This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/1WyX2wYZfSpfBSYJmVIkxnQu2wQ.roa
File:                     1WyX2wYZfSpfBSYJmVIkxnQu2wQ.roa (raw, json)
Hash identifier:          HByWovJax8W7lyVW8tq54HBM8ZSxxFTqPknO3ul1ROw=
Subject key identifier:   D5:6C:97:DB:06:19:7D:2A:5F:05:26:09:99:52:24:C6:74:2E:DB:04
Certificate issuer:       /CN=89a6cd9f4beb7b0c04d31ffe5c674a87a7739d21
Certificate serial:       019B76EAFC82939D711AF9DEF8F9DBD3CBB8
Authority key identifier: 89:A6:CD:9F:4B:EB:7B:0C:04:D3:1F:FE:5C:67:4A:87:A7:73:9D:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iabNn0vrewwE0x_-XGdKh6dznSE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/1WyX2wYZfSpfBSYJmVIkxnQu2wQ.roa
Signing time:             Thu 01 Jan 2026 00:17:50 +0000
ROA not before:           Thu 01 Jan 2026 00:17:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49190
IP address blocks:        195.88.128.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/iabNn0vrewwE0x_-XGdKh6dznSE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/iabNn0vrewwE0x_-XGdKh6dznSE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iabNn0vrewwE0x_-XGdKh6dznSE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:fc:82:93:9d:71:1a:f9:de:f8:f9:db:d3:cb:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89a6cd9f4beb7b0c04d31ffe5c674a87a7739d21
        Validity
            Not Before: Jan  1 00:17:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d56c97db06197d2a5f052609995224c6742edb04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:ea:43:ec:ea:f6:f8:e8:d7:00:36:0c:d1:1e:
                    92:ed:d8:b1:83:60:ac:4c:1c:bd:a7:bf:66:b4:92:
                    c8:f8:78:23:5f:a2:23:b5:dd:bb:56:c8:14:a6:f0:
                    21:d3:c2:06:72:04:83:61:28:1e:34:f9:f0:92:25:
                    2d:f5:44:b9:84:d3:54:20:50:89:61:8d:45:6d:f3:
                    2f:97:50:8e:f5:cf:1b:7a:00:bc:a2:71:59:cd:4b:
                    f9:23:45:30:5e:96:4a:e0:a5:3b:ac:52:d1:dc:ea:
                    2d:f6:b9:ad:fc:14:f1:98:ad:19:38:39:95:6c:44:
                    45:07:5d:13:55:fb:9a:f6:66:1a:cf:4d:8f:6c:bd:
                    77:77:f0:27:4f:d4:70:fc:cf:71:f9:9e:6b:97:35:
                    7a:92:b4:e8:45:2c:ba:d3:2f:02:e4:63:2c:c3:49:
                    88:4a:b7:88:c0:5c:50:ae:51:5f:46:e2:a6:3b:0d:
                    f3:e1:7e:02:8c:1b:72:9c:f0:48:e9:8b:08:36:94:
                    44:42:b7:38:68:6e:0b:f0:6a:43:17:56:1c:62:09:
                    71:f7:2a:61:b0:de:07:99:32:94:ca:fe:d8:21:ed:
                    6a:c6:67:63:dc:eb:10:a0:75:7e:a1:d5:a0:4d:c7:
                    45:3a:08:34:22:c0:c0:0a:64:95:ef:94:ea:b8:8d:
                    c8:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:6C:97:DB:06:19:7D:2A:5F:05:26:09:99:52:24:C6:74:2E:DB:04
            X509v3 Authority Key Identifier:
                keyid:89:A6:CD:9F:4B:EB:7B:0C:04:D3:1F:FE:5C:67:4A:87:A7:73:9D:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iabNn0vrewwE0x_-XGdKh6dznSE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/1WyX2wYZfSpfBSYJmVIkxnQu2wQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/iabNn0vrewwE0x_-XGdKh6dznSE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.88.128.0/23

    Signature Algorithm: sha256WithRSAEncryption
         95:2e:f8:dc:6f:df:0b:eb:42:70:45:5f:3f:97:a5:57:33:26:
         19:26:9e:b5:81:d4:69:30:c6:a7:22:09:be:0e:73:f3:bc:5f:
         7b:91:f4:29:6d:a6:62:73:17:73:0f:9c:e0:36:76:c4:43:79:
         5c:6f:ae:43:44:9b:91:33:97:c6:00:9e:54:20:d6:13:c9:66:
         e3:77:72:da:9b:f7:a1:87:0b:da:43:a6:c4:86:d8:ec:7a:ff:
         d7:51:b7:ea:5a:78:58:2a:50:d4:20:a8:ec:62:37:ce:b0:a2:
         5b:68:1e:d7:15:43:0d:21:b7:6e:ed:3f:18:06:45:c0:e2:ab:
         d5:d6:b5:96:fa:a0:98:18:da:7c:39:50:9b:d8:e4:d1:12:1e:
         1e:54:23:b9:56:b5:b4:c0:9b:a7:63:8a:bf:1a:80:dd:4e:04:
         34:21:91:8e:b6:bf:4c:10:0a:13:97:dc:54:46:1e:b5:1a:04:
         d0:88:ce:c3:69:78:3f:f2:0b:c2:f1:6f:df:f7:d7:80:3f:ce:
         0e:54:0e:8b:b0:b0:5b:18:2f:66:46:0f:f6:5e:b5:62:e0:36:
         9c:e2:2b:33:af:94:79:72:a2:9e:7a:f7:92:8c:0d:17:e1:5a:
         7d:da:93:3f:e7:b0:8b:f4:1f:d1:e1:c6:b2:e6:4f:36:28:5f:
         d7:e9:1a:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26vyCk51xGvne+Pnb08u4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5YTZjZDlmNGJlYjdiMGMwNGQzMWZmZTVjNjc0YTg3YTc3
MzlkMjEwHhcNMjYwMTAxMDAxNzUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTZjOTdkYjA2MTk3ZDJhNWYwNTI2MDk5OTUyMjRjNjc0MmVkYjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4+pD7Or2+OjXADYM0R6S7dixg2Cs
TBy9p79mtJLI+HgjX6Ijtd27VsgUpvAh08IGcgSDYSgeNPnwkiUt9US5hNNUIFCJ
YY1FbfMvl1CO9c8begC8onFZzUv5I0UwXpZK4KU7rFLR3Oot9rmt/BTxmK0ZODmV
bERFB10TVfua9mYaz02PbL13d/AnT9Rw/M9x+Z5rlzV6krToRSy60y8C5GMsw0mI
SreIwFxQrlFfRuKmOw3z4X4CjBtynPBI6YsINpREQrc4aG4L8GpDF1YcYglx9yph
sN4HmTKUyv7YIe1qxmdj3OsQoHV+odWgTcdFOgg0IsDACmSV75TquI3IRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNVsl9sGGX0qXwUmCZlSJMZ0LtsEMB8GA1UdIwQY
MBaAFImmzZ9L63sMBNMf/lxnSoenc50hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWFiTm4wdnJld3dFMHhfLVhHZEtoNmR6blNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni85OWE0Y2MtNDcyMC00YTY0LWFhMDYt
MWY5MjQ0OTVmY2RkLzEvMVd5WDJ3WVpmU3BmQlNZSm1WSWt4blF1MndRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni85OWE0Y2MtNDcyMC00YTY0LWFhMDYtMWY5MjQ0OTVmY2Rk
LzEvaWFiTm4wdnJld3dFMHhfLVhHZEtoNmR6blNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw1iAMA0G
CSqGSIb3DQEBCwUAA4IBAQCVLvjcb98L60JwRV8/l6VXMyYZJp61gdRpMManIgm+
DnPzvF97kfQpbaZicxdzD5zgNnbEQ3lcb65DRJuRM5fGAJ5UINYTyWbjd3Lam/eh
hwvaQ6bEhtjsev/XUbfqWnhYKlDUIKjsYjfOsKJbaB7XFUMNIbdu7T8YBkXA4qvV
1rWW+qCYGNp8OVCb2OTREh4eVCO5VrW0wJunY4q/GoDdTgQ0IZGOtr9MEAoTl9xU
Rh61GgTQiM7DaXg/8gvC8W/f99eAP84OVA6LsLBbGC9mRg/2XrVi4Dac4iszr5R5
cqKeeveSjA0X4Vp92pM/57CL9B/R4cay5k82KF/X6Rr1
-----END CERTIFICATE-----