This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/89PtTG292zu2g1SezEGRBT9Vjf8.roa
File:                     89PtTG292zu2g1SezEGRBT9Vjf8.roa (raw, json)
Hash identifier:          YrYa4K3EoHx1+1xkN0rropqu+/7pkiJ2ziwmKHesV00=
Subject key identifier:   F3:D3:ED:4C:6D:BD:DB:3B:B6:83:54:9E:CC:41:91:05:3F:55:8D:FF
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019B7DCBA50F03BECAC9CC5DE7AB03BD53D6
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/89PtTG292zu2g1SezEGRBT9Vjf8.roa
Signing time:             Fri 02 Jan 2026 08:20:56 +0000
ROA not before:           Fri 02 Jan 2026 08:20:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     265919
IP address blocks:        151.242.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 18 Jan 2026 21:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:cb:a5:0f:03:be:ca:c9:cc:5d:e7:ab:03:bd:53:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jan  2 08:20:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f3d3ed4c6dbddb3bb683549ecc4191053f558dff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:b2:e4:7f:44:3f:c9:89:8c:4e:31:93:2a:b3:
                    7e:55:c4:91:6f:90:04:99:59:2f:b6:cf:39:cb:19:
                    15:bd:7b:34:72:3b:e3:1a:c3:c8:3c:4f:ea:dd:c9:
                    3b:58:6c:f9:3e:38:19:82:9e:61:7c:a5:18:55:82:
                    64:85:9d:e7:51:5f:b1:05:7e:a9:aa:3e:21:22:c4:
                    c8:e9:c7:2b:6c:6a:b8:ce:ad:cd:01:c5:98:3e:a8:
                    18:b9:87:10:8a:04:6d:1e:2a:ff:c1:39:92:0d:3b:
                    5c:a3:4f:3a:5b:76:54:7f:ef:fe:18:3e:91:f0:af:
                    e4:07:3a:66:44:3e:b0:99:b4:08:82:ef:14:76:be:
                    ac:45:58:e3:d8:cc:05:4c:d9:c2:76:a8:ea:eb:fb:
                    89:d9:28:ff:c6:78:01:40:0e:7a:eb:1b:a0:97:72:
                    1f:24:12:99:ab:df:d8:a1:78:70:cf:37:a6:1c:79:
                    ca:f9:24:26:1b:5d:88:d0:a6:72:3d:ae:bf:44:4f:
                    0a:cf:dc:6f:b0:5a:6c:a4:2d:cd:79:e4:37:02:1c:
                    db:5c:4c:06:a9:f9:e5:0b:20:1d:a6:3c:8d:d6:de:
                    5e:7d:9a:21:19:d2:c0:b8:61:94:c4:16:35:07:a1:
                    73:ed:37:3a:5a:f1:41:b6:c6:07:41:2e:bc:29:cc:
                    3a:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:D3:ED:4C:6D:BD:DB:3B:B6:83:54:9E:CC:41:91:05:3F:55:8D:FF
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/89PtTG292zu2g1SezEGRBT9Vjf8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:5f:ff:7e:24:8b:68:be:97:f7:c9:9d:1d:11:31:f9:51:e4:
         af:05:a9:4f:a7:21:96:01:6f:e4:3f:d4:2b:fc:fc:dc:37:5d:
         10:a5:53:fc:89:e9:0e:4c:f1:09:e7:aa:f0:52:10:72:57:c3:
         94:15:a3:af:e0:a4:25:5c:d8:04:f8:43:19:54:2e:19:28:0d:
         9d:26:94:8e:a7:9a:21:43:c6:fe:ce:18:73:9a:30:ea:f6:6f:
         8d:de:fd:8e:ec:3e:ac:da:be:e1:1c:f8:c7:18:77:67:92:93:
         0b:ef:59:d7:af:24:7c:e9:36:90:39:78:0f:75:98:ff:42:3c:
         5b:83:9e:f6:89:da:8f:b6:02:cb:ea:10:f8:25:82:34:37:ef:
         74:8b:50:d1:03:17:f7:29:6e:25:46:a3:a7:27:4b:bb:a9:67:
         60:58:a5:e2:13:e9:a6:5e:47:52:30:a3:17:99:f9:06:e4:5e:
         bf:f6:eb:a9:14:f4:9d:0c:90:c9:cd:9e:2f:dc:b1:cd:d1:3a:
         d0:3d:a2:3f:83:29:40:2c:35:9c:4e:c8:63:a8:75:1a:0e:b3:
         24:10:77:5d:2c:fd:e0:1a:98:75:95:9b:c9:7d:b6:ab:39:70:
         18:5c:58:08:43:f6:f7:c7:ce:58:9e:7a:c2:ef:56:50:1a:f8:
         2c:e4:4f:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9y6UPA77Kycxd56sDvVPWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwMTAyMDgyMDU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2QzZWQ0YzZkYmRkYjNiYjY4MzU0OWVjYzQxOTEwNTNmNTU4ZGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhbLkf0Q/yYmMTjGTKrN+VcSRb5AE
mVkvts85yxkVvXs0cjvjGsPIPE/q3ck7WGz5PjgZgp5hfKUYVYJkhZ3nUV+xBX6p
qj4hIsTI6ccrbGq4zq3NAcWYPqgYuYcQigRtHir/wTmSDTtco086W3ZUf+/+GD6R
8K/kBzpmRD6wmbQIgu8Udr6sRVjj2MwFTNnCdqjq6/uJ2Sj/xngBQA566xugl3If
JBKZq9/YoXhwzzemHHnK+SQmG12I0KZyPa6/RE8Kz9xvsFpspC3NeeQ3AhzbXEwG
qfnlCyAdpjyN1t5efZohGdLAuGGUxBY1B6Fz7Tc6WvFBtsYHQS68Kcw6eQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPPT7Uxtvds7toNUnsxBkQU/VY3/MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvODlQdFRHMjkyenUyZzFTZXpFR1JCVDlWamY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/LjMA0G
CSqGSIb3DQEBCwUAA4IBAQAJX/9+JItovpf3yZ0dETH5UeSvBalPpyGWAW/kP9Qr
/PzcN10QpVP8iekOTPEJ56rwUhByV8OUFaOv4KQlXNgE+EMZVC4ZKA2dJpSOp5oh
Q8b+zhhzmjDq9m+N3v2O7D6s2r7hHPjHGHdnkpML71nXryR86TaQOXgPdZj/Qjxb
g572idqPtgLL6hD4JYI0N+90i1DRAxf3KW4lRqOnJ0u7qWdgWKXiE+mmXkdSMKMX
mfkG5F6/9uupFPSdDJDJzZ4v3LHN0TrQPaI/gylALDWcTshjqHUaDrMkEHddLP3g
Gph1lZvJfbarOXAYXFgIQ/b3x85YnnrC71ZQGvgs5E/W
-----END CERTIFICATE-----