This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/43XYThNCKuIW9Jn_bOhnvPUqA-g.roa
File:                     43XYThNCKuIW9Jn_bOhnvPUqA-g.roa (raw, json)
Hash identifier:          ggmFjy2RTqKtIARGHDfLeQwZS7kdqvAeWBfc0U2RmoU=
Subject key identifier:   E3:75:D8:4E:13:42:2A:E2:16:F4:99:FF:6C:E8:67:BC:F5:2A:03:E8
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       019B7AC861BCC4F41DEFC660C8EF11901B0E
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/43XYThNCKuIW9Jn_bOhnvPUqA-g.roa
Signing time:             Thu 01 Jan 2026 18:18:31 +0000
ROA not before:           Thu 01 Jan 2026 18:18:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212335
IP address blocks:        89.106.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:61:bc:c4:f4:1d:ef:c6:60:c8:ef:11:90:1b:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Jan  1 18:18:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e375d84e13422ae216f499ff6ce867bcf52a03e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:88:d3:b9:ab:ee:62:c0:40:66:5b:29:ba:8d:
                    99:44:94:50:f0:ca:4e:0d:45:ef:6f:b9:04:65:78:
                    8f:83:6e:77:dc:06:15:85:94:0e:66:56:f2:11:9d:
                    22:5a:ab:1d:94:b3:a3:4c:17:99:aa:e5:3f:a2:b5:
                    67:20:ae:ad:f6:d0:b9:b4:f8:d6:ce:e0:bd:40:c8:
                    5a:e2:9a:70:2b:e8:15:f0:22:93:83:c6:6b:1c:87:
                    c3:2f:c1:2c:73:a8:5a:23:99:bd:7e:af:01:c2:63:
                    2f:1d:6c:1c:84:12:7b:59:0a:6b:51:c4:0a:d7:27:
                    2e:be:39:8e:27:90:c1:33:60:47:dd:70:38:86:94:
                    62:be:88:87:25:68:63:fd:ff:a4:d8:2f:f7:4f:2b:
                    8b:04:a3:ce:9c:a2:ac:eb:1d:b4:59:b8:ff:c3:23:
                    57:32:93:b0:43:50:f7:01:3f:0b:3c:66:2b:31:d5:
                    32:42:fc:64:bb:fa:70:99:f2:93:88:e8:b0:02:c6:
                    41:87:ff:d0:bc:e9:22:dc:1d:4a:77:ec:ce:f1:b9:
                    67:6d:62:de:97:a4:dc:a7:8a:b6:0b:29:7f:72:cb:
                    e2:8e:31:0e:56:d9:f9:c4:55:c1:7b:b6:af:00:55:
                    72:c0:e5:46:44:13:44:1b:e1:90:77:94:76:f9:a9:
                    f1:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:75:D8:4E:13:42:2A:E2:16:F4:99:FF:6C:E8:67:BC:F5:2A:03:E8
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/43XYThNCKuIW9Jn_bOhnvPUqA-g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.106.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:42:4e:8e:b9:90:59:2f:a1:45:26:50:1b:51:f8:dc:b3:d6:
         84:31:d9:41:7f:f5:40:5a:0f:80:65:66:8c:6f:53:59:26:a3:
         49:3a:46:5a:99:bb:cd:3d:80:98:22:43:60:36:dc:b5:60:36:
         f1:d7:c9:f0:d4:aa:ae:ae:09:c5:92:87:3d:76:ff:7f:b9:a1:
         37:0c:77:18:42:e3:61:77:dd:d2:f8:65:df:60:13:09:31:3c:
         71:1d:8e:12:f3:82:de:08:33:81:df:3d:89:19:c8:c3:18:5b:
         4c:e6:55:93:c2:99:e0:48:d4:dd:d9:c4:8c:84:7e:f1:da:b5:
         8b:cb:25:2f:ae:e9:99:26:8c:fa:f4:8b:40:62:90:d6:95:5a:
         f7:06:ca:6e:e2:78:39:e4:8b:ee:f4:a0:81:d4:63:22:18:90:
         81:16:00:a4:ce:ba:8b:be:e7:04:2b:0d:40:6f:d6:1d:89:bd:
         fb:91:10:66:13:da:51:0d:80:e7:28:91:31:77:60:e9:19:d2:
         9d:96:94:44:23:73:3d:9c:fa:6b:73:be:f1:49:1e:c6:cf:77:
         63:a6:98:62:53:db:e4:31:0e:8c:dd:60:dd:41:61:59:3c:0b:
         29:83:c9:e6:ee:ac:27:0b:1e:a6:5d:c1:4a:62:ce:f8:43:2f:
         14:56:f3:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yGG8xPQd78ZgyO8RkBsOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjYwMTAxMTgxODMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzc1ZDg0ZTEzNDIyYWUyMTZmNDk5ZmY2Y2U4NjdiY2Y1MmEwM2U4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvIjTuavuYsBAZlspuo2ZRJRQ8MpO
DUXvb7kEZXiPg2533AYVhZQOZlbyEZ0iWqsdlLOjTBeZquU/orVnIK6t9tC5tPjW
zuC9QMha4ppwK+gV8CKTg8ZrHIfDL8Esc6haI5m9fq8BwmMvHWwchBJ7WQprUcQK
1ycuvjmOJ5DBM2BH3XA4hpRivoiHJWhj/f+k2C/3TyuLBKPOnKKs6x20Wbj/wyNX
MpOwQ1D3AT8LPGYrMdUyQvxku/pwmfKTiOiwAsZBh//QvOki3B1Kd+zO8blnbWLe
l6Tcp4q2Cyl/csvijjEOVtn5xFXBe7avAFVywOVGRBNEG+GQd5R2+anxhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFON12E4TQiriFvSZ/2zoZ7z1KgPoMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvNDNYWVRoTkNLdUlXOUpuX2JPaG52UFVxQS1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWWoDMA0G
CSqGSIb3DQEBCwUAA4IBAQC8Qk6OuZBZL6FFJlAbUfjcs9aEMdlBf/VAWg+AZWaM
b1NZJqNJOkZambvNPYCYIkNgNty1YDbx18nw1KqurgnFkoc9dv9/uaE3DHcYQuNh
d93S+GXfYBMJMTxxHY4S84LeCDOB3z2JGcjDGFtM5lWTwpngSNTd2cSMhH7x2rWL
yyUvrumZJoz69ItAYpDWlVr3Bspu4ng55Ivu9KCB1GMiGJCBFgCkzrqLvucEKw1A
b9Ydib37kRBmE9pRDYDnKJExd2DpGdKdlpREI3M9nPprc77xSR7Gz3djpphiU9vk
MQ6M3WDdQWFZPAspg8nm7qwnCx6mXcFKYs74Qy8UVvMZ
-----END CERTIFICATE-----