This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/plDml0HEzj0gIlhrfPmrHfXKqOM.roa
File:                     plDml0HEzj0gIlhrfPmrHfXKqOM.roa (raw, json)
Hash identifier:          bqZ6p5u28WhXVZJR1nGJD41C0IekSfG8+7KjIStjqcg=
Subject key identifier:   A6:50:E6:97:41:C4:CE:3D:20:22:58:6B:7C:F9:AB:1D:F5:CA:A8:E3
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       019B7AC869C67F35120227ACE6F7F885039C
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/plDml0HEzj0gIlhrfPmrHfXKqOM.roa
Signing time:             Thu 01 Jan 2026 18:18:33 +0000
ROA not before:           Thu 01 Jan 2026 18:18:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     397630
IP address blocks:        89.106.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 14:01:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:69:c6:7f:35:12:02:27:ac:e6:f7:f8:85:03:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Jan  1 18:18:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a650e69741c4ce3d2022586b7cf9ab1df5caa8e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:3c:ab:2c:bc:f2:ca:9e:41:8e:63:be:80:6b:
                    45:d8:cf:6a:09:a3:2f:3c:3a:3c:07:86:d4:df:3a:
                    25:d8:4b:2b:3c:fd:95:82:76:5a:39:62:b6:58:65:
                    8b:af:d6:99:63:5b:c0:00:03:68:c0:8e:d8:5f:f2:
                    08:2e:5c:25:10:f3:6d:26:ec:05:8a:72:5a:a4:92:
                    ad:6b:21:36:cf:2f:8a:90:82:79:53:f7:4b:12:c4:
                    96:a6:3a:5f:51:78:d8:bf:f9:08:5f:fd:94:62:1c:
                    c9:9f:2b:98:55:6f:9f:aa:1c:56:52:70:a5:3d:6e:
                    a8:70:a5:41:9e:0a:f9:e3:d6:77:e7:81:2b:8a:0a:
                    9b:dd:be:11:24:49:63:c4:08:ab:82:fe:a1:b7:f1:
                    5a:1e:81:1e:cf:33:1c:75:a8:9e:b8:b4:3d:70:68:
                    f7:0d:90:c4:19:3d:34:6e:61:e4:7d:1e:21:44:9c:
                    a9:f4:c3:ad:ba:ee:5e:85:af:c3:f5:08:51:29:e1:
                    3d:a0:43:72:15:f8:e4:0d:df:6b:77:cb:53:fc:e5:
                    dc:78:25:4c:55:a7:76:70:b1:c7:93:0f:85:fd:18:
                    ea:a1:3e:32:6f:6b:a8:1a:d0:27:06:20:8f:74:ed:
                    e3:ff:39:50:2a:1c:24:cc:11:b7:0b:f6:17:b3:da:
                    a4:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:50:E6:97:41:C4:CE:3D:20:22:58:6B:7C:F9:AB:1D:F5:CA:A8:E3
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/plDml0HEzj0gIlhrfPmrHfXKqOM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.106.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:4c:0b:91:8f:64:41:be:d8:a0:8c:9f:3d:27:02:1a:f6:79:
         29:20:8a:1e:87:10:17:8a:45:a0:4a:bf:a3:20:cf:5d:ee:5f:
         1d:f0:f1:82:eb:b3:74:43:fd:cc:d8:3e:1f:05:db:a2:1f:fa:
         3f:47:e8:aa:e1:19:da:e8:69:f4:23:69:af:76:dd:c0:bf:9c:
         ec:cf:75:39:da:e6:e7:b5:ef:46:e5:56:86:99:1a:93:a6:b2:
         fb:aa:d7:fa:ff:ee:c4:0d:b9:49:64:fc:58:22:06:57:37:9b:
         92:15:9c:96:88:dc:ca:49:4e:36:fc:c4:83:cc:5c:ea:6b:ff:
         52:8e:8e:ae:31:86:c0:8a:77:8e:6a:b7:6e:90:5b:8e:c9:5e:
         28:7c:0b:35:40:68:89:74:35:c6:44:33:ff:74:d6:01:6f:ab:
         b5:5c:8b:02:c1:80:97:63:92:83:db:ea:fc:d0:ca:4d:b3:6f:
         e4:6e:49:14:02:f2:55:43:f4:4c:2c:5c:9a:7a:45:02:48:4d:
         7f:8f:f1:0d:0b:ad:25:52:a9:0b:65:36:13:69:36:fc:40:89:
         21:e4:66:94:5b:b8:c7:99:4d:a6:a8:1f:36:f7:ce:2c:56:6e:
         a8:a9:77:e2:e3:9f:d0:25:4e:d4:32:5a:68:20:92:ef:75:4e:
         bc:c2:3d:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yGnGfzUSAies5vf4hQOcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjYwMTAxMTgxODMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjUwZTY5NzQxYzRjZTNkMjAyMjU4NmI3Y2Y5YWIxZGY1Y2FhOGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvTyrLLzyyp5BjmO+gGtF2M9qCaMv
PDo8B4bU3zol2EsrPP2VgnZaOWK2WGWLr9aZY1vAAANowI7YX/IILlwlEPNtJuwF
inJapJKtayE2zy+KkIJ5U/dLEsSWpjpfUXjYv/kIX/2UYhzJnyuYVW+fqhxWUnCl
PW6ocKVBngr549Z354Erigqb3b4RJEljxAirgv6ht/FaHoEezzMcdaieuLQ9cGj3
DZDEGT00bmHkfR4hRJyp9MOtuu5eha/D9QhRKeE9oENyFfjkDd9rd8tT/OXceCVM
Vad2cLHHkw+F/RjqoT4yb2uoGtAnBiCPdO3j/zlQKhwkzBG3C/YXs9qkOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKZQ5pdBxM49ICJYa3z5qx31yqjjMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvcGxEbWwwSEV6ajBnSWxocmZQbXJIZlhLcU9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWWoaMA0G
CSqGSIb3DQEBCwUAA4IBAQAtTAuRj2RBvtigjJ89JwIa9nkpIIoehxAXikWgSr+j
IM9d7l8d8PGC67N0Q/3M2D4fBduiH/o/R+iq4Rna6Gn0I2mvdt3Av5zsz3U52ubn
te9G5VaGmRqTprL7qtf6/+7EDblJZPxYIgZXN5uSFZyWiNzKSU42/MSDzFzqa/9S
jo6uMYbAineOardukFuOyV4ofAs1QGiJdDXGRDP/dNYBb6u1XIsCwYCXY5KD2+r8
0MpNs2/kbkkUAvJVQ/RMLFyaekUCSE1/j/ENC60lUqkLZTYTaTb8QIkh5GaUW7jH
mU2mqB82984sVm6oqXfi45/QJU7UMlpoIJLvdU68wj1R
-----END CERTIFICATE-----