This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/sLdxXrKqAUhLF5iq5_yy84fwEm8.roa
File:                     sLdxXrKqAUhLF5iq5_yy84fwEm8.roa (raw, json)
Hash identifier:          LLbfwk0Ab8SAjgSDQXLyFETeIIy8mBBbnR/10LSQHlk=
Subject key identifier:   B0:B7:71:5E:B2:AA:01:48:4B:17:98:AA:E7:FC:B2:F3:87:F0:12:6F
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       019B7759439DBE162E9C322550C10BEBE560
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/sLdxXrKqAUhLF5iq5_yy84fwEm8.roa
Signing time:             Thu 01 Jan 2026 02:18:17 +0000
ROA not before:           Thu 01 Jan 2026 02:18:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34538
IP address blocks:        89.33.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 Jan 2026 14:59:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:43:9d:be:16:2e:9c:32:25:50:c1:0b:eb:e5:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  1 02:18:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b0b7715eb2aa01484b1798aae7fcb2f387f0126f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:3c:77:8b:ec:0e:3f:0c:fb:7a:fa:c9:9a:3e:
                    d0:e4:92:48:69:f5:ea:47:68:04:b5:a6:1d:c9:82:
                    ff:aa:e9:f1:fd:41:bd:66:1e:13:85:ad:38:b7:23:
                    00:cf:e6:82:c0:73:e0:3f:15:ac:1d:5e:a5:fb:a4:
                    c1:61:2a:dc:e1:87:f4:c1:63:f2:d7:41:f2:9f:d8:
                    f9:b3:39:2c:ef:0b:ad:ff:90:8f:a0:a0:1d:85:66:
                    34:a2:98:56:ca:c8:7b:21:3f:4e:b9:a0:ab:87:4f:
                    81:e7:6b:be:f5:b6:5b:b1:a9:69:5b:97:af:95:87:
                    f3:93:95:10:4e:a5:4d:43:a8:61:7e:f3:8d:b1:85:
                    b3:ab:58:89:f9:ed:b9:d5:2b:78:61:fb:fe:df:95:
                    bc:62:de:f5:2e:f2:c1:1a:ac:5c:1d:47:2a:d0:40:
                    1f:db:7a:65:04:ca:fe:12:4d:53:f9:bb:61:a5:8e:
                    95:77:84:6e:d6:66:ac:0d:7b:2c:5b:6d:08:92:bf:
                    9b:65:ab:78:2d:f4:f4:75:17:8c:de:41:0a:83:a6:
                    19:8d:7c:b5:04:aa:fb:19:a9:07:46:7b:22:17:0e:
                    34:46:e1:7a:25:46:60:b0:af:88:9b:6d:bb:47:cd:
                    37:a0:f5:ab:3e:8d:df:2a:6a:ac:41:49:c0:23:bc:
                    a5:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:B7:71:5E:B2:AA:01:48:4B:17:98:AA:E7:FC:B2:F3:87:F0:12:6F
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/sLdxXrKqAUhLF5iq5_yy84fwEm8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.33.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c7:a1:d7:43:cd:7f:39:90:e0:0b:bf:b8:b8:05:c3:1b:ac:33:
         a5:ee:ea:df:49:0b:f0:df:c9:ea:73:30:62:fc:d2:81:37:87:
         c4:a5:22:38:8d:db:1a:cd:6d:9d:17:03:8e:a8:85:f0:67:f9:
         49:ed:87:bd:02:63:7d:1c:bf:7e:ac:19:a3:bc:6a:83:70:1b:
         e1:ff:a7:52:d4:1c:42:bd:f7:cf:0c:7a:c7:e3:44:f1:44:88:
         67:9e:c4:94:be:54:36:64:1e:21:36:23:80:9c:5f:30:07:23:
         72:48:79:d4:1f:21:31:8c:52:76:6a:28:39:fe:75:46:39:c6:
         ac:a8:c0:b6:56:27:41:7f:29:29:cc:2f:52:e2:0e:c7:30:1c:
         c6:7d:3e:79:08:67:0a:e7:a1:30:0a:e9:bb:c7:fe:fe:9b:62:
         12:0d:20:2a:b7:6e:5d:1d:e2:c6:58:82:e5:26:2f:61:05:69:
         b2:40:af:a3:06:32:40:52:2b:a5:96:6e:2a:68:25:9e:6c:43:
         c3:a1:5e:fd:1e:ad:70:11:91:e9:6c:e4:48:77:84:ba:3e:ba:
         7f:5a:e5:17:ad:41:1d:b0:78:4f:11:17:92:aa:89:d6:87:e4:
         bf:cd:83:f5:2b:ee:36:ca:90:b1:85:af:ac:cf:9c:44:ed:37:
         17:70:f2:35
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt3WUOdvhYunDIlUMEL6+VgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjYwMTAxMDIxODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGI3NzE1ZWIyYWEwMTQ4NGIxNzk4YWFlN2ZjYjJmMzg3ZjAxMjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxjx3i+wOPwz7evrJmj7Q5JJIafXq
R2gEtaYdyYL/qunx/UG9Zh4Tha04tyMAz+aCwHPgPxWsHV6l+6TBYSrc4Yf0wWPy
10Hyn9j5szks7wut/5CPoKAdhWY0ophWysh7IT9OuaCrh0+B52u+9bZbsalpW5ev
lYfzk5UQTqVNQ6hhfvONsYWzq1iJ+e251St4Yfv+35W8Yt71LvLBGqxcHUcq0EAf
23plBMr+Ek1T+bthpY6Vd4Ru1masDXssW20Ikr+bZat4LfT0dReM3kEKg6YZjXy1
BKr7GakHRnsiFw40RuF6JUZgsK+Im227R803oPWrPo3fKmqsQUnAI7ylwwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFLC3cV6yqgFISxeYquf8svOH8BJvMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL3NMZHhYcktxQVVoTEY1aXE1X3l5ODRmd0VtOC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABZIQQw
DQYJKoZIhvcNAQELBQADggEBAMeh10PNfzmQ4Au/uLgFwxusM6Xu6t9JC/Dfyepz
MGL80oE3h8SlIjiN2xrNbZ0XA46ohfBn+Unth70CY30cv36sGaO8aoNwG+H/p1LU
HEK9988MesfjRPFEiGeexJS+VDZkHiE2I4CcXzAHI3JIedQfITGMUnZqKDn+dUY5
xqyowLZWJ0F/KSnML1LiDscwHMZ9PnkIZwrnoTAK6bvH/v6bYhINICq3bl0d4sZY
guUmL2EFabJAr6MGMkBSK6WWbipoJZ5sQ8OhXv0erXARkels5Eh3hLo+un9a5Ret
QR2weE8RF5KqidaH5L/Ng/Ur7jbKkLGFr6zPnETtNxdw8jU=
-----END CERTIFICATE-----