This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/huTbYgpqurqxYkSbrMBeRshoxjw.roa
File:                     huTbYgpqurqxYkSbrMBeRshoxjw.roa (raw, json)
Hash identifier:          XOmUVP6KC3R9djF2wr37Vopd4+qc2j38WB+awNW8Kn4=
Subject key identifier:   86:E4:DB:62:0A:6A:BA:BA:B1:62:44:9B:AC:C0:5E:46:C8:68:C6:3C
Certificate issuer:       /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial:       019B797EF666383462C242CE2D855B96B633
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/huTbYgpqurqxYkSbrMBeRshoxjw.roa
Signing time:             Thu 01 Jan 2026 12:18:42 +0000
ROA not before:           Thu 01 Jan 2026 12:18:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205634
IP address blocks:        89.249.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 Jan 2026 13:16:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:f6:66:38:34:62:c2:42:ce:2d:85:5b:96:b6:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
        Validity
            Not Before: Jan  1 12:18:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=86e4db620a6ababab162449bacc05e46c868c63c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:ec:2d:26:06:34:a4:d5:05:71:8c:7a:42:3c:
                    be:ec:5c:7b:02:90:a5:aa:9d:23:93:68:e5:7c:40:
                    f5:32:3d:1c:38:e5:8c:16:70:03:89:06:a7:0b:e5:
                    2a:99:4b:63:7d:9c:eb:84:4f:79:0d:a8:c2:8c:13:
                    9c:05:34:2a:b0:02:87:93:15:79:b8:a6:b8:6b:e0:
                    fc:dd:06:52:cf:5c:9d:b6:3f:f4:10:fe:d9:c0:f7:
                    7c:41:91:6e:af:4e:de:96:97:af:cb:97:cc:94:12:
                    e5:f4:a9:16:4e:ad:ba:70:94:40:f6:6a:d9:f9:bf:
                    89:58:38:0a:d8:c1:e5:f3:46:d6:9a:f2:0e:70:43:
                    07:70:02:24:0a:51:1f:6c:49:4f:75:7f:83:18:7b:
                    39:97:78:13:15:b2:82:43:60:0d:ad:a5:59:a7:e2:
                    a5:39:fa:8c:65:82:fc:81:ad:75:79:bb:02:60:dc:
                    f5:c6:26:a9:50:56:02:9a:a4:2e:a0:84:b5:c1:0e:
                    5f:85:26:c2:46:91:03:f3:2a:87:56:89:79:f2:20:
                    c6:1e:ee:9d:82:14:24:a3:58:42:72:21:7e:32:aa:
                    fa:a2:cb:47:eb:ee:2c:f7:4c:d6:c0:c7:0f:ef:9a:
                    0a:1e:b5:25:5f:9f:d1:75:42:04:74:1d:25:2a:d5:
                    87:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:E4:DB:62:0A:6A:BA:BA:B1:62:44:9B:AC:C0:5E:46:C8:68:C6:3C
            X509v3 Authority Key Identifier:
                keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/huTbYgpqurqxYkSbrMBeRshoxjw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.249.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         dd:a5:23:e7:df:28:09:e7:cb:b9:d2:b6:5e:97:b4:ab:23:35:
         c3:a4:b7:d3:49:48:da:48:3e:55:5d:f7:64:5e:0f:56:6f:98:
         18:8b:c3:28:1a:68:47:03:5e:9a:e4:63:06:09:13:f6:83:1b:
         4a:b4:e0:62:f3:08:c4:6c:fe:0d:36:de:07:f4:61:47:b9:1f:
         20:bd:33:ba:0c:78:52:61:52:bf:10:95:10:99:d2:00:cf:9d:
         af:10:86:7d:1f:56:34:d5:f9:d3:8b:2d:ef:41:27:84:72:1e:
         79:62:7d:80:d8:84:b0:87:82:43:27:57:7d:82:92:fb:bc:30:
         db:90:dd:9b:d4:1b:ce:8e:0d:02:4c:1d:cb:83:23:fc:93:b0:
         17:14:d5:36:a6:17:bc:ef:0f:fe:27:51:ae:b5:a4:32:96:f1:
         2e:bb:1f:57:76:e8:ce:f6:76:53:3c:c0:31:bd:52:21:f9:f8:
         b9:25:c1:53:d3:1e:48:fd:80:50:4b:44:3c:d4:de:ad:44:87:
         f4:e9:1b:3d:a3:e3:cb:2f:6f:ef:04:2c:8d:b2:cb:df:a5:3c:
         44:29:3e:7d:39:69:4b:b3:56:3a:b1:84:c2:a2:90:2d:8b:44:
         cc:f3:64:e5:9a:cc:0b:18:dd:8d:fd:29:16:2c:e6:90:6a:86:
         86:16:5f:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fvZmODRiwkLOLYVblrYzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjYwMTAxMTIxODQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmU0ZGI2MjBhNmFiYWJhYjE2MjQ0OWJhY2MwNWU0NmM4NjhjNjNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+wtJgY0pNUFcYx6Qjy+7Fx7ApCl
qp0jk2jlfED1Mj0cOOWMFnADiQanC+UqmUtjfZzrhE95DajCjBOcBTQqsAKHkxV5
uKa4a+D83QZSz1ydtj/0EP7ZwPd8QZFur07elpevy5fMlBLl9KkWTq26cJRA9mrZ
+b+JWDgK2MHl80bWmvIOcEMHcAIkClEfbElPdX+DGHs5l3gTFbKCQ2ANraVZp+Kl
OfqMZYL8ga11ebsCYNz1xiapUFYCmqQuoIS1wQ5fhSbCRpED8yqHVol58iDGHu6d
ghQko1hCciF+Mqr6ostH6+4s90zWwMcP75oKHrUlX5/RdUIEdB0lKtWHDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIbk22IKarq6sWJEm6zAXkbIaMY8MB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvaHVUYllncHF1cnF4WWtTYnJNQmVSc2hveGp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfnIMA0G
CSqGSIb3DQEBCwUAA4IBAQDdpSPn3ygJ58u50rZel7SrIzXDpLfTSUjaSD5VXfdk
Xg9Wb5gYi8MoGmhHA16a5GMGCRP2gxtKtOBi8wjEbP4NNt4H9GFHuR8gvTO6DHhS
YVK/EJUQmdIAz52vEIZ9H1Y01fnTiy3vQSeEch55Yn2A2ISwh4JDJ1d9gpL7vDDb
kN2b1BvOjg0CTB3LgyP8k7AXFNU2phe87w/+J1GutaQylvEuux9XdujO9nZTPMAx
vVIh+fi5JcFT0x5I/YBQS0Q81N6tRIf06Rs9o+PLL2/vBCyNssvfpTxEKT59OWlL
s1Y6sYTCopAti0TM82TlmswLGN2N/SkWLOaQaoaGFl9t
-----END CERTIFICATE-----