This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/fH8Dmn4VQed_Qx1Vb_WAZiWK9No.roa
File:                     fH8Dmn4VQed_Qx1Vb_WAZiWK9No.roa (raw, json)
Hash identifier:          jS9yGbolsVVkM6D04tMpgm8DxgjSbem+4eIOd9cAi6g=
Subject key identifier:   7C:7F:03:9A:7E:15:41:E7:7F:43:1D:55:6F:F5:80:66:25:8A:F4:DA
Certificate issuer:       /CN=dcef58d4cfa35543f8488a2756e6924e647b4589
Certificate serial:       019B76EB815CC37F649C4A5C1FDF882B2CB2
Authority key identifier: DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/fH8Dmn4VQed_Qx1Vb_WAZiWK9No.roa
Signing time:             Thu 01 Jan 2026 00:18:24 +0000
ROA not before:           Thu 01 Jan 2026 00:18:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41573
IP address blocks:        89.40.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 06:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:81:5c:c3:7f:64:9c:4a:5c:1f:df:88:2b:2c:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcef58d4cfa35543f8488a2756e6924e647b4589
        Validity
            Not Before: Jan  1 00:18:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7c7f039a7e1541e77f431d556ff58066258af4da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:64:3c:13:fb:aa:75:7a:e8:c3:4e:8e:70:d6:
                    be:55:e6:4b:90:b8:be:5f:36:02:f4:1f:b5:7b:b4:
                    d0:56:50:f0:7b:18:2a:72:24:a3:37:0b:50:70:4c:
                    4a:65:fb:f3:a7:73:f8:6a:1b:3a:5a:87:3b:b1:b4:
                    3f:a7:59:b1:61:fe:bb:8b:8a:35:9a:dc:c1:55:47:
                    9a:e2:5d:e4:77:aa:f8:17:ee:38:ba:27:92:63:a8:
                    93:81:cd:e7:96:9e:00:46:23:29:8b:10:39:9b:db:
                    b1:93:78:a2:b2:84:fa:ff:af:bf:64:7c:4f:59:bb:
                    25:d8:e5:a5:4e:92:08:db:b0:2b:24:2c:a5:3c:b5:
                    07:4a:b8:c2:45:d6:ae:f4:ed:bf:65:4b:9f:0a:a5:
                    45:4a:ec:a5:9e:5c:d1:f0:34:5c:68:62:3d:e5:eb:
                    1d:85:47:2f:1e:ba:99:25:da:b4:00:14:5f:cb:f9:
                    dc:ce:c6:5c:75:0a:31:ef:7e:f7:79:ba:a7:84:63:
                    9d:c4:48:bf:a7:38:ec:a8:77:5a:08:21:b7:69:56:
                    62:34:15:50:63:9a:8e:8b:4c:14:34:91:51:15:1b:
                    ff:3f:0f:da:8f:b9:2a:da:eb:c4:50:db:a3:01:a0:
                    a1:ca:f8:db:e4:38:16:51:b9:2c:a3:82:db:02:b6:
                    b3:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:7F:03:9A:7E:15:41:E7:7F:43:1D:55:6F:F5:80:66:25:8A:F4:DA
            X509v3 Authority Key Identifier:
                keyid:DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/fH8Dmn4VQed_Qx1Vb_WAZiWK9No.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.40.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:9f:5c:e2:e2:86:00:69:7e:b4:a4:18:30:0b:94:24:20:b7:
         cb:a8:e4:0b:b2:43:7a:c9:03:73:30:15:2d:54:d9:eb:2b:69:
         92:dd:bc:83:8f:9f:7f:06:4d:7a:cd:07:c9:e6:4f:19:f6:3d:
         97:0c:a8:99:c1:13:a2:b1:93:24:42:4f:08:09:df:ea:91:77:
         dc:9a:2c:d3:b4:9a:b1:3c:89:07:9f:88:61:0a:5c:26:52:ef:
         af:b9:e6:ed:bf:30:cc:79:7b:3e:09:cd:bf:b3:24:57:9a:18:
         79:f2:93:cf:e3:e0:ec:0a:e0:78:f3:95:fc:0b:5c:c3:83:11:
         63:af:6b:4c:48:29:44:64:6f:ae:a7:c2:d0:c2:48:40:f9:9b:
         a6:0e:9b:ba:1c:b4:28:86:87:4a:e9:5e:0b:b1:2e:86:61:16:
         12:08:54:02:5a:57:82:6e:e7:07:6a:38:80:21:26:cf:9e:da:
         3e:9b:ec:fe:07:9d:f6:e2:a0:32:89:bf:1a:5c:de:8d:3b:cb:
         0f:a8:5b:e2:22:e7:77:e6:81:12:3b:8d:8c:d1:3b:4f:f1:aa:
         27:76:ab:99:7c:28:ec:c7:56:11:b3:42:ea:0e:95:c6:9e:4d:
         ee:31:88:ed:81:d3:45:07:82:a6:7a:0a:0e:0c:3a:aa:69:cb:
         46:7e:b5:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt264Fcw39knEpcH9+IKyyyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZWY1OGQ0Y2ZhMzU1NDNmODQ4OGEyNzU2ZTY5MjRlNjQ3
YjQ1ODkwHhcNMjYwMTAxMDAxODI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzdmMDM5YTdlMTU0MWU3N2Y0MzFkNTU2ZmY1ODA2NjI1OGFmNGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtGQ8E/uqdXrow06OcNa+VeZLkLi+
XzYC9B+1e7TQVlDwexgqciSjNwtQcExKZfvzp3P4ahs6Woc7sbQ/p1mxYf67i4o1
mtzBVUea4l3kd6r4F+44uieSY6iTgc3nlp4ARiMpixA5m9uxk3iisoT6/6+/ZHxP
Wbsl2OWlTpII27ArJCylPLUHSrjCRdau9O2/ZUufCqVFSuylnlzR8DRcaGI95esd
hUcvHrqZJdq0ABRfy/nczsZcdQox7373ebqnhGOdxEi/pzjsqHdaCCG3aVZiNBVQ
Y5qOi0wUNJFRFRv/Pw/aj7kq2uvEUNujAaChyvjb5DgWUbkso4LbAraz8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHx/A5p+FUHnf0MdVW/1gGYlivTaMB8GA1UdIwQY
MBaAFNzvWNTPo1VD+EiKJ1bmkk5ke0WJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMt
MmVjZTA0ZTE4NWMyLzEvZkg4RG1uNFZRZWRfUXgxVmJfV0FaaVdLOU5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMtMmVjZTA0ZTE4NWMy
LzEvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSjhMA0G
CSqGSIb3DQEBCwUAA4IBAQArn1zi4oYAaX60pBgwC5QkILfLqOQLskN6yQNzMBUt
VNnrK2mS3byDj59/Bk16zQfJ5k8Z9j2XDKiZwROisZMkQk8ICd/qkXfcmizTtJqx
PIkHn4hhClwmUu+vuebtvzDMeXs+Cc2/syRXmhh58pPP4+DsCuB485X8C1zDgxFj
r2tMSClEZG+up8LQwkhA+ZumDpu6HLQohodK6V4LsS6GYRYSCFQCWleCbucHajiA
ISbPnto+m+z+B5324qAyib8aXN6NO8sPqFviIud35oESO42M0TtP8aondquZfCjs
x1YRs0LqDpXGnk3uMYjtgdNFB4KmegoODDqqactGfrVz
-----END CERTIFICATE-----