This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/Ip7B4awbZgfNeXA2x0V50-o-c9A.roa
File:                     Ip7B4awbZgfNeXA2x0V50-o-c9A.roa (raw, json)
Hash identifier:          fF+qKa96LMcpcHr7gUx7PPq8EJWzQoCtAK5cioR9tRU=
Subject key identifier:   22:9E:C1:E1:AC:1B:66:07:CD:79:70:36:C7:45:79:D3:EA:3E:73:D0
Certificate issuer:       /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial:       019B7C809568A566BFC85C622871A5579563
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/Ip7B4awbZgfNeXA2x0V50-o-c9A.roa
Signing time:             Fri 02 Jan 2026 02:19:20 +0000
ROA not before:           Fri 02 Jan 2026 02:19:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39205
IP address blocks:        89.33.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 04:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:95:68:a5:66:bf:c8:5c:62:28:71:a5:57:95:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
        Validity
            Not Before: Jan  2 02:19:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=229ec1e1ac1b6607cd797036c74579d3ea3e73d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:75:00:32:f5:12:46:bc:f2:c5:2e:c1:92:22:
                    41:5a:2a:55:41:f7:36:22:63:fc:0d:a5:7e:21:1e:
                    d2:68:d9:41:04:8d:05:af:25:08:95:22:76:ea:6e:
                    0d:dc:83:61:92:ea:f2:06:a0:06:ae:e5:f9:8a:83:
                    71:00:c9:a2:22:41:95:c1:00:58:b8:90:6f:1e:86:
                    5e:f2:20:8a:53:58:ac:9a:41:b5:6f:90:69:67:6a:
                    b2:30:f3:37:9f:fa:5d:28:dc:d9:3f:ac:69:e9:76:
                    67:33:df:a0:e9:77:1c:a8:ab:7f:94:24:e9:34:37:
                    9a:3e:81:2e:7a:55:9b:4c:5e:1d:7d:9e:d7:a9:c1:
                    53:0a:ec:a5:83:c1:60:a5:9c:b8:de:71:98:27:f5:
                    46:3e:d7:94:15:6e:e1:75:71:70:fa:32:da:93:44:
                    fa:b9:55:ca:ae:f2:38:6e:dd:8e:ec:6f:8c:34:0b:
                    ad:80:67:23:d4:eb:2a:34:0f:1d:af:06:9d:1f:a5:
                    1f:87:01:5e:12:20:16:5e:ff:69:e1:ae:31:82:e4:
                    30:3d:68:e5:06:4f:3f:4f:1e:d3:9a:41:c1:f1:ea:
                    c3:e5:da:5f:6b:04:41:c7:33:1b:ee:08:1c:0e:4f:
                    46:0c:4d:7c:9e:84:07:58:a5:26:e7:99:db:a4:bf:
                    5d:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:9E:C1:E1:AC:1B:66:07:CD:79:70:36:C7:45:79:D3:EA:3E:73:D0
            X509v3 Authority Key Identifier:
                keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/Ip7B4awbZgfNeXA2x0V50-o-c9A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.33.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:f4:5b:6e:cf:70:db:c1:bc:9a:c2:34:bf:30:e8:58:9b:15:
         5d:e0:5e:9c:ea:32:b4:05:42:e6:26:37:9e:45:fe:6a:d7:11:
         06:a1:7e:24:fe:e6:c7:a8:46:99:9c:73:01:a7:78:3e:f4:9c:
         5d:81:50:58:b3:7d:d2:ca:3d:ba:9b:82:a5:9a:b3:ea:55:c0:
         95:09:be:fb:81:58:b8:13:76:d1:e6:97:97:c2:1c:54:ea:ba:
         fc:fa:5b:3c:35:69:39:0f:e4:2d:42:ba:f0:a2:03:33:87:01:
         79:1e:48:c1:74:d7:fc:06:9a:40:3f:36:ce:52:4f:71:14:4a:
         90:80:46:12:46:5d:67:22:09:ba:0a:f0:99:84:72:02:03:14:
         79:be:86:9b:08:1f:47:bb:89:a1:89:8d:93:de:e4:69:fa:4a:
         39:00:29:f0:48:bf:68:79:2b:7b:72:95:60:c5:a8:32:36:13:
         88:06:b8:42:a4:64:c8:be:0d:87:fc:0c:27:75:5a:74:69:12:
         eb:43:18:0c:94:a7:71:07:be:5f:c5:95:f3:9d:c5:02:79:6f:
         f2:41:01:9c:49:48:80:80:cf:80:9c:9b:15:2c:59:38:10:08:
         2e:df:9c:c3:f8:21:1e:8b:7f:48:ad:30:93:b2:da:1e:b0:ce:
         63:a5:4a:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gJVopWa/yFxiKHGlV5VjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjYwMTAyMDIxOTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjllYzFlMWFjMWI2NjA3Y2Q3OTcwMzZjNzQ1NzlkM2VhM2U3M2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3UAMvUSRrzyxS7BkiJBWipVQfc2
ImP8DaV+IR7SaNlBBI0FryUIlSJ26m4N3INhkuryBqAGruX5ioNxAMmiIkGVwQBY
uJBvHoZe8iCKU1ismkG1b5BpZ2qyMPM3n/pdKNzZP6xp6XZnM9+g6XccqKt/lCTp
NDeaPoEuelWbTF4dfZ7XqcFTCuylg8FgpZy43nGYJ/VGPteUFW7hdXFw+jLak0T6
uVXKrvI4bt2O7G+MNAutgGcj1OsqNA8drwadH6UfhwFeEiAWXv9p4a4xguQwPWjl
Bk8/Tx7TmkHB8erD5dpfawRBxzMb7ggcDk9GDE18noQHWKUm55nbpL9dfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCKeweGsG2YHzXlwNsdFedPqPnPQMB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEvSXA3QjRhd2JaZ2ZOZVhBMngwVjUwLW8tYzlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUtNWQ0OGI2NWNlNTcz
LzEvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSH9MA0G
CSqGSIb3DQEBCwUAA4IBAQB99Ftuz3DbwbyawjS/MOhYmxVd4F6c6jK0BULmJjee
Rf5q1xEGoX4k/ubHqEaZnHMBp3g+9JxdgVBYs33Syj26m4KlmrPqVcCVCb77gVi4
E3bR5peXwhxU6rr8+ls8NWk5D+QtQrrwogMzhwF5HkjBdNf8BppAPzbOUk9xFEqQ
gEYSRl1nIgm6CvCZhHICAxR5voabCB9Hu4mhiY2T3uRp+ko5ACnwSL9oeSt7cpVg
xagyNhOIBrhCpGTIvg2H/AwndVp0aRLrQxgMlKdxB75fxZXzncUCeW/yQQGcSUiA
gM+AnJsVLFk4EAgu35zD+CEei39IrTCTstoesM5jpUp1
-----END CERTIFICATE-----