This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/b09f74-179b-4ed2-acf8-56e6e2dc8885/1/FrWPsdIanKr1Sodt-qzdiaAKot0.roa
File:                     FrWPsdIanKr1Sodt-qzdiaAKot0.roa (raw, json)
Hash identifier:          MgcORKrAyQmVC5QqwfE0RufXlOwwg9f/50Q+8d4fy2E=
Subject key identifier:   16:B5:8F:B1:D2:1A:9C:AA:F5:4A:87:6D:FA:AC:DD:89:A0:0A:A2:DD
Certificate issuer:       /CN=9a97515657175a946cc8db6196ca1b2154e38114
Certificate serial:       019B7E3939BF7689E5BFF6A615E662B48930
Authority key identifier: 9A:97:51:56:57:17:5A:94:6C:C8:DB:61:96:CA:1B:21:54:E3:81:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mpdRVlcXWpRsyNthlsobIVTjgRQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/b09f74-179b-4ed2-acf8-56e6e2dc8885/1/FrWPsdIanKr1Sodt-qzdiaAKot0.roa
Signing time:             Fri 02 Jan 2026 10:20:37 +0000
ROA not before:           Fri 02 Jan 2026 10:20:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215868
IP address blocks:        89.40.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/b09f74-179b-4ed2-acf8-56e6e2dc8885/1/mpdRVlcXWpRsyNthlsobIVTjgRQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/b09f74-179b-4ed2-acf8-56e6e2dc8885/1/mpdRVlcXWpRsyNthlsobIVTjgRQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mpdRVlcXWpRsyNthlsobIVTjgRQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:39:bf:76:89:e5:bf:f6:a6:15:e6:62:b4:89:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a97515657175a946cc8db6196ca1b2154e38114
        Validity
            Not Before: Jan  2 10:20:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=16b58fb1d21a9caaf54a876dfaacdd89a00aa2dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:74:57:25:cf:48:e3:d4:01:f4:5e:c7:a8:49:
                    59:96:20:84:b9:d2:88:55:3f:51:56:9c:3a:ca:2b:
                    2e:e2:f6:bd:79:e2:21:1c:d5:cf:cb:75:96:05:7f:
                    94:30:16:30:a3:b3:d6:08:8f:e7:f8:83:35:07:ee:
                    d9:09:98:d3:58:8b:12:4d:b7:37:70:f1:d6:d6:85:
                    0f:50:ae:93:52:c9:b2:68:1c:ae:81:ea:56:5b:ad:
                    ef:db:18:19:97:e1:8c:fe:8d:f0:31:c1:6a:f5:a0:
                    a6:58:7d:32:55:65:60:95:38:1f:17:57:d6:ca:b9:
                    63:0c:a0:a5:69:72:1c:0f:bf:7e:ea:2f:cf:13:b8:
                    b6:b9:b2:69:51:b1:f6:97:27:b4:c0:06:0e:6a:3f:
                    49:b6:1f:39:d4:e9:6e:35:d0:1c:0a:5c:8a:b0:f5:
                    d0:60:a4:d4:a7:43:87:49:48:00:18:55:7e:72:14:
                    83:68:00:45:8a:0b:56:c2:72:90:bb:c6:92:46:1d:
                    7d:e3:91:48:33:49:ce:1c:a3:17:f0:c1:31:4c:86:
                    eb:e7:a4:97:04:ab:cb:f3:39:ed:43:2d:ef:06:20:
                    ee:61:c6:1c:7f:61:e9:64:a6:d9:90:0b:f1:90:89:
                    11:63:0a:df:61:b7:9c:1e:7c:47:df:0f:4e:70:2a:
                    fe:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:B5:8F:B1:D2:1A:9C:AA:F5:4A:87:6D:FA:AC:DD:89:A0:0A:A2:DD
            X509v3 Authority Key Identifier:
                keyid:9A:97:51:56:57:17:5A:94:6C:C8:DB:61:96:CA:1B:21:54:E3:81:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mpdRVlcXWpRsyNthlsobIVTjgRQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/b09f74-179b-4ed2-acf8-56e6e2dc8885/1/FrWPsdIanKr1Sodt-qzdiaAKot0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/b09f74-179b-4ed2-acf8-56e6e2dc8885/1/mpdRVlcXWpRsyNthlsobIVTjgRQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.40.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:ee:b1:c9:82:84:ef:45:51:f6:5d:dc:c0:26:19:5e:a5:8c:
         ef:bb:d7:cb:06:6d:42:dd:fa:90:07:6f:d3:53:2f:8d:de:30:
         9a:57:12:eb:f8:88:69:d2:d3:f1:27:f4:05:0a:27:18:67:46:
         1c:6e:92:45:fe:5c:92:ab:5b:82:96:12:e4:42:ef:ea:13:fb:
         45:49:af:3f:a1:a9:1b:ae:5c:f4:9e:38:df:15:02:f1:38:73:
         8f:58:60:ee:31:c1:d3:0f:c0:a1:c1:07:b2:87:17:ec:4f:23:
         ed:cd:33:ee:d1:c9:9f:c4:a8:c0:ee:de:a4:5f:51:b8:68:f1:
         bf:f1:a3:44:4a:ae:66:60:04:6d:8a:60:15:d3:14:b0:ea:87:
         1a:ac:a3:72:b8:33:b4:20:de:d9:5a:25:47:b2:97:b4:5d:ab:
         bf:15:f4:92:20:60:38:05:6c:7f:4e:12:f4:d4:bb:b6:dd:2c:
         99:b8:d8:ab:fc:bd:8e:16:bc:fc:f1:bf:0a:f3:ba:d1:d9:f8:
         08:2e:d7:67:97:02:1d:77:53:89:62:97:29:e0:97:19:4b:b8:
         a7:f0:d8:08:79:33:e9:4b:7f:52:6c:90:63:b1:a0:19:6a:d0:
         e4:de:ac:cf:5b:28:49:ea:66:85:03:f5:6e:ef:64:29:67:eb:
         d9:f3:a2:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OTm/donlv/amFeZitIkwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhOTc1MTU2NTcxNzVhOTQ2Y2M4ZGI2MTk2Y2ExYjIxNTRl
MzgxMTQwHhcNMjYwMTAyMTAyMDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmI1OGZiMWQyMWE5Y2FhZjU0YTg3NmRmYWFjZGQ4OWEwMGFhMmRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkHRXJc9I49QB9F7HqElZliCEudKI
VT9RVpw6yisu4va9eeIhHNXPy3WWBX+UMBYwo7PWCI/n+IM1B+7ZCZjTWIsSTbc3
cPHW1oUPUK6TUsmyaByugepWW63v2xgZl+GM/o3wMcFq9aCmWH0yVWVglTgfF1fW
yrljDKClaXIcD79+6i/PE7i2ubJpUbH2lye0wAYOaj9Jth851OluNdAcClyKsPXQ
YKTUp0OHSUgAGFV+chSDaABFigtWwnKQu8aSRh1945FIM0nOHKMX8MExTIbr56SX
BKvL8zntQy3vBiDuYcYcf2HpZKbZkAvxkIkRYwrfYbecHnxH3w9OcCr+SQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBa1j7HSGpyq9UqHbfqs3YmgCqLdMB8GA1UdIwQY
MBaAFJqXUVZXF1qUbMjbYZbKGyFU44EUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXBkUlZsY1hXcFJzeU50aGxzb2JJVlRqZ1JRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi9iMDlmNzQtMTc5Yi00ZWQyLWFjZjgt
NTZlNmUyZGM4ODg1LzEvRnJXUHNkSWFuS3IxU29kdC1xemRpYUFLb3QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi9iMDlmNzQtMTc5Yi00ZWQyLWFjZjgtNTZlNmUyZGM4ODg1
LzEvbXBkUlZsY1hXcFJzeU50aGxzb2JJVlRqZ1JRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSgcMA0G
CSqGSIb3DQEBCwUAA4IBAQBq7rHJgoTvRVH2XdzAJhlepYzvu9fLBm1C3fqQB2/T
Uy+N3jCaVxLr+Ihp0tPxJ/QFCicYZ0YcbpJF/lySq1uClhLkQu/qE/tFSa8/oakb
rlz0njjfFQLxOHOPWGDuMcHTD8ChwQeyhxfsTyPtzTPu0cmfxKjA7t6kX1G4aPG/
8aNESq5mYARtimAV0xSw6ocarKNyuDO0IN7ZWiVHspe0Xau/FfSSIGA4BWx/ThL0
1Lu23SyZuNir/L2OFrz88b8K87rR2fgILtdnlwIdd1OJYpcp4JcZS7in8NgIeTPp
S39SbJBjsaAZatDk3qzPWyhJ6maFA/Vu72QpZ+vZ86I8
-----END CERTIFICATE-----