This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/8dz0TrMtwzys9aId9S0iNBUOM6I.roa
File:                     8dz0TrMtwzys9aId9S0iNBUOM6I.roa (raw, json)
Hash identifier:          QLXQgTisSL5o9NDXTvqc31xSu43P2bWSnl0Mbj1LxKA=
Subject key identifier:   F1:DC:F4:4E:B3:2D:C3:3C:AC:F5:A2:1D:F5:2D:22:34:15:0E:33:A2
Certificate issuer:       /CN=89ac0acbfdb7a274ef36c16f5860ada2a2470697
Certificate serial:       019B7A5AB6D0907E8ADDFA36A7863BF6C100
Authority key identifier: 89:AC:0A:CB:FD:B7:A2:74:EF:36:C1:6F:58:60:AD:A2:A2:47:06:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/8dz0TrMtwzys9aId9S0iNBUOM6I.roa
Signing time:             Thu 01 Jan 2026 16:18:43 +0000
ROA not before:           Thu 01 Jan 2026 16:18:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210281
IP address blocks:        94.137.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:b6:d0:90:7e:8a:dd:fa:36:a7:86:3b:f6:c1:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89ac0acbfdb7a274ef36c16f5860ada2a2470697
        Validity
            Not Before: Jan  1 16:18:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f1dcf44eb32dc33cacf5a21df52d2234150e33a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:f4:e5:3b:53:6d:e6:34:21:5f:5e:1c:7a:69:
                    c5:eb:2e:8b:33:39:0c:c1:da:38:b1:55:3a:99:81:
                    29:a3:7f:c8:d9:45:53:24:0e:e1:b5:38:df:39:85:
                    37:88:bb:3f:f9:ba:79:fa:c9:8c:cb:d3:8d:75:a9:
                    11:65:8b:7a:67:ea:f0:74:d3:be:f2:54:81:a5:a8:
                    6f:cf:04:53:d0:11:6d:56:5b:45:bf:4f:a4:7f:42:
                    86:8c:46:aa:62:87:82:fa:af:9d:85:08:ee:f4:bc:
                    de:0c:2c:48:ec:9f:42:19:52:c2:8a:43:a2:c0:0b:
                    8b:be:39:38:fa:3e:28:96:f2:91:58:84:2f:69:dd:
                    0a:31:92:67:f5:7a:fe:0e:0a:28:e6:69:17:65:4e:
                    48:aa:5e:12:3d:07:db:20:1b:80:77:00:d9:7d:a0:
                    b5:6d:ba:a6:e2:d0:08:88:93:31:8c:2f:25:8e:30:
                    b7:89:f1:c2:66:e3:bf:7e:d8:f4:a6:25:4b:70:e2:
                    de:a3:cc:1c:c9:71:50:96:38:c8:a1:94:34:53:ce:
                    60:a1:5a:f7:70:fe:bb:c7:f8:f4:71:80:d7:0d:b1:
                    42:9f:a5:54:f7:6f:07:2d:9c:55:a8:d1:f6:e2:06:
                    80:a8:5c:02:06:cf:91:2d:67:8b:59:5a:45:e8:c9:
                    c8:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:DC:F4:4E:B3:2D:C3:3C:AC:F5:A2:1D:F5:2D:22:34:15:0E:33:A2
            X509v3 Authority Key Identifier:
                keyid:89:AC:0A:CB:FD:B7:A2:74:EF:36:C1:6F:58:60:AD:A2:A2:47:06:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/8dz0TrMtwzys9aId9S0iNBUOM6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.137.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:3e:27:62:d1:df:b9:e5:40:aa:e3:7e:eb:28:4e:62:cb:f7:
         4b:ad:60:0e:fa:d3:e3:38:65:a1:d8:d1:ee:02:fb:3c:a7:1d:
         4e:c2:a5:76:fb:64:96:57:02:53:4e:e2:7a:2c:20:b4:21:74:
         3e:29:3f:37:5e:99:e8:0f:53:2c:e1:cb:8c:ae:7f:7a:a8:da:
         93:6b:7d:69:ba:fd:6b:c3:a2:ad:2b:b1:55:96:fa:af:bb:7a:
         49:33:70:0c:e3:79:36:8e:35:52:dc:09:bc:ea:f9:dd:5e:f6:
         10:db:c1:de:ab:e6:06:6d:7f:8e:b4:3c:9c:8b:a5:99:9a:68:
         9e:66:2b:54:78:bd:8d:46:c9:ce:01:dd:78:6a:34:08:e7:94:
         23:d2:e7:e8:0d:68:5f:e9:55:08:8a:49:e1:47:96:e1:cd:c1:
         2c:ca:82:f3:0c:cb:46:52:4b:88:4a:5a:78:0e:ea:ba:ff:6a:
         d1:3a:82:2c:f2:80:28:8a:f4:2a:d8:21:71:5d:f4:9d:2d:e6:
         dd:14:d9:1a:5f:c1:a4:06:5d:66:c7:62:39:c3:29:b1:51:e9:
         09:9e:11:91:c3:36:17:13:dc:85:0b:95:19:cd:cb:cf:62:24:
         68:e1:83:9f:75:ce:cc:4d:7c:42:c5:08:b2:5c:cc:f8:2e:a9:
         4b:8b:98:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WrbQkH6K3fo2p4Y79sEAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5YWMwYWNiZmRiN2EyNzRlZjM2YzE2ZjU4NjBhZGEyYTI0
NzA2OTcwHhcNMjYwMTAxMTYxODQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWRjZjQ0ZWIzMmRjMzNjYWNmNWEyMWRmNTJkMjIzNDE1MGUzM2EyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn/TlO1Nt5jQhX14cemnF6y6LMzkM
wdo4sVU6mYEpo3/I2UVTJA7htTjfOYU3iLs/+bp5+smMy9ONdakRZYt6Z+rwdNO+
8lSBpahvzwRT0BFtVltFv0+kf0KGjEaqYoeC+q+dhQju9LzeDCxI7J9CGVLCikOi
wAuLvjk4+j4olvKRWIQvad0KMZJn9Xr+Dgoo5mkXZU5Iql4SPQfbIBuAdwDZfaC1
bbqm4tAIiJMxjC8ljjC3ifHCZuO/ftj0piVLcOLeo8wcyXFQljjIoZQ0U85goVr3
cP67x/j0cYDXDbFCn6VU928HLZxVqNH24gaAqFwCBs+RLWeLWVpF6MnIKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPHc9E6zLcM8rPWiHfUtIjQVDjOiMB8GA1UdIwQY
MBaAFImsCsv9t6J07zbBb1hgraKiRwaXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWF3S3lfMjNvblR2TnNGdldHQ3RvcUpIQnBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS85M2E3NjgtMjY3Ny00OGQ2LTkxNGMt
ZDRkYmY3MDY2ZmQzLzEvOGR6MFRyTXR3enlzOWFJZDlTMGlOQlVPTTZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS85M2E3NjgtMjY3Ny00OGQ2LTkxNGMtZDRkYmY3MDY2ZmQz
LzEvaWF3S3lfMjNvblR2TnNGdldHQ3RvcUpIQnBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXolZMA0G
CSqGSIb3DQEBCwUAA4IBAQB0Pidi0d+55UCq437rKE5iy/dLrWAO+tPjOGWh2NHu
Avs8px1OwqV2+2SWVwJTTuJ6LCC0IXQ+KT83XpnoD1Ms4cuMrn96qNqTa31puv1r
w6KtK7FVlvqvu3pJM3AM43k2jjVS3Am86vndXvYQ28Heq+YGbX+OtDyci6WZmmie
ZitUeL2NRsnOAd14ajQI55Qj0ufoDWhf6VUIiknhR5bhzcEsyoLzDMtGUkuISlp4
Duq6/2rROoIs8oAoivQq2CFxXfSdLebdFNkaX8GkBl1mx2I5wymxUekJnhGRwzYX
E9yFC5UZzcvPYiRo4YOfdc7MTXxCxQiyXMz4LqlLi5jO
-----END CERTIFICATE-----