This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/72855f-afa8-4d6f-8ef9-13f65b543cc4/1/8bmJkssiqMmgoFhVLjPuiVh-JXk.roa
File:                     8bmJkssiqMmgoFhVLjPuiVh-JXk.roa (raw, json)
Hash identifier:          wsFMvOiuuz/DL1nPZTplboq3GQRPHDLxwfXC+j9gOCo=
Subject key identifier:   F1:B9:89:92:CB:22:A8:C9:A0:A0:58:55:2E:33:EE:89:58:7E:25:79
Certificate issuer:       /CN=d515932960f3c174d4957abe9f5ab295264d5453
Certificate serial:       019B7AC8DCF76D1C41F707096E3D11F7CAB5
Authority key identifier: D5:15:93:29:60:F3:C1:74:D4:95:7A:BE:9F:5A:B2:95:26:4D:54:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1RWTKWDzwXTUlXq-n1qylSZNVFM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/72855f-afa8-4d6f-8ef9-13f65b543cc4/1/8bmJkssiqMmgoFhVLjPuiVh-JXk.roa
Signing time:             Thu 01 Jan 2026 18:19:02 +0000
ROA not before:           Thu 01 Jan 2026 18:19:02 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50056
IP address blocks:        92.119.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/72855f-afa8-4d6f-8ef9-13f65b543cc4/1/1RWTKWDzwXTUlXq-n1qylSZNVFM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/72855f-afa8-4d6f-8ef9-13f65b543cc4/1/1RWTKWDzwXTUlXq-n1qylSZNVFM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1RWTKWDzwXTUlXq-n1qylSZNVFM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:dc:f7:6d:1c:41:f7:07:09:6e:3d:11:f7:ca:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d515932960f3c174d4957abe9f5ab295264d5453
        Validity
            Not Before: Jan  1 18:19:02 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f1b98992cb22a8c9a0a058552e33ee89587e2579
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:b1:22:3c:db:30:44:41:a3:c9:5c:88:d9:61:
                    85:12:d0:bb:b9:3d:3e:2c:7b:5d:b3:30:fc:b0:3e:
                    9a:4f:07:ca:14:2e:21:1d:a1:c9:76:2a:3f:ce:cf:
                    ae:69:6f:67:60:1d:f2:4c:fd:a0:44:13:b0:d6:3b:
                    6f:ea:12:71:b5:85:3c:63:4a:a5:c2:cc:89:32:f1:
                    67:2b:a2:6c:cd:ca:59:b1:2e:e0:17:6a:e7:7c:47:
                    ae:5c:3b:96:55:4d:f9:96:33:23:bb:c6:c7:ed:de:
                    a0:b1:d1:ed:54:48:e5:7e:31:f2:e4:8f:a3:aa:7c:
                    b1:90:31:c1:75:36:2b:44:a2:c2:bf:1b:96:08:54:
                    17:76:00:45:a7:63:35:43:ec:b0:83:12:aa:f8:06:
                    62:23:8b:da:74:b4:99:ef:41:00:4a:ec:22:76:6a:
                    b4:9a:12:94:27:37:2c:31:2e:fb:65:e6:21:0a:df:
                    e5:02:02:8b:bd:96:5b:ce:9f:60:d7:4c:de:db:6b:
                    57:fb:21:4a:2f:e8:8f:8f:71:57:84:08:23:11:63:
                    83:dd:c4:9a:b3:43:a5:22:a1:cb:72:ba:f8:77:f2:
                    de:03:c7:3a:a7:8e:e5:05:7f:6b:f7:37:cc:7b:76:
                    df:2f:91:14:fc:eb:a7:c0:0e:c9:67:e2:5e:7c:d8:
                    5b:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:B9:89:92:CB:22:A8:C9:A0:A0:58:55:2E:33:EE:89:58:7E:25:79
            X509v3 Authority Key Identifier:
                keyid:D5:15:93:29:60:F3:C1:74:D4:95:7A:BE:9F:5A:B2:95:26:4D:54:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1RWTKWDzwXTUlXq-n1qylSZNVFM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/72855f-afa8-4d6f-8ef9-13f65b543cc4/1/8bmJkssiqMmgoFhVLjPuiVh-JXk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/72855f-afa8-4d6f-8ef9-13f65b543cc4/1/1RWTKWDzwXTUlXq-n1qylSZNVFM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.119.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:b9:69:29:bd:fa:2f:ac:0e:b6:2f:46:ce:e4:9c:a2:15:3a:
         97:98:71:c4:f0:4a:c9:05:3f:1d:a0:a4:c9:f5:9d:a1:cf:a3:
         77:b7:44:1d:b1:0f:9c:b8:61:1b:39:26:92:77:5a:b0:1a:cb:
         05:8b:b6:cb:86:ab:98:0d:49:95:d5:e3:83:3c:6b:61:be:a9:
         9d:4f:06:a8:9f:dd:2b:fa:c6:fb:82:1f:d3:ed:29:77:33:00:
         4e:a0:e9:fc:7b:92:08:d9:28:ab:cd:c7:59:85:d9:ab:32:c2:
         f6:2b:90:17:b3:4c:8f:eb:8a:d9:22:f4:cf:7a:30:0f:9f:65:
         5f:86:54:48:11:73:f5:17:85:64:8c:35:54:52:cc:e8:60:22:
         c5:6a:52:32:9b:a1:4a:0e:6c:fe:2b:a3:c0:4c:8b:54:6d:d4:
         84:99:eb:40:8a:e8:b5:3a:56:fb:f6:06:f1:24:4e:76:11:cb:
         47:09:d6:f2:68:d5:98:37:3a:eb:4b:8d:99:29:fb:f3:1c:78:
         98:c0:8b:7d:a6:04:b4:25:63:82:2a:83:da:6e:dc:83:67:5d:
         2f:3f:7f:87:90:7c:46:c3:47:ff:e2:bd:2b:50:68:1b:b8:71:
         c0:9a:c9:93:47:91:03:fe:60:72:f2:37:1a:46:38:dc:86:91:
         c9:c4:46:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yNz3bRxB9wcJbj0R98q1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1MTU5MzI5NjBmM2MxNzRkNDk1N2FiZTlmNWFiMjk1MjY0
ZDU0NTMwHhcNMjYwMTAxMTgxOTAyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWI5ODk5MmNiMjJhOGM5YTBhMDU4NTUyZTMzZWU4OTU4N2UyNTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuLEiPNswREGjyVyI2WGFEtC7uT0+
LHtdszD8sD6aTwfKFC4hHaHJdio/zs+uaW9nYB3yTP2gRBOw1jtv6hJxtYU8Y0ql
wsyJMvFnK6JszcpZsS7gF2rnfEeuXDuWVU35ljMju8bH7d6gsdHtVEjlfjHy5I+j
qnyxkDHBdTYrRKLCvxuWCFQXdgBFp2M1Q+ywgxKq+AZiI4vadLSZ70EASuwidmq0
mhKUJzcsMS77ZeYhCt/lAgKLvZZbzp9g10ze22tX+yFKL+iPj3FXhAgjEWOD3cSa
s0OlIqHLcrr4d/LeA8c6p47lBX9r9zfMe3bfL5EU/OunwA7JZ+JefNhbhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPG5iZLLIqjJoKBYVS4z7olYfiV5MB8GA1UdIwQY
MBaAFNUVkylg88F01JV6vp9aspUmTVRTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVJXVEtXRHp3WFRVbFhxLW4xcXlsU1pOVkZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi83Mjg1NWYtYWZhOC00ZDZmLThlZjkt
MTNmNjViNTQzY2M0LzEvOGJtSmtzc2lxTW1nb0ZoVkxqUHVpVmgtSlhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi83Mjg1NWYtYWZhOC00ZDZmLThlZjktMTNmNjViNTQzY2M0
LzEvMVJXVEtXRHp3WFRVbFhxLW4xcXlsU1pOVkZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXHeQMA0G
CSqGSIb3DQEBCwUAA4IBAQAduWkpvfovrA62L0bO5JyiFTqXmHHE8ErJBT8doKTJ
9Z2hz6N3t0QdsQ+cuGEbOSaSd1qwGssFi7bLhquYDUmV1eODPGthvqmdTwaon90r
+sb7gh/T7Sl3MwBOoOn8e5II2SirzcdZhdmrMsL2K5AXs0yP64rZIvTPejAPn2Vf
hlRIEXP1F4VkjDVUUszoYCLFalIym6FKDmz+K6PATItUbdSEmetAiui1Olb79gbx
JE52EctHCdbyaNWYNzrrS42ZKfvzHHiYwIt9pgS0JWOCKoPabtyDZ10vP3+HkHxG
w0f/4r0rUGgbuHHAmsmTR5ED/mBy8jcaRjjchpHJxEYt
-----END CERTIFICATE-----