This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/3ba1e6-1fe2-49fa-b36e-fe5ab8111bf0/1/lTdGRDnrt9WeZntnZqlzp_ouBUk.roa
File:                     lTdGRDnrt9WeZntnZqlzp_ouBUk.roa (raw, json)
Hash identifier:          7Ld1N10vzsnooyAXDhjI5cFlj26fJBqTU53xQhD+MQU=
Subject key identifier:   95:37:46:44:39:EB:B7:D5:9E:66:7B:67:66:A9:73:A7:FA:2E:05:49
Certificate issuer:       /CN=be2a615dea6a54eaf27dfe99c07e3cdc8d775fbe
Certificate serial:       019B77C74E2320A3A7C09A9662954FD3B682
Authority key identifier: BE:2A:61:5D:EA:6A:54:EA:F2:7D:FE:99:C0:7E:3C:DC:8D:77:5F:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/viphXepqVOryff6ZwH483I13X74.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/3ba1e6-1fe2-49fa-b36e-fe5ab8111bf0/1/lTdGRDnrt9WeZntnZqlzp_ouBUk.roa
Signing time:             Thu 01 Jan 2026 04:18:28 +0000
ROA not before:           Thu 01 Jan 2026 04:18:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8075
IP address blocks:        89.200.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/3ba1e6-1fe2-49fa-b36e-fe5ab8111bf0/1/viphXepqVOryff6ZwH483I13X74.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/3ba1e6-1fe2-49fa-b36e-fe5ab8111bf0/1/viphXepqVOryff6ZwH483I13X74.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/viphXepqVOryff6ZwH483I13X74.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 Jan 2026 19:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:4e:23:20:a3:a7:c0:9a:96:62:95:4f:d3:b6:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be2a615dea6a54eaf27dfe99c07e3cdc8d775fbe
        Validity
            Not Before: Jan  1 04:18:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9537464439ebb7d59e667b6766a973a7fa2e0549
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:a6:8f:e8:31:e7:af:f2:0b:ee:43:76:21:0a:
                    81:40:dd:7e:da:87:4b:a2:a3:95:f7:68:7a:74:05:
                    bb:76:16:47:fd:4e:cf:a6:91:b6:d9:f0:81:1c:33:
                    54:42:d9:f4:bd:9f:7e:ed:d0:65:66:f8:c0:d1:2f:
                    79:e8:aa:cb:df:06:84:9a:e3:65:71:3d:68:e8:84:
                    de:1b:3e:1c:6b:82:ae:57:d7:09:4a:a1:c4:8a:6a:
                    a2:bd:07:fa:4b:28:81:44:26:e7:94:b4:85:7f:5d:
                    83:cc:c9:70:f3:9a:1f:5c:a5:75:07:39:76:5d:ba:
                    ca:bc:0c:e6:ca:a5:78:20:62:2d:ff:ea:9d:95:4f:
                    12:26:96:63:1f:49:67:67:d8:24:4a:9e:1e:56:18:
                    d6:b1:1c:fa:cd:f3:9b:f4:c9:f9:59:97:8f:5d:79:
                    24:1b:96:cc:a6:22:3a:a0:d7:ba:25:46:fd:8e:00:
                    ab:e7:3f:3d:c0:45:b1:f0:de:dc:51:d1:d9:63:8a:
                    c5:df:ce:c3:bb:a2:ce:e7:c3:8d:46:f3:c5:cd:ed:
                    20:aa:9e:01:af:3c:c7:a5:3f:8e:e2:e7:0c:bb:59:
                    b9:4a:06:0a:a8:9f:bf:30:13:5e:7e:af:b3:4e:0a:
                    0a:ab:1c:a9:c7:7a:9a:bd:af:65:1e:32:d8:4b:35:
                    88:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:37:46:44:39:EB:B7:D5:9E:66:7B:67:66:A9:73:A7:FA:2E:05:49
            X509v3 Authority Key Identifier:
                keyid:BE:2A:61:5D:EA:6A:54:EA:F2:7D:FE:99:C0:7E:3C:DC:8D:77:5F:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/viphXepqVOryff6ZwH483I13X74.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/3ba1e6-1fe2-49fa-b36e-fe5ab8111bf0/1/lTdGRDnrt9WeZntnZqlzp_ouBUk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/3ba1e6-1fe2-49fa-b36e-fe5ab8111bf0/1/viphXepqVOryff6ZwH483I13X74.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.200.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:d2:2e:fe:16:15:39:73:62:7c:30:36:60:d3:a7:70:2a:e7:
         c1:fa:7e:10:e8:83:b1:40:b7:02:8f:9e:e8:03:c8:ad:24:d8:
         8e:83:ce:dd:7d:23:eb:4e:03:ab:72:b7:5e:1a:6c:31:b3:ae:
         80:50:4c:5a:57:96:2b:a1:9f:44:9b:1f:2b:33:04:1c:cf:77:
         a4:c2:76:61:46:46:94:36:ad:90:1b:f5:70:e9:2f:82:d2:dc:
         45:c9:db:f8:60:cd:82:1d:5c:ee:2b:72:2a:9b:2e:83:26:df:
         69:31:e1:c0:26:28:55:c9:26:dd:0d:f8:54:54:8e:6f:ea:d6:
         18:9b:1c:39:c5:07:f0:60:4c:a6:53:d1:5a:de:b5:2a:ad:b6:
         b1:1f:1c:fd:a0:a5:ce:65:d7:fb:16:3c:52:1c:b3:98:3a:15:
         3b:46:59:59:3f:10:e1:a3:19:94:92:f1:da:01:f0:43:11:ed:
         5b:52:a8:9c:89:e4:ad:70:82:11:59:e7:86:0f:ee:a1:29:07:
         7a:ad:0c:93:77:2d:c7:db:de:ac:c7:b9:93:b6:07:09:cc:48:
         4f:54:fb:39:08:94:85:e8:ec:0d:89:e6:06:5c:c2:be:f2:03:
         bc:d1:0f:d8:8b:5c:a9:c0:1a:14:45:4f:c4:c6:dc:36:04:77:
         12:3a:8d:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3x04jIKOnwJqWYpVP07aCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlMmE2MTVkZWE2YTU0ZWFmMjdkZmU5OWMwN2UzY2RjOGQ3
NzVmYmUwHhcNMjYwMTAxMDQxODI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTM3NDY0NDM5ZWJiN2Q1OWU2NjdiNjc2NmE5NzNhN2ZhMmUwNTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw6aP6DHnr/IL7kN2IQqBQN1+2odL
oqOV92h6dAW7dhZH/U7PppG22fCBHDNUQtn0vZ9+7dBlZvjA0S956KrL3waEmuNl
cT1o6ITeGz4ca4KuV9cJSqHEimqivQf6SyiBRCbnlLSFf12DzMlw85ofXKV1Bzl2
XbrKvAzmyqV4IGIt/+qdlU8SJpZjH0lnZ9gkSp4eVhjWsRz6zfOb9Mn5WZePXXkk
G5bMpiI6oNe6JUb9jgCr5z89wEWx8N7cUdHZY4rF387Du6LO58ONRvPFze0gqp4B
rzzHpT+O4ucMu1m5SgYKqJ+/MBNefq+zTgoKqxypx3qava9lHjLYSzWI5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJU3RkQ567fVnmZ7Z2apc6f6LgVJMB8GA1UdIwQY
MBaAFL4qYV3qalTq8n3+mcB+PNyNd1++MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmlwaFhlcHFWT3J5ZmY2WndINDgzSTEzWDc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC8zYmExZTYtMWZlMi00OWZhLWIzNmUt
ZmU1YWI4MTExYmYwLzEvbFRkR1JEbnJ0OVdlWm50blpxbHpwX291QlVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC8zYmExZTYtMWZlMi00OWZhLWIzNmUtZmU1YWI4MTExYmYw
LzEvdmlwaFhlcHFWT3J5ZmY2WndINDgzSTEzWDc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWcjAMA0G
CSqGSIb3DQEBCwUAA4IBAQAD0i7+FhU5c2J8MDZg06dwKufB+n4Q6IOxQLcCj57o
A8itJNiOg87dfSPrTgOrcrdeGmwxs66AUExaV5YroZ9Emx8rMwQcz3ekwnZhRkaU
Nq2QG/Vw6S+C0txFydv4YM2CHVzuK3Iqmy6DJt9pMeHAJihVySbdDfhUVI5v6tYY
mxw5xQfwYEymU9Fa3rUqrbaxHxz9oKXOZdf7FjxSHLOYOhU7RllZPxDhoxmUkvHa
AfBDEe1bUqicieStcIIRWeeGD+6hKQd6rQyTdy3H296sx7mTtgcJzEhPVPs5CJSF
6OwNieYGXMK+8gO80Q/Yi1ypwBoURU/Extw2BHcSOo1q
-----END CERTIFICATE-----