This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/b98b9f-b581-4e3e-ae8a-987d869566f6/1/IAWiQMEI7lBYE-yiLrq0N4vd600.roa
File:                     IAWiQMEI7lBYE-yiLrq0N4vd600.roa (raw, json)
Hash identifier:          7MWeCmwerIQVPacLYiQfFeLxjpHdbEK+iRaLdCOlJtE=
Subject key identifier:   20:05:A2:40:C1:08:EE:50:58:13:EC:A2:2E:BA:B4:37:8B:DD:EB:4D
Certificate issuer:       /CN=20820f796481ac0e9637c962414597b1fe227c24
Certificate serial:       019B797ECB65C2A5C3787BF005BB8478400E
Authority key identifier: 20:82:0F:79:64:81:AC:0E:96:37:C9:62:41:45:97:B1:FE:22:7C:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IIIPeWSBrA6WN8liQUWXsf4ifCQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/b98b9f-b581-4e3e-ae8a-987d869566f6/1/IAWiQMEI7lBYE-yiLrq0N4vd600.roa
Signing time:             Thu 01 Jan 2026 12:18:31 +0000
ROA not before:           Thu 01 Jan 2026 12:18:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     26324
IP address blocks:        89.38.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/b98b9f-b581-4e3e-ae8a-987d869566f6/1/IIIPeWSBrA6WN8liQUWXsf4ifCQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/b98b9f-b581-4e3e-ae8a-987d869566f6/1/IIIPeWSBrA6WN8liQUWXsf4ifCQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IIIPeWSBrA6WN8liQUWXsf4ifCQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 15:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:cb:65:c2:a5:c3:78:7b:f0:05:bb:84:78:40:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20820f796481ac0e9637c962414597b1fe227c24
        Validity
            Not Before: Jan  1 12:18:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2005a240c108ee505813eca22ebab4378bddeb4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:be:08:53:e0:c2:c9:9f:79:e6:75:1c:1e:e8:
                    3e:bf:91:5c:52:f5:b4:e0:a5:f7:18:13:e4:8c:a6:
                    6c:e9:a9:3c:8c:64:e1:81:a7:06:75:c8:a6:2a:6f:
                    03:05:c2:12:34:26:bd:49:61:bf:74:63:d4:77:67:
                    9e:d4:9c:34:87:c1:c6:bb:92:ce:fd:da:98:61:f9:
                    b9:e2:0f:c2:32:e4:57:03:fb:d9:f8:e4:e6:ad:58:
                    d1:82:3b:65:f1:8c:c9:da:24:44:1d:88:cc:36:8c:
                    9f:dc:c2:91:48:94:d8:65:3c:a4:ad:e9:27:c2:b7:
                    d3:f5:1b:a6:06:79:0c:4c:3f:e6:6e:64:2c:06:eb:
                    37:2a:30:13:5a:c8:99:e1:0d:8f:b7:6d:84:6a:6d:
                    7a:31:e7:0b:1a:16:95:85:55:83:05:5a:e1:d9:f9:
                    d9:11:07:6e:a5:ce:ad:43:85:f8:06:c3:b9:29:e6:
                    c5:09:58:01:24:95:10:9d:2b:20:46:4e:c6:ab:30:
                    eb:af:55:e4:8c:a6:eb:8f:9a:c8:74:e3:29:72:93:
                    70:d8:7f:6b:d8:9b:09:98:ca:d4:53:d4:a3:1b:7f:
                    1f:a7:81:f2:4f:26:b0:c3:fe:00:f7:96:b9:ff:4e:
                    80:4f:96:86:d5:f5:d5:9d:93:c3:1f:f5:e7:91:fe:
                    1d:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:05:A2:40:C1:08:EE:50:58:13:EC:A2:2E:BA:B4:37:8B:DD:EB:4D
            X509v3 Authority Key Identifier:
                keyid:20:82:0F:79:64:81:AC:0E:96:37:C9:62:41:45:97:B1:FE:22:7C:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IIIPeWSBrA6WN8liQUWXsf4ifCQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/b98b9f-b581-4e3e-ae8a-987d869566f6/1/IAWiQMEI7lBYE-yiLrq0N4vd600.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/b98b9f-b581-4e3e-ae8a-987d869566f6/1/IIIPeWSBrA6WN8liQUWXsf4ifCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.38.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:9a:b1:78:02:97:a6:9e:71:84:ae:16:7c:71:57:a6:e8:33:
         8b:b0:e4:d8:4c:20:5a:11:8f:bb:9b:f5:b8:ba:60:b8:e8:78:
         ce:81:ac:4d:d8:f9:48:1d:64:eb:c2:fb:25:2b:6b:f4:cf:bd:
         7e:4e:fd:34:9f:ec:9d:b6:f5:b1:14:fa:68:50:91:08:c8:fa:
         b8:54:b2:95:d7:1b:4f:75:8b:d6:fb:b4:31:ec:dc:44:02:93:
         6d:3b:b5:fa:d6:6c:fb:f5:ed:80:aa:61:ec:f1:dc:b9:9c:ab:
         18:06:5c:1b:0a:c0:61:ab:71:f6:a6:8b:c5:c1:d5:a3:1b:1d:
         7a:9f:01:92:99:0a:42:95:a8:46:06:45:49:71:69:8b:f1:d2:
         48:a8:f1:56:3d:52:e0:dd:e3:aa:45:19:22:13:00:6f:13:7a:
         24:d2:f2:46:90:80:65:3e:73:93:49:1d:ba:01:97:0a:bf:fa:
         bf:d0:13:5d:a7:ad:d7:d8:e8:88:88:90:e3:3d:2e:c3:60:fe:
         28:9e:82:59:89:ae:52:54:f4:49:76:96:f4:72:e8:30:09:ac:
         fe:93:f8:89:ab:45:f3:80:ab:4e:77:c7:ba:de:88:6b:d4:ec:
         ef:ae:ab:e1:7b:4f:26:87:0c:9a:09:a7:7c:aa:35:b3:ec:9c:
         09:1d:ec:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fstlwqXDeHvwBbuEeEAOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwODIwZjc5NjQ4MWFjMGU5NjM3Yzk2MjQxNDU5N2IxZmUy
MjdjMjQwHhcNMjYwMTAxMTIxODMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDA1YTI0MGMxMDhlZTUwNTgxM2VjYTIyZWJhYjQzNzhiZGRlYjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh74IU+DCyZ955nUcHug+v5FcUvW0
4KX3GBPkjKZs6ak8jGThgacGdcimKm8DBcISNCa9SWG/dGPUd2ee1Jw0h8HGu5LO
/dqYYfm54g/CMuRXA/vZ+OTmrVjRgjtl8YzJ2iREHYjMNoyf3MKRSJTYZTykrekn
wrfT9RumBnkMTD/mbmQsBus3KjATWsiZ4Q2Pt22Eam16MecLGhaVhVWDBVrh2fnZ
EQdupc6tQ4X4BsO5KebFCVgBJJUQnSsgRk7GqzDrr1XkjKbrj5rIdOMpcpNw2H9r
2JsJmMrUU9SjG38fp4HyTyaww/4A95a5/06AT5aG1fXVnZPDH/Xnkf4d6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCAFokDBCO5QWBPsoi66tDeL3etNMB8GA1UdIwQY
MBaAFCCCD3lkgawOljfJYkFFl7H+InwkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUlJUGVXU0JyQTZXTjhsaVFVV1hzZjRpZkNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9iOThiOWYtYjU4MS00ZTNlLWFlOGEt
OTg3ZDg2OTU2NmY2LzEvSUFXaVFNRUk3bEJZRS15aUxycTBONHZkNjAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9iOThiOWYtYjU4MS00ZTNlLWFlOGEtOTg3ZDg2OTU2NmY2
LzEvSUlJUGVXU0JyQTZXTjhsaVFVV1hzZjRpZkNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSY8MA0G
CSqGSIb3DQEBCwUAA4IBAQCAmrF4ApemnnGErhZ8cVem6DOLsOTYTCBaEY+7m/W4
umC46HjOgaxN2PlIHWTrwvslK2v0z71+Tv00n+ydtvWxFPpoUJEIyPq4VLKV1xtP
dYvW+7Qx7NxEApNtO7X61mz79e2AqmHs8dy5nKsYBlwbCsBhq3H2povFwdWjGx16
nwGSmQpClahGBkVJcWmL8dJIqPFWPVLg3eOqRRkiEwBvE3ok0vJGkIBlPnOTSR26
AZcKv/q/0BNdp63X2OiIiJDjPS7DYP4onoJZia5SVPRJdpb0cugwCaz+k/iJq0Xz
gKtOd8e63ohr1Ozvrqvhe08mhwyaCad8qjWz7JwJHeyv
-----END CERTIFICATE-----