This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/440217-c5af-44ac-95d3-adfc72ef0dfa/1/w8wkCFScjGQvdttAQ8x_xzp50Xk.roa
File:                     w8wkCFScjGQvdttAQ8x_xzp50Xk.roa (raw, json)
Hash identifier:          w/c38fhRy3be0XuDkxP9zkUOolRFgZszn3JD1Qb99Vw=
Subject key identifier:   C3:CC:24:08:54:9C:8C:64:2F:76:DB:40:43:CC:7F:C7:3A:79:D1:79
Certificate issuer:       /CN=0c5cf70730512aefa70307662cf59288e8cd264c
Certificate serial:       019B78344A8798166129896E957D2FB24846
Authority key identifier: 0C:5C:F7:07:30:51:2A:EF:A7:03:07:66:2C:F5:92:88:E8:CD:26:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DFz3BzBRKu-nAwdmLPWSiOjNJkw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/440217-c5af-44ac-95d3-adfc72ef0dfa/1/w8wkCFScjGQvdttAQ8x_xzp50Xk.roa
Signing time:             Thu 01 Jan 2026 06:17:31 +0000
ROA not before:           Thu 01 Jan 2026 06:17:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209242
IP address blocks:        91.209.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/440217-c5af-44ac-95d3-adfc72ef0dfa/1/DFz3BzBRKu-nAwdmLPWSiOjNJkw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/440217-c5af-44ac-95d3-adfc72ef0dfa/1/DFz3BzBRKu-nAwdmLPWSiOjNJkw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DFz3BzBRKu-nAwdmLPWSiOjNJkw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 18:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:4a:87:98:16:61:29:89:6e:95:7d:2f:b2:48:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c5cf70730512aefa70307662cf59288e8cd264c
        Validity
            Not Before: Jan  1 06:17:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c3cc2408549c8c642f76db4043cc7fc73a79d179
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:e0:b4:95:63:50:c7:2f:33:51:93:f2:df:37:
                    b7:57:28:0c:90:2b:0b:eb:dd:a0:94:74:9f:e2:51:
                    e1:c9:01:e3:fe:9a:52:dc:5f:21:2c:b3:05:99:cc:
                    62:15:2f:60:84:60:ed:26:d7:f2:dd:6e:fa:99:fc:
                    24:33:93:b2:a3:3d:cc:6f:ec:a0:71:c2:9f:ba:67:
                    46:03:61:e9:f0:90:52:0d:3b:de:83:20:e9:ad:42:
                    a6:96:d7:ef:a1:01:67:c1:c3:e1:4a:06:69:eb:75:
                    46:ef:07:77:55:31:4b:ec:cf:cb:8c:9c:90:1a:7f:
                    da:74:99:f8:d6:70:f6:ac:34:2a:a3:23:a3:23:35:
                    6c:4e:d4:71:4b:7c:18:80:fc:66:66:aa:05:5e:0a:
                    1f:ef:e1:b9:df:96:ed:90:53:2c:f9:dd:9d:cc:90:
                    f1:40:26:10:0b:0b:f2:4e:bc:f0:75:2e:3f:0b:5b:
                    27:c2:cb:c9:24:9b:35:b3:da:c0:9d:60:9e:87:fb:
                    e1:3e:60:47:14:96:2e:5d:bf:2a:6a:48:d6:51:c7:
                    a0:17:38:c2:a8:5b:72:ca:29:cd:22:3e:0b:e6:76:
                    67:aa:10:7d:c2:de:c6:6e:55:84:f0:f2:21:f1:7c:
                    df:78:e6:4a:81:e8:fe:c2:8a:e9:d1:70:70:d9:a2:
                    18:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:CC:24:08:54:9C:8C:64:2F:76:DB:40:43:CC:7F:C7:3A:79:D1:79
            X509v3 Authority Key Identifier:
                keyid:0C:5C:F7:07:30:51:2A:EF:A7:03:07:66:2C:F5:92:88:E8:CD:26:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DFz3BzBRKu-nAwdmLPWSiOjNJkw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/440217-c5af-44ac-95d3-adfc72ef0dfa/1/w8wkCFScjGQvdttAQ8x_xzp50Xk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/440217-c5af-44ac-95d3-adfc72ef0dfa/1/DFz3BzBRKu-nAwdmLPWSiOjNJkw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:2a:21:e2:ec:c1:14:4d:69:4e:c4:45:d0:4f:99:77:66:7a:
         78:27:e5:3f:c4:8e:34:1e:ab:3d:a7:27:69:dd:34:b0:57:db:
         89:bc:40:88:e8:9c:09:8d:ad:14:e0:a7:fd:aa:d7:d3:0d:89:
         de:4a:29:1a:73:99:b0:6a:22:2e:d0:77:43:79:12:6f:87:3b:
         11:8c:85:5a:a0:b4:6a:24:0e:b5:9c:29:b8:e3:19:82:4e:ed:
         f1:3b:4b:8f:2c:10:ba:e6:bd:71:35:eb:d0:24:ae:7f:77:b1:
         25:a0:46:bf:9d:dc:ce:a5:f5:e3:4a:25:6f:35:f6:40:22:60:
         70:2f:e0:20:33:08:ff:30:8b:d2:63:4c:22:93:14:6a:86:5d:
         6d:d3:cd:18:1e:7b:c0:8c:c0:c9:90:f3:aa:54:91:67:7c:6f:
         0a:f0:53:c3:50:4e:bc:b3:24:d7:cb:00:82:d6:35:40:df:05:
         ca:94:d7:f5:0b:16:9b:37:c8:52:de:1e:2d:67:51:9e:eb:2c:
         1e:c2:f9:0f:35:62:ea:b3:42:38:71:74:c9:a7:b1:7b:f0:c3:
         f4:f1:80:d5:d9:19:ba:79:84:99:b1:07:e7:4e:29:7f:0b:f6:
         ce:df:ee:50:40:ce:b9:46:7a:78:b3:ff:95:f1:02:bf:e2:34:
         58:f8:da:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NEqHmBZhKYlulX0vskhGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjNWNmNzA3MzA1MTJhZWZhNzAzMDc2NjJjZjU5Mjg4ZThj
ZDI2NGMwHhcNMjYwMTAxMDYxNzMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2NjMjQwODU0OWM4YzY0MmY3NmRiNDA0M2NjN2ZjNzNhNzlkMTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+C0lWNQxy8zUZPy3ze3VygMkCsL
692glHSf4lHhyQHj/ppS3F8hLLMFmcxiFS9ghGDtJtfy3W76mfwkM5Oyoz3Mb+yg
ccKfumdGA2Hp8JBSDTvegyDprUKmltfvoQFnwcPhSgZp63VG7wd3VTFL7M/LjJyQ
Gn/adJn41nD2rDQqoyOjIzVsTtRxS3wYgPxmZqoFXgof7+G535btkFMs+d2dzJDx
QCYQCwvyTrzwdS4/C1snwsvJJJs1s9rAnWCeh/vhPmBHFJYuXb8qakjWUcegFzjC
qFtyyinNIj4L5nZnqhB9wt7GblWE8PIh8XzfeOZKgej+worp0XBw2aIYdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMPMJAhUnIxkL3bbQEPMf8c6edF5MB8GA1UdIwQY
MBaAFAxc9wcwUSrvpwMHZiz1kojozSZMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREZ6M0J6QlJLdS1uQXdkbUxQV1NpT2pOSmt3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi80NDAyMTctYzVhZi00NGFjLTk1ZDMt
YWRmYzcyZWYwZGZhLzEvdzh3a0NGU2NqR1F2ZHR0QVE4eF94enA1MFhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi80NDAyMTctYzVhZi00NGFjLTk1ZDMtYWRmYzcyZWYwZGZh
LzEvREZ6M0J6QlJLdS1uQXdkbUxQV1NpT2pOSmt3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9H9MA0G
CSqGSIb3DQEBCwUAA4IBAQCJKiHi7MEUTWlOxEXQT5l3Znp4J+U/xI40Hqs9pydp
3TSwV9uJvECI6JwJja0U4Kf9qtfTDYneSikac5mwaiIu0HdDeRJvhzsRjIVaoLRq
JA61nCm44xmCTu3xO0uPLBC65r1xNevQJK5/d7EloEa/ndzOpfXjSiVvNfZAImBw
L+AgMwj/MIvSY0wikxRqhl1t080YHnvAjMDJkPOqVJFnfG8K8FPDUE68syTXywCC
1jVA3wXKlNf1CxabN8hS3h4tZ1Ge6ywewvkPNWLqs0I4cXTJp7F78MP08YDV2Rm6
eYSZsQfnTil/C/bO3+5QQM65Rnp4s/+V8QK/4jRY+Nr/
-----END CERTIFICATE-----