This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/_RWG7NYORT3-QWHzAU7L2mdIOjQ.roa
File:                     _RWG7NYORT3-QWHzAU7L2mdIOjQ.roa (raw, json)
Hash identifier:          wYpPsSdJc+9RtANDem9TvjeWGC4BCZkBguHfaivuBjs=
Subject key identifier:   FD:15:86:EC:D6:0E:45:3D:FE:41:61:F3:01:4E:CB:DA:67:48:3A:34
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       019B797E706E2EE5BCC3E42DB560173E3A57
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/_RWG7NYORT3-QWHzAU7L2mdIOjQ.roa
Signing time:             Thu 01 Jan 2026 12:18:08 +0000
ROA not before:           Thu 01 Jan 2026 12:18:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     141892
IP address blocks:        89.21.85.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:70:6e:2e:e5:bc:c3:e4:2d:b5:60:17:3e:3a:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Jan  1 12:18:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fd1586ecd60e453dfe4161f3014ecbda67483a34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:ab:bd:f6:c1:1b:a8:95:b0:1f:e5:b7:91:5a:
                    25:5b:58:a7:13:7c:1c:9b:d2:45:19:ea:ab:b1:2d:
                    9c:62:74:ea:1b:30:de:3c:3e:fe:c2:76:50:cd:b0:
                    e8:21:18:3f:b5:7e:27:5c:40:f8:50:54:8e:0a:28:
                    a5:07:34:76:64:15:3d:db:e2:c6:42:c7:a4:f2:52:
                    be:2a:66:e4:15:f2:b4:04:28:49:75:31:4d:35:7c:
                    77:71:6a:e6:0c:bb:8b:aa:6b:bf:c7:c6:28:2c:f5:
                    f6:9c:88:44:c0:0a:62:da:cf:28:c7:c4:b3:38:8c:
                    f5:a6:f7:3d:9f:8f:9f:f8:f4:d8:a6:38:21:0e:56:
                    80:f6:79:08:b9:bb:3d:39:16:9c:08:2d:70:7c:de:
                    7b:de:ec:c1:f6:a7:46:c7:fd:e6:89:9f:0e:23:01:
                    d0:1d:41:3a:2f:ac:b7:fe:d0:87:d0:03:a3:42:2c:
                    dc:bd:6c:2b:37:0b:73:e5:33:82:de:15:25:10:e8:
                    92:8f:8a:e4:67:4c:b5:5d:64:46:d2:d9:ad:be:37:
                    46:4e:93:86:74:e7:90:e3:a3:ca:d4:d9:77:d1:0d:
                    1e:07:6b:2f:46:fc:a0:73:1a:d4:dc:d2:a7:e0:79:
                    3f:c9:1d:11:95:dd:14:99:36:4b:9c:eb:e0:64:39:
                    de:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:15:86:EC:D6:0E:45:3D:FE:41:61:F3:01:4E:CB:DA:67:48:3A:34
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/_RWG7NYORT3-QWHzAU7L2mdIOjQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.21.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:61:b2:10:4c:b5:94:68:66:ff:eb:45:f5:d7:0b:e5:9f:07:
         f9:84:16:79:fd:bd:27:d1:04:0e:dd:3c:43:25:58:29:17:f8:
         11:3c:13:20:8c:99:62:93:c9:1a:2a:79:51:35:0d:16:b3:db:
         13:9f:d7:d5:fb:cc:d3:9e:67:b6:59:f5:35:b7:4c:de:02:f8:
         01:fb:22:51:cc:01:39:58:d3:7d:28:6e:a3:f0:27:56:4c:7a:
         a4:2a:e5:3c:52:4d:2c:79:18:09:eb:8f:1c:63:b1:8b:35:05:
         d3:f1:d8:c6:9a:b6:7d:02:2c:a8:6e:0d:c8:2d:a2:d7:60:1f:
         07:49:99:72:0b:7f:96:21:f9:53:6c:08:77:d1:32:42:ba:76:
         3b:1f:ff:d6:0a:61:d9:13:0f:bb:e4:39:80:96:ca:1d:45:f4:
         55:0a:35:8b:87:29:74:2c:bb:1d:2f:21:9c:c2:1a:04:98:1b:
         54:dd:3c:cc:c8:f7:73:2c:0d:88:06:07:91:ed:37:06:96:45:
         62:3f:21:2c:91:3f:8c:3e:8a:e2:a3:11:75:10:c1:d5:52:28:
         a1:1c:b2:d5:ad:bf:0d:18:00:da:d1:51:e4:00:46:ba:48:97:
         20:80:dd:0c:a7:34:11:86:08:3d:b1:0c:7c:a3:9d:f5:c6:1f:
         16:b6:89:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fnBuLuW8w+QttWAXPjpXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjYwMTAxMTIxODA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDE1ODZlY2Q2MGU0NTNkZmU0MTYxZjMwMTRlY2JkYTY3NDgzYTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsKu99sEbqJWwH+W3kVolW1inE3wc
m9JFGeqrsS2cYnTqGzDePD7+wnZQzbDoIRg/tX4nXED4UFSOCiilBzR2ZBU92+LG
Qsek8lK+KmbkFfK0BChJdTFNNXx3cWrmDLuLqmu/x8YoLPX2nIhEwApi2s8ox8Sz
OIz1pvc9n4+f+PTYpjghDlaA9nkIubs9ORacCC1wfN573uzB9qdGx/3miZ8OIwHQ
HUE6L6y3/tCH0AOjQizcvWwrNwtz5TOC3hUlEOiSj4rkZ0y1XWRG0tmtvjdGTpOG
dOeQ46PK1Nl30Q0eB2svRvygcxrU3NKn4Hk/yR0Rld0UmTZLnOvgZDneFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP0VhuzWDkU9/kFh8wFOy9pnSDo0MB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvX1JXRzdOWU9SVDMtUVdIekFVN0wybWRJT2pRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRVVMA0G
CSqGSIb3DQEBCwUAA4IBAQA4YbIQTLWUaGb/60X11wvlnwf5hBZ5/b0n0QQO3TxD
JVgpF/gRPBMgjJlik8kaKnlRNQ0Ws9sTn9fV+8zTnme2WfU1t0zeAvgB+yJRzAE5
WNN9KG6j8CdWTHqkKuU8Uk0seRgJ648cY7GLNQXT8djGmrZ9Aiyobg3ILaLXYB8H
SZlyC3+WIflTbAh30TJCunY7H//WCmHZEw+75DmAlsodRfRVCjWLhyl0LLsdLyGc
whoEmBtU3TzMyPdzLA2IBgeR7TcGlkViPyEskT+MPorioxF1EMHVUiihHLLVrb8N
GADa0VHkAEa6SJcggN0MpzQRhgg9sQx8o531xh8Wtoli
-----END CERTIFICATE-----