This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/a94992-566b-4b6f-a689-a57604a3f6bb/1/TiD9gDPC6hzeUS03WXN1eUOquCI.roa
File:                     TiD9gDPC6hzeUS03WXN1eUOquCI.roa (raw, json)
Hash identifier:          EYgyIIIj42s4CaldUCnQX00hXD4u9JbwGJdHvXeUkmA=
Subject key identifier:   4E:20:FD:80:33:C2:EA:1C:DE:51:2D:37:59:73:75:79:43:AA:B8:22
Certificate issuer:       /CN=b8c8aa18730f4a83e2852c5692551abb5b1ee7ea
Certificate serial:       019B7D5C8AFE80BE09D86D15929FCC6F0680
Authority key identifier: B8:C8:AA:18:73:0F:4A:83:E2:85:2C:56:92:55:1A:BB:5B:1E:E7:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uMiqGHMPSoPihSxWklUau1se5-o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/a94992-566b-4b6f-a689-a57604a3f6bb/1/TiD9gDPC6hzeUS03WXN1eUOquCI.roa
Signing time:             Fri 02 Jan 2026 06:19:35 +0000
ROA not before:           Fri 02 Jan 2026 06:19:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401838
IP address blocks:        89.38.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/a94992-566b-4b6f-a689-a57604a3f6bb/1/uMiqGHMPSoPihSxWklUau1se5-o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/a94992-566b-4b6f-a689-a57604a3f6bb/1/uMiqGHMPSoPihSxWklUau1se5-o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uMiqGHMPSoPihSxWklUau1se5-o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 00:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5c:8a:fe:80:be:09:d8:6d:15:92:9f:cc:6f:06:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8c8aa18730f4a83e2852c5692551abb5b1ee7ea
        Validity
            Not Before: Jan  2 06:19:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4e20fd8033c2ea1cde512d375973757943aab822
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:14:0c:40:a6:47:4e:c0:ee:8d:bb:5a:c0:84:
                    39:90:13:62:ac:03:3a:6c:25:d4:7e:82:84:36:24:
                    25:e9:16:55:3d:a7:e2:7e:29:d8:a6:5c:00:fa:c2:
                    79:21:bd:db:9b:84:9a:03:dc:cf:5e:63:37:cf:53:
                    bd:21:86:18:01:70:1a:49:82:ee:7d:3f:ae:50:d2:
                    95:56:bb:ed:61:f4:1e:92:af:48:c4:04:d2:e2:1a:
                    b7:42:24:14:3f:5e:21:02:55:f6:89:14:5b:eb:1d:
                    b7:9c:07:0d:0b:8c:29:9a:46:35:4b:ff:e9:89:27:
                    77:5b:49:80:ea:bc:88:c5:13:eb:39:c3:65:b7:bc:
                    40:f3:a7:89:09:86:4f:65:96:a1:fe:e1:91:e3:1c:
                    65:8c:f6:ab:28:18:fc:a7:41:49:eb:aa:58:0f:af:
                    77:ae:90:72:05:fe:ee:a4:87:6e:b6:32:19:67:04:
                    5f:2f:41:1b:4a:07:7d:96:39:fc:95:64:f5:29:66:
                    a0:63:84:24:9e:0b:7e:b2:bc:63:73:a0:2b:4f:cd:
                    ec:1c:79:b0:e4:b4:23:97:10:25:c1:55:72:a4:7e:
                    64:4a:a2:87:86:27:06:85:56:6f:a6:60:ac:3e:b1:
                    35:40:75:37:63:4d:5c:a6:85:94:e7:57:5f:59:c4:
                    ef:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:20:FD:80:33:C2:EA:1C:DE:51:2D:37:59:73:75:79:43:AA:B8:22
            X509v3 Authority Key Identifier:
                keyid:B8:C8:AA:18:73:0F:4A:83:E2:85:2C:56:92:55:1A:BB:5B:1E:E7:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uMiqGHMPSoPihSxWklUau1se5-o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/a94992-566b-4b6f-a689-a57604a3f6bb/1/TiD9gDPC6hzeUS03WXN1eUOquCI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/a94992-566b-4b6f-a689-a57604a3f6bb/1/uMiqGHMPSoPihSxWklUau1se5-o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.38.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:1c:35:48:f9:85:ed:da:b2:10:78:15:aa:f3:7c:51:cb:2c:
         56:3c:2b:9a:c9:82:f3:b4:54:2e:6c:f8:43:c0:5a:fb:e1:ca:
         15:5e:e0:7e:fa:94:62:e7:1e:3a:a2:b7:56:77:2b:f4:8c:6e:
         d7:4b:a6:fc:0d:5b:26:4f:cd:66:c5:45:be:c3:96:de:cb:c1:
         9c:26:89:03:6a:9c:c7:bd:ac:6f:fa:41:62:5c:5a:4a:f2:cc:
         45:16:f2:48:3f:ab:c6:5b:43:d4:ad:47:d6:ce:aa:3d:f7:3a:
         d1:5d:bc:9d:4a:91:ed:27:d0:ab:8c:64:b8:29:2c:37:c8:67:
         7e:a3:b5:e8:fd:33:19:13:70:5b:86:75:83:af:b6:72:ca:17:
         14:a3:e6:59:fe:44:e4:ef:ae:d2:34:1c:b1:90:f3:c8:e5:b9:
         f0:37:96:56:71:12:0c:c4:bf:77:60:08:40:17:83:da:64:bd:
         69:7e:05:27:76:4b:6e:a8:c8:1d:b3:05:02:04:fa:d0:40:fa:
         1c:ac:c2:29:aa:c1:ec:3d:e3:ba:71:9f:a0:69:54:c1:90:29:
         90:d8:36:87:98:2f:d5:88:56:62:45:a5:e2:28:f3:d5:ff:81:
         e6:e4:ad:db:1e:ab:d8:1c:05:5a:9b:73:f4:c7:9d:21:56:e5:
         7d:55:5e:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XIr+gL4J2G0Vkp/MbwaAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4YzhhYTE4NzMwZjRhODNlMjg1MmM1NjkyNTUxYWJiNWIx
ZWU3ZWEwHhcNMjYwMTAyMDYxOTM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTIwZmQ4MDMzYzJlYTFjZGU1MTJkMzc1OTczNzU3OTQzYWFiODIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5xQMQKZHTsDujbtawIQ5kBNirAM6
bCXUfoKENiQl6RZVPafifinYplwA+sJ5Ib3bm4SaA9zPXmM3z1O9IYYYAXAaSYLu
fT+uUNKVVrvtYfQekq9IxATS4hq3QiQUP14hAlX2iRRb6x23nAcNC4wpmkY1S//p
iSd3W0mA6ryIxRPrOcNlt7xA86eJCYZPZZah/uGR4xxljParKBj8p0FJ66pYD693
rpByBf7upIdutjIZZwRfL0EbSgd9ljn8lWT1KWagY4Qkngt+srxjc6ArT83sHHmw
5LQjlxAlwVVypH5kSqKHhicGhVZvpmCsPrE1QHU3Y01cpoWU51dfWcTv4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE4g/YAzwuoc3lEtN1lzdXlDqrgiMB8GA1UdIwQY
MBaAFLjIqhhzD0qD4oUsVpJVGrtbHufqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdU1pcUdITVBTb1BpaFN4V2tsVWF1MXNlNS1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9hOTQ5OTItNTY2Yi00YjZmLWE2ODkt
YTU3NjA0YTNmNmJiLzEvVGlEOWdEUEM2aHplVVMwM1dYTjFlVU9xdUNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9hOTQ5OTItNTY2Yi00YjZmLWE2ODktYTU3NjA0YTNmNmJi
LzEvdU1pcUdITVBTb1BpaFN4V2tsVWF1MXNlNS1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSYoMA0G
CSqGSIb3DQEBCwUAA4IBAQAaHDVI+YXt2rIQeBWq83xRyyxWPCuayYLztFQubPhD
wFr74coVXuB++pRi5x46ordWdyv0jG7XS6b8DVsmT81mxUW+w5bey8GcJokDapzH
vaxv+kFiXFpK8sxFFvJIP6vGW0PUrUfWzqo99zrRXbydSpHtJ9CrjGS4KSw3yGd+
o7Xo/TMZE3BbhnWDr7ZyyhcUo+ZZ/kTk767SNByxkPPI5bnwN5ZWcRIMxL93YAhA
F4PaZL1pfgUndktuqMgdswUCBPrQQPocrMIpqsHsPeO6cZ+gaVTBkCmQ2DaHmC/V
iFZiRaXiKPPV/4Hm5K3bHqvYHAVam3P0x50hVuV9VV6Q
-----END CERTIFICATE-----