This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/IUmwlrvtv1GK99FSlVy4jAmb8QQ.roa
File:                     IUmwlrvtv1GK99FSlVy4jAmb8QQ.roa (raw, json)
Hash identifier:          Tat5zh+atoVuNHAQLSt1TkQzUZPUfwfNC6BJJ0u/Fyg=
Subject key identifier:   21:49:B0:96:BB:ED:BF:51:8A:F7:D1:52:95:5C:B8:8C:09:9B:F1:04
Certificate issuer:       /CN=ebf42e80602aedf58a3c7a81883c1a34f69d2fb4
Certificate serial:       019B7C803FEAA9A388D31D084DC020E905B7
Authority key identifier: EB:F4:2E:80:60:2A:ED:F5:8A:3C:7A:81:88:3C:1A:34:F6:9D:2F:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6_QugGAq7fWKPHqBiDwaNPadL7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/IUmwlrvtv1GK99FSlVy4jAmb8QQ.roa
Signing time:             Fri 02 Jan 2026 02:18:58 +0000
ROA not before:           Fri 02 Jan 2026 02:18:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49164
IP address blocks:        89.36.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/6_QugGAq7fWKPHqBiDwaNPadL7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/6_QugGAq7fWKPHqBiDwaNPadL7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6_QugGAq7fWKPHqBiDwaNPadL7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 20:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:3f:ea:a9:a3:88:d3:1d:08:4d:c0:20:e9:05:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebf42e80602aedf58a3c7a81883c1a34f69d2fb4
        Validity
            Not Before: Jan  2 02:18:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2149b096bbedbf518af7d152955cb88c099bf104
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:d6:c3:40:51:2c:7b:90:e8:bf:01:bb:50:d2:
                    6d:1c:13:21:9e:d3:f4:b9:60:24:3b:2f:20:63:5e:
                    8d:23:d5:3a:a9:ea:9d:91:60:4c:0b:75:ff:ff:a1:
                    32:ae:95:d1:a7:81:4f:be:fd:e3:6b:fa:3b:36:14:
                    65:e9:f7:b5:78:14:f5:59:79:1e:72:4e:44:50:b5:
                    0b:4f:89:17:a5:e7:09:46:ff:22:48:48:ab:8a:df:
                    3c:09:10:01:da:48:8a:2b:82:5d:a6:80:1d:ae:6b:
                    b0:5b:cc:5b:e7:9a:ad:c2:5b:0f:60:2a:cd:e1:fd:
                    e4:db:be:81:10:99:d9:a3:bf:f3:74:3b:20:af:c4:
                    17:6c:2c:81:42:46:51:14:bf:eb:3a:f2:57:0a:5d:
                    b3:20:ce:ce:56:ad:87:e1:16:8a:ee:6e:23:95:9f:
                    5f:f7:17:52:ea:f3:a1:1d:9a:7a:cd:40:74:20:b2:
                    81:83:c3:16:ea:5e:e7:e0:23:6a:7f:6a:8b:40:1d:
                    40:86:10:51:2f:13:ac:aa:a9:33:c7:4f:5e:3f:03:
                    a5:b5:cb:a2:a1:1e:ee:fb:27:ea:c9:7c:8f:8d:db:
                    70:0a:3a:10:f0:af:4a:3c:d1:2c:52:59:9e:76:f7:
                    0a:1a:9b:20:59:e8:36:a8:7d:63:23:57:58:f1:5b:
                    a4:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:49:B0:96:BB:ED:BF:51:8A:F7:D1:52:95:5C:B8:8C:09:9B:F1:04
            X509v3 Authority Key Identifier:
                keyid:EB:F4:2E:80:60:2A:ED:F5:8A:3C:7A:81:88:3C:1A:34:F6:9D:2F:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6_QugGAq7fWKPHqBiDwaNPadL7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/IUmwlrvtv1GK99FSlVy4jAmb8QQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/6_QugGAq7fWKPHqBiDwaNPadL7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.36.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:ed:26:fe:75:b8:df:5a:1c:0c:db:62:2a:78:69:0d:ae:19:
         3f:5b:9d:fd:32:e6:2e:79:13:dc:e2:c0:80:4b:dc:fc:7c:42:
         e2:19:f1:e6:7c:45:93:1a:4c:f8:d8:23:fd:b9:98:d5:67:20:
         3e:60:4d:bf:99:20:bc:a4:7f:d7:d9:66:18:32:ae:f8:ab:62:
         a6:bd:29:64:d1:a7:c2:28:4f:dc:ce:d3:80:04:c4:ac:3a:ee:
         90:b8:4b:ba:f8:36:76:f4:40:b0:3a:ad:25:99:cb:5a:33:0e:
         4e:a5:51:87:7c:ba:c7:f2:26:5e:24:95:70:b4:b4:ad:ac:ee:
         64:84:be:69:0a:fc:65:3d:ea:ce:84:89:41:c7:fb:97:fa:b5:
         5c:d4:f5:bf:32:d0:18:03:b3:20:1a:a3:f2:aa:c3:47:5a:7f:
         25:57:08:94:41:aa:ae:08:74:19:1f:fc:a1:00:94:ee:8c:07:
         95:56:cc:b7:df:d1:9d:e6:3f:5d:52:a3:4d:a0:13:5c:86:ab:
         f2:1c:ba:dc:39:19:17:61:d4:71:47:4d:91:e1:c0:53:65:00:
         6f:cc:24:c8:2f:a1:ef:c7:31:1b:7b:af:07:49:ee:36:bb:e1:
         cf:19:2e:fd:b5:68:b9:23:68:10:95:42:0e:31:18:ed:0d:e2:
         02:0c:78:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gD/qqaOI0x0ITcAg6QW3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViZjQyZTgwNjAyYWVkZjU4YTNjN2E4MTg4M2MxYTM0ZjY5
ZDJmYjQwHhcNMjYwMTAyMDIxODU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTQ5YjA5NmJiZWRiZjUxOGFmN2QxNTI5NTVjYjg4YzA5OWJmMTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzdbDQFEse5DovwG7UNJtHBMhntP0
uWAkOy8gY16NI9U6qeqdkWBMC3X//6EyrpXRp4FPvv3ja/o7NhRl6fe1eBT1WXke
ck5EULULT4kXpecJRv8iSEirit88CRAB2kiKK4JdpoAdrmuwW8xb55qtwlsPYCrN
4f3k276BEJnZo7/zdDsgr8QXbCyBQkZRFL/rOvJXCl2zIM7OVq2H4RaK7m4jlZ9f
9xdS6vOhHZp6zUB0ILKBg8MW6l7n4CNqf2qLQB1AhhBRLxOsqqkzx09ePwOltcui
oR7u+yfqyXyPjdtwCjoQ8K9KPNEsUlmedvcKGpsgWeg2qH1jI1dY8VukywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCFJsJa77b9RivfRUpVcuIwJm/EEMB8GA1UdIwQY
MBaAFOv0LoBgKu31ijx6gYg8GjT2nS+0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNl9RdWdHQXE3ZldLUEhxQmlEd2FOUGFkTDdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS8wOTUyZDQtNGE0OS00NDdkLWFkM2Mt
MTkwM2VkYWZhOGJmLzEvSVVtd2xydnR2MUdLOTlGU2xWeTRqQW1iOFFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS8wOTUyZDQtNGE0OS00NDdkLWFkM2MtMTkwM2VkYWZhOGJm
LzEvNl9RdWdHQXE3ZldLUEhxQmlEd2FOUGFkTDdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSStMA0G
CSqGSIb3DQEBCwUAA4IBAQAJ7Sb+dbjfWhwM22IqeGkNrhk/W539MuYueRPc4sCA
S9z8fELiGfHmfEWTGkz42CP9uZjVZyA+YE2/mSC8pH/X2WYYMq74q2KmvSlk0afC
KE/cztOABMSsOu6QuEu6+DZ29ECwOq0lmctaMw5OpVGHfLrH8iZeJJVwtLStrO5k
hL5pCvxlPerOhIlBx/uX+rVc1PW/MtAYA7MgGqPyqsNHWn8lVwiUQaquCHQZH/yh
AJTujAeVVsy339Gd5j9dUqNNoBNchqvyHLrcORkXYdRxR02R4cBTZQBvzCTIL6Hv
xzEbe68HSe42u+HPGS79tWi5I2gQlUIOMRjtDeICDHjZ
-----END CERTIFICATE-----