This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/a1bxge9RaAQ4hUbIUGzCCu-i2F4.roa
File:                     a1bxge9RaAQ4hUbIUGzCCu-i2F4.roa (raw, json)
Hash identifier:          a1kP5I90YhkZZI2m2BFKJdlp4Oz3OlMvq6wsOXlcI4c=
Subject key identifier:   6B:56:F1:81:EF:51:68:04:38:85:46:C8:50:6C:C2:0A:EF:A2:D8:5E
Certificate issuer:       /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial:       019B797EF5A63E223BC1E2831B687BE978DD
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/a1bxge9RaAQ4hUbIUGzCCu-i2F4.roa
Signing time:             Thu 01 Jan 2026 12:18:42 +0000
ROA not before:           Thu 01 Jan 2026 12:18:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61317
IP address blocks:        89.249.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 Jan 2026 09:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:f5:a6:3e:22:3b:c1:e2:83:1b:68:7b:e9:78:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
        Validity
            Not Before: Jan  1 12:18:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6b56f181ef516804388546c8506cc20aefa2d85e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:e5:87:8d:69:67:8a:8e:7a:44:93:39:fe:4b:
                    bb:df:7a:5a:f8:06:47:0d:a3:a9:e0:db:65:1c:e1:
                    bf:93:f7:74:9f:9f:74:99:ca:c4:e1:5c:14:84:87:
                    2e:20:1e:64:1a:1f:49:37:41:a9:17:e1:58:5f:5a:
                    4d:e9:0e:26:6c:2f:e7:18:66:88:29:87:60:be:9e:
                    20:ec:2c:32:28:39:ee:2d:8e:0e:c3:4b:ec:0c:b1:
                    1d:71:d2:62:7d:bd:2a:2d:ff:f1:cf:21:c9:f7:96:
                    8b:42:ab:d4:bd:97:ae:1c:4b:c2:b5:4d:4c:d2:11:
                    5e:a6:70:5c:10:ed:b2:a2:e9:e2:65:9c:d4:5f:1d:
                    b0:ac:91:10:64:86:68:24:df:84:7a:23:ca:a6:5b:
                    93:8c:44:de:1b:e1:fb:fc:a7:76:fd:8b:fc:9b:7f:
                    83:9d:60:85:57:cc:ca:7d:d9:7f:74:75:ca:80:8f:
                    5a:17:bc:b9:4b:46:fa:e3:76:de:b7:8d:4e:79:80:
                    87:da:11:8f:7f:58:0a:d8:1e:c5:e8:dc:97:a4:54:
                    f0:97:02:bf:3c:e2:d3:86:f2:ec:bc:c3:5b:96:71:
                    36:f3:30:7c:34:b3:2e:38:fb:7a:17:d4:48:9a:c5:
                    5b:19:78:3f:cd:ac:47:da:30:d2:24:17:f4:eb:10:
                    aa:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:56:F1:81:EF:51:68:04:38:85:46:C8:50:6C:C2:0A:EF:A2:D8:5E
            X509v3 Authority Key Identifier:
                keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/a1bxge9RaAQ4hUbIUGzCCu-i2F4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.249.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:e2:f8:2d:ff:ce:c0:00:cb:23:5f:b8:0c:e3:8a:ac:36:30:
         53:29:ca:4d:00:9f:49:5a:40:ec:88:ba:d8:88:16:f5:da:99:
         8b:c8:61:05:e4:94:04:d4:b7:97:51:8a:e5:e8:55:b9:19:6e:
         23:b1:2e:0c:bf:8b:42:bb:18:a6:39:59:45:98:4e:4b:26:93:
         3a:a3:94:35:1b:fa:87:8b:c2:4e:2a:c3:8a:09:93:5c:1a:e6:
         fc:f9:97:74:33:ea:7f:ad:05:44:0c:c9:77:2d:d6:46:9c:a0:
         99:ad:10:a3:71:58:ea:04:1c:5a:56:50:2d:61:78:63:54:dc:
         f9:ed:63:4e:43:c9:b8:ad:29:8f:af:ae:00:43:48:42:aa:fe:
         9e:3d:21:c1:b7:4f:cd:ac:96:f4:ad:e8:bb:bd:1b:07:d2:aa:
         77:36:5f:9a:dc:70:07:d5:df:b5:54:26:3c:15:10:26:29:60:
         7f:bd:a8:79:b6:c4:e2:41:e9:ed:9f:4b:c0:98:7e:04:74:1d:
         50:cf:9a:dd:89:ca:aa:ba:a0:67:54:b9:61:5f:41:c6:7e:9e:
         bd:c2:a9:2c:f8:58:1a:cc:d6:a5:8b:92:ba:f1:b2:65:5b:49:
         88:72:2d:24:71:7e:83:49:2e:d8:d3:2f:28:0b:d3:d9:14:83:
         95:f6:47:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fvWmPiI7weKDG2h76XjdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjYwMTAxMTIxODQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjU2ZjE4MWVmNTE2ODA0Mzg4NTQ2Yzg1MDZjYzIwYWVmYTJkODVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAveWHjWlnio56RJM5/ku733pa+AZH
DaOp4NtlHOG/k/d0n590mcrE4VwUhIcuIB5kGh9JN0GpF+FYX1pN6Q4mbC/nGGaI
KYdgvp4g7CwyKDnuLY4Ow0vsDLEdcdJifb0qLf/xzyHJ95aLQqvUvZeuHEvCtU1M
0hFepnBcEO2youniZZzUXx2wrJEQZIZoJN+EeiPKpluTjETeG+H7/Kd2/Yv8m3+D
nWCFV8zKfdl/dHXKgI9aF7y5S0b643bet41OeYCH2hGPf1gK2B7F6NyXpFTwlwK/
POLThvLsvMNblnE28zB8NLMuOPt6F9RImsVbGXg/zaxH2jDSJBf06xCq7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGtW8YHvUWgEOIVGyFBswgrvotheMB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvYTFieGdlOVJhQVE0aFViSVVHekNDdS1pMkY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfnJMA0G
CSqGSIb3DQEBCwUAA4IBAQCN4vgt/87AAMsjX7gM44qsNjBTKcpNAJ9JWkDsiLrY
iBb12pmLyGEF5JQE1LeXUYrl6FW5GW4jsS4Mv4tCuximOVlFmE5LJpM6o5Q1G/qH
i8JOKsOKCZNcGub8+Zd0M+p/rQVEDMl3LdZGnKCZrRCjcVjqBBxaVlAtYXhjVNz5
7WNOQ8m4rSmPr64AQ0hCqv6ePSHBt0/NrJb0rei7vRsH0qp3Nl+a3HAH1d+1VCY8
FRAmKWB/vah5tsTiQentn0vAmH4EdB1Qz5rdicqquqBnVLlhX0HGfp69wqks+Fga
zNali5K68bJlW0mIci0kcX6DSS7Y0y8oC9PZFIOV9kdk
-----END CERTIFICATE-----