This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/DsffUi0vviKbj6N3-1eID0Le5RQ.roa
File:                     DsffUi0vviKbj6N3-1eID0Le5RQ.roa (raw, json)
Hash identifier:          1YA0KS7o6lebr91XZtj8rz008unRW2BLhJ6VFjJeeFg=
Subject key identifier:   0E:C7:DF:52:2D:2F:BE:22:9B:8F:A3:77:FB:57:88:0F:42:DE:E5:14
Certificate issuer:       /CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
Certificate serial:       019B7CED9FF18EEF95F519401108ACEC5B4D
Authority key identifier: 21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/DsffUi0vviKbj6N3-1eID0Le5RQ.roa
Signing time:             Fri 02 Jan 2026 04:18:26 +0000
ROA not before:           Fri 02 Jan 2026 04:18:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207667
IP address blocks:        147.234.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:35:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:9f:f1:8e:ef:95:f5:19:40:11:08:ac:ec:5b:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
        Validity
            Not Before: Jan  2 04:18:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0ec7df522d2fbe229b8fa377fb57880f42dee514
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:aa:ff:16:af:f2:7e:ea:15:66:75:75:93:26:
                    49:b0:cc:24:e7:80:60:7c:71:94:0a:ab:92:9f:0e:
                    78:2f:57:57:9a:02:07:8b:ca:7b:17:fd:d2:bf:f1:
                    8a:6a:ed:7f:c2:48:b4:b1:b5:48:ad:f4:1c:8f:b2:
                    30:90:3f:e7:dd:0e:56:84:8a:bc:c2:ac:ad:e8:9a:
                    cf:af:48:16:3e:17:2d:21:52:3b:d3:df:a6:fc:f8:
                    3c:49:94:9b:1b:86:53:f8:38:2e:84:1e:c9:66:15:
                    c3:5c:f3:4d:aa:b0:44:40:6e:d2:b2:95:44:41:93:
                    21:eb:6c:21:99:0a:59:84:8d:62:74:2d:db:0e:eb:
                    ff:38:88:8c:4c:47:4c:a7:1d:0a:8d:21:43:8b:0a:
                    a5:a9:b0:09:1d:46:61:b0:cb:c3:bf:8b:88:20:5b:
                    eb:93:59:32:79:25:18:ee:d6:8d:39:d4:4d:d4:d0:
                    f4:46:f5:15:a7:74:37:23:31:f9:a1:b5:84:18:e3:
                    63:4f:67:80:2e:14:f6:40:db:3a:33:1d:d4:d8:8c:
                    b4:8b:ce:dd:20:7d:3c:22:cb:bc:ac:d7:1e:98:76:
                    c1:c1:39:1f:41:52:7c:a4:d9:ef:d3:a6:c5:6b:18:
                    55:62:d6:f3:a7:68:47:04:53:6f:18:fc:6c:c1:c9:
                    ab:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:C7:DF:52:2D:2F:BE:22:9B:8F:A3:77:FB:57:88:0F:42:DE:E5:14
            X509v3 Authority Key Identifier:
                keyid:21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/DsffUi0vviKbj6N3-1eID0Le5RQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.234.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:34:ed:5c:90:6e:09:2c:0f:e1:62:5b:83:ab:47:36:cd:b3:
         4b:4a:56:cb:dd:20:3e:25:f7:73:dc:3d:8b:cf:19:f4:8c:4c:
         a7:9a:bb:ca:54:6d:a8:9b:cb:fa:b1:d1:f6:0b:2b:6a:27:be:
         bc:b0:6b:9d:bc:bd:6d:28:23:18:13:e2:f5:a0:c8:ce:4c:ad:
         e5:b5:a7:24:fc:fa:cc:0b:da:48:47:f5:b9:29:4e:62:20:46:
         af:c0:03:ba:9d:db:45:df:47:0f:3a:3f:d5:d7:7c:cd:ff:a8:
         74:33:f1:b5:50:92:38:43:6e:16:cc:1e:a3:53:e2:04:f5:fa:
         3c:5f:75:32:1b:40:b7:5e:f5:15:13:a5:2f:d2:2a:78:8c:28:
         7c:1a:07:16:c8:92:7b:f1:aa:b7:37:8c:64:1c:a4:71:54:83:
         11:24:ea:c8:f3:17:51:ea:c0:bb:e8:fc:c9:93:b2:8e:7b:54:
         69:e1:7a:37:6e:3b:fc:c9:35:7d:07:63:1f:32:eb:54:33:86:
         38:ff:45:e3:d0:f9:18:88:5a:67:cd:cd:4b:d3:69:29:07:7c:
         96:af:82:0a:0f:06:3f:de:4e:3d:80:33:12:76:d6:45:f3:df:
         6a:71:35:d4:02:08:84:9b:71:99:01:56:ee:2d:7a:58:96:6d:
         31:4a:8f:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87Z/xju+V9RlAEQis7FtNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxYmFkNzRlN2Y2YzA5NDlhMjczNmE1NzQ3ODQ5NmQ3ZDhi
NDUwZTYwHhcNMjYwMTAyMDQxODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWM3ZGY1MjJkMmZiZTIyOWI4ZmEzNzdmYjU3ODgwZjQyZGVlNTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6r/Fq/yfuoVZnV1kyZJsMwk54Bg
fHGUCquSnw54L1dXmgIHi8p7F/3Sv/GKau1/wki0sbVIrfQcj7IwkD/n3Q5WhIq8
wqyt6JrPr0gWPhctIVI709+m/Pg8SZSbG4ZT+DguhB7JZhXDXPNNqrBEQG7SspVE
QZMh62whmQpZhI1idC3bDuv/OIiMTEdMpx0KjSFDiwqlqbAJHUZhsMvDv4uIIFvr
k1kyeSUY7taNOdRN1ND0RvUVp3Q3IzH5obWEGONjT2eALhT2QNs6Mx3U2Iy0i87d
IH08Isu8rNcemHbBwTkfQVJ8pNnv06bFaxhVYtbzp2hHBFNvGPxswcmr1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA7H31ItL74im4+jd/tXiA9C3uUUMB8GA1UdIwQY
MBaAFCG6105/bAlJonNqV0eEltfYtFDmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQt
NDQzMzIyOWE4NDczLzEvRHNmZlVpMHZ2aUtiajZOMy0xZUlEMExlNVJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQtNDQzMzIyOWE4NDcz
LzEvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk+pZMA0G
CSqGSIb3DQEBCwUAA4IBAQCjNO1ckG4JLA/hYluDq0c2zbNLSlbL3SA+Jfdz3D2L
zxn0jEynmrvKVG2om8v6sdH2CytqJ768sGudvL1tKCMYE+L1oMjOTK3ltack/PrM
C9pIR/W5KU5iIEavwAO6ndtF30cPOj/V13zN/6h0M/G1UJI4Q24WzB6jU+IE9fo8
X3UyG0C3XvUVE6Uv0ip4jCh8GgcWyJJ78aq3N4xkHKRxVIMRJOrI8xdR6sC76PzJ
k7KOe1Rp4Xo3bjv8yTV9B2MfMutUM4Y4/0Xj0PkYiFpnzc1L02kpB3yWr4IKDwY/
3k49gDMSdtZF899qcTXUAgiEm3GZAVbuLXpYlm0xSo+S
-----END CERTIFICATE-----