This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/e16001-6525-404b-9b49-a57b1b392205/1/xOh8rPz0fCu_Rdtl4qREsx0riTQ.roa
File:                     xOh8rPz0fCu_Rdtl4qREsx0riTQ.roa (raw, json)
Hash identifier:          51BbJDIoI2b7sQWeISHrMYtf3JjGMl3uwds3WWJ64wc=
Subject key identifier:   C4:E8:7C:AC:FC:F4:7C:2B:BF:45:DB:65:E2:A4:44:B3:1D:2B:89:34
Certificate issuer:       /CN=0dcda5d060ba9366bb4325828b57033bef18e3c0
Certificate serial:       019B78348649B6DB662FE29638A93335C00A
Authority key identifier: 0D:CD:A5:D0:60:BA:93:66:BB:43:25:82:8B:57:03:3B:EF:18:E3:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Dc2l0GC6k2a7QyWCi1cDO-8Y48A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/e16001-6525-404b-9b49-a57b1b392205/1/xOh8rPz0fCu_Rdtl4qREsx0riTQ.roa
Signing time:             Thu 01 Jan 2026 06:17:46 +0000
ROA not before:           Thu 01 Jan 2026 06:17:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207443
IP address blocks:        185.89.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/e16001-6525-404b-9b49-a57b1b392205/1/Dc2l0GC6k2a7QyWCi1cDO-8Y48A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/e16001-6525-404b-9b49-a57b1b392205/1/Dc2l0GC6k2a7QyWCi1cDO-8Y48A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Dc2l0GC6k2a7QyWCi1cDO-8Y48A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:86:49:b6:db:66:2f:e2:96:38:a9:33:35:c0:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0dcda5d060ba9366bb4325828b57033bef18e3c0
        Validity
            Not Before: Jan  1 06:17:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c4e87cacfcf47c2bbf45db65e2a444b31d2b8934
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:f2:93:f2:07:b8:3c:41:88:55:87:c1:f9:7b:
                    59:5e:b5:f4:e2:b2:07:94:47:b4:a3:f1:24:e6:73:
                    07:94:6f:ac:fe:ea:fc:00:39:e3:ee:5a:90:60:84:
                    eb:ee:51:55:33:53:ab:17:96:66:2e:81:c4:43:bc:
                    b3:90:d6:5c:70:0f:aa:f6:30:7d:16:22:57:58:94:
                    94:88:41:e6:ab:c1:a8:1e:73:61:6a:54:d2:b6:fc:
                    5f:bc:34:35:82:2a:3d:8b:c0:ea:8a:f7:7e:4a:b6:
                    2d:9c:0e:d2:07:c0:c2:7a:6d:c7:af:65:7c:2b:00:
                    af:4f:57:62:fd:f4:06:0b:6a:22:39:c4:a3:f7:c3:
                    ea:fb:4f:67:9d:3a:f4:50:87:ce:66:13:8f:d5:0f:
                    91:2b:2b:77:75:fc:f0:f3:d1:e2:05:e2:7a:19:76:
                    71:18:78:5e:61:62:b2:c6:aa:d2:71:fd:f9:0a:9c:
                    94:8e:46:95:ef:73:a8:65:14:01:a0:ea:97:c5:b7:
                    ea:c8:72:41:23:a4:a0:35:82:16:bc:b3:46:ed:d4:
                    88:c7:8f:3a:f9:fc:92:aa:1d:dc:ba:fe:7b:ae:30:
                    a8:b4:d8:6e:d5:43:85:72:08:a7:1e:7c:bb:92:d1:
                    98:e7:83:a3:fe:26:45:b7:db:bf:06:72:10:94:3b:
                    90:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:E8:7C:AC:FC:F4:7C:2B:BF:45:DB:65:E2:A4:44:B3:1D:2B:89:34
            X509v3 Authority Key Identifier:
                keyid:0D:CD:A5:D0:60:BA:93:66:BB:43:25:82:8B:57:03:3B:EF:18:E3:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Dc2l0GC6k2a7QyWCi1cDO-8Y48A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/e16001-6525-404b-9b49-a57b1b392205/1/xOh8rPz0fCu_Rdtl4qREsx0riTQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/e16001-6525-404b-9b49-a57b1b392205/1/Dc2l0GC6k2a7QyWCi1cDO-8Y48A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.89.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:ba:d1:28:5d:c0:ab:e1:22:fd:d8:08:be:69:03:d0:5b:ad:
         0c:dd:57:cd:c2:bb:aa:72:31:97:97:13:b0:e1:54:ae:b2:88:
         38:dc:8c:3e:c3:5a:b8:e3:bc:f6:f2:cb:5e:63:4b:76:8b:18:
         2d:f6:c6:78:2d:6c:64:a0:40:4f:3e:2c:86:4b:58:7f:07:e4:
         cb:b1:c1:71:5d:a8:70:71:1a:5f:c0:12:5e:d0:c2:a9:d9:a0:
         cd:b7:73:a6:b3:c3:fb:c1:0d:8b:d7:db:c3:5b:f8:db:2c:e4:
         e8:02:27:17:db:7e:24:af:b5:9d:16:0d:f0:e7:82:80:ec:a0:
         ca:11:89:c6:f6:94:f6:07:4b:fc:ae:9a:6f:b8:c1:29:cd:59:
         6e:41:d6:c5:12:58:fe:ac:f9:35:13:a5:62:c4:20:c6:9d:5e:
         6e:68:50:c1:b6:60:bc:8d:c8:0b:4e:fe:db:25:07:9d:db:ce:
         83:bc:d7:08:51:25:ec:55:fd:ce:04:44:16:cb:f4:25:ba:89:
         51:55:f0:39:4f:05:21:d3:89:37:e9:b8:27:da:70:c3:49:bc:
         1d:47:d6:c7:17:c6:45:6d:16:f5:c8:7f:65:b5:72:1b:bb:b5:
         2e:05:ba:56:6c:18:fb:44:2a:c3:8b:3c:57:e0:f9:69:97:02:
         c1:82:37:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NIZJtttmL+KWOKkzNcAKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkY2RhNWQwNjBiYTkzNjZiYjQzMjU4MjhiNTcwMzNiZWYx
OGUzYzAwHhcNMjYwMTAxMDYxNzQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGU4N2NhY2ZjZjQ3YzJiYmY0NWRiNjVlMmE0NDRiMzFkMmI4OTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlvKT8ge4PEGIVYfB+XtZXrX04rIH
lEe0o/Ek5nMHlG+s/ur8ADnj7lqQYITr7lFVM1OrF5ZmLoHEQ7yzkNZccA+q9jB9
FiJXWJSUiEHmq8GoHnNhalTStvxfvDQ1gio9i8Dqivd+SrYtnA7SB8DCem3Hr2V8
KwCvT1di/fQGC2oiOcSj98Pq+09nnTr0UIfOZhOP1Q+RKyt3dfzw89HiBeJ6GXZx
GHheYWKyxqrScf35CpyUjkaV73OoZRQBoOqXxbfqyHJBI6SgNYIWvLNG7dSIx486
+fySqh3cuv57rjCotNhu1UOFcginHny7ktGY54Oj/iZFt9u/BnIQlDuQ5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMTofKz89Hwrv0XbZeKkRLMdK4k0MB8GA1UdIwQY
MBaAFA3NpdBgupNmu0MlgotXAzvvGOPAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGMybDBHQzZrMmE3UXlXQ2kxY0RPLThZNDhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi9lMTYwMDEtNjUyNS00MDRiLTliNDkt
YTU3YjFiMzkyMjA1LzEveE9oOHJQejBmQ3VfUmR0bDRxUkVzeDByaVRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi9lMTYwMDEtNjUyNS00MDRiLTliNDktYTU3YjFiMzkyMjA1
LzEvRGMybDBHQzZrMmE3UXlXQ2kxY0RPLThZNDhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVlhMA0G
CSqGSIb3DQEBCwUAA4IBAQB6utEoXcCr4SL92Ai+aQPQW60M3VfNwruqcjGXlxOw
4VSusog43Iw+w1q447z28steY0t2ixgt9sZ4LWxkoEBPPiyGS1h/B+TLscFxXahw
cRpfwBJe0MKp2aDNt3Oms8P7wQ2L19vDW/jbLOToAicX234kr7WdFg3w54KA7KDK
EYnG9pT2B0v8rppvuMEpzVluQdbFElj+rPk1E6VixCDGnV5uaFDBtmC8jcgLTv7b
JQed286DvNcIUSXsVf3OBEQWy/QluolRVfA5TwUh04k36bgn2nDDSbwdR9bHF8ZF
bRb1yH9ltXIbu7UuBbpWbBj7RCrDizxX4PlplwLBgjcw
-----END CERTIFICATE-----