This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/di2UOQtBoMyvGlt9iPRPPJ-H68U.roa
File:                     di2UOQtBoMyvGlt9iPRPPJ-H68U.roa (raw, json)
Hash identifier:          LuUhBRMb3qDgjyLHmEk6ZBLeYzGNYenuDLqyOyzIP0E=
Subject key identifier:   76:2D:94:39:0B:41:A0:CC:AF:1A:5B:7D:88:F4:4F:3C:9F:87:EB:C5
Certificate issuer:       /CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
Certificate serial:       019B080B7F9F42725EF705459F6427A346E3
Authority key identifier: 2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/di2UOQtBoMyvGlt9iPRPPJ-H68U.roa
Signing time:             Wed 10 Dec 2025 11:35:29 +0000
ROA not before:           Wed 10 Dec 2025 11:35:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205358
IP address blocks:        152.89.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Dec 2025 19:27:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:08:0b:7f:9f:42:72:5e:f7:05:45:9f:64:27:a3:46:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
        Validity
            Not Before: Dec 10 11:35:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=762d94390b41a0ccaf1a5b7d88f44f3c9f87ebc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:fe:a7:33:0a:8f:ca:8d:6c:b6:30:b7:20:37:
                    d3:97:50:20:c0:6a:5a:e5:6d:d5:b9:af:69:56:2f:
                    61:0b:56:ee:97:4f:1c:61:51:fc:9e:f3:90:bc:29:
                    6b:c0:d5:e0:d2:fc:9e:ac:df:3f:7a:49:e8:7d:49:
                    af:fa:b8:c0:19:06:76:cb:92:81:e9:52:29:7d:08:
                    7d:68:8b:87:42:f5:69:43:09:1b:59:be:3a:4d:5c:
                    22:67:4d:d2:37:2b:83:79:35:a4:2a:10:7b:39:19:
                    3d:98:d7:43:85:fc:a9:88:66:f5:fa:74:e2:e7:92:
                    e5:0d:57:3a:69:d8:30:45:5e:07:76:d2:e7:07:f6:
                    63:7e:fe:b7:f2:91:bf:f5:f4:8e:69:39:10:83:22:
                    b1:b2:63:46:64:45:05:91:a5:5a:05:99:fd:a1:54:
                    e6:7a:13:99:f8:c3:64:8c:d5:4d:53:65:87:0a:da:
                    82:57:f2:ed:5c:b2:52:2c:9b:6e:b2:54:b9:9e:9f:
                    36:d4:2e:cc:60:7f:d6:cd:f6:2f:cc:9d:9a:cb:c1:
                    25:61:dc:9e:73:81:b0:11:bb:76:11:9f:3b:a9:e6:
                    1a:c4:96:2d:05:68:72:80:31:fc:4f:df:6d:fd:04:
                    64:99:06:2a:d4:a5:e9:ac:c2:7c:dc:d0:50:57:be:
                    73:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:2D:94:39:0B:41:A0:CC:AF:1A:5B:7D:88:F4:4F:3C:9F:87:EB:C5
            X509v3 Authority Key Identifier:
                keyid:2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/di2UOQtBoMyvGlt9iPRPPJ-H68U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:e3:e0:5d:4e:4f:f8:2f:cb:9f:ee:a9:c3:f5:c9:0a:ec:27:
         6a:cc:30:20:00:d9:ff:75:ee:b1:57:b5:20:e7:8a:ca:c1:4a:
         f8:4a:4c:c1:ef:3f:8b:a9:21:10:ca:b9:b7:b5:5b:da:fb:4c:
         4c:93:e4:20:59:f5:bc:1b:8b:81:dd:19:66:d6:cc:fe:62:6e:
         73:6f:e7:e3:09:f8:15:06:4a:b6:34:cd:c8:80:24:35:a4:f7:
         35:12:8f:d0:45:b2:b9:bd:c0:40:5d:60:0a:14:8d:1a:85:15:
         62:38:57:4c:1b:1f:62:ee:81:c8:ff:23:a3:9a:a3:8c:b7:ee:
         a8:91:08:5c:94:97:c5:2d:96:c0:b5:eb:e5:e3:f5:7d:7e:cf:
         00:c6:99:82:1c:c5:59:0b:61:20:5c:14:69:42:3c:6f:06:5e:
         1a:64:86:1c:a6:90:10:63:55:e8:61:92:d4:4c:90:f6:38:06:
         43:55:1c:7d:c7:45:cc:c0:73:89:7a:88:8b:fa:6a:07:b9:1a:
         ac:42:50:2f:19:db:e7:3a:95:4c:cc:8a:49:14:58:11:7e:9b:
         be:b7:98:6f:b1:c3:d1:a4:19:4a:f6:b9:ee:d2:bb:2e:f3:b5:
         97:66:93:93:4f:ff:bc:31:43:dd:7d:95:1f:b1:de:71:1f:cc:
         94:ab:75:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZsIC3+fQnJe9wVFn2Qno0bjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmOTNkM2JhMTk3ZjVjZTMwOThiZmE3NzAwYjQzODU0ZWFh
ODBlOWUwHhcNMjUxMjEwMTEzNTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjJkOTQzOTBiNDFhMGNjYWYxYTViN2Q4OGY0NGYzYzlmODdlYmM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmf6nMwqPyo1stjC3IDfTl1AgwGpa
5W3Vua9pVi9hC1bul08cYVH8nvOQvClrwNXg0vyerN8/eknofUmv+rjAGQZ2y5KB
6VIpfQh9aIuHQvVpQwkbWb46TVwiZ03SNyuDeTWkKhB7ORk9mNdDhfypiGb1+nTi
55LlDVc6adgwRV4HdtLnB/Zjfv638pG/9fSOaTkQgyKxsmNGZEUFkaVaBZn9oVTm
ehOZ+MNkjNVNU2WHCtqCV/LtXLJSLJtuslS5np821C7MYH/WzfYvzJ2ay8ElYdye
c4GwEbt2EZ87qeYaxJYtBWhygDH8T99t/QRkmQYq1KXprMJ83NBQV75zWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHYtlDkLQaDMrxpbfYj0Tzyfh+vFMB8GA1UdIwQY
MBaAFC+T07oZf1zjCYv6dwC0OFTqqA6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUt
OWU3MWRjMjRhNjgzLzEvZGkyVU9RdEJvTXl2R2x0OWlQUlBQSi1INjhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUtOWU3MWRjMjRhNjgz
LzEvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmFmrMA0G
CSqGSIb3DQEBCwUAA4IBAQCS4+BdTk/4L8uf7qnD9ckK7CdqzDAgANn/de6xV7Ug
54rKwUr4SkzB7z+LqSEQyrm3tVva+0xMk+QgWfW8G4uB3Rlm1sz+Ym5zb+fjCfgV
Bkq2NM3IgCQ1pPc1Eo/QRbK5vcBAXWAKFI0ahRViOFdMGx9i7oHI/yOjmqOMt+6o
kQhclJfFLZbAtevl4/V9fs8AxpmCHMVZC2EgXBRpQjxvBl4aZIYcppAQY1XoYZLU
TJD2OAZDVRx9x0XMwHOJeoiL+moHuRqsQlAvGdvnOpVMzIpJFFgRfpu+t5hvscPR
pBlK9rnu0rsu87WXZpOTT/+8MUPdfZUfsd5xH8yUq3WS
-----END CERTIFICATE-----