This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/bXpAY6oapcJJSsH74H_lsZNy-FA.roa
File:                     bXpAY6oapcJJSsH74H_lsZNy-FA.roa (raw, json)
Hash identifier:          lyF3GT0AHqEUFHykQSaeBtexwb64bMUL9++L8uFcKf0=
Subject key identifier:   6D:7A:40:63:AA:1A:A5:C2:49:4A:C1:FB:E0:7F:E5:B1:93:72:F8:50
Certificate issuer:       /CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
Certificate serial:       019B77C75D5BA15546F371A56420C5FF42D7
Authority key identifier: 09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/bXpAY6oapcJJSsH74H_lsZNy-FA.roa
Signing time:             Thu 01 Jan 2026 04:18:32 +0000
ROA not before:           Thu 01 Jan 2026 04:18:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     64267
IP address blocks:        89.187.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 00:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:5d:5b:a1:55:46:f3:71:a5:64:20:c5:ff:42:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
        Validity
            Not Before: Jan  1 04:18:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6d7a4063aa1aa5c2494ac1fbe07fe5b19372f850
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:0e:16:bc:2b:7b:4c:2a:0b:a9:a9:17:f5:d4:
                    09:da:11:b3:bb:ef:1c:fe:1f:ad:98:e5:0c:11:cd:
                    40:56:fe:73:9f:f7:23:fc:6a:f2:9f:65:d6:41:82:
                    6f:a8:14:6e:5d:64:25:9c:63:81:bc:01:12:1b:a2:
                    3a:5d:22:89:33:d3:e0:ee:7e:73:b9:02:47:a8:61:
                    3c:61:36:13:69:f6:8d:88:4f:4f:6f:68:41:71:6b:
                    a7:42:e6:3f:6e:8f:8c:ab:a1:c9:f0:52:4e:da:36:
                    73:67:8b:f5:6e:0a:ab:23:c8:0c:ac:f3:5f:13:1d:
                    62:14:a5:3e:4f:aa:3c:96:0c:b2:11:e5:9a:cc:00:
                    8c:5c:a1:31:46:0a:93:da:d0:c6:54:50:4b:52:cf:
                    26:13:46:cc:dc:68:0e:a5:9a:ee:61:41:51:4c:73:
                    01:b8:a5:42:56:9c:c8:ad:9f:ed:be:ee:55:b0:7b:
                    b6:11:a8:51:87:48:ff:31:74:5d:d0:cc:82:34:3b:
                    f7:31:12:cf:87:52:d7:e8:8d:a2:01:22:bc:c3:39:
                    a7:a4:02:d0:75:f9:54:fa:9f:00:74:b8:89:94:50:
                    0b:0c:0c:3d:e3:0c:cd:69:61:e5:73:ed:54:88:e9:
                    55:d8:6a:fb:19:f5:00:34:6c:7e:c0:ef:3a:86:48:
                    d6:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:7A:40:63:AA:1A:A5:C2:49:4A:C1:FB:E0:7F:E5:B1:93:72:F8:50
            X509v3 Authority Key Identifier:
                keyid:09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/bXpAY6oapcJJSsH74H_lsZNy-FA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.187.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:ff:a0:b0:b1:8d:13:32:be:19:f6:fc:9b:58:df:4b:c3:8d:
         99:1d:a8:87:d1:df:f4:22:2f:4d:fb:81:54:ad:ff:b9:9b:92:
         a0:06:db:91:98:bc:61:16:af:77:d3:47:bb:0d:51:5d:8f:6e:
         e7:8a:2c:44:b4:45:cc:ec:43:b3:f1:f5:48:dc:5a:27:96:6f:
         75:9c:b4:1d:58:ce:b2:44:8a:ed:d9:6a:f0:ef:4b:5b:76:c3:
         e1:9f:16:ad:e8:67:20:c2:48:c5:96:8b:80:41:d4:d8:e4:4e:
         83:75:db:a3:2d:55:15:b5:8d:1b:1c:d1:9b:1f:24:b6:cb:bd:
         fd:aa:be:5f:b1:2b:9e:4f:c6:cc:b6:87:ab:ee:04:4b:23:59:
         8e:99:ba:6a:33:9a:6f:63:0b:1d:cb:38:e7:de:01:04:e9:48:
         5b:fd:90:71:f3:e7:06:42:bd:64:ef:63:bb:64:87:95:8d:f1:
         89:a2:0d:76:73:f4:76:a0:7b:93:3d:f4:58:1d:c6:c3:4d:73:
         ac:a9:75:73:1a:27:53:5a:0a:b0:b9:18:c1:ff:37:0a:c0:f3:
         54:40:f8:20:56:e3:d5:2b:cc:f6:4b:f0:96:5e:3e:ed:ca:75:
         71:c4:74:75:5f:83:c8:87:d8:23:11:77:c7:8c:ea:ef:f9:c0:
         48:c3:db:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3x11boVVG83GlZCDF/0LXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MWVjN2NjZjBmYTc2MWVkOTliYzVhN2E5ZWMwZDBlZWIw
YmYwNTUwHhcNMjYwMTAxMDQxODMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDdhNDA2M2FhMWFhNWMyNDk0YWMxZmJlMDdmZTViMTkzNzJmODUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAww4WvCt7TCoLqakX9dQJ2hGzu+8c
/h+tmOUMEc1AVv5zn/cj/Gryn2XWQYJvqBRuXWQlnGOBvAESG6I6XSKJM9Pg7n5z
uQJHqGE8YTYTafaNiE9Pb2hBcWunQuY/bo+Mq6HJ8FJO2jZzZ4v1bgqrI8gMrPNf
Ex1iFKU+T6o8lgyyEeWazACMXKExRgqT2tDGVFBLUs8mE0bM3GgOpZruYUFRTHMB
uKVCVpzIrZ/tvu5VsHu2EahRh0j/MXRd0MyCNDv3MRLPh1LX6I2iASK8wzmnpALQ
dflU+p8AdLiJlFALDAw94wzNaWHlc+1UiOlV2Gr7GfUANGx+wO86hkjWowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG16QGOqGqXCSUrB++B/5bGTcvhQMB8GA1UdIwQY
MBaAFAkex8zw+nYe2ZvFp6nsDQ7rC/BVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQt
NDVjZmM4NTdkZGRkLzEvYlhwQVk2b2FwY0pKU3NINzRIX2xzWk55LUZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQtNDVjZmM4NTdkZGRk
LzEvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWbsUMA0G
CSqGSIb3DQEBCwUAA4IBAQBG/6CwsY0TMr4Z9vybWN9Lw42ZHaiH0d/0Ii9N+4FU
rf+5m5KgBtuRmLxhFq9300e7DVFdj27niixEtEXM7EOz8fVI3Fonlm91nLQdWM6y
RIrt2Wrw70tbdsPhnxat6GcgwkjFlouAQdTY5E6DddujLVUVtY0bHNGbHyS2y739
qr5fsSueT8bMtoer7gRLI1mOmbpqM5pvYwsdyzjn3gEE6Uhb/ZBx8+cGQr1k72O7
ZIeVjfGJog12c/R2oHuTPfRYHcbDTXOsqXVzGidTWgqwuRjB/zcKwPNUQPggVuPV
K8z2S/CWXj7tynVxxHR1X4PIh9gjEXfHjOrv+cBIw9s6
-----END CERTIFICATE-----