This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/cPtm9f5FeP4aDiZmtgAZeH6HS5c.roa
File:                     cPtm9f5FeP4aDiZmtgAZeH6HS5c.roa (raw, json)
Hash identifier:          MOhP1/09XQdhINCUAfcXO13xP8T5YClq0iYcFE3oubk=
Subject key identifier:   70:FB:66:F5:FE:45:78:FE:1A:0E:26:66:B6:00:19:78:7E:87:4B:97
Certificate issuer:       /CN=1e5b334965788794d6f147a2f004d13be3257dc4
Certificate serial:       019BA2BA433FA3691F66FBCF89A43C7A3280
Authority key identifier: 1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/cPtm9f5FeP4aDiZmtgAZeH6HS5c.roa
Signing time:             Fri 09 Jan 2026 12:27:54 +0000
ROA not before:           Fri 09 Jan 2026 12:27:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9304
IP address blocks:        152.89.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 03:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:a2:ba:43:3f:a3:69:1f:66:fb:cf:89:a4:3c:7a:32:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5b334965788794d6f147a2f004d13be3257dc4
        Validity
            Not Before: Jan  9 12:27:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=70fb66f5fe4578fe1a0e2666b60019787e874b97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:50:57:3b:5b:cb:1e:72:22:3b:26:48:31:73:
                    7f:14:36:55:7b:1a:cb:c6:21:17:0e:3d:56:a0:be:
                    61:c8:3a:ff:5b:54:95:f0:96:27:ab:35:fe:33:9c:
                    2b:a8:71:04:94:59:32:92:c5:08:7d:7d:d5:a6:fa:
                    1d:e6:c7:de:be:22:07:ef:20:a9:2d:5d:5f:df:05:
                    5a:44:fa:95:a6:1b:6b:dc:58:25:d2:b7:63:2d:19:
                    12:8f:aa:66:f4:ed:d2:2c:bd:99:46:c6:15:25:99:
                    fe:52:09:12:61:dc:f8:2c:3d:18:1e:a1:4b:c7:3b:
                    45:f5:23:19:3d:ed:15:f2:7b:19:1e:48:78:6c:09:
                    de:89:b8:c8:f5:99:aa:2f:b0:ff:1c:a3:20:48:ab:
                    f4:12:6f:9f:e6:79:e7:54:0b:c2:82:59:d7:15:89:
                    5c:76:54:93:01:e7:11:c7:16:91:51:4d:ea:65:da:
                    3b:e8:7b:83:cf:35:ea:a9:66:14:f4:86:5d:27:53:
                    4b:e3:a1:f3:b6:8c:04:f7:f0:3f:bc:55:39:65:71:
                    72:a8:21:01:c4:57:49:93:d3:87:25:26:68:56:25:
                    01:30:30:c1:48:10:cc:c3:05:2f:d1:1b:3c:62:63:
                    cc:13:91:26:b4:d1:53:cb:cc:2d:b9:ed:f4:ae:70:
                    7f:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:FB:66:F5:FE:45:78:FE:1A:0E:26:66:B6:00:19:78:7E:87:4B:97
            X509v3 Authority Key Identifier:
                keyid:1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/cPtm9f5FeP4aDiZmtgAZeH6HS5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:fc:28:9b:bf:cb:f8:fa:21:a1:cf:51:7c:d7:d3:af:71:aa:
         d2:75:06:28:1a:dd:13:a9:70:b4:d5:fd:2a:ee:64:8a:c1:3f:
         45:9c:c0:91:6b:21:42:cc:f9:c5:76:57:eb:c2:a9:3a:7d:80:
         5f:cc:e0:3e:9a:53:88:b3:93:f4:8f:a2:c3:3a:7d:63:5a:0f:
         89:40:04:f9:6e:1b:ac:f4:25:b8:c2:a4:6e:53:90:b1:53:e1:
         af:4b:f7:82:cf:ea:93:30:2d:bc:4e:82:3c:99:8e:cd:57:2a:
         a9:c1:25:36:56:a3:b0:d7:77:ad:74:f9:4a:0e:1a:43:bb:da:
         bf:d9:76:ad:57:6b:8c:49:9b:e2:70:00:2d:4c:21:92:83:e0:
         65:a7:ce:c4:a1:36:25:cf:e9:e9:32:e5:9d:63:64:9a:27:e6:
         f1:52:7e:23:0d:28:7b:aa:33:b7:be:7e:36:43:f6:33:a8:06:
         be:47:98:99:88:a1:23:85:55:06:f9:ab:b9:7e:da:8d:25:ce:
         5d:e9:1c:7d:99:84:ef:7f:d4:ba:79:96:72:14:d5:4f:39:15:
         e5:76:ff:3d:0f:3a:c3:27:42:b3:08:1f:ca:3a:59:19:89:92:
         cd:c1:e1:2a:c6:8d:2c:f6:72:19:61:9b:0f:52:0f:f9:f5:00:
         77:4e:86:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZuiukM/o2kfZvvPiaQ8ejKAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWIzMzQ5NjU3ODg3OTRkNmYxNDdhMmYwMDRkMTNiZTMy
NTdkYzQwHhcNMjYwMTA5MTIyNzU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGZiNjZmNWZlNDU3OGZlMWEwZTI2NjZiNjAwMTk3ODdlODc0Yjk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1BXO1vLHnIiOyZIMXN/FDZVexrL
xiEXDj1WoL5hyDr/W1SV8JYnqzX+M5wrqHEElFkyksUIfX3Vpvod5sfeviIH7yCp
LV1f3wVaRPqVphtr3Fgl0rdjLRkSj6pm9O3SLL2ZRsYVJZn+UgkSYdz4LD0YHqFL
xztF9SMZPe0V8nsZHkh4bAneibjI9ZmqL7D/HKMgSKv0Em+f5nnnVAvCglnXFYlc
dlSTAecRxxaRUU3qZdo76HuDzzXqqWYU9IZdJ1NL46HztowE9/A/vFU5ZXFyqCEB
xFdJk9OHJSZoViUBMDDBSBDMwwUv0Rs8YmPME5EmtNFTy8wtue30rnB/rQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHD7ZvX+RXj+Gg4mZrYAGXh+h0uXMB8GA1UdIwQY
MBaAFB5bM0lleIeU1vFHovAE0TvjJX3EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDIt
OTk5MGUyZDllYWZlLzEvY1B0bTlmNUZlUDRhRGlabXRnQVplSDZIUzVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDItOTk5MGUyZDllYWZl
LzEvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmFnDMA0G
CSqGSIb3DQEBCwUAA4IBAQB5/Cibv8v4+iGhz1F819OvcarSdQYoGt0TqXC01f0q
7mSKwT9FnMCRayFCzPnFdlfrwqk6fYBfzOA+mlOIs5P0j6LDOn1jWg+JQAT5bhus
9CW4wqRuU5CxU+GvS/eCz+qTMC28ToI8mY7NVyqpwSU2VqOw13etdPlKDhpDu9q/
2XatV2uMSZvicAAtTCGSg+Blp87EoTYlz+npMuWdY2SaJ+bxUn4jDSh7qjO3vn42
Q/YzqAa+R5iZiKEjhVUG+au5ftqNJc5d6Rx9mYTvf9S6eZZyFNVPORXldv89DzrD
J0KzCB/KOlkZiZLNweEqxo0s9nIZYZsPUg/59QB3TobN
-----END CERTIFICATE-----