This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/9e884e-17e4-4271-ac89-cb3fa407e0f4/1/if86lxu5nlPzs7hkWMJDZ9tMh_c.roa
File:                     if86lxu5nlPzs7hkWMJDZ9tMh_c.roa (raw, json)
Hash identifier:          ORNVkMFl7t2RmENsppqBUHYflyrOzGV65xG9bRC2Ckw=
Subject key identifier:   89:FF:3A:97:1B:B9:9E:53:F3:B3:B8:64:58:C2:43:67:DB:4C:87:F7
Certificate issuer:       /CN=13b4f6b90167b71bd663fa0391e038a0155bb939
Certificate serial:       019B7F13A8AB377572B76C7555CF9E89593A
Authority key identifier: 13:B4:F6:B9:01:67:B7:1B:D6:63:FA:03:91:E0:38:A0:15:5B:B9:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E7T2uQFntxvWY_oDkeA4oBVbuTk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/9e884e-17e4-4271-ac89-cb3fa407e0f4/1/if86lxu5nlPzs7hkWMJDZ9tMh_c.roa
Signing time:             Fri 02 Jan 2026 14:19:13 +0000
ROA not before:           Fri 02 Jan 2026 14:19:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208324
IP address blocks:        85.31.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/9e884e-17e4-4271-ac89-cb3fa407e0f4/1/E7T2uQFntxvWY_oDkeA4oBVbuTk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/9e884e-17e4-4271-ac89-cb3fa407e0f4/1/E7T2uQFntxvWY_oDkeA4oBVbuTk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E7T2uQFntxvWY_oDkeA4oBVbuTk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:13:a8:ab:37:75:72:b7:6c:75:55:cf:9e:89:59:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13b4f6b90167b71bd663fa0391e038a0155bb939
        Validity
            Not Before: Jan  2 14:19:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=89ff3a971bb99e53f3b3b86458c24367db4c87f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:82:b9:41:58:72:f8:59:09:f9:b9:02:6e:b2:
                    35:48:84:ac:0e:2a:7f:4f:36:a0:db:69:60:6e:6a:
                    52:8a:56:bc:78:b8:e7:cb:c5:b6:90:84:96:2c:71:
                    e6:01:fd:e1:08:ef:36:ea:6d:8b:72:c3:ea:28:b1:
                    7f:03:07:2f:b3:2d:df:a4:fe:a0:29:8f:b4:86:f2:
                    70:dc:1d:28:70:64:3b:30:62:f0:ad:40:4b:bb:b6:
                    da:55:dd:27:a7:16:ef:5f:56:c2:56:13:0c:1d:0a:
                    78:00:75:71:95:5b:f9:a8:2b:57:5d:f4:94:8d:ad:
                    f1:77:7e:26:fb:44:3b:74:f2:a1:67:12:91:7b:d9:
                    c8:d6:ce:5e:8b:7a:8d:54:47:c0:bc:2b:64:99:61:
                    de:b6:08:43:84:0c:2a:6b:81:6f:41:cf:77:32:b0:
                    78:31:8b:21:81:08:2a:30:2c:be:5b:7e:53:cc:23:
                    2d:f9:00:f5:51:f3:f3:da:59:8b:d2:77:df:1c:78:
                    f5:b2:8a:43:49:b0:1c:cf:92:f3:af:22:5f:dc:cb:
                    09:7b:b8:93:c2:c2:6c:e1:10:56:3f:fe:57:d2:50:
                    2b:5f:33:fd:d7:39:d3:ae:88:25:ff:2e:62:44:85:
                    9d:67:5f:de:44:b7:3c:af:ea:e3:eb:74:30:70:f8:
                    53:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:FF:3A:97:1B:B9:9E:53:F3:B3:B8:64:58:C2:43:67:DB:4C:87:F7
            X509v3 Authority Key Identifier:
                keyid:13:B4:F6:B9:01:67:B7:1B:D6:63:FA:03:91:E0:38:A0:15:5B:B9:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E7T2uQFntxvWY_oDkeA4oBVbuTk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/9e884e-17e4-4271-ac89-cb3fa407e0f4/1/if86lxu5nlPzs7hkWMJDZ9tMh_c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/9e884e-17e4-4271-ac89-cb3fa407e0f4/1/E7T2uQFntxvWY_oDkeA4oBVbuTk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.31.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:b6:5f:30:30:70:82:8a:53:4c:d1:16:8c:9d:7b:bb:64:e4:
         0a:e5:ac:69:67:01:05:12:c8:86:3e:ef:e5:09:83:d5:2b:25:
         53:11:b6:2e:c7:d0:06:ae:fb:8e:b8:57:c7:bc:62:1b:3d:50:
         c6:0e:16:f9:23:e6:b6:8a:d3:6d:6e:4a:50:3e:34:e6:fa:2b:
         41:2c:64:72:12:63:7d:d5:8e:b1:b1:a5:9c:91:e0:1e:40:3c:
         b5:5b:59:8e:79:a9:28:71:7c:6e:80:57:6c:6d:be:e5:98:af:
         3b:02:7a:de:3d:ab:45:73:93:fa:3e:ef:5d:56:38:bd:76:ad:
         6c:fe:38:c2:33:c0:8c:96:8e:9c:25:04:38:ed:2b:c1:cc:4d:
         7e:11:8d:d1:f5:ca:42:e7:07:9c:60:5e:59:13:16:0c:54:9e:
         6e:5a:b4:62:09:c6:21:c7:ae:63:92:90:a9:10:78:ca:d7:c1:
         1a:3f:85:8d:40:4e:3a:b3:24:ab:5e:6f:da:32:a4:37:a8:c3:
         fb:40:db:40:66:b1:7d:45:88:b1:d2:b4:a2:8f:de:cc:ad:14:
         27:5f:a0:45:06:77:d4:1a:80:16:8c:de:ce:1f:83:95:96:7f:
         cc:cb:c6:24:8d:63:9b:6e:58:f6:eb:cc:69:66:02:30:95:4f:
         3a:9a:fe:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/E6irN3Vyt2x1Vc+eiVk6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzYjRmNmI5MDE2N2I3MWJkNjYzZmEwMzkxZTAzOGEwMTU1
YmI5MzkwHhcNMjYwMTAyMTQxOTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWZmM2E5NzFiYjk5ZTUzZjNiM2I4NjQ1OGMyNDM2N2RiNGM4N2Y3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA54K5QVhy+FkJ+bkCbrI1SISsDip/
Tzag22lgbmpSila8eLjny8W2kISWLHHmAf3hCO826m2LcsPqKLF/Awcvsy3fpP6g
KY+0hvJw3B0ocGQ7MGLwrUBLu7baVd0npxbvX1bCVhMMHQp4AHVxlVv5qCtXXfSU
ja3xd34m+0Q7dPKhZxKRe9nI1s5ei3qNVEfAvCtkmWHetghDhAwqa4FvQc93MrB4
MYshgQgqMCy+W35TzCMt+QD1UfPz2lmL0nffHHj1sopDSbAcz5LzryJf3MsJe7iT
wsJs4RBWP/5X0lArXzP91znTrogl/y5iRIWdZ1/eRLc8r+rj63QwcPhTnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIn/OpcbuZ5T87O4ZFjCQ2fbTIf3MB8GA1UdIwQY
MBaAFBO09rkBZ7cb1mP6A5HgOKAVW7k5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTdUMnVRRm50eHZXWV9vRGtlQTRvQlZidVRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC85ZTg4NGUtMTdlNC00MjcxLWFjODkt
Y2IzZmE0MDdlMGY0LzEvaWY4Nmx4dTVubFB6czdoa1dNSkRaOXRNaF9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC85ZTg4NGUtMTdlNC00MjcxLWFjODktY2IzZmE0MDdlMGY0
LzEvRTdUMnVRRm50eHZXWV9vRGtlQTRvQlZidVRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVR8pMA0G
CSqGSIb3DQEBCwUAA4IBAQCLtl8wMHCCilNM0RaMnXu7ZOQK5axpZwEFEsiGPu/l
CYPVKyVTEbYux9AGrvuOuFfHvGIbPVDGDhb5I+a2itNtbkpQPjTm+itBLGRyEmN9
1Y6xsaWckeAeQDy1W1mOeakocXxugFdsbb7lmK87AnrePatFc5P6Pu9dVji9dq1s
/jjCM8CMlo6cJQQ47SvBzE1+EY3R9cpC5wecYF5ZExYMVJ5uWrRiCcYhx65jkpCp
EHjK18EaP4WNQE46sySrXm/aMqQ3qMP7QNtAZrF9RYix0rSij97MrRQnX6BFBnfU
GoAWjN7OH4OVln/My8YkjWObblj268xpZgIwlU86mv6u
-----END CERTIFICATE-----