This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/24yTeoHm2S0e42hQd6pPb3p9WpA.roa
File:                     24yTeoHm2S0e42hQd6pPb3p9WpA.roa (raw, json)
Hash identifier:          SUER5+YzbJ6nTSR1xjZZzU5AI9UiRQpopAGrfukxUW4=
Subject key identifier:   DB:8C:93:7A:81:E6:D9:2D:1E:E3:68:50:77:AA:4F:6F:7A:7D:5A:90
Certificate issuer:       /CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Certificate serial:       019B78A2D3045C3B3BCC2B5150657AD55651
Authority key identifier: 98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/24yTeoHm2S0e42hQd6pPb3p9WpA.roa
Signing time:             Thu 01 Jan 2026 08:18:15 +0000
ROA not before:           Thu 01 Jan 2026 08:18:15 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396856
IP address blocks:        89.185.28.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:d3:04:5c:3b:3b:cc:2b:51:50:65:7a:d5:56:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
        Validity
            Not Before: Jan  1 08:18:15 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=db8c937a81e6d92d1ee3685077aa4f6f7a7d5a90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:11:69:86:17:40:dc:7f:58:9a:18:c0:bf:06:
                    3e:db:df:16:3d:61:61:8b:05:f2:d6:c0:98:ad:64:
                    6c:2f:b0:ce:53:b5:e7:8b:27:fa:90:f9:db:db:ff:
                    ea:a9:86:47:da:be:f9:d2:d5:c5:4d:f0:57:ff:ab:
                    49:55:ad:4c:2c:98:3c:89:dd:47:ac:49:3f:cc:31:
                    ff:82:a2:07:e6:28:bc:6b:d4:04:ff:41:4b:31:7b:
                    f8:03:f1:78:e2:c8:0d:06:03:6e:4d:1c:c3:bc:53:
                    c0:38:dd:63:9f:db:df:58:c8:29:7e:9e:7a:88:8e:
                    0b:19:67:1f:93:8f:a2:2e:55:fb:49:83:8d:4a:40:
                    1c:80:a0:ff:5c:19:e8:d3:4f:de:21:15:11:53:87:
                    9f:c3:c7:d6:1e:ce:69:12:94:93:ee:a7:20:97:6e:
                    18:f9:51:99:18:1a:fc:04:54:cb:3d:e7:8c:15:ab:
                    b2:31:9e:f2:0c:a0:3b:6f:b8:d7:3d:e4:34:13:91:
                    ee:b9:a8:25:cc:1c:11:19:5c:82:a8:88:79:b2:74:
                    23:f5:a1:31:20:ca:d8:db:3f:59:28:44:c5:5b:75:
                    89:ec:41:b5:2a:8f:65:1b:44:71:6e:ad:81:55:5b:
                    55:55:1e:46:97:75:2a:6e:9b:e0:8c:bf:d2:c1:8c:
                    db:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:8C:93:7A:81:E6:D9:2D:1E:E3:68:50:77:AA:4F:6F:7A:7D:5A:90
            X509v3 Authority Key Identifier:
                keyid:98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/24yTeoHm2S0e42hQd6pPb3p9WpA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.185.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         53:3b:ed:7a:b3:b5:a7:62:85:06:8a:37:9a:de:58:cd:5a:e1:
         59:26:26:35:58:75:aa:45:f1:58:af:7c:31:1c:e6:be:1d:35:
         7b:93:0f:9e:31:9d:28:45:e7:3b:2d:90:ef:d7:3f:a5:57:ed:
         cc:26:8b:5e:0a:ad:02:64:5e:75:34:4e:99:76:e2:56:d7:ca:
         5a:fc:45:a1:53:21:ed:0c:e4:7e:5a:65:58:1f:f8:0c:19:1b:
         63:96:de:bf:98:3c:09:42:49:24:8e:82:a2:56:20:e3:83:da:
         b1:f3:e1:c3:bc:cf:c4:26:a3:ff:2e:b3:c4:98:c9:3a:39:b2:
         ad:06:cb:9d:54:19:62:19:f2:8a:8a:12:de:ea:4d:12:c2:73:
         82:8e:7d:4b:cb:cc:33:05:c4:fd:a2:7f:76:f1:b2:65:52:34:
         46:6b:54:8d:b0:fc:45:ee:bf:21:43:fe:ca:92:f2:e2:6c:20:
         2e:b6:a3:2e:26:27:8f:ed:b9:3b:18:83:55:94:e7:70:2a:35:
         81:a7:39:f5:77:bb:a7:4f:d8:9b:f0:31:e2:79:0a:3e:f3:cf:
         77:f8:88:c9:7f:a5:77:54:50:1a:3e:6d:1d:93:94:08:3e:17:
         45:0e:cb:ae:95:e4:0e:81:11:06:32:37:ef:dd:c1:87:d5:25:
         00:63:17:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4otMEXDs7zCtRUGV61VZRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmNmODA5YzBlM2U4ZTU1NTJmOWQwZGQyZTI3ZTBkZDJk
OGRhYmUwHhcNMjYwMTAxMDgxODE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjhjOTM3YTgxZTZkOTJkMWVlMzY4NTA3N2FhNGY2ZjdhN2Q1YTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvRFphhdA3H9YmhjAvwY+298WPWFh
iwXy1sCYrWRsL7DOU7Xniyf6kPnb2//qqYZH2r750tXFTfBX/6tJVa1MLJg8id1H
rEk/zDH/gqIH5ii8a9QE/0FLMXv4A/F44sgNBgNuTRzDvFPAON1jn9vfWMgpfp56
iI4LGWcfk4+iLlX7SYONSkAcgKD/XBno00/eIRURU4efw8fWHs5pEpST7qcgl24Y
+VGZGBr8BFTLPeeMFauyMZ7yDKA7b7jXPeQ0E5HuuaglzBwRGVyCqIh5snQj9aEx
IMrY2z9ZKETFW3WJ7EG1Ko9lG0Rxbq2BVVtVVR5Gl3UqbpvgjL/SwYzbhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNuMk3qB5tktHuNoUHeqT296fVqQMB8GA1UdIwQY
MBaAFJgs+AnA4+jlVS+dDdLifg3S2Nq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEt
ODJhZDE0NTU1ZWFhLzEvMjR5VGVvSG0yUzBlNDJoUWQ2cFBiM3A5V3BBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEtODJhZDE0NTU1ZWFh
LzEvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWbkcMA0G
CSqGSIb3DQEBCwUAA4IBAQBTO+16s7WnYoUGijea3ljNWuFZJiY1WHWqRfFYr3wx
HOa+HTV7kw+eMZ0oRec7LZDv1z+lV+3MJoteCq0CZF51NE6ZduJW18pa/EWhUyHt
DOR+WmVYH/gMGRtjlt6/mDwJQkkkjoKiViDjg9qx8+HDvM/EJqP/LrPEmMk6ObKt
BsudVBliGfKKihLe6k0SwnOCjn1Ly8wzBcT9on928bJlUjRGa1SNsPxF7r8hQ/7K
kvLibCAutqMuJieP7bk7GINVlOdwKjWBpzn1d7unT9ib8DHieQo+8893+IjJf6V3
VFAaPm0dk5QIPhdFDsuuleQOgREGMjfv3cGH1SUAYxdv
-----END CERTIFICATE-----