This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/aI2lWzQMBO-S7Ut3DWaU54exkUg.roa
File:                     aI2lWzQMBO-S7Ut3DWaU54exkUg.roa (raw, json)
Hash identifier:          OUAYFr1mGPR5EozQ8mwdImAmUsjkehDYixYlMOJqosg=
Subject key identifier:   68:8D:A5:5B:34:0C:04:EF:92:ED:4B:77:0D:66:94:E7:87:B1:91:48
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       019B7D5B002BFB4D499365B2AA74923AA100
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/aI2lWzQMBO-S7Ut3DWaU54exkUg.roa
Signing time:             Fri 02 Jan 2026 06:17:54 +0000
ROA not before:           Fri 02 Jan 2026 06:17:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58022
IP address blocks:        89.37.112.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 12:01:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5b:00:2b:fb:4d:49:93:65:b2:aa:74:92:3a:a1:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Jan  2 06:17:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=688da55b340c04ef92ed4b770d6694e787b19148
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:4f:22:b5:1c:47:6f:dc:dc:4b:97:a7:35:b0:
                    0f:1c:f7:d9:a7:21:2f:92:bd:fa:43:a8:17:be:4e:
                    c9:70:46:d9:c0:bd:08:e8:4d:b9:2e:e9:d1:d5:e9:
                    13:f1:85:0d:09:70:af:31:fb:ae:10:40:55:36:72:
                    58:46:4b:35:69:10:e3:69:a4:44:5e:97:ba:67:bd:
                    01:83:02:9b:20:89:81:92:c1:e8:32:f2:80:7c:a9:
                    18:06:02:93:81:d9:7e:aa:65:d2:35:a3:0c:54:26:
                    db:dc:a8:5d:12:8f:94:25:7e:4c:e2:38:9c:ca:db:
                    fb:a0:b9:fd:3f:59:b0:11:df:0f:70:51:ce:f6:1c:
                    51:f9:90:41:f1:2e:97:87:c8:30:35:30:05:23:a9:
                    af:17:14:5e:b0:2b:e3:c4:00:b6:be:97:43:16:f5:
                    59:aa:62:eb:09:35:70:ba:70:ef:ec:b1:3f:c7:5d:
                    a8:8d:86:71:95:8f:1d:65:f6:04:9c:44:c7:82:8c:
                    47:1e:91:c7:b4:d1:99:80:9c:a4:5c:74:93:dd:99:
                    c1:e7:3b:3b:5e:9f:3f:14:f5:b4:e2:df:8e:72:3a:
                    3b:24:f7:9e:fa:85:1d:ec:2c:b6:1c:1c:ad:05:35:
                    c3:c3:e2:8e:16:70:29:64:4b:ee:53:0e:48:df:5a:
                    11:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:8D:A5:5B:34:0C:04:EF:92:ED:4B:77:0D:66:94:E7:87:B1:91:48
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/aI2lWzQMBO-S7Ut3DWaU54exkUg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.37.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1a:88:f0:05:c0:b3:a8:c6:58:12:6c:b0:61:91:75:4d:3e:a0:
         49:64:07:31:51:5e:fd:a7:86:bc:2c:80:28:ec:45:22:02:1b:
         fe:f3:b2:bf:2f:85:c9:fe:28:30:19:5d:3b:0c:32:ea:e9:91:
         e0:85:4a:06:83:34:3c:38:af:db:25:e3:ae:2b:e6:f3:57:ba:
         36:24:d1:00:68:3c:fd:99:3e:de:05:36:77:c5:7f:21:5f:25:
         01:be:33:be:56:a1:b6:50:02:56:43:8b:6c:54:4c:49:0b:ef:
         60:ac:44:54:fc:3b:7a:cf:9b:af:d4:e6:7f:ab:58:a1:2f:7d:
         93:e8:ef:8a:c9:15:b5:70:d0:42:c3:22:78:a8:60:7b:9b:10:
         85:7c:6d:63:e0:62:23:48:77:0b:12:bc:c3:0a:46:3f:72:7e:
         d9:ee:2e:c7:11:00:d2:c6:b4:6b:67:7e:d2:73:ad:98:12:09:
         b4:37:e7:04:fe:a3:0d:0f:5b:a8:03:07:ce:d3:b2:a5:24:80:
         22:f4:1a:9a:12:94:1a:39:a6:63:a4:75:36:49:89:f0:da:9d:
         3a:a5:39:27:03:a3:89:cc:13:f4:18:eb:0d:33:aa:61:26:04:
         1a:79:c1:b6:cf:01:52:7b:a3:e1:08:47:33:72:40:4b:3c:02:
         0d:a0:d3:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9WwAr+01Jk2WyqnSSOqEAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjYwMTAyMDYxNzU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODhkYTU1YjM0MGMwNGVmOTJlZDRiNzcwZDY2OTRlNzg3YjE5MTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArk8itRxHb9zcS5enNbAPHPfZpyEv
kr36Q6gXvk7JcEbZwL0I6E25LunR1ekT8YUNCXCvMfuuEEBVNnJYRks1aRDjaaRE
Xpe6Z70BgwKbIImBksHoMvKAfKkYBgKTgdl+qmXSNaMMVCbb3KhdEo+UJX5M4jic
ytv7oLn9P1mwEd8PcFHO9hxR+ZBB8S6Xh8gwNTAFI6mvFxResCvjxAC2vpdDFvVZ
qmLrCTVwunDv7LE/x12ojYZxlY8dZfYEnETHgoxHHpHHtNGZgJykXHST3ZnB5zs7
Xp8/FPW04t+Ocjo7JPee+oUd7Cy2HBytBTXDw+KOFnApZEvuUw5I31oREwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGiNpVs0DATvku1Ldw1mlOeHsZFIMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvYUkybFd6UU1CTy1TN1V0M0RXYVU1NGV4a1VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWSVwMA0G
CSqGSIb3DQEBCwUAA4IBAQAaiPAFwLOoxlgSbLBhkXVNPqBJZAcxUV79p4a8LIAo
7EUiAhv+87K/L4XJ/igwGV07DDLq6ZHghUoGgzQ8OK/bJeOuK+bzV7o2JNEAaDz9
mT7eBTZ3xX8hXyUBvjO+VqG2UAJWQ4tsVExJC+9grERU/Dt6z5uv1OZ/q1ihL32T
6O+KyRW1cNBCwyJ4qGB7mxCFfG1j4GIjSHcLErzDCkY/cn7Z7i7HEQDSxrRrZ37S
c62YEgm0N+cE/qMND1uoAwfO07KlJIAi9BqaEpQaOaZjpHU2SYnw2p06pTknA6OJ
zBP0GOsNM6phJgQaecG2zwFSe6PhCEczckBLPAINoNOG
-----END CERTIFICATE-----