXFPxdpqAlnKG5A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:ad:3d:5f:df:56:42:40:31:c5:c8:16:aa:66:5b:21:8a:9a:
         a6:12:5b:65:7c:19:91:c2:31:b6:b8:0e:e5:27:fa:55:3c:fb:
         88:fb:6c:f9:a0:02:69:91:d6:4e:1c:27:c8:7b:5e:e2:9b:3e:
         7e:61:f7:c2:37:18:44:d8:4e:4f:8f:0f:97:91:92:75:62:ef:
         ab:c8:aa:9e:c2:51:b3:3a:66:35:9b:9f:ba:60:82:73:d8:21:
         5a:ee:ba:4f:e2:b7:69:aa:c3:e8:6b:e4:42:89:ba:69:11:ba:
         e0:42:91:cb:ab:e8:05:f7:fa:22:3d:49:ef:01:e1:61:27:c1:
         20:43:47:11:7d:00:ec:d3:3e:cc:c6:0f:be:a0:b8:be:1d:6f:
         b2:a9:21:7d:a2:89:01:99:09:7a:95:9d:bc:ff:c1:91:20:8e:
         48:df:f5:f2:66:05:3a:e4:32:de:b6:f8:e1:00:37:7d:cb:4b:
         72:19:27:13:e6:14:95:06:8c:e2:ba:3d:0f:24:0b:35:5d:2d:
         53:4d:06:91:ed:1e:e5:be:b4:57:56:a5:3d:00:3b:4f:09:4b:
         d3:13:85:45:89:49:33:db:59:97:c3:87:dc:78:ef:08:bb:46:
         e8:4e:02:90:85:1f:0a:da:79:51:93:d0:71:18:c9:19:3d:ef:
         9f:c0:63:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NoGACDteJs5co3EPL7zbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4MGRlMTZlZWU5NDdiMGE4Yzc1NzE0ZmM1ZGE2YTAyNTlj
YTFiOTAwHhcNMjYwMTAxMjAxODQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWI3ZDlhZWM2MGViNjQ3ZDNiMmYwMTNjYjFiOWQ0MzY5MmJjMDg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu51Kd14VcUJ864hNSL9M6O+HBvQf
zFq49Le38dRuZsVF+PEMPGsHvDQKbjK/2wcUcsZeXiRH5C1IdL7PiaN86IVom2R8
U6BxXouLNOlGLssjcBzDz/q1V2SP6LGwX3kgDCCzGDrFVw1b3Jp7KSNv/ekBjjO9
gaazMcC1deY/D4AhX9NzOl9JPI3gY1+Usq7Op841gbsh3J99WFf1BcNVpJn1v3J+
Y+8eTQPrn0ZRbtySgIUWzLcEkXzLu7n51kh3IPeDN5cYxBsqcKcle/N4XQYhsK/T
OCmTCIGjD9Y8Keps/C0dbl4hDoOF4uteM/d7ktnxtJN/tHYeUHQs+KWi5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHG32a7GDrZH07LwE8sbnUNpK8CHMB8GA1UdIwQY
MBaAFHgN4W7ulHsKjHVxT8XaagJZyhuQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUEzaGJ1NlVld3FNZFhGUHhkcHFBbG5LRzVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi8xMDcxOTUtY2M1MS00NzFiLThkYTIt
ZTAwNTU0M2YwMzc0LzEvY2JmWnJzWU90a2ZUc3ZBVHl4dWRRMmtyd0ljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi8xMDcxOTUtY2M1MS00NzFiLThkYTItZTAwNTU0M2YwMzc0
LzEvZUEzaGJ1NlVld3FNZFhGUHhkcHFBbG5LRzVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9AxMA0G
CSqGSIb3DQEBCwUAA4IBAQB8rT1f31ZCQDHFyBaqZlshipqmEltlfBmRwjG2uA7l
J/pVPPuI+2z5oAJpkdZOHCfIe17imz5+YffCNxhE2E5Pjw+XkZJ1Yu+ryKqewlGz
OmY1m5+6YIJz2CFa7rpP4rdpqsPoa+RCibppEbrgQpHLq+gF9/oiPUnvAeFhJ8Eg
Q0cRfQDs0z7Mxg++oLi+HW+yqSF9ookBmQl6lZ28/8GRII5I3/XyZgU65DLetvjh
ADd9y0tyGScT5hSVBoziuj0PJAs1XS1TTQaR7R7lvrRXVqU9ADtPCUvTE4VFiUkz
21mXw4fceO8Iu0boTgKQhR8K2nlRk9BxGMkZPe+fwGMg
-----END CERTIFICATE-----