This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/33TwtHJinU6QWkyWvBZtQuawhq0.roa
File:                     33TwtHJinU6QWkyWvBZtQuawhq0.roa (raw, json)
Hash identifier:          mXwz4R3jJwh3kXfCtFif3s7Xo1vQN/vo20BPhoJAqeo=
Subject key identifier:   DF:74:F0:B4:72:62:9D:4E:90:5A:4C:96:BC:16:6D:42:E6:B0:86:AD
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019B7A5A9A57B0DC0A113B1F1DDFCCC3164A
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/33TwtHJinU6QWkyWvBZtQuawhq0.roa
Signing time:             Thu 01 Jan 2026 16:18:36 +0000
ROA not before:           Thu 01 Jan 2026 16:18:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16125
IP address blocks:        89.213.254.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:9a:57:b0:dc:0a:11:3b:1f:1d:df:cc:c3:16:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 16:18:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=df74f0b472629d4e905a4c96bc166d42e6b086ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:fe:ff:92:27:39:7a:e0:72:b5:ae:66:bb:b3:
                    26:f5:4a:99:dd:7c:b1:fc:c1:f8:3e:99:50:ef:c6:
                    61:69:7c:bc:e7:35:b9:eb:46:7c:d9:38:5a:a3:4d:
                    be:05:a5:25:61:cf:52:3e:50:30:52:7e:f2:64:28:
                    e3:2b:c4:b5:c8:83:ee:d2:9f:d2:09:ab:3e:68:f8:
                    62:a0:5a:47:72:ff:71:cc:48:b9:ef:fb:7c:24:c9:
                    d5:61:4b:6a:6a:19:46:92:1c:34:24:8f:ce:d1:4a:
                    93:f1:69:f4:bb:aa:b7:60:73:2e:4c:5d:47:16:9c:
                    fc:95:6a:1a:4a:61:48:f9:8a:b6:c0:57:a8:51:de:
                    70:61:a2:33:f8:bc:97:3c:89:fe:6e:bd:48:71:43:
                    29:4d:7e:f0:68:56:22:21:52:1a:aa:07:2d:9c:22:
                    cf:09:4c:67:6d:c1:39:ae:fa:24:9a:cf:60:27:de:
                    bb:55:05:d4:41:5b:d1:40:8b:33:13:95:1c:c1:4e:
                    bd:18:ea:6c:00:55:2b:b7:87:fe:87:36:db:9f:bd:
                    17:3c:e0:c5:77:2e:06:84:36:60:a5:35:12:df:3f:
                    25:f0:d3:f2:9d:ba:fa:4d:57:62:b2:49:7e:26:05:
                    5a:4a:20:db:47:f9:cf:15:72:a8:cc:f1:5e:48:64:
                    cf:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:74:F0:B4:72:62:9D:4E:90:5A:4C:96:BC:16:6D:42:E6:B0:86:AD
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/33TwtHJinU6QWkyWvBZtQuawhq0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         57:16:41:58:30:a1:75:b6:17:73:cc:74:f4:41:33:01:2f:f3:
         06:be:50:69:4e:bc:4e:17:5d:e2:34:2e:39:19:38:48:59:b9:
         32:a2:e9:ee:0b:45:41:70:8b:cd:1d:d0:62:f6:45:e0:fd:14:
         70:b7:a1:6b:7c:66:c7:54:32:3f:81:43:25:3f:c3:f6:f2:b2:
         dc:ba:01:06:66:35:c0:4c:7c:b2:bb:37:de:8a:70:7d:85:e1:
         fb:b5:9e:9e:d1:d0:c4:c4:48:e9:2e:1b:e5:38:60:86:e1:d3:
         af:f3:1a:05:9b:bd:ee:fc:ac:12:74:27:47:3b:ee:ef:2f:75:
         8b:38:b6:fa:69:02:ba:e2:53:d6:9f:34:44:91:26:d4:3a:cf:
         96:71:fd:2b:09:5c:a5:53:2f:52:04:0c:d4:65:93:18:39:d8:
         14:ee:ef:68:3a:46:4d:8a:cb:8d:b6:1e:97:81:8e:15:e2:f5:
         f7:6f:8e:bc:58:99:01:31:71:c2:ce:df:74:9c:69:d1:ba:98:
         04:a4:30:90:92:14:89:a5:16:ac:52:b3:65:4b:00:ba:1f:d3:
         69:bb:9a:25:51:07:66:5e:36:19:d1:53:2f:34:40:2b:ea:a9:
         b9:74:14:b5:b0:e6:fd:18:14:42:a6:3f:f4:42:86:38:34:7a:
         cf:e2:b5:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WppXsNwKETsfHd/MwxZKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwMTAxMTYxODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjc0ZjBiNDcyNjI5ZDRlOTA1YTRjOTZiYzE2NmQ0MmU2YjA4NmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtf7/kic5euByta5mu7Mm9UqZ3Xyx
/MH4PplQ78ZhaXy85zW560Z82Thao02+BaUlYc9SPlAwUn7yZCjjK8S1yIPu0p/S
Cas+aPhioFpHcv9xzEi57/t8JMnVYUtqahlGkhw0JI/O0UqT8Wn0u6q3YHMuTF1H
Fpz8lWoaSmFI+Yq2wFeoUd5wYaIz+LyXPIn+br1IcUMpTX7waFYiIVIaqgctnCLP
CUxnbcE5rvokms9gJ967VQXUQVvRQIszE5UcwU69GOpsAFUrt4f+hzbbn70XPODF
dy4GhDZgpTUS3z8l8NPynbr6TVdiskl+JgVaSiDbR/nPFXKozPFeSGTP6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN908LRyYp1OkFpMlrwWbULmsIatMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMzNUd3RISmluVTZRV2t5V3ZCWnRRdWF3aHEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWdX+MA0G
CSqGSIb3DQEBCwUAA4IBAQBXFkFYMKF1thdzzHT0QTMBL/MGvlBpTrxOF13iNC45
GThIWbkyounuC0VBcIvNHdBi9kXg/RRwt6FrfGbHVDI/gUMlP8P28rLcugEGZjXA
THyyuzfeinB9heH7tZ6e0dDExEjpLhvlOGCG4dOv8xoFm73u/KwSdCdHO+7vL3WL
OLb6aQK64lPWnzREkSbUOs+Wcf0rCVylUy9SBAzUZZMYOdgU7u9oOkZNisuNth6X
gY4V4vX3b468WJkBMXHCzt90nGnRupgEpDCQkhSJpRasUrNlSwC6H9Npu5olUQdm
XjYZ0VMvNEAr6qm5dBS1sOb9GBRCpj/0QoY4NHrP4rUx
-----END CERTIFICATE-----