This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/e7723d-fe9b-4294-bfca-3dda23cbde59/1/ih-3YsLOSbY8XiT3lIzOWf-7eTY.roa
File:                     ih-3YsLOSbY8XiT3lIzOWf-7eTY.roa (raw, json)
Hash identifier:          7NJE9V/fbc3b1ZmP0ysm7266DOh/4fJjEJm4cdCDO5o=
Subject key identifier:   8A:1F:B7:62:C2:CE:49:B6:3C:5E:24:F7:94:8C:CE:59:FF:BB:79:36
Certificate issuer:       /CN=9064b39e80ca1cde4cadc0bc8ea2b41ea6d27c76
Certificate serial:       019B79ED5711E433C110BD7E12CD543F252F
Authority key identifier: 90:64:B3:9E:80:CA:1C:DE:4C:AD:C0:BC:8E:A2:B4:1E:A6:D2:7C:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kGSznoDKHN5MrcC8jqK0HqbSfHY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/e7723d-fe9b-4294-bfca-3dda23cbde59/1/ih-3YsLOSbY8XiT3lIzOWf-7eTY.roa
Signing time:             Thu 01 Jan 2026 14:19:16 +0000
ROA not before:           Thu 01 Jan 2026 14:19:16 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     40985
IP address blocks:        195.189.216.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/e7723d-fe9b-4294-bfca-3dda23cbde59/1/kGSznoDKHN5MrcC8jqK0HqbSfHY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/e7723d-fe9b-4294-bfca-3dda23cbde59/1/kGSznoDKHN5MrcC8jqK0HqbSfHY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kGSznoDKHN5MrcC8jqK0HqbSfHY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:57:11:e4:33:c1:10:bd:7e:12:cd:54:3f:25:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9064b39e80ca1cde4cadc0bc8ea2b41ea6d27c76
        Validity
            Not Before: Jan  1 14:19:16 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8a1fb762c2ce49b63c5e24f7948cce59ffbb7936
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:2f:74:b6:34:53:eb:a4:82:0e:86:54:22:fb:
                    8c:8d:7a:9e:c6:29:22:4c:9d:c4:84:a5:77:60:8d:
                    bb:ab:e4:60:92:2a:1a:5b:f0:7e:1c:9f:ec:8d:7c:
                    65:50:af:73:fc:a9:16:15:f1:bc:68:d1:cb:33:2c:
                    6e:9e:df:6b:33:a6:48:6b:a7:a7:2b:b0:9d:63:ac:
                    75:99:4f:a7:92:a5:aa:ca:25:75:f9:3b:28:cd:69:
                    70:f5:5b:f7:c7:21:a1:02:4c:e6:eb:b5:e4:10:14:
                    2b:a5:04:95:b5:36:98:4a:cf:43:eb:5a:10:ec:26:
                    46:af:df:40:98:72:40:3e:36:7d:ce:01:43:07:d1:
                    43:18:5e:0b:08:8f:72:d8:fb:ae:d1:54:d9:09:86:
                    04:8d:a6:21:6c:8c:c5:18:ee:c6:92:12:39:3f:6c:
                    bd:95:c8:01:ed:45:4c:13:5b:0a:42:43:ac:aa:94:
                    4e:44:4f:5e:71:cd:d0:05:46:c0:d5:f3:ba:0f:fd:
                    52:eb:14:7d:ce:60:ba:96:8b:f1:5f:82:bd:59:12:
                    e1:06:5d:c2:50:64:6c:93:32:63:b2:20:db:0e:e9:
                    cc:33:4d:02:fd:dc:e6:26:d4:e3:cd:8b:81:5c:1d:
                    c8:35:1f:c1:a7:32:fc:d9:f7:10:df:41:ec:7c:c6:
                    b9:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:1F:B7:62:C2:CE:49:B6:3C:5E:24:F7:94:8C:CE:59:FF:BB:79:36
            X509v3 Authority Key Identifier:
                keyid:90:64:B3:9E:80:CA:1C:DE:4C:AD:C0:BC:8E:A2:B4:1E:A6:D2:7C:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kGSznoDKHN5MrcC8jqK0HqbSfHY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/e7723d-fe9b-4294-bfca-3dda23cbde59/1/ih-3YsLOSbY8XiT3lIzOWf-7eTY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/e7723d-fe9b-4294-bfca-3dda23cbde59/1/kGSznoDKHN5MrcC8jqK0HqbSfHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.189.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b7:cc:ba:45:8b:f1:e5:34:b8:31:68:11:7e:15:69:e0:ad:39:
         91:32:a9:4f:7c:4e:bf:61:97:5d:1b:13:a9:52:9b:30:25:6d:
         70:42:1f:19:a3:2f:b2:46:7e:43:94:93:d3:cc:3a:3c:09:69:
         e0:83:03:03:f1:0f:cc:19:aa:fe:a7:af:aa:db:9a:74:1a:c6:
         71:74:fb:88:b5:c4:f7:bf:1e:17:0d:f8:c0:d1:d6:c9:03:81:
         c3:32:27:57:fd:df:60:d7:51:aa:f9:60:93:f8:76:62:9b:23:
         be:06:e7:b3:f3:43:79:8b:51:37:76:a6:d8:61:2f:8c:f6:aa:
         19:a0:ea:db:43:a9:5c:53:c8:74:5e:57:16:7c:f1:90:8b:f3:
         e5:60:92:47:d3:b4:96:4d:09:09:6c:1f:eb:f8:6d:3c:74:ef:
         99:d7:44:25:d4:14:05:fe:fe:cd:d6:aa:69:73:bc:7b:81:46:
         19:37:3e:3a:33:61:5e:d2:bd:4a:91:07:ef:a7:bf:68:0d:e0:
         86:f3:36:6e:29:3a:ba:77:91:70:dc:f2:e0:34:46:d5:5f:3a:
         d7:46:df:d7:03:3f:84:ac:0a:50:d0:5b:2f:f6:d3:a2:14:fa:
         03:61:ce:4f:df:ae:f0:c3:2f:ae:24:05:48:f3:c6:67:50:02:
         4b:ff:f4:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57VcR5DPBEL1+Es1UPyUvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwNjRiMzllODBjYTFjZGU0Y2FkYzBiYzhlYTJiNDFlYTZk
MjdjNzYwHhcNMjYwMTAxMTQxOTE2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTFmYjc2MmMyY2U0OWI2M2M1ZTI0Zjc5NDhjY2U1OWZmYmI3OTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmi90tjRT66SCDoZUIvuMjXqexiki
TJ3EhKV3YI27q+RgkioaW/B+HJ/sjXxlUK9z/KkWFfG8aNHLMyxunt9rM6ZIa6en
K7CdY6x1mU+nkqWqyiV1+TsozWlw9Vv3xyGhAkzm67XkEBQrpQSVtTaYSs9D61oQ
7CZGr99AmHJAPjZ9zgFDB9FDGF4LCI9y2Puu0VTZCYYEjaYhbIzFGO7GkhI5P2y9
lcgB7UVME1sKQkOsqpRORE9ecc3QBUbA1fO6D/1S6xR9zmC6lovxX4K9WRLhBl3C
UGRskzJjsiDbDunMM00C/dzmJtTjzYuBXB3INR/BpzL82fcQ30HsfMa5qQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIoft2LCzkm2PF4k95SMzln/u3k2MB8GA1UdIwQY
MBaAFJBks56AyhzeTK3AvI6itB6m0nx2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0dTem5vREtITjVNcmNDOGpxSzBIcWJTZkhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9lNzcyM2QtZmU5Yi00Mjk0LWJmY2Et
M2RkYTIzY2JkZTU5LzEvaWgtM1lzTE9TYlk4WGlUM2xJek9XZi03ZVRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9lNzcyM2QtZmU5Yi00Mjk0LWJmY2EtM2RkYTIzY2JkZTU5
LzEva0dTem5vREtITjVNcmNDOGpxSzBIcWJTZkhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw73YMA0G
CSqGSIb3DQEBCwUAA4IBAQC3zLpFi/HlNLgxaBF+FWngrTmRMqlPfE6/YZddGxOp
UpswJW1wQh8Zoy+yRn5DlJPTzDo8CWnggwMD8Q/MGar+p6+q25p0GsZxdPuItcT3
vx4XDfjA0dbJA4HDMidX/d9g11Gq+WCT+HZimyO+Buez80N5i1E3dqbYYS+M9qoZ
oOrbQ6lcU8h0XlcWfPGQi/PlYJJH07SWTQkJbB/r+G08dO+Z10Ql1BQF/v7N1qpp
c7x7gUYZNz46M2Fe0r1KkQfvp79oDeCG8zZuKTq6d5Fw3PLgNEbVXzrXRt/XAz+E
rApQ0Fsv9tOiFPoDYc5P367wwy+uJAVI88ZnUAJL//SK
-----END CERTIFICATE-----