This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/03NK9U45UsLtizaKOIKI8Tp7EKk.roa
File:                     03NK9U45UsLtizaKOIKI8Tp7EKk.roa (raw, json)
Hash identifier:          K8ES9keigK9Rm9e5LfsA38pLwT8h8NGIZqYwtXyu1lA=
Subject key identifier:   D3:73:4A:F5:4E:39:52:C2:ED:8B:36:8A:38:82:88:F1:3A:7B:10:A9
Certificate issuer:       /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial:       019B7C809FCB3BC31EAB6289D4E76D39E666
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/03NK9U45UsLtizaKOIKI8Tp7EKk.roa
Signing time:             Fri 02 Jan 2026 02:19:22 +0000
ROA not before:           Fri 02 Jan 2026 02:19:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208185
IP address blocks:        89.43.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 00:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:9f:cb:3b:c3:1e:ab:62:89:d4:e7:6d:39:e6:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
        Validity
            Not Before: Jan  2 02:19:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d3734af54e3952c2ed8b368a388288f13a7b10a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:ec:31:5b:c6:ba:8b:89:c9:43:3b:b6:d4:99:
                    e8:04:f1:f7:d0:31:76:bc:87:aa:0c:50:1e:4c:03:
                    c5:be:37:43:fb:fd:8d:67:49:db:a5:7b:d2:87:c8:
                    5e:ce:d2:c6:ce:f6:3c:ff:7f:d6:cf:94:24:e4:ba:
                    bb:81:33:33:7a:01:f6:62:f8:07:76:88:85:11:1e:
                    55:3f:4a:c4:93:79:dd:2a:59:ed:9f:94:9a:63:9b:
                    b2:81:2e:38:50:86:aa:78:d8:4d:51:a9:30:e8:04:
                    3b:38:85:84:35:da:16:cd:72:a0:bd:9c:e5:67:47:
                    08:c2:0a:12:a4:e9:5e:49:1f:0e:0d:8f:00:9b:16:
                    6c:63:c1:72:74:f2:7a:5e:09:21:94:01:d1:8d:52:
                    06:17:26:3a:60:8f:d6:26:78:ad:9a:f2:4b:2b:ad:
                    63:d2:7e:e5:13:ba:10:9f:a5:c7:4c:36:00:c6:3c:
                    dd:15:52:c0:c3:dd:d7:5d:af:4e:c6:9e:31:25:30:
                    44:49:bf:a9:fe:60:72:f0:36:e2:79:d5:ab:99:65:
                    ef:92:8f:84:b1:fe:4a:43:18:27:f0:29:03:7e:6b:
                    9e:83:4e:49:ae:3b:12:53:a0:dc:55:69:0d:50:a1:
                    3a:f6:d4:a7:c1:f2:c3:32:86:f3:0a:52:d4:d7:55:
                    b9:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:73:4A:F5:4E:39:52:C2:ED:8B:36:8A:38:82:88:F1:3A:7B:10:A9
            X509v3 Authority Key Identifier:
                keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/03NK9U45UsLtizaKOIKI8Tp7EKk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.43.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:83:3b:25:ab:88:73:81:0e:51:53:df:d7:4e:58:6d:cf:e8:
         91:f3:e0:72:a5:67:af:dc:bb:eb:6c:41:16:d9:b4:6d:0d:27:
         35:2a:d9:7b:b5:d5:38:0e:52:7a:44:09:0e:81:11:b3:2f:6c:
         68:1d:9f:36:6f:9d:11:16:85:8c:c2:28:ff:ce:8e:99:64:66:
         ee:48:04:5c:a2:09:4b:18:b6:a9:39:4b:e3:ab:d4:96:98:d7:
         09:5f:a2:d4:65:8d:c5:6b:56:dc:94:15:15:4f:e6:12:e6:64:
         38:d3:f9:de:30:7c:0b:a9:74:25:8a:cf:34:9b:ee:01:e7:ea:
         ea:c5:b8:8e:80:78:cb:e3:25:86:17:82:97:ca:a8:06:ae:e3:
         4e:03:a1:9f:9f:80:b2:08:fe:3c:93:3b:4f:99:0d:74:9e:6e:
         a6:4f:05:02:8e:cf:c8:94:1f:8f:cb:b0:ff:03:48:7c:1b:69:
         b3:74:34:2b:86:7e:46:6e:0d:5a:41:c4:6f:06:f7:66:f7:2c:
         7a:1b:17:9c:f6:15:c8:e1:2e:ca:42:6e:9d:cb:1e:c1:10:a5:
         89:bf:55:42:7f:72:d1:a1:8f:2a:aa:30:78:1b:90:92:e1:78:
         66:cc:19:ff:a8:48:95:60:06:ee:72:b6:87:df:6a:05:91:ab:
         0d:25:49:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gJ/LO8Meq2KJ1OdtOeZmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjYwMTAyMDIxOTIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzczNGFmNTRlMzk1MmMyZWQ4YjM2OGEzODgyODhmMTNhN2IxMGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArewxW8a6i4nJQzu21JnoBPH30DF2
vIeqDFAeTAPFvjdD+/2NZ0nbpXvSh8heztLGzvY8/3/Wz5Qk5Lq7gTMzegH2YvgH
doiFER5VP0rEk3ndKlntn5SaY5uygS44UIaqeNhNUakw6AQ7OIWENdoWzXKgvZzl
Z0cIwgoSpOleSR8ODY8AmxZsY8FydPJ6XgkhlAHRjVIGFyY6YI/WJnitmvJLK61j
0n7lE7oQn6XHTDYAxjzdFVLAw93XXa9Oxp4xJTBESb+p/mBy8DbiedWrmWXvko+E
sf5KQxgn8CkDfmueg05JrjsSU6DcVWkNUKE69tSnwfLDMobzClLU11W5XQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNNzSvVOOVLC7Ys2ijiCiPE6exCpMB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEvMDNOSzlVNDVVc0x0aXphS09JS0k4VHA3RUtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUtNWQ0OGI2NWNlNTcz
LzEvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSsuMA0G
CSqGSIb3DQEBCwUAA4IBAQCmgzslq4hzgQ5RU9/XTlhtz+iR8+BypWev3LvrbEEW
2bRtDSc1Ktl7tdU4DlJ6RAkOgRGzL2xoHZ82b50RFoWMwij/zo6ZZGbuSARcoglL
GLapOUvjq9SWmNcJX6LUZY3Fa1bclBUVT+YS5mQ40/neMHwLqXQlis80m+4B5+rq
xbiOgHjL4yWGF4KXyqgGruNOA6Gfn4CyCP48kztPmQ10nm6mTwUCjs/IlB+Py7D/
A0h8G2mzdDQrhn5Gbg1aQcRvBvdm9yx6Gxec9hXI4S7KQm6dyx7BEKWJv1VCf3LR
oY8qqjB4G5CS4XhmzBn/qEiVYAbucraH32oFkasNJUkc
-----END CERTIFICATE-----