This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/53b489-ab48-49fe-9d01-a0e37f25a515/1/96SX2S5aBWouZ5qx7BRgteL4iq8.roa
File:                     96SX2S5aBWouZ5qx7BRgteL4iq8.roa (raw, json)
Hash identifier:          M3a2yFufjkSiLfAokMv1+05AOpH8jhB4+9skztdJecg=
Subject key identifier:   F7:A4:97:D9:2E:5A:05:6A:2E:67:9A:B1:EC:14:60:B5:E2:F8:8A:AF
Certificate issuer:       /CN=0c874a5f52734e260e7bfa4d45114add9277e353
Certificate serial:       019B7D5BF6E7C0ACE23F02D24AE6C4B64772
Authority key identifier: 0C:87:4A:5F:52:73:4E:26:0E:7B:FA:4D:45:11:4A:DD:92:77:E3:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DIdKX1JzTiYOe_pNRRFK3ZJ341M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/53b489-ab48-49fe-9d01-a0e37f25a515/1/96SX2S5aBWouZ5qx7BRgteL4iq8.roa
Signing time:             Fri 02 Jan 2026 06:18:57 +0000
ROA not before:           Fri 02 Jan 2026 06:18:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2856
IP address blocks:        152.89.24.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/53b489-ab48-49fe-9d01-a0e37f25a515/1/DIdKX1JzTiYOe_pNRRFK3ZJ341M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/53b489-ab48-49fe-9d01-a0e37f25a515/1/DIdKX1JzTiYOe_pNRRFK3ZJ341M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DIdKX1JzTiYOe_pNRRFK3ZJ341M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 Jan 2026 09:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5b:f6:e7:c0:ac:e2:3f:02:d2:4a:e6:c4:b6:47:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c874a5f52734e260e7bfa4d45114add9277e353
        Validity
            Not Before: Jan  2 06:18:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f7a497d92e5a056a2e679ab1ec1460b5e2f88aaf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:d5:38:fe:d5:b6:dc:00:fb:8c:46:ea:f2:3d:
                    1e:46:35:42:02:11:00:09:79:9f:75:ae:0e:0e:07:
                    44:74:07:9f:2d:2b:c1:56:3e:e7:04:55:53:0a:82:
                    20:18:a4:7d:81:1c:bb:d5:23:1e:2f:74:f0:ff:70:
                    6d:88:4f:96:6e:44:bd:0e:64:30:87:4d:0e:78:ff:
                    e1:af:1b:ea:ed:ad:57:6a:53:f7:96:a1:b5:f1:4d:
                    e6:e4:fc:60:e5:cd:00:d2:16:13:a3:9b:1b:88:83:
                    51:52:eb:f8:04:91:a3:cc:36:83:75:54:21:9d:f7:
                    28:67:87:47:88:92:d3:d7:3a:6d:50:30:ac:36:cd:
                    27:bc:5d:28:2d:c7:18:5d:da:41:b0:36:2b:1c:34:
                    74:2b:cb:64:73:8e:0c:a1:cf:41:93:61:d1:f1:1e:
                    84:12:90:ee:b1:3c:1c:e2:11:ed:26:93:03:ca:5b:
                    81:c9:fe:2e:08:af:3a:4e:2a:86:4c:3f:6a:d4:a8:
                    63:e9:93:b7:b4:e7:34:5a:4b:de:88:1f:aa:cd:cd:
                    00:e3:59:88:b8:49:f3:eb:bf:c6:8c:5e:7c:c9:0f:
                    81:61:4a:84:bc:2a:ad:e2:f3:b3:23:ed:58:26:9d:
                    89:51:be:3a:61:a8:5b:e2:e8:78:29:ae:a6:61:07:
                    d7:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:A4:97:D9:2E:5A:05:6A:2E:67:9A:B1:EC:14:60:B5:E2:F8:8A:AF
            X509v3 Authority Key Identifier:
                keyid:0C:87:4A:5F:52:73:4E:26:0E:7B:FA:4D:45:11:4A:DD:92:77:E3:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DIdKX1JzTiYOe_pNRRFK3ZJ341M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/53b489-ab48-49fe-9d01-a0e37f25a515/1/96SX2S5aBWouZ5qx7BRgteL4iq8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/53b489-ab48-49fe-9d01-a0e37f25a515/1/DIdKX1JzTiYOe_pNRRFK3ZJ341M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         aa:70:0c:4a:fb:29:01:fa:de:e0:d9:52:b9:fe:0f:ea:3f:60:
         37:32:da:21:d9:04:b3:23:11:86:78:76:0d:d8:cc:78:09:3f:
         44:b4:d7:ad:98:b9:25:c0:40:ea:a0:ff:0a:35:72:ed:2a:76:
         b0:04:30:14:f3:72:42:5e:18:49:00:f4:c5:9c:44:b5:ca:a4:
         16:64:d8:5c:31:a9:d6:ea:43:7a:80:3e:72:7d:9e:f5:bb:97:
         2a:28:91:0f:fa:b0:7c:2b:3f:60:95:58:12:5b:c5:8c:a9:37:
         f8:5a:89:c0:f8:e7:07:82:d6:ff:3d:ed:ee:89:65:64:74:8e:
         ad:f8:dd:35:6c:35:bd:a1:64:50:f7:e0:b0:57:eb:db:bc:30:
         10:aa:f1:12:8e:7a:64:df:16:53:81:11:fd:12:33:5f:4c:03:
         72:ca:b7:d3:86:e8:49:0b:78:c1:c1:d3:fe:c7:c4:8f:a9:c1:
         2d:44:07:7d:f6:69:8d:b3:77:71:36:f1:b1:4d:b9:22:3b:f2:
         05:bc:c2:96:be:8e:d1:df:3e:6f:4d:d4:11:69:0f:44:a0:80:
         a6:43:92:14:01:75:57:6d:bc:0c:d6:0c:20:03:72:94:9d:86:
         1b:91:d3:5c:61:ba:42:bb:a6:55:9c:cd:e2:6a:8a:d6:b6:9d:
         d5:9c:98:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9W/bnwKziPwLSSubEtkdyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjODc0YTVmNTI3MzRlMjYwZTdiZmE0ZDQ1MTE0YWRkOTI3
N2UzNTMwHhcNMjYwMTAyMDYxODU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2E0OTdkOTJlNWEwNTZhMmU2NzlhYjFlYzE0NjBiNWUyZjg4YWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9U4/tW23AD7jEbq8j0eRjVCAhEA
CXmfda4ODgdEdAefLSvBVj7nBFVTCoIgGKR9gRy71SMeL3Tw/3BtiE+WbkS9DmQw
h00OeP/hrxvq7a1XalP3lqG18U3m5Pxg5c0A0hYTo5sbiINRUuv4BJGjzDaDdVQh
nfcoZ4dHiJLT1zptUDCsNs0nvF0oLccYXdpBsDYrHDR0K8tkc44Moc9Bk2HR8R6E
EpDusTwc4hHtJpMDyluByf4uCK86TiqGTD9q1Khj6ZO3tOc0WkveiB+qzc0A41mI
uEnz67/GjF58yQ+BYUqEvCqt4vOzI+1YJp2JUb46Yahb4uh4Ka6mYQfXgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPekl9kuWgVqLmeasewUYLXi+IqvMB8GA1UdIwQY
MBaAFAyHSl9Sc04mDnv6TUURSt2Sd+NTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRElkS1gxSnpUaVlPZV9wTlJSRkszWkozNDFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC81M2I0ODktYWI0OC00OWZlLTlkMDEt
YTBlMzdmMjVhNTE1LzEvOTZTWDJTNWFCV291WjVxeDdCUmd0ZUw0aXE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC81M2I0ODktYWI0OC00OWZlLTlkMDEtYTBlMzdmMjVhNTE1
LzEvRElkS1gxSnpUaVlPZV9wTlJSRkszWkozNDFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCmFkYMA0G
CSqGSIb3DQEBCwUAA4IBAQCqcAxK+ykB+t7g2VK5/g/qP2A3Mtoh2QSzIxGGeHYN
2Mx4CT9EtNetmLklwEDqoP8KNXLtKnawBDAU83JCXhhJAPTFnES1yqQWZNhcManW
6kN6gD5yfZ71u5cqKJEP+rB8Kz9glVgSW8WMqTf4WonA+OcHgtb/Pe3uiWVkdI6t
+N01bDW9oWRQ9+CwV+vbvDAQqvESjnpk3xZTgRH9EjNfTANyyrfThuhJC3jBwdP+
x8SPqcEtRAd99mmNs3dxNvGxTbkiO/IFvMKWvo7R3z5vTdQRaQ9EoICmQ5IUAXVX
bbwM1gwgA3KUnYYbkdNcYbpCu6ZVnM3iaorWtp3VnJhy
-----END CERTIFICATE-----