This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/157af6-cce2-4e6d-bc23-30d79f9aa877/1/w3Ce4TCDal1nhbZgs86uVw-EDHA.roa
File:                     w3Ce4TCDal1nhbZgs86uVw-EDHA.roa (raw, json)
Hash identifier:          Y1YtZuc0ZO1egV90xVGx2//JBR2jEYUzSnwVAWKeAz4=
Subject key identifier:   C3:70:9E:E1:30:83:6A:5D:67:85:B6:60:B3:CE:AE:57:0F:84:0C:70
Certificate issuer:       /CN=f0a9005423147453909366c6b4d09c31958acc1c
Certificate serial:       019B7C12D10417011D40199ED1CE7D8953C0
Authority key identifier: F0:A9:00:54:23:14:74:53:90:93:66:C6:B4:D0:9C:31:95:8A:CC:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8KkAVCMUdFOQk2bGtNCcMZWKzBw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/157af6-cce2-4e6d-bc23-30d79f9aa877/1/w3Ce4TCDal1nhbZgs86uVw-EDHA.roa
Signing time:             Fri 02 Jan 2026 00:19:26 +0000
ROA not before:           Fri 02 Jan 2026 00:19:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        89.58.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/157af6-cce2-4e6d-bc23-30d79f9aa877/1/8KkAVCMUdFOQk2bGtNCcMZWKzBw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/157af6-cce2-4e6d-bc23-30d79f9aa877/1/8KkAVCMUdFOQk2bGtNCcMZWKzBw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8KkAVCMUdFOQk2bGtNCcMZWKzBw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 00:20:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:d1:04:17:01:1d:40:19:9e:d1:ce:7d:89:53:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0a9005423147453909366c6b4d09c31958acc1c
        Validity
            Not Before: Jan  2 00:19:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c3709ee130836a5d6785b660b3ceae570f840c70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:aa:46:85:5a:a9:25:7c:a0:9b:5c:74:c3:79:
                    03:d1:5b:05:f1:7b:35:b2:ad:0b:ad:1d:a5:a2:30:
                    45:f2:fe:7e:eb:58:ca:fe:ab:63:24:cf:77:8d:bb:
                    d1:a2:98:40:cb:d4:a7:60:87:19:21:41:05:35:d9:
                    a3:c4:20:87:8c:e9:cd:52:de:dc:af:f0:18:1d:f9:
                    cc:26:51:b0:6a:f0:47:13:10:70:35:e9:2f:8f:85:
                    61:b8:55:94:09:60:d5:d7:bc:8f:4e:e9:34:65:b9:
                    b5:88:ab:9a:98:52:71:eb:ab:2d:21:79:85:3b:83:
                    d8:1c:51:2f:3d:b9:9a:52:3f:71:4d:b7:a1:1f:1d:
                    3e:1e:40:6c:ce:82:1f:af:69:58:fc:1e:ba:0b:a6:
                    bd:2b:6d:6b:d4:d5:ea:60:54:25:c4:9a:7a:7b:4a:
                    36:81:df:f0:4f:28:ec:58:21:d7:ca:2a:9b:4b:a1:
                    88:eb:14:26:2e:b6:40:8c:60:a1:4f:86:da:07:0d:
                    49:96:b4:59:51:00:fa:2c:be:3f:00:5c:69:dd:71:
                    21:00:06:c7:de:24:39:fa:1f:8f:69:bc:47:81:9f:
                    0f:c8:1d:a8:92:ec:93:21:68:44:70:cc:c8:56:84:
                    a2:d2:98:f8:b2:3c:83:14:25:6e:b6:7a:81:ce:34:
                    8b:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:70:9E:E1:30:83:6A:5D:67:85:B6:60:B3:CE:AE:57:0F:84:0C:70
            X509v3 Authority Key Identifier:
                keyid:F0:A9:00:54:23:14:74:53:90:93:66:C6:B4:D0:9C:31:95:8A:CC:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8KkAVCMUdFOQk2bGtNCcMZWKzBw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/157af6-cce2-4e6d-bc23-30d79f9aa877/1/w3Ce4TCDal1nhbZgs86uVw-EDHA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/157af6-cce2-4e6d-bc23-30d79f9aa877/1/8KkAVCMUdFOQk2bGtNCcMZWKzBw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.58.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:ee:a4:9c:37:bf:c9:af:ff:bd:cf:b1:4d:df:ea:ad:d9:ec:
         22:07:d3:b5:95:27:6b:de:c2:6d:72:25:c2:5d:da:37:4f:1e:
         a6:03:72:75:dc:92:54:47:e0:26:ed:23:6e:c3:e6:bf:14:75:
         37:45:10:a8:3e:ac:34:d9:93:dd:9e:eb:2e:8b:b1:54:c3:bc:
         1c:8d:62:3b:8d:8b:80:2d:9b:a6:dc:2f:cb:38:3d:de:3f:25:
         57:cb:cf:22:72:bf:49:82:0a:7f:99:22:ef:f7:e7:e5:0e:8b:
         94:ca:94:29:d2:01:68:9c:fe:ba:c9:98:58:db:cd:54:5f:e4:
         d1:49:2a:1b:cd:1c:ab:84:61:ea:57:4a:c3:1b:97:e8:cf:1d:
         4e:db:74:7c:2b:2c:87:89:9a:f6:2f:2e:47:92:50:5e:df:65:
         ff:4c:87:11:b6:bc:55:13:67:53:b3:f7:b8:d7:3c:61:81:a1:
         d9:48:86:43:79:46:58:73:2b:fe:eb:ed:c2:65:d4:b0:23:89:
         a0:d7:d8:e6:b9:15:4e:99:04:49:db:52:e0:e0:5d:ec:c3:83:
         a8:81:fc:e1:83:cb:e5:99:a3:7d:31:2a:b1:da:4b:dd:c7:9e:
         14:2a:e4:fe:dd:b6:e3:00:0d:07:ae:b2:a2:f3:27:99:9a:3b:
         03:52:ec:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EtEEFwEdQBme0c59iVPAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwYTkwMDU0MjMxNDc0NTM5MDkzNjZjNmI0ZDA5YzMxOTU4
YWNjMWMwHhcNMjYwMTAyMDAxOTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzcwOWVlMTMwODM2YTVkNjc4NWI2NjBiM2NlYWU1NzBmODQwYzcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6pGhVqpJXygm1x0w3kD0VsF8Xs1
sq0LrR2lojBF8v5+61jK/qtjJM93jbvRophAy9SnYIcZIUEFNdmjxCCHjOnNUt7c
r/AYHfnMJlGwavBHExBwNekvj4VhuFWUCWDV17yPTuk0Zbm1iKuamFJx66stIXmF
O4PYHFEvPbmaUj9xTbehHx0+HkBszoIfr2lY/B66C6a9K21r1NXqYFQlxJp6e0o2
gd/wTyjsWCHXyiqbS6GI6xQmLrZAjGChT4baBw1JlrRZUQD6LL4/AFxp3XEhAAbH
3iQ5+h+PabxHgZ8PyB2okuyTIWhEcMzIVoSi0pj4sjyDFCVutnqBzjSLjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMNwnuEwg2pdZ4W2YLPOrlcPhAxwMB8GA1UdIwQY
MBaAFPCpAFQjFHRTkJNmxrTQnDGViswcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEtrQVZDTVVkRk9RazJiR3ROQ2NNWldLekJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny8xNTdhZjYtY2NlMi00ZTZkLWJjMjMt
MzBkNzlmOWFhODc3LzEvdzNDZTRUQ0RhbDFuaGJaZ3M4NnVWdy1FREhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny8xNTdhZjYtY2NlMi00ZTZkLWJjMjMtMzBkNzlmOWFhODc3
LzEvOEtrQVZDTVVkRk9RazJiR3ROQ2NNWldLekJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWTpwMA0G
CSqGSIb3DQEBCwUAA4IBAQBy7qScN7/Jr/+9z7FN3+qt2ewiB9O1lSdr3sJtciXC
Xdo3Tx6mA3J13JJUR+Am7SNuw+a/FHU3RRCoPqw02ZPdnusui7FUw7wcjWI7jYuA
LZum3C/LOD3ePyVXy88icr9Jggp/mSLv9+flDouUypQp0gFonP66yZhY281UX+TR
SSobzRyrhGHqV0rDG5fozx1O23R8KyyHiZr2Ly5HklBe32X/TIcRtrxVE2dTs/e4
1zxhgaHZSIZDeUZYcyv+6+3CZdSwI4mg19jmuRVOmQRJ21Lg4F3sw4Oogfzhg8vl
maN9MSqx2kvdx54UKuT+3bbjAA0HrrKi8yeZmjsDUuzV
-----END CERTIFICATE-----