This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/Idn5X01I8ewaC6lH5aMO8qDPZR8.roa
File:                     Idn5X01I8ewaC6lH5aMO8qDPZR8.roa (raw, json)
Hash identifier:          inaT9YDkDzXeVmAusXdqKqfZJOTOaFo7hAptlKwjJcY=
Subject key identifier:   21:D9:F9:5F:4D:48:F1:EC:1A:0B:A9:47:E5:A3:0E:F2:A0:CF:65:1F
Certificate issuer:       /CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
Certificate serial:       019B77C75BF577D6E9ADD3CA5F2CDB807B3A
Authority key identifier: 09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/Idn5X01I8ewaC6lH5aMO8qDPZR8.roa
Signing time:             Thu 01 Jan 2026 04:18:32 +0000
ROA not before:           Thu 01 Jan 2026 04:18:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42689
IP address blocks:        89.187.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 14:01:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:5b:f5:77:d6:e9:ad:d3:ca:5f:2c:db:80:7b:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
        Validity
            Not Before: Jan  1 04:18:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=21d9f95f4d48f1ec1a0ba947e5a30ef2a0cf651f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:57:31:5a:8e:a4:14:05:32:a1:e6:a9:41:54:
                    03:00:3c:97:a3:38:fe:eb:05:e7:39:28:80:a1:82:
                    96:26:5e:c0:c5:ff:a7:6a:86:b4:ac:3d:7b:28:f7:
                    9c:9d:d2:ad:0d:92:13:61:12:9d:6d:de:d4:57:87:
                    de:fc:f0:b3:58:48:c1:09:8a:99:55:4f:f9:9a:4e:
                    30:30:33:00:4b:16:95:e6:0b:d2:8a:2a:3b:63:8a:
                    11:22:f8:fa:0c:f1:33:c9:a6:3d:6a:1b:26:69:11:
                    24:e4:c3:ea:66:9c:f0:58:2e:2a:0c:10:36:55:21:
                    3d:ca:96:80:28:fd:3c:8c:e7:a5:3c:e2:b5:f6:39:
                    d2:3d:87:b6:db:3a:f1:93:a1:6d:82:ea:13:ce:67:
                    9d:65:3b:17:1d:68:a5:fc:fe:37:3a:74:3f:fe:fa:
                    88:5f:ae:e5:54:0e:72:ad:07:5e:65:57:a2:b0:47:
                    dc:f2:21:ee:de:3c:1b:8f:8f:e6:65:38:74:8e:00:
                    19:9a:91:d3:db:d5:92:0d:10:57:f6:79:5a:63:1c:
                    a2:f3:f3:cc:61:dd:97:37:3f:a3:17:2c:34:12:7a:
                    69:3f:aa:19:68:21:3e:2b:c5:d5:dd:93:16:e6:23:
                    c3:2b:8c:a1:0b:a0:20:8f:cc:bd:a8:0e:b1:91:23:
                    1a:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:D9:F9:5F:4D:48:F1:EC:1A:0B:A9:47:E5:A3:0E:F2:A0:CF:65:1F
            X509v3 Authority Key Identifier:
                keyid:09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/Idn5X01I8ewaC6lH5aMO8qDPZR8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.187.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:57:56:37:1c:8f:98:15:dc:ca:3b:19:6c:97:7e:f7:09:d1:
         99:58:fe:c0:95:fd:46:22:ed:c8:b9:93:2d:54:5b:2f:02:c4:
         16:d2:62:d1:ff:7a:ac:1a:4b:25:cf:1a:06:d2:b9:c3:3d:b6:
         9d:42:ca:31:e5:6a:a6:1b:1b:8d:2b:fc:3c:26:c2:1c:e1:d9:
         36:77:66:86:68:bb:05:bb:5b:cd:29:c9:f4:30:f7:aa:3a:b7:
         75:19:b5:f9:d6:a9:bb:44:d1:f1:d5:10:5c:b4:db:4f:67:a2:
         66:66:cc:e7:95:4d:ee:95:3c:aa:6d:7b:92:a2:49:3f:6f:db:
         9d:c7:eb:7b:1a:3a:aa:4d:1a:12:5a:cf:d8:06:2b:ac:7d:02:
         41:d9:04:28:ed:ef:5c:32:41:d7:a7:20:63:64:a2:58:ca:e0:
         ac:52:77:17:92:e3:78:25:ad:7c:04:9a:f7:de:7b:26:73:35:
         4f:1c:de:2d:00:fa:f4:60:e9:27:46:94:9f:50:88:45:4d:6f:
         80:b4:c2:8d:4a:f2:d1:b1:0c:6e:bb:b6:a4:76:ef:06:32:56:
         eb:81:f1:3b:a1:08:e3:26:e6:23:ad:0d:ab:cb:a3:f8:30:89:
         4e:2d:05:65:31:63:0d:45:70:91:37:8c:3b:a5:0f:37:36:5c:
         b1:3d:a8:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3x1v1d9bprdPKXyzbgHs6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MWVjN2NjZjBmYTc2MWVkOTliYzVhN2E5ZWMwZDBlZWIw
YmYwNTUwHhcNMjYwMTAxMDQxODMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWQ5Zjk1ZjRkNDhmMWVjMWEwYmE5NDdlNWEzMGVmMmEwY2Y2NTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjVcxWo6kFAUyoeapQVQDADyXozj+
6wXnOSiAoYKWJl7Axf+naoa0rD17KPecndKtDZITYRKdbd7UV4fe/PCzWEjBCYqZ
VU/5mk4wMDMASxaV5gvSiio7Y4oRIvj6DPEzyaY9ahsmaREk5MPqZpzwWC4qDBA2
VSE9ypaAKP08jOelPOK19jnSPYe22zrxk6FtguoTzmedZTsXHWil/P43OnQ//vqI
X67lVA5yrQdeZVeisEfc8iHu3jwbj4/mZTh0jgAZmpHT29WSDRBX9nlaYxyi8/PM
Yd2XNz+jFyw0EnppP6oZaCE+K8XV3ZMW5iPDK4yhC6Agj8y9qA6xkSMayQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCHZ+V9NSPHsGgupR+WjDvKgz2UfMB8GA1UdIwQY
MBaAFAkex8zw+nYe2ZvFp6nsDQ7rC/BVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQt
NDVjZmM4NTdkZGRkLzEvSWRuNVgwMUk4ZXdhQzZsSDVhTU84cURQWlI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQtNDVjZmM4NTdkZGRk
LzEvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWbsEMA0G
CSqGSIb3DQEBCwUAA4IBAQAdV1Y3HI+YFdzKOxlsl373CdGZWP7Alf1GIu3IuZMt
VFsvAsQW0mLR/3qsGkslzxoG0rnDPbadQsox5WqmGxuNK/w8JsIc4dk2d2aGaLsF
u1vNKcn0MPeqOrd1GbX51qm7RNHx1RBctNtPZ6JmZsznlU3ulTyqbXuSokk/b9ud
x+t7GjqqTRoSWs/YBiusfQJB2QQo7e9cMkHXpyBjZKJYyuCsUncXkuN4Ja18BJr3
3nsmczVPHN4tAPr0YOknRpSfUIhFTW+AtMKNSvLRsQxuu7akdu8GMlbrgfE7oQjj
JuYjrQ2ry6P4MIlOLQVlMWMNRXCRN4w7pQ83NlyxPaja
-----END CERTIFICATE-----