This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/F7PDvpn2QT60u98U-B9_BniGv6I.roa
File:                     F7PDvpn2QT60u98U-B9_BniGv6I.roa (raw, json)
Hash identifier:          o6+nW99K+UNhSND42qU+AfPD+43WdjVx5KouvSDpigQ=
Subject key identifier:   17:B3:C3:BE:99:F6:41:3E:B4:BB:DF:14:F8:1F:7F:06:78:86:BF:A2
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       019B7D5B25CC554DA1C78402521CE0C75408
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/F7PDvpn2QT60u98U-B9_BniGv6I.roa
Signing time:             Fri 02 Jan 2026 06:18:03 +0000
ROA not before:           Fri 02 Jan 2026 06:18:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34918
IP address blocks:        89.44.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5b:25:cc:55:4d:a1:c7:84:02:52:1c:e0:c7:54:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Jan  2 06:18:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=17b3c3be99f6413eb4bbdf14f81f7f067886bfa2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:7a:44:44:3d:d6:b2:de:63:2b:47:dc:65:5b:
                    63:f0:5a:be:d6:37:1a:4a:19:65:57:eb:28:a3:b4:
                    19:43:ff:3b:5c:f9:e7:fe:91:49:c4:49:c4:de:59:
                    05:1b:e3:67:d1:e4:be:3e:ef:b8:c1:e0:39:66:29:
                    fd:e7:34:f0:9b:c7:2c:41:62:14:08:ca:35:aa:7d:
                    38:80:0f:cb:ec:d9:45:e7:a5:8d:ba:69:b9:07:34:
                    d4:09:47:85:5b:f9:7f:0a:f7:ed:b6:0f:f4:0f:15:
                    bf:25:68:48:17:62:f1:36:f4:5c:b4:42:3f:e0:98:
                    e3:b0:a8:05:6e:a6:0b:11:72:41:b8:03:43:4c:d6:
                    56:a4:35:a4:f0:b0:f6:d2:cd:5e:e7:48:24:3e:46:
                    08:e4:07:cd:93:68:21:61:00:3c:05:f6:86:65:ee:
                    4d:7f:b7:c2:62:e0:ba:c6:83:f3:e0:14:d0:ce:3d:
                    6d:e8:36:7f:24:ca:2c:66:4e:b3:98:8c:e8:86:7a:
                    86:c4:20:26:c9:ff:97:f9:86:af:bf:f5:c0:83:00:
                    c6:b2:73:21:ab:79:21:e1:e8:4f:8a:b9:23:83:06:
                    92:76:7c:4c:9b:ca:f5:a4:87:c1:de:ba:38:78:0e:
                    86:f1:e0:02:52:b7:e7:94:da:72:a5:e8:3c:e2:af:
                    8a:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:B3:C3:BE:99:F6:41:3E:B4:BB:DF:14:F8:1F:7F:06:78:86:BF:A2
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/F7PDvpn2QT60u98U-B9_BniGv6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.44.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:48:a8:be:7f:0b:a4:74:0d:8e:89:56:b0:7e:02:70:32:61:
         56:24:69:b0:bd:a4:e6:3f:7c:4d:56:c5:38:f0:74:14:d1:36:
         06:b4:62:97:f6:d4:57:42:13:70:ea:fa:d9:66:00:02:f9:93:
         3b:7f:8e:ed:56:0a:65:06:71:04:69:67:46:12:68:f5:e0:fe:
         f1:4b:0a:db:7e:e1:b9:a4:49:fa:db:45:5a:8c:39:d9:84:b8:
         27:50:15:8d:b0:be:7a:13:02:7a:72:2e:11:07:e5:17:c2:88:
         bb:85:82:44:b4:90:20:9a:0e:f6:5b:5e:5a:04:76:a3:84:ff:
         f7:69:fa:c2:6b:21:e9:ea:5e:da:8b:98:f1:4e:aa:b1:16:26:
         f2:ca:ea:af:7b:d2:8d:e4:e3:e2:26:80:31:39:4e:06:bc:8f:
         b4:b2:e0:57:dd:d8:a0:1e:f0:7f:5d:75:9c:fd:4d:67:20:34:
         a0:73:b9:24:eb:e1:51:61:0a:bd:0b:5f:94:96:d6:1e:32:94:
         9e:25:dd:39:fc:b0:c4:8c:dd:50:f2:20:f5:d5:dd:6f:7d:c4:
         7b:7c:af:bd:49:c0:63:ee:d3:2c:9e:89:28:1b:e2:7f:bc:6c:
         5b:8f:fd:35:47:c4:20:24:53:86:f9:1b:e2:9a:9b:0a:a9:86:
         c1:28:7b:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9WyXMVU2hx4QCUhzgx1QIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjYwMTAyMDYxODAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2IzYzNiZTk5ZjY0MTNlYjRiYmRmMTRmODFmN2YwNjc4ODZiZmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxHpERD3Wst5jK0fcZVtj8Fq+1jca
ShllV+soo7QZQ/87XPnn/pFJxEnE3lkFG+Nn0eS+Pu+4weA5Zin95zTwm8csQWIU
CMo1qn04gA/L7NlF56WNumm5BzTUCUeFW/l/Cvfttg/0DxW/JWhIF2LxNvRctEI/
4JjjsKgFbqYLEXJBuANDTNZWpDWk8LD20s1e50gkPkYI5AfNk2ghYQA8BfaGZe5N
f7fCYuC6xoPz4BTQzj1t6DZ/JMosZk6zmIzohnqGxCAmyf+X+Yavv/XAgwDGsnMh
q3kh4ehPirkjgwaSdnxMm8r1pIfB3ro4eA6G8eACUrfnlNpypeg84q+K4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBezw76Z9kE+tLvfFPgffwZ4hr+iMB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvRjdQRHZwbjJRVDYwdTk4VS1COV9CbmlHdjZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSzzMA0G
CSqGSIb3DQEBCwUAA4IBAQBtSKi+fwukdA2OiVawfgJwMmFWJGmwvaTmP3xNVsU4
8HQU0TYGtGKX9tRXQhNw6vrZZgAC+ZM7f47tVgplBnEEaWdGEmj14P7xSwrbfuG5
pEn620VajDnZhLgnUBWNsL56EwJ6ci4RB+UXwoi7hYJEtJAgmg72W15aBHajhP/3
afrCayHp6l7ai5jxTqqxFibyyuqve9KN5OPiJoAxOU4GvI+0suBX3digHvB/XXWc
/U1nIDSgc7kk6+FRYQq9C1+UltYeMpSeJd05/LDEjN1Q8iD11d1vfcR7fK+9ScBj
7tMsnokoG+J/vGxbj/01R8QgJFOG+RvimpsKqYbBKHvd
-----END CERTIFICATE-----