This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/cCO9cpeh3RM-17KaHig1fBdbqLQ.roa
File:                     cCO9cpeh3RM-17KaHig1fBdbqLQ.roa (raw, json)
Hash identifier:          qmg9F7v3esV7rN8nOUpgei2VQoEeuoX2de6JDRLva6E=
Subject key identifier:   70:23:BD:72:97:A1:DD:13:3E:D7:B2:9A:1E:28:35:7C:17:5B:A8:B4
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       019BCC55E2126A9E834B0D9AAB5929449445
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/cCO9cpeh3RM-17KaHig1fBdbqLQ.roa
Signing time:             Sat 17 Jan 2026 14:22:19 +0000
ROA not before:           Sat 17 Jan 2026 14:22:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        89.251.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:cc:55:e2:12:6a:9e:83:4b:0d:9a:ab:59:29:44:94:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Jan 17 14:22:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7023bd7297a1dd133ed7b29a1e28357c175ba8b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:62:71:14:53:2c:af:34:3b:57:f0:6a:47:ba:
                    45:da:2e:ea:60:f2:48:05:a7:e3:8d:c6:cb:82:cc:
                    dd:79:76:64:d0:70:8f:74:1d:e1:1d:fb:bb:b6:ab:
                    e8:ba:40:25:e1:bc:75:07:b2:8c:26:f4:18:72:b6:
                    d5:bf:60:54:80:9a:65:ff:eb:d6:00:5c:87:28:15:
                    d0:e6:c1:1a:3b:ad:85:1b:ef:57:3c:9e:e4:32:e3:
                    22:f9:b0:4b:75:e2:5b:c4:89:4b:6b:77:34:66:b0:
                    26:a8:a9:84:ea:d8:54:5a:f2:4e:c0:8b:2e:f4:59:
                    1c:75:71:2c:ce:ce:ac:2e:2a:e5:e9:60:dd:35:11:
                    41:5d:fc:18:34:1a:c9:5e:81:a4:41:d1:65:93:8c:
                    c5:de:b2:d2:30:08:11:1f:38:5c:e5:b3:a6:73:cb:
                    c1:e9:ba:cf:a6:92:ee:d6:3a:40:0e:eb:a4:cb:cd:
                    c4:b5:8d:2f:1d:7e:06:3e:2d:e9:2a:15:13:9b:34:
                    0c:cf:7c:bd:a6:d2:09:f2:ac:45:e6:df:be:8d:ed:
                    32:89:06:66:aa:0d:b4:7a:72:b6:00:f7:1f:56:68:
                    ec:4e:46:a9:13:b3:d8:ae:dc:84:a6:d0:80:ef:f4:
                    c0:49:76:47:ca:df:49:19:64:3b:d4:17:1e:65:0a:
                    f6:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:23:BD:72:97:A1:DD:13:3E:D7:B2:9A:1E:28:35:7C:17:5B:A8:B4
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/cCO9cpeh3RM-17KaHig1fBdbqLQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.251.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:0e:70:f2:c4:cc:55:ef:c9:f9:51:f1:c5:df:d8:41:cf:7e:
         18:55:c5:9e:87:64:65:27:44:52:9f:6a:b6:a3:0b:7e:d8:b0:
         41:5d:2f:f2:af:4f:5d:0b:73:72:ff:c5:a9:fc:7c:c4:a4:03:
         0c:2e:23:9e:20:4c:dd:0f:0f:10:47:41:1f:9e:00:81:de:18:
         e5:cf:3e:ba:f9:fd:5e:9e:25:12:b5:8c:19:c3:b8:85:8a:d5:
         e4:50:9b:fb:32:e2:cb:0e:e2:51:f7:bf:9e:84:84:5d:e2:27:
         ad:5b:4d:02:25:d3:1a:2b:13:d8:91:6c:8a:95:3c:30:ae:68:
         b5:f5:55:89:41:b5:9c:7b:6e:d7:3b:03:a9:6d:51:71:a9:41:
         34:cc:64:10:42:41:94:98:dc:94:77:58:84:9c:67:61:62:97:
         7c:10:5d:e1:2b:35:fb:65:f0:b4:41:3a:7e:21:fb:60:5b:f2:
         8f:72:fe:80:95:12:b4:c0:1a:0b:13:94:c9:e8:5c:8d:34:d0:
         c7:c0:5c:54:c1:b6:bc:63:ed:ff:d3:88:76:c6:66:f0:04:5a:
         5a:57:10:50:94:8b:ca:3b:fd:ef:1c:60:38:ae:82:1e:4c:19:
         08:51:a8:50:05:33:f1:24:03:36:c2:84:44:f9:59:f0:fe:7f:
         80:39:71:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZvMVeISap6DSw2aq1kpRJRFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjYwMTE3MTQyMjE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDIzYmQ3Mjk3YTFkZDEzM2VkN2IyOWExZTI4MzU3YzE3NWJhOGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2JxFFMsrzQ7V/BqR7pF2i7qYPJI
BafjjcbLgszdeXZk0HCPdB3hHfu7tqvoukAl4bx1B7KMJvQYcrbVv2BUgJpl/+vW
AFyHKBXQ5sEaO62FG+9XPJ7kMuMi+bBLdeJbxIlLa3c0ZrAmqKmE6thUWvJOwIsu
9FkcdXEszs6sLirl6WDdNRFBXfwYNBrJXoGkQdFlk4zF3rLSMAgRHzhc5bOmc8vB
6brPppLu1jpADuuky83EtY0vHX4GPi3pKhUTmzQMz3y9ptIJ8qxF5t++je0yiQZm
qg20enK2APcfVmjsTkapE7PYrtyEptCA7/TASXZHyt9JGWQ71BceZQr2WQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHAjvXKXod0TPteymh4oNXwXW6i0MB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvY0NPOWNwZWgzUk0tMTdLYUhpZzFmQmRicUxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfsXMA0G
CSqGSIb3DQEBCwUAA4IBAQAwDnDyxMxV78n5UfHF39hBz34YVcWeh2RlJ0RSn2q2
owt+2LBBXS/yr09dC3Ny/8Wp/HzEpAMMLiOeIEzdDw8QR0EfngCB3hjlzz66+f1e
niUStYwZw7iFitXkUJv7MuLLDuJR97+ehIRd4ietW00CJdMaKxPYkWyKlTwwrmi1
9VWJQbWce27XOwOpbVFxqUE0zGQQQkGUmNyUd1iEnGdhYpd8EF3hKzX7ZfC0QTp+
IftgW/KPcv6AlRK0wBoLE5TJ6FyNNNDHwFxUwba8Y+3/04h2xmbwBFpaVxBQlIvK
O/3vHGA4roIeTBkIUahQBTPxJAM2woRE+Vnw/n+AOXH6
-----END CERTIFICATE-----