This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/AD5dz7gngB-Fl8Dh38LDUi2jeZg.roa
File:                     AD5dz7gngB-Fl8Dh38LDUi2jeZg.roa (raw, json)
Hash identifier:          DPuIsfE7458VNhV/FsEPTderRTFB36xjUnjHiNsmpiU=
Subject key identifier:   00:3E:5D:CF:B8:27:80:1F:85:97:C0:E1:DF:C2:C3:52:2D:A3:79:98
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019B7A5AA9E255DFE99AB64932AFF434831B
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/AD5dz7gngB-Fl8Dh38LDUi2jeZg.roa
Signing time:             Thu 01 Jan 2026 16:18:40 +0000
ROA not before:           Thu 01 Jan 2026 16:18:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58643
IP address blocks:        89.28.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 05:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:a9:e2:55:df:e9:9a:b6:49:32:af:f4:34:83:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 16:18:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=003e5dcfb827801f8597c0e1dfc2c3522da37998
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:67:fa:5d:e3:92:e4:33:6a:4c:b8:6d:0f:62:
                    9c:1a:76:45:e7:c8:9c:8c:c2:2c:ca:cf:d8:b8:e5:
                    18:41:aa:2c:b8:38:16:a5:73:52:fe:82:7b:24:0f:
                    d7:12:e1:34:2f:dd:a6:18:da:25:d1:1f:a0:70:3c:
                    0f:87:5b:24:98:f8:88:1b:87:8b:10:27:56:1f:48:
                    95:9e:f2:76:8d:4e:50:7c:66:c3:68:b6:fe:05:95:
                    0f:ea:58:b5:5b:52:d4:c6:c0:f4:30:0f:bd:d1:fa:
                    54:5b:39:b6:2d:c6:b6:20:5d:a0:96:0e:d1:66:83:
                    ac:2c:60:c7:b6:bc:4e:44:97:93:37:96:c4:49:4d:
                    69:c5:2e:a4:a8:a6:4d:9e:9f:61:4f:26:c6:98:c9:
                    0d:9c:e2:a1:71:2b:9d:83:c4:38:4a:ac:08:09:53:
                    39:eb:c6:2e:19:a2:d4:74:74:b3:92:0a:5f:32:2f:
                    d5:c8:c3:c2:f9:f5:43:15:7d:0f:94:bf:b4:7f:b4:
                    21:50:b0:55:2a:ef:14:6a:f3:e0:d3:f9:be:e1:ee:
                    36:ee:97:28:2a:50:b3:b8:8f:cd:e2:87:e2:d2:ee:
                    75:f1:4c:a5:f6:6e:7c:29:f3:8e:04:e3:69:74:72:
                    08:59:6a:cd:07:b9:97:15:b4:b5:10:01:11:19:ad:
                    03:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:3E:5D:CF:B8:27:80:1F:85:97:C0:E1:DF:C2:C3:52:2D:A3:79:98
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/AD5dz7gngB-Fl8Dh38LDUi2jeZg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.28.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:ef:be:d0:61:3d:5c:29:85:72:f8:c9:7e:42:4e:b2:ab:7c:
         fc:78:9f:9f:76:08:89:33:10:49:6b:69:6e:fa:9d:32:02:ba:
         83:b0:19:eb:34:ea:35:76:8d:f2:5a:57:37:0f:4e:b1:a1:b1:
         bc:9d:81:00:97:29:0b:63:7f:2d:75:bd:1d:f4:aa:79:71:14:
         a5:10:fd:54:38:b5:c6:88:c3:96:2c:d0:2c:2f:c2:d5:94:8c:
         1e:f9:94:f8:15:b5:db:8a:de:2d:41:66:03:74:2d:0d:0e:2e:
         d0:60:43:b0:e4:7a:a6:d9:b4:a5:4c:76:af:69:95:e5:ad:2c:
         05:59:39:c5:49:f9:58:87:fa:57:30:3b:74:c8:5c:01:b0:0c:
         f1:d8:ae:02:1c:7b:09:a0:cb:94:80:c6:4f:2f:f1:a5:fe:1b:
         a0:df:04:52:94:02:47:14:59:c1:23:c8:0f:d5:62:83:4d:53:
         a3:f2:82:b8:f8:c8:9d:f0:99:fa:5e:d2:5d:27:42:f5:3d:c8:
         a7:f3:a1:8d:4d:e9:2f:de:a3:ba:2e:ed:56:53:17:73:80:0b:
         05:a1:cc:b6:c2:4f:27:7e:0b:e6:1e:15:6f:2f:ac:41:39:b9:
         d0:24:43:83:b9:12:02:0d:f2:80:d7:40:a4:ed:b2:c3:43:6b:
         3c:73:50:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WqniVd/pmrZJMq/0NIMbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwMTAxMTYxODQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDNlNWRjZmI4Mjc4MDFmODU5N2MwZTFkZmMyYzM1MjJkYTM3OTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAimf6XeOS5DNqTLhtD2KcGnZF58ic
jMIsys/YuOUYQaosuDgWpXNS/oJ7JA/XEuE0L92mGNol0R+gcDwPh1skmPiIG4eL
ECdWH0iVnvJ2jU5QfGbDaLb+BZUP6li1W1LUxsD0MA+90fpUWzm2Lca2IF2glg7R
ZoOsLGDHtrxORJeTN5bESU1pxS6kqKZNnp9hTybGmMkNnOKhcSudg8Q4SqwICVM5
68YuGaLUdHSzkgpfMi/VyMPC+fVDFX0PlL+0f7QhULBVKu8UavPg0/m+4e427pco
KlCzuI/N4ofi0u518Uyl9m58KfOOBONpdHIIWWrNB7mXFbS1EAERGa0DVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAA+Xc+4J4AfhZfA4d/Cw1Ito3mYMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQUQ1ZHo3Z25nQi1GbDhEaDM4TERVaTJqZVpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRzrMA0G
CSqGSIb3DQEBCwUAA4IBAQCf777QYT1cKYVy+Ml+Qk6yq3z8eJ+fdgiJMxBJa2lu
+p0yArqDsBnrNOo1do3yWlc3D06xobG8nYEAlykLY38tdb0d9Kp5cRSlEP1UOLXG
iMOWLNAsL8LVlIwe+ZT4FbXbit4tQWYDdC0NDi7QYEOw5Hqm2bSlTHavaZXlrSwF
WTnFSflYh/pXMDt0yFwBsAzx2K4CHHsJoMuUgMZPL/Gl/hug3wRSlAJHFFnBI8gP
1WKDTVOj8oK4+Mid8Jn6XtJdJ0L1Pcin86GNTekv3qO6Lu1WUxdzgAsFocy2wk8n
fgvmHhVvL6xBObnQJEODuRICDfKA10Ck7bLDQ2s8c1C2
-----END CERTIFICATE-----