This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/55c1f1-63ab-4145-b156-e6aeb9413f72/1/dteAII4Iq7XySyzr-x5j1Z9seS4.roa
File:                     dteAII4Iq7XySyzr-x5j1Z9seS4.roa (raw, json)
Hash identifier:          h1f5SaNN80CBxnaeqEfAaP7RXxTuX9SBPLL5E40G9hI=
Subject key identifier:   76:D7:80:20:8E:08:AB:B5:F2:4B:2C:EB:FB:1E:63:D5:9F:6C:79:2E
Certificate issuer:       /CN=de5aecba103bb3c0c0e884d520eb38464d0fa903
Certificate serial:       019B797E4B1E73EEBAB2EDAAA0E0463FA415
Authority key identifier: DE:5A:EC:BA:10:3B:B3:C0:C0:E8:84:D5:20:EB:38:46:4D:0F:A9:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3lrsuhA7s8DA6ITVIOs4Rk0PqQM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/55c1f1-63ab-4145-b156-e6aeb9413f72/1/dteAII4Iq7XySyzr-x5j1Z9seS4.roa
Signing time:             Thu 01 Jan 2026 12:17:58 +0000
ROA not before:           Thu 01 Jan 2026 12:17:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211103
IP address blocks:        185.89.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/55c1f1-63ab-4145-b156-e6aeb9413f72/1/3lrsuhA7s8DA6ITVIOs4Rk0PqQM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/55c1f1-63ab-4145-b156-e6aeb9413f72/1/3lrsuhA7s8DA6ITVIOs4Rk0PqQM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3lrsuhA7s8DA6ITVIOs4Rk0PqQM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 12:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:4b:1e:73:ee:ba:b2:ed:aa:a0:e0:46:3f:a4:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de5aecba103bb3c0c0e884d520eb38464d0fa903
        Validity
            Not Before: Jan  1 12:17:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=76d780208e08abb5f24b2cebfb1e63d59f6c792e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:8e:58:54:93:f9:90:b5:f1:54:4f:05:b2:b9:
                    0b:73:bb:bc:01:fb:57:9f:49:21:ab:5c:d3:e5:78:
                    bf:06:b9:8f:af:b1:9b:8c:40:12:b5:03:d4:f8:5d:
                    ad:1a:47:d4:31:82:03:0b:48:07:b9:41:92:18:b3:
                    d7:af:c7:7f:40:bf:fe:e4:7b:43:9a:bf:48:a2:61:
                    17:32:64:99:10:27:7e:e0:5a:84:0f:9d:16:63:5f:
                    41:d5:8c:ca:fa:f2:ec:56:04:44:1c:6d:81:32:ae:
                    1b:4a:c1:ae:3f:fe:47:45:8d:57:5d:65:9d:b9:9f:
                    c2:5a:c6:52:e8:c9:02:ba:8f:98:53:82:a3:b3:03:
                    74:89:b4:fd:09:d1:fc:14:d2:a9:89:13:78:86:7a:
                    5c:c0:8b:c9:8c:51:40:33:3c:43:39:09:38:61:87:
                    6c:3c:fc:1c:aa:60:8e:bd:0f:40:86:66:65:ca:6b:
                    b0:c6:11:35:7f:8f:5a:ab:2d:96:5d:56:fb:94:89:
                    de:55:e9:3c:00:d0:d6:1b:36:85:9c:6b:8e:94:d3:
                    04:0b:e2:97:e2:71:67:58:c5:85:75:04:fe:67:71:
                    27:45:ad:8f:83:0b:9b:42:73:fc:95:81:79:3e:f6:
                    7f:36:75:10:81:30:21:89:02:2c:e3:a1:e3:32:4c:
                    36:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:D7:80:20:8E:08:AB:B5:F2:4B:2C:EB:FB:1E:63:D5:9F:6C:79:2E
            X509v3 Authority Key Identifier:
                keyid:DE:5A:EC:BA:10:3B:B3:C0:C0:E8:84:D5:20:EB:38:46:4D:0F:A9:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3lrsuhA7s8DA6ITVIOs4Rk0PqQM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/55c1f1-63ab-4145-b156-e6aeb9413f72/1/dteAII4Iq7XySyzr-x5j1Z9seS4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/55c1f1-63ab-4145-b156-e6aeb9413f72/1/3lrsuhA7s8DA6ITVIOs4Rk0PqQM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.89.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:68:60:03:be:51:dc:5c:bd:64:18:79:7f:88:b5:10:81:ff:
         73:6b:59:77:2f:f8:e7:e0:2d:75:7b:a1:0b:ea:60:aa:f2:60:
         8e:1e:a0:fd:ff:27:3b:39:c8:bc:ac:3f:49:5b:be:f2:f0:f4:
         b2:4f:02:22:e4:eb:8b:50:1b:7f:32:f7:6d:23:9a:a6:f0:eb:
         d4:c3:47:d2:6f:0c:b9:87:4d:10:63:39:92:df:4a:14:71:5d:
         6c:b1:1f:47:5c:31:e9:81:13:54:bd:ac:23:ec:e7:37:2f:34:
         a7:03:c3:3b:c8:bd:7e:af:bf:80:33:e4:81:25:ae:3e:64:88:
         20:38:de:5a:f3:53:33:2f:e4:53:fe:19:5a:f5:5e:bb:cd:23:
         f4:58:ff:cd:d7:f0:aa:0c:dd:8b:c0:7a:72:46:20:eb:f0:11:
         71:21:99:79:06:56:38:07:0c:f0:d9:1e:b2:63:a8:aa:ba:61:
         63:8e:e0:50:38:cb:1d:b9:db:c3:77:8c:c5:9d:f6:75:4d:07:
         0b:d2:ca:3f:6d:7e:f9:67:5b:38:22:01:da:a7:9d:00:9c:ce:
         02:6c:1e:ef:39:a0:11:9b:a8:66:6d:f2:50:48:0b:7f:b2:02:
         16:eb:2c:d5:db:01:5a:aa:ea:ce:9d:14:e2:86:78:f7:d2:9c:
         3c:ba:44:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fksec+66su2qoOBGP6QVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlNWFlY2JhMTAzYmIzYzBjMGU4ODRkNTIwZWIzODQ2NGQw
ZmE5MDMwHhcNMjYwMTAxMTIxNzU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmQ3ODAyMDhlMDhhYmI1ZjI0YjJjZWJmYjFlNjNkNTlmNmM3OTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk45YVJP5kLXxVE8FsrkLc7u8AftX
n0khq1zT5Xi/BrmPr7GbjEAStQPU+F2tGkfUMYIDC0gHuUGSGLPXr8d/QL/+5HtD
mr9IomEXMmSZECd+4FqED50WY19B1YzK+vLsVgREHG2BMq4bSsGuP/5HRY1XXWWd
uZ/CWsZS6MkCuo+YU4KjswN0ibT9CdH8FNKpiRN4hnpcwIvJjFFAMzxDOQk4YYds
PPwcqmCOvQ9AhmZlymuwxhE1f49aqy2WXVb7lIneVek8ANDWGzaFnGuOlNMEC+KX
4nFnWMWFdQT+Z3EnRa2PgwubQnP8lYF5PvZ/NnUQgTAhiQIs46HjMkw2/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHbXgCCOCKu18kss6/seY9WfbHkuMB8GA1UdIwQY
MBaAFN5a7LoQO7PAwOiE1SDrOEZND6kDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2xyc3VoQTdzOERBNklUVklPczRSazBQcVFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS81NWMxZjEtNjNhYi00MTQ1LWIxNTYt
ZTZhZWI5NDEzZjcyLzEvZHRlQUlJNElxN1h5U3l6ci14NWoxWjlzZVM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS81NWMxZjEtNjNhYi00MTQ1LWIxNTYtZTZhZWI5NDEzZjcy
LzEvM2xyc3VoQTdzOERBNklUVklPczRSazBQcVFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVkVMA0G
CSqGSIb3DQEBCwUAA4IBAQClaGADvlHcXL1kGHl/iLUQgf9za1l3L/jn4C11e6EL
6mCq8mCOHqD9/yc7Oci8rD9JW77y8PSyTwIi5OuLUBt/MvdtI5qm8OvUw0fSbwy5
h00QYzmS30oUcV1ssR9HXDHpgRNUvawj7Oc3LzSnA8M7yL1+r7+AM+SBJa4+ZIgg
ON5a81MzL+RT/hla9V67zSP0WP/N1/CqDN2LwHpyRiDr8BFxIZl5BlY4Bwzw2R6y
Y6iqumFjjuBQOMsdudvDd4zFnfZ1TQcL0so/bX75Z1s4IgHap50AnM4CbB7vOaAR
m6hmbfJQSAt/sgIW6yzV2wFaqurOnRTihnj30pw8ukTL
-----END CERTIFICATE-----