This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/627e60-00a6-4d26-b93a-ef73b7b4ca3c/1/xywtwPVtKI2c3GfGQ6zEtHEmcuk.roa
File:                     xywtwPVtKI2c3GfGQ6zEtHEmcuk.roa (raw, json)
Hash identifier:          rjSOo1Wse8hlTDW23Au03BF12xwjNXnRbuXo4liko2I=
Subject key identifier:   C7:2C:2D:C0:F5:6D:28:8D:9C:DC:67:C6:43:AC:C4:B4:71:26:72:E9
Certificate issuer:       /CN=b9b350a0ae32e73e660c416c3f1406edd3615f82
Certificate serial:       019B7BA51FC8787D37B80B2EE15E63B2C152
Authority key identifier: B9:B3:50:A0:AE:32:E7:3E:66:0C:41:6C:3F:14:06:ED:D3:61:5F:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ubNQoK4y5z5mDEFsPxQG7dNhX4I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/627e60-00a6-4d26-b93a-ef73b7b4ca3c/1/xywtwPVtKI2c3GfGQ6zEtHEmcuk.roa
Signing time:             Thu 01 Jan 2026 22:19:37 +0000
ROA not before:           Thu 01 Jan 2026 22:19:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20845
IP address blocks:        89.107.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/627e60-00a6-4d26-b93a-ef73b7b4ca3c/1/ubNQoK4y5z5mDEFsPxQG7dNhX4I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/627e60-00a6-4d26-b93a-ef73b7b4ca3c/1/ubNQoK4y5z5mDEFsPxQG7dNhX4I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ubNQoK4y5z5mDEFsPxQG7dNhX4I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:1f:c8:78:7d:37:b8:0b:2e:e1:5e:63:b2:c1:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9b350a0ae32e73e660c416c3f1406edd3615f82
        Validity
            Not Before: Jan  1 22:19:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c72c2dc0f56d288d9cdc67c643acc4b4712672e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:14:7b:90:d1:cc:fe:81:fc:8e:21:82:32:29:
                    b1:c1:0f:25:64:e5:1f:41:23:91:fc:62:e4:f6:7f:
                    3f:2a:19:9c:ea:62:a0:0a:70:bb:5f:db:ed:a7:38:
                    20:aa:a4:b3:5c:8f:4e:bd:89:8f:78:27:a8:50:fe:
                    ae:37:10:1e:22:94:1b:44:0c:8e:ed:b6:2c:67:a4:
                    bc:57:5c:b7:5c:3e:95:c0:d1:38:dd:d0:68:be:8c:
                    bb:18:06:40:60:78:db:21:c8:78:0e:b3:e2:5c:70:
                    d6:8e:d6:75:62:8b:de:a3:63:87:73:b9:b0:56:a8:
                    57:92:76:75:56:04:ef:59:a5:10:aa:5d:99:9e:ef:
                    a8:2c:a1:b6:df:c0:09:58:9d:02:bf:f4:17:37:d1:
                    a0:f3:cf:27:e6:b7:b7:f8:96:dd:f1:3a:82:4c:75:
                    ae:47:4d:d2:81:4c:c3:5d:0b:0a:7a:d4:9c:0d:63:
                    5e:e2:9a:b6:e4:14:69:62:87:db:ff:73:a1:23:27:
                    0b:73:73:b6:28:3d:6d:50:b9:c0:33:e5:34:2a:80:
                    2a:28:09:8e:71:c0:c4:f5:a8:47:64:47:49:22:56:
                    8f:96:3a:49:6e:59:45:e2:58:2e:86:28:b3:38:c7:
                    9f:24:ec:98:2f:1d:59:42:57:b9:b2:b8:23:66:ca:
                    cb:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:2C:2D:C0:F5:6D:28:8D:9C:DC:67:C6:43:AC:C4:B4:71:26:72:E9
            X509v3 Authority Key Identifier:
                keyid:B9:B3:50:A0:AE:32:E7:3E:66:0C:41:6C:3F:14:06:ED:D3:61:5F:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ubNQoK4y5z5mDEFsPxQG7dNhX4I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/627e60-00a6-4d26-b93a-ef73b7b4ca3c/1/xywtwPVtKI2c3GfGQ6zEtHEmcuk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/627e60-00a6-4d26-b93a-ef73b7b4ca3c/1/ubNQoK4y5z5mDEFsPxQG7dNhX4I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.107.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:d0:11:52:d4:14:9c:cf:ab:20:c9:b8:af:ba:52:0a:0c:05:
         b6:5a:77:d7:83:7e:fc:0d:d5:21:64:bf:bc:8f:d2:94:b3:23:
         e5:ce:53:2b:6e:7a:5e:dd:e8:4d:25:cd:12:37:ca:63:24:fa:
         72:1f:f1:a7:7a:13:15:69:83:3e:6b:d6:e2:fc:82:70:08:ee:
         1e:a5:63:2d:3e:9d:c6:c4:05:21:0a:0b:c3:4e:10:53:59:36:
         5d:6e:5b:18:a0:ff:11:72:43:82:20:54:f8:56:33:07:70:52:
         c5:76:0c:14:9c:ff:a2:6e:24:64:ce:ff:d5:90:fb:b5:62:f9:
         34:9b:76:21:8d:9d:75:54:e2:31:a1:e9:28:56:4d:ae:70:22:
         b8:51:23:23:54:88:a5:27:d7:e2:ef:e4:3d:66:6e:7e:a4:b4:
         89:a6:fb:21:e4:f7:ff:4c:bc:42:d2:d8:d5:0f:69:c3:75:6d:
         98:e3:41:7d:28:c5:72:72:ba:74:e0:18:4c:e1:f5:06:bb:a4:
         4b:da:fa:d2:12:61:0c:da:d3:f1:dd:7b:43:c9:3a:20:b2:71:
         68:47:3d:ab:4b:3d:d9:64:29:56:f9:71:50:07:50:1b:7f:ac:
         82:83:5c:41:35:81:30:ba:a0:05:c6:45:6e:4c:e6:ef:e6:2a:
         6d:f4:ae:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pR/IeH03uAsu4V5jssFSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5YjM1MGEwYWUzMmU3M2U2NjBjNDE2YzNmMTQwNmVkZDM2
MTVmODIwHhcNMjYwMTAxMjIxOTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzJjMmRjMGY1NmQyODhkOWNkYzY3YzY0M2FjYzRiNDcxMjY3MmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArhR7kNHM/oH8jiGCMimxwQ8lZOUf
QSOR/GLk9n8/Khmc6mKgCnC7X9vtpzggqqSzXI9OvYmPeCeoUP6uNxAeIpQbRAyO
7bYsZ6S8V1y3XD6VwNE43dBovoy7GAZAYHjbIch4DrPiXHDWjtZ1Yoveo2OHc7mw
VqhXknZ1VgTvWaUQql2Znu+oLKG238AJWJ0Cv/QXN9Gg888n5re3+Jbd8TqCTHWu
R03SgUzDXQsKetScDWNe4pq25BRpYofb/3OhIycLc3O2KD1tULnAM+U0KoAqKAmO
ccDE9ahHZEdJIlaPljpJbllF4lguhiizOMefJOyYLx1ZQle5srgjZsrLeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMcsLcD1bSiNnNxnxkOsxLRxJnLpMB8GA1UdIwQY
MBaAFLmzUKCuMuc+ZgxBbD8UBu3TYV+CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWJOUW9LNHk1ejVtREVGc1B4UUc3ZE5oWDRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS82MjdlNjAtMDBhNi00ZDI2LWI5M2Et
ZWY3M2I3YjRjYTNjLzEveHl3dHdQVnRLSTJjM0dmR1E2ekV0SEVtY3VrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS82MjdlNjAtMDBhNi00ZDI2LWI5M2EtZWY3M2I3YjRjYTNj
LzEvdWJOUW9LNHk1ejVtREVGc1B4UUc3ZE5oWDRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWWv4MA0G
CSqGSIb3DQEBCwUAA4IBAQAS0BFS1BScz6sgybivulIKDAW2WnfXg378DdUhZL+8
j9KUsyPlzlMrbnpe3ehNJc0SN8pjJPpyH/GnehMVaYM+a9bi/IJwCO4epWMtPp3G
xAUhCgvDThBTWTZdblsYoP8RckOCIFT4VjMHcFLFdgwUnP+ibiRkzv/VkPu1Yvk0
m3YhjZ11VOIxoekoVk2ucCK4USMjVIilJ9fi7+Q9Zm5+pLSJpvsh5Pf/TLxC0tjV
D2nDdW2Y40F9KMVycrp04BhM4fUGu6RL2vrSEmEM2tPx3XtDyTogsnFoRz2rSz3Z
ZClW+XFQB1Abf6yCg1xBNYEwuqAFxkVuTObv5ipt9K5/
-----END CERTIFICATE-----