This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/NDzC5EOM_SNgXg7XTcR_g6iYudU.roa
File:                     NDzC5EOM_SNgXg7XTcR_g6iYudU.roa (raw, json)
Hash identifier:          RJ+xTzIi8yjG0YnIhrSkq6+yXouzc/hx8zBFzjecXQU=
Subject key identifier:   34:3C:C2:E4:43:8C:FD:23:60:5E:0E:D7:4D:C4:7F:83:A8:98:B9:D5
Certificate issuer:       /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial:       019BDB04782A94381C38542C5C320090EA6C
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/NDzC5EOM_SNgXg7XTcR_g6iYudU.roa
Signing time:             Tue 20 Jan 2026 10:47:41 +0000
ROA not before:           Tue 20 Jan 2026 10:47:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     138195
IP address blocks:        89.37.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 04:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:db:04:78:2a:94:38:1c:38:54:2c:5c:32:00:90:ea:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
        Validity
            Not Before: Jan 20 10:47:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=343cc2e4438cfd23605e0ed74dc47f83a898b9d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:6f:ad:d8:3a:e0:ee:1c:99:87:26:8a:cf:32:
                    93:c0:d9:85:d2:ec:14:40:f1:c2:92:21:e5:e9:27:
                    69:18:96:33:c3:7b:04:3c:dc:ae:4e:24:5a:1a:4f:
                    e0:47:48:83:ed:3a:20:d6:cd:80:67:72:ab:da:6e:
                    43:68:8c:75:49:35:07:24:b3:01:5c:c9:7a:99:35:
                    84:0d:6e:5a:4e:4a:43:41:ee:2c:0a:c7:6f:11:da:
                    c9:72:1f:20:ed:e9:b5:e5:e4:a7:19:9b:7e:51:67:
                    c5:80:94:aa:f2:25:d1:e0:ef:34:0a:12:be:1c:8a:
                    3a:d6:48:07:00:96:fb:3a:ec:31:92:83:0b:19:c2:
                    c6:59:89:58:84:ff:6b:3f:ef:c1:01:9f:1a:31:22:
                    fa:98:36:fb:fe:5a:79:ed:aa:dd:1e:1c:4a:e8:07:
                    5f:94:72:ca:f8:0e:92:5d:ec:2e:64:bc:80:5d:32:
                    76:a5:6d:c6:ec:03:00:a1:e1:14:0b:5c:9b:01:02:
                    de:6b:21:25:fb:8c:2e:a2:b0:fc:a4:3a:6e:6b:6f:
                    39:3a:7d:1e:24:e7:d6:11:61:2f:23:b5:69:85:b4:
                    3c:4a:a7:34:35:76:8b:da:9e:b8:22:4f:1c:23:3b:
                    18:97:94:4f:69:ad:4b:b4:93:ee:ec:22:2e:52:d6:
                    19:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:3C:C2:E4:43:8C:FD:23:60:5E:0E:D7:4D:C4:7F:83:A8:98:B9:D5
            X509v3 Authority Key Identifier:
                keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/NDzC5EOM_SNgXg7XTcR_g6iYudU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.37.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:c4:d5:4d:01:96:0d:b2:1e:76:0a:58:9e:38:3c:32:a1:19:
         39:3e:27:50:79:bc:3d:ca:9b:24:3f:7b:b7:dc:71:29:b8:aa:
         09:29:6e:f8:cf:9b:72:35:a8:c6:6e:e9:49:1a:9e:26:5e:94:
         de:e2:69:87:5c:a2:49:c3:2c:96:6a:d3:08:69:41:c1:59:f0:
         05:e3:5c:2d:94:c3:99:55:d0:86:e0:8c:a4:af:e5:27:7f:7d:
         b3:af:2e:7e:4c:54:d4:e3:52:61:d1:b1:d3:03:f5:e8:66:11:
         0f:7f:ea:ac:41:4d:e2:3e:b2:48:92:b8:59:c9:1e:d3:51:5f:
         e8:41:44:89:3c:89:d0:28:d7:1e:01:73:37:9a:eb:a2:d6:82:
         b4:c1:36:7a:19:1d:9e:d2:ad:b4:4b:b3:54:be:f3:a1:58:a1:
         92:13:e7:dc:e8:e2:f5:95:e3:49:a7:43:01:9b:d9:9b:68:12:
         50:ae:26:7f:c3:70:80:7b:74:75:a3:54:ea:4c:92:24:d2:0b:
         c0:bf:3c:8a:41:3e:91:4b:95:70:a9:9a:19:81:ba:b1:c3:b5:
         09:e3:be:e1:8d:2f:1b:d0:e0:74:37:89:78:fa:c7:c3:ec:c2:
         de:c2:c8:3d:f2:9f:66:4c:b8:86:b5:e2:cf:b1:77:96:95:66:
         80:92:fc:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZvbBHgqlDgcOFQsXDIAkOpsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjYwMTIwMTA0NzQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDNjYzJlNDQzOGNmZDIzNjA1ZTBlZDc0ZGM0N2Y4M2E4OThiOWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz2+t2Drg7hyZhyaKzzKTwNmF0uwU
QPHCkiHl6SdpGJYzw3sEPNyuTiRaGk/gR0iD7Tog1s2AZ3Kr2m5DaIx1STUHJLMB
XMl6mTWEDW5aTkpDQe4sCsdvEdrJch8g7em15eSnGZt+UWfFgJSq8iXR4O80ChK+
HIo61kgHAJb7OuwxkoMLGcLGWYlYhP9rP+/BAZ8aMSL6mDb7/lp57ardHhxK6Adf
lHLK+A6SXewuZLyAXTJ2pW3G7AMAoeEUC1ybAQLeayEl+4wuorD8pDpua285On0e
JOfWEWEvI7VphbQ8Sqc0NXaL2p64Ik8cIzsYl5RPaa1LtJPu7CIuUtYZNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDQ8wuRDjP0jYF4O103Ef4OomLnVMB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEvTkR6QzVFT01fU05nWGc3WFRjUl9nNmlZdWRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUtNWQ0OGI2NWNlNTcz
LzEvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSWIMA0G
CSqGSIb3DQEBCwUAA4IBAQArxNVNAZYNsh52ClieODwyoRk5PidQebw9ypskP3u3
3HEpuKoJKW74z5tyNajGbulJGp4mXpTe4mmHXKJJwyyWatMIaUHBWfAF41wtlMOZ
VdCG4Iykr+Unf32zry5+TFTU41Jh0bHTA/XoZhEPf+qsQU3iPrJIkrhZyR7TUV/o
QUSJPInQKNceAXM3muui1oK0wTZ6GR2e0q20S7NUvvOhWKGSE+fc6OL1leNJp0MB
m9mbaBJQriZ/w3CAe3R1o1TqTJIk0gvAvzyKQT6RS5VwqZoZgbqxw7UJ477hjS8b
0OB0N4l4+sfD7MLewsg98p9mTLiGteLPsXeWlWaAkvxh
-----END CERTIFICATE-----