This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/66dOPLt0_WTatbD8jTDqviLCby0.roa
File:                     66dOPLt0_WTatbD8jTDqviLCby0.roa (raw, json)
Hash identifier:          5X3443GxzYaJM9zk480V7FRqeV1QrGs7L4mBsvUHY7g=
Subject key identifier:   EB:A7:4E:3C:BB:74:FD:64:DA:B5:B0:FC:8D:30:EA:BE:22:C2:6F:2D
Certificate issuer:       /CN=a2088e06d553cff293d277f4d76c3a710bd8b2f7
Certificate serial:       019B77C70739E133987CFF90EC35CD05BA32
Authority key identifier: A2:08:8E:06:D5:53:CF:F2:93:D2:77:F4:D7:6C:3A:71:0B:D8:B2:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ogiOBtVTz_KT0nf012w6cQvYsvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/66dOPLt0_WTatbD8jTDqviLCby0.roa
Signing time:             Thu 01 Jan 2026 04:18:10 +0000
ROA not before:           Thu 01 Jan 2026 04:18:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     46475
IP address blocks:        89.34.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/ogiOBtVTz_KT0nf012w6cQvYsvc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/ogiOBtVTz_KT0nf012w6cQvYsvc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ogiOBtVTz_KT0nf012w6cQvYsvc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 13:38:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:07:39:e1:33:98:7c:ff:90:ec:35:cd:05:ba:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2088e06d553cff293d277f4d76c3a710bd8b2f7
        Validity
            Not Before: Jan  1 04:18:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=eba74e3cbb74fd64dab5b0fc8d30eabe22c26f2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:62:16:28:53:0c:82:ec:bc:2e:4f:69:06:70:
                    49:09:71:23:dc:2d:5c:9e:db:e9:d0:db:ef:5f:fd:
                    2f:a5:06:00:68:f0:f3:c5:2e:8d:0d:ce:2e:d3:31:
                    63:6a:76:ee:df:ea:75:4a:c7:f2:68:81:dd:47:02:
                    e5:c8:50:87:b2:b0:87:fc:05:c0:04:4f:09:9f:b5:
                    53:52:65:27:ba:cf:1a:07:2b:b8:d0:10:25:8e:9d:
                    b7:ae:c0:0b:6f:b1:18:f5:1f:77:d3:60:f8:b6:b1:
                    70:24:74:8e:82:59:b7:ab:c0:99:d7:9e:7a:91:61:
                    57:cd:0d:5d:dc:bb:a7:6e:3f:64:db:7b:48:94:65:
                    65:c5:2d:8f:34:29:47:4a:ff:03:88:eb:3e:97:1f:
                    bf:9b:d9:b3:f3:50:cc:31:dd:9c:ad:da:a3:d5:99:
                    25:f2:92:d5:be:63:e6:ed:b9:25:43:e3:9d:ea:77:
                    a6:ae:18:a0:67:83:fe:38:fd:2c:aa:e7:e3:c0:04:
                    1c:98:47:e6:4e:7f:71:eb:c9:bd:fc:3b:58:c7:f4:
                    fe:d1:f4:c2:8e:6e:5d:18:cc:8d:49:c4:6d:f3:5e:
                    c2:b0:42:81:00:a5:4c:3d:97:68:e4:d4:0c:54:eb:
                    9b:e2:dc:b7:92:1e:0c:57:fd:c4:76:b4:8b:2f:62:
                    d2:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:A7:4E:3C:BB:74:FD:64:DA:B5:B0:FC:8D:30:EA:BE:22:C2:6F:2D
            X509v3 Authority Key Identifier:
                keyid:A2:08:8E:06:D5:53:CF:F2:93:D2:77:F4:D7:6C:3A:71:0B:D8:B2:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ogiOBtVTz_KT0nf012w6cQvYsvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/66dOPLt0_WTatbD8jTDqviLCby0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/ogiOBtVTz_KT0nf012w6cQvYsvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.34.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:5a:57:3b:f0:a1:c1:da:7e:d2:7e:b5:b2:ff:32:bf:2e:94:
         13:17:bf:07:12:6e:39:0e:23:fc:f8:ef:a9:a2:f2:bd:52:ef:
         5e:c8:19:11:c9:51:d3:df:9d:5f:31:e3:09:58:10:9d:2b:37:
         5d:df:0a:d5:33:91:4c:9f:bb:7d:95:3e:f9:55:48:98:f2:45:
         f4:3c:14:dd:e2:52:de:53:bb:d2:ce:41:e1:6d:d4:0f:9e:ad:
         a3:83:03:43:33:4b:e3:c8:07:0c:fe:c2:d1:c5:ed:80:e2:6c:
         0a:bf:b6:c6:0c:09:05:b3:39:8b:46:a5:24:a3:78:a6:c3:83:
         59:99:83:5f:98:ef:24:ae:db:5e:bf:a6:65:22:87:7b:02:49:
         3f:16:5f:a6:bd:be:b0:84:3c:99:89:68:21:3e:fe:27:d3:a3:
         6f:66:c3:53:51:e2:df:f4:85:0f:af:8d:76:aa:76:40:d5:e6:
         b3:02:ee:a5:b3:7e:96:45:18:ed:17:f9:f3:0b:82:8c:d7:ff:
         ee:70:c0:57:5a:fe:6e:db:d6:6e:19:d1:67:d6:b0:9c:24:c7:
         7f:97:e2:23:71:22:a6:31:d8:8c:79:f9:62:89:9a:fb:0d:57:
         5c:8d:58:cf:3e:f8:e4:a5:df:a4:83:63:5c:1c:48:95:01:b8:
         c3:65:0e:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xwc54TOYfP+Q7DXNBboyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyMDg4ZTA2ZDU1M2NmZjI5M2QyNzdmNGQ3NmMzYTcxMGJk
OGIyZjcwHhcNMjYwMTAxMDQxODEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmE3NGUzY2JiNzRmZDY0ZGFiNWIwZmM4ZDMwZWFiZTIyYzI2ZjJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxGIWKFMMguy8Lk9pBnBJCXEj3C1c
ntvp0NvvX/0vpQYAaPDzxS6NDc4u0zFjanbu3+p1SsfyaIHdRwLlyFCHsrCH/AXA
BE8Jn7VTUmUnus8aByu40BAljp23rsALb7EY9R9302D4trFwJHSOglm3q8CZ1556
kWFXzQ1d3Lunbj9k23tIlGVlxS2PNClHSv8DiOs+lx+/m9mz81DMMd2crdqj1Zkl
8pLVvmPm7bklQ+Od6nemrhigZ4P+OP0squfjwAQcmEfmTn9x68m9/DtYx/T+0fTC
jm5dGMyNScRt817CsEKBAKVMPZdo5NQMVOub4ty3kh4MV/3EdrSLL2LSFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOunTjy7dP1k2rWw/I0w6r4iwm8tMB8GA1UdIwQY
MBaAFKIIjgbVU8/yk9J39NdsOnEL2LL3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2dpT0J0VlR6X0tUMG5mMDEydzZjUXZZc3ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9iNDVkNzktYTRkNy00NDYwLWJmZTct
YmJlYTI5MThlMTAyLzEvNjZkT1BMdDBfV1RhdGJEOGpURHF2aUxDYnkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9iNDVkNzktYTRkNy00NDYwLWJmZTctYmJlYTI5MThlMTAy
LzEvb2dpT0J0VlR6X0tUMG5mMDEydzZjUXZZc3ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSJAMA0G
CSqGSIb3DQEBCwUAA4IBAQCnWlc78KHB2n7SfrWy/zK/LpQTF78HEm45DiP8+O+p
ovK9Uu9eyBkRyVHT351fMeMJWBCdKzdd3wrVM5FMn7t9lT75VUiY8kX0PBTd4lLe
U7vSzkHhbdQPnq2jgwNDM0vjyAcM/sLRxe2A4mwKv7bGDAkFszmLRqUko3imw4NZ
mYNfmO8krttev6ZlIod7Akk/Fl+mvb6whDyZiWghPv4n06NvZsNTUeLf9IUPr412
qnZA1eazAu6ls36WRRjtF/nzC4KM1//ucMBXWv5u29ZuGdFn1rCcJMd/l+IjcSKm
MdiMefliiZr7DVdcjVjPPvjkpd+kg2NcHEiVAbjDZQ6r
-----END CERTIFICATE-----