This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/130d95-5641-4ada-80c0-da3e1192cdf6/1/pbiThfAegyylM_yyLkJ568qRsIs.roa
File:                     pbiThfAegyylM_yyLkJ568qRsIs.roa (raw, json)
Hash identifier:          EbVW6OD32aGyMYOqnHpV6p+0BLMWbc1212XA0jq0pO8=
Subject key identifier:   A5:B8:93:85:F0:1E:83:2C:A5:33:FC:B2:2E:42:79:EB:CA:91:B0:8B
Certificate issuer:       /CN=2eebb691b24f2879253e3a6a45e0b5c52673b09d
Certificate serial:       019B783508E4FD3EC23DF002EBA1ACF49ACC
Authority key identifier: 2E:EB:B6:91:B2:4F:28:79:25:3E:3A:6A:45:E0:B5:C5:26:73:B0:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Luu2kbJPKHklPjpqReC1xSZzsJ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/130d95-5641-4ada-80c0-da3e1192cdf6/1/pbiThfAegyylM_yyLkJ568qRsIs.roa
Signing time:             Thu 01 Jan 2026 06:18:20 +0000
ROA not before:           Thu 01 Jan 2026 06:18:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202799
IP address blocks:        89.19.220.0/24 maxlen: 24
                          89.19.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/130d95-5641-4ada-80c0-da3e1192cdf6/1/Luu2kbJPKHklPjpqReC1xSZzsJ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/130d95-5641-4ada-80c0-da3e1192cdf6/1/Luu2kbJPKHklPjpqReC1xSZzsJ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Luu2kbJPKHklPjpqReC1xSZzsJ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 15:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:35:08:e4:fd:3e:c2:3d:f0:02:eb:a1:ac:f4:9a:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2eebb691b24f2879253e3a6a45e0b5c52673b09d
        Validity
            Not Before: Jan  1 06:18:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a5b89385f01e832ca533fcb22e4279ebca91b08b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:a8:de:ef:0d:a9:3a:39:c9:ac:2d:00:a7:84:
                    6a:bd:6e:2d:a0:df:13:25:ab:1a:75:c2:eb:57:81:
                    09:88:34:35:a1:c8:bb:10:3b:ab:63:55:b0:f3:31:
                    11:0f:6b:39:3a:69:8d:e5:f7:49:1e:e5:38:d3:4b:
                    f5:8d:3f:c9:84:5a:8b:32:ca:90:f4:b8:66:49:1f:
                    b2:ee:9f:e1:96:8c:45:de:86:fa:7b:f7:36:b6:96:
                    2a:55:d9:ea:0b:88:85:18:46:20:17:04:fd:5a:1b:
                    a3:1c:3c:07:ae:25:eb:82:c3:9d:29:c0:4f:6d:1a:
                    6e:ce:8c:08:a9:52:a1:91:7a:84:f4:f5:73:bd:bc:
                    a5:a7:5c:22:74:e4:47:c3:b0:27:0b:26:51:9e:9e:
                    d0:07:1d:5a:f9:b1:ae:6e:3e:6a:7e:f7:f8:2e:4f:
                    a6:a8:36:8e:dd:08:6c:e8:a4:a3:1f:1e:0c:5e:98:
                    08:5d:e3:9c:fd:01:61:6d:59:32:08:e7:6e:a2:9b:
                    ed:8d:f5:69:2c:8b:79:0b:b9:db:c7:da:39:56:08:
                    57:b3:cd:2d:26:61:51:ea:6c:06:de:75:01:98:53:
                    c3:b6:52:01:a4:cb:41:1b:c4:0b:77:07:c2:75:c7:
                    62:fb:9c:21:bb:19:d8:66:63:4c:04:7a:43:51:48:
                    35:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:B8:93:85:F0:1E:83:2C:A5:33:FC:B2:2E:42:79:EB:CA:91:B0:8B
            X509v3 Authority Key Identifier:
                keyid:2E:EB:B6:91:B2:4F:28:79:25:3E:3A:6A:45:E0:B5:C5:26:73:B0:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Luu2kbJPKHklPjpqReC1xSZzsJ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/130d95-5641-4ada-80c0-da3e1192cdf6/1/pbiThfAegyylM_yyLkJ568qRsIs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/130d95-5641-4ada-80c0-da3e1192cdf6/1/Luu2kbJPKHklPjpqReC1xSZzsJ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.19.220.0/23

    Signature Algorithm: sha256WithRSAEncryption
         01:09:b3:77:e1:a5:ea:24:e3:fd:7c:00:3b:91:2b:df:1a:3f:
         d2:43:8b:f5:90:2c:bb:01:79:55:52:10:e0:a4:60:50:48:ef:
         47:0e:47:c7:61:39:bd:74:be:07:c4:c2:2e:0f:ab:e2:64:82:
         65:b0:55:24:4d:f5:25:a7:c6:d1:31:2f:da:c4:ad:13:c9:a1:
         2d:6a:c5:8e:1e:89:ea:0f:e7:72:27:32:95:d9:1a:e0:27:eb:
         03:8a:f4:9e:6e:04:59:a0:92:8f:af:68:6a:43:ce:c3:dd:91:
         fd:ef:c1:0f:7b:b7:3b:b1:0c:8b:ae:17:5a:56:b8:9a:2c:49:
         3d:b0:84:c9:de:f7:de:07:6e:41:99:b7:c2:83:56:03:4c:af:
         ba:21:1b:f2:37:a8:4a:aa:39:24:47:c9:3a:07:8a:d2:aa:d0:
         8e:ab:9f:05:2e:c2:ae:a1:94:af:36:e7:ec:0e:73:39:4f:eb:
         61:bd:6e:ce:5e:db:0a:9c:8d:c8:00:a7:49:58:28:23:4e:2a:
         2e:e5:b5:fd:48:5d:a5:3a:d6:de:fe:6a:ed:35:4d:ce:7d:22:
         86:96:da:d0:41:3c:1d:0f:76:fd:36:ea:9a:cf:ac:72:60:9f:
         c3:35:04:3e:3a:b3:27:34:0e:f9:8b:c0:75:17:45:ee:dc:b6:
         cd:13:42:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NQjk/T7CPfAC66Gs9JrMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlZWJiNjkxYjI0ZjI4NzkyNTNlM2E2YTQ1ZTBiNWM1MjY3
M2IwOWQwHhcNMjYwMTAxMDYxODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWI4OTM4NWYwMWU4MzJjYTUzM2ZjYjIyZTQyNzllYmNhOTFiMDhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8qje7w2pOjnJrC0Ap4RqvW4toN8T
JasadcLrV4EJiDQ1oci7EDurY1Ww8zERD2s5OmmN5fdJHuU400v1jT/JhFqLMsqQ
9LhmSR+y7p/hloxF3ob6e/c2tpYqVdnqC4iFGEYgFwT9WhujHDwHriXrgsOdKcBP
bRpuzowIqVKhkXqE9PVzvbylp1widORHw7AnCyZRnp7QBx1a+bGubj5qfvf4Lk+m
qDaO3Qhs6KSjHx4MXpgIXeOc/QFhbVkyCOduopvtjfVpLIt5C7nbx9o5VghXs80t
JmFR6mwG3nUBmFPDtlIBpMtBG8QLdwfCdcdi+5whuxnYZmNMBHpDUUg1ewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKW4k4XwHoMspTP8si5CeevKkbCLMB8GA1UdIwQY
MBaAFC7rtpGyTyh5JT46akXgtcUmc7CdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHV1MmtiSlBLSGtsUGpwcVJlQzF4U1p6c0owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xMzBkOTUtNTY0MS00YWRhLTgwYzAt
ZGEzZTExOTJjZGY2LzEvcGJpVGhmQWVneXlsTV95eUxrSjU2OHFSc0lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xMzBkOTUtNTY0MS00YWRhLTgwYzAtZGEzZTExOTJjZGY2
LzEvTHV1MmtiSlBLSGtsUGpwcVJlQzF4U1p6c0owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWRPcMA0G
CSqGSIb3DQEBCwUAA4IBAQABCbN34aXqJOP9fAA7kSvfGj/SQ4v1kCy7AXlVUhDg
pGBQSO9HDkfHYTm9dL4HxMIuD6viZIJlsFUkTfUlp8bRMS/axK0TyaEtasWOHonq
D+dyJzKV2RrgJ+sDivSebgRZoJKPr2hqQ87D3ZH978EPe7c7sQyLrhdaVriaLEk9
sITJ3vfeB25BmbfCg1YDTK+6IRvyN6hKqjkkR8k6B4rSqtCOq58FLsKuoZSvNufs
DnM5T+thvW7OXtsKnI3IAKdJWCgjTiou5bX9SF2lOtbe/mrtNU3OfSKGltrQQTwd
D3b9Nuqaz6xyYJ/DNQQ+OrMnNA75i8B1F0Xu3LbNE0Ic
-----END CERTIFICATE-----