This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.


Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/sEW-nBDYEoIPkX40cafNJjT9r_k.roa
File:                     sEW-nBDYEoIPkX40cafNJjT9r_k.roa (raw, json)
Hash identifier:          3LO+mXh/SWTUhxboYQmY9VDUiNnZZLH7HYVe5glpxHc=
Subject key identifier:   B0:45:BE:9C:10:D8:12:82:0F:91:7E:34:71:A7:CD:26:34:FD:AF:F9
Certificate issuer:       /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial:       019B2DE2B121C0703570367575FFBC530BAF
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/sEW-nBDYEoIPkX40cafNJjT9r_k.roa
Signing time:             Wed 17 Dec 2025 19:56:29 +0000
ROA not before:           Wed 17 Dec 2025 19:56:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        89.42.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Dec 2025 01:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:2d:e2:b1:21:c0:70:35:70:36:75:75:ff:bc:53:0b:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
        Validity
            Not Before: Dec 17 19:56:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b045be9c10d812820f917e3471a7cd2634fdaff9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:74:54:52:41:5a:4f:53:5e:ee:df:d8:75:a2:
                    b2:38:f5:d3:27:2c:86:72:41:9b:2d:15:b8:50:61:
                    d4:e6:27:49:d0:be:26:c8:87:21:01:78:17:49:2f:
                    39:9d:b4:1b:f1:89:ff:94:db:03:fb:9a:eb:78:fd:
                    f6:2a:03:e1:cc:6a:e4:ae:a2:42:7b:90:aa:1c:50:
                    9d:78:c6:f9:aa:2c:e0:a8:e9:78:f4:5f:53:9b:36:
                    59:9b:41:49:e1:8f:8f:1d:6d:97:1f:46:f5:42:af:
                    25:4a:52:90:8b:46:e5:b6:08:59:ca:38:64:45:b4:
                    e8:c3:4c:a6:f7:26:d2:df:c8:88:8c:e0:1e:7e:3d:
                    1a:23:68:9d:ec:3a:ac:dd:97:73:01:26:8c:7d:25:
                    b6:bd:28:f2:51:38:26:e6:de:df:1b:73:97:ec:7c:
                    c5:c6:dc:f4:a8:5f:b4:56:e8:63:d0:60:2f:04:e5:
                    88:15:63:7f:96:76:c5:79:83:9b:22:f5:6e:a4:cd:
                    4f:41:6f:36:83:79:f8:1d:18:a5:7c:79:c4:bf:a6:
                    94:86:81:95:2e:43:53:79:54:eb:c8:55:28:b6:b0:
                    95:c5:ed:c7:19:ce:39:34:3b:95:09:9b:f8:49:f9:
                    7e:ca:1c:85:29:5e:5e:2f:c5:5d:64:38:61:3f:35:
                    8e:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:45:BE:9C:10:D8:12:82:0F:91:7E:34:71:A7:CD:26:34:FD:AF:F9
            X509v3 Authority Key Identifier:
                keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/sEW-nBDYEoIPkX40cafNJjT9r_k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.42.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:96:de:23:7e:51:a6:e6:9c:32:d7:3e:f9:83:3c:15:6b:33:
         8b:d9:03:72:57:67:c4:5e:c4:06:46:1f:52:d0:df:34:f9:4b:
         b6:15:9e:60:c2:44:7c:74:41:f3:fa:55:9f:4a:8c:2d:b4:39:
         37:19:a7:47:28:5c:ed:00:b6:32:01:76:83:dc:ff:17:4b:8c:
         93:63:4f:08:a7:bc:bd:08:f4:e7:22:49:21:f5:ac:74:69:85:
         ae:9b:ed:82:2f:f2:ec:39:68:53:af:ac:9c:04:e5:6c:5d:94:
         4c:f4:de:91:b2:df:03:5d:85:97:9b:ee:3f:74:28:82:4d:60:
         29:06:13:9f:93:24:ac:98:a5:45:15:6d:3e:36:05:6f:8a:d8:
         5d:6b:30:10:c8:3e:d8:15:51:74:3f:0d:e7:24:a3:4b:69:cc:
         25:86:ec:fb:fe:af:96:9f:f4:8c:05:56:93:16:82:18:7f:e6:
         30:44:96:33:d1:27:33:04:9e:f6:0e:6c:87:88:5a:21:4c:e0:
         e9:da:d2:d7:d1:ad:1a:9c:d4:2f:c8:a5:34:93:43:16:9f:70:
         60:09:26:0d:30:84:6d:13:22:e3:23:88:c0:c5:45:fa:b5:0f:
         cd:06:be:62:9d:4a:9d:0d:6c:56:98:6e:d3:15:fe:55:cd:cb:
         1b:b7:c4:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZst4rEhwHA1cDZ1df+8UwuvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjUxMjE3MTk1NjI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDQ1YmU5YzEwZDgxMjgyMGY5MTdlMzQ3MWE3Y2QyNjM0ZmRhZmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwnRUUkFaT1Ne7t/YdaKyOPXTJyyG
ckGbLRW4UGHU5idJ0L4myIchAXgXSS85nbQb8Yn/lNsD+5rreP32KgPhzGrkrqJC
e5CqHFCdeMb5qizgqOl49F9TmzZZm0FJ4Y+PHW2XH0b1Qq8lSlKQi0bltghZyjhk
RbTow0ym9ybS38iIjOAefj0aI2id7Dqs3ZdzASaMfSW2vSjyUTgm5t7fG3OX7HzF
xtz0qF+0Vuhj0GAvBOWIFWN/lnbFeYObIvVupM1PQW82g3n4HRilfHnEv6aUhoGV
LkNTeVTryFUotrCVxe3HGc45NDuVCZv4Sfl+yhyFKV5eL8VdZDhhPzWOaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLBFvpwQ2BKCD5F+NHGnzSY0/a/5MB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvc0VXLW5CRFlFb0lQa1g0MGNhZk5KalQ5cl9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSrVMA0G
CSqGSIb3DQEBCwUAA4IBAQCBlt4jflGm5pwy1z75gzwVazOL2QNyV2fEXsQGRh9S
0N80+Uu2FZ5gwkR8dEHz+lWfSowttDk3GadHKFztALYyAXaD3P8XS4yTY08Ip7y9
CPTnIkkh9ax0aYWum+2CL/LsOWhTr6ycBOVsXZRM9N6Rst8DXYWXm+4/dCiCTWAp
BhOfkySsmKVFFW0+NgVvithdazAQyD7YFVF0Pw3nJKNLacwlhuz7/q+Wn/SMBVaT
FoIYf+YwRJYz0SczBJ72DmyHiFohTODp2tLX0a0anNQvyKU0k0MWn3BgCSYNMIRt
EyLjI4jAxUX6tQ/NBr5inUqdDWxWmG7TFf5Vzcsbt8QR
-----END CERTIFICATE-----
Generated at Sat Dec 20 07:29:08 2025 by rpki-client