This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/8oDMLPsB5dMw-1ltqfOv5UNjz9c.roa
File:                     8oDMLPsB5dMw-1ltqfOv5UNjz9c.roa (raw, json)
Hash identifier:          ebK5J6Qd4UnKtgd8/CwdWhLX6+rYzE/pKv0b2fOD4cY=
Subject key identifier:   F2:80:CC:2C:FB:01:E5:D3:30:FB:59:6D:A9:F3:AF:E5:43:63:CF:D7
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       019B77595133CF582482ACC4D5BD62094819
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/8oDMLPsB5dMw-1ltqfOv5UNjz9c.roa
Signing time:             Thu 01 Jan 2026 02:18:20 +0000
ROA not before:           Thu 01 Jan 2026 02:18:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48459
IP address blocks:        89.42.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:51:33:cf:58:24:82:ac:c4:d5:bd:62:09:48:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  1 02:18:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f280cc2cfb01e5d330fb596da9f3afe54363cfd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:d6:60:3d:9e:c4:b6:08:e0:e9:92:0e:b5:49:
                    46:80:de:94:a7:ba:4f:ec:27:f7:6a:a3:a4:79:4f:
                    ab:a8:c5:dc:cd:3a:40:16:5a:f3:bd:fc:a6:04:eb:
                    6b:bc:9c:35:38:f1:5c:3d:c2:45:2a:d0:ec:32:09:
                    d2:f0:ad:83:57:74:56:ae:89:4a:13:75:9b:67:a7:
                    95:c8:ea:58:9b:a7:ab:21:03:5f:62:4a:09:f1:e3:
                    9a:57:90:3b:4b:df:9b:b1:3c:2c:ed:52:dc:39:0f:
                    2d:93:79:67:8e:68:5b:77:dc:04:6a:5c:fe:a4:a2:
                    16:a4:68:a2:2d:1a:7f:b5:e2:4d:76:55:52:a5:e2:
                    b8:e9:4c:fc:46:68:91:94:7e:47:44:1e:fb:66:c1:
                    97:f1:c4:45:e9:95:d8:f4:28:f6:f0:ec:8c:70:85:
                    e9:dc:e0:c7:76:95:4f:7f:39:9e:6f:5f:88:e5:8d:
                    f5:81:08:65:0f:70:9a:21:53:f7:c1:22:97:a0:9a:
                    6e:0e:ba:8f:7c:cf:9e:61:00:cc:6e:62:0e:0c:96:
                    6d:98:49:69:15:eb:33:f5:1e:39:24:1e:c2:19:a6:
                    e2:d5:f0:1a:fc:bf:82:0d:23:34:6f:de:65:c4:38:
                    03:36:e6:1e:c4:b6:08:12:9c:02:05:35:81:92:51:
                    5e:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:80:CC:2C:FB:01:E5:D3:30:FB:59:6D:A9:F3:AF:E5:43:63:CF:D7
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/8oDMLPsB5dMw-1ltqfOv5UNjz9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.42.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:3c:e6:6f:69:54:2b:8c:b3:5c:e9:57:a5:3f:a9:e6:99:ef:
         ef:ac:f4:44:64:30:52:3c:05:45:2d:57:2a:76:c2:1d:a2:c3:
         c3:ce:7e:a4:e2:14:b8:2e:ea:ec:e4:55:e2:40:f5:ff:82:53:
         7e:ce:3c:4c:87:54:e9:0b:8b:45:3f:94:4c:7d:13:8c:81:23:
         81:06:31:81:cb:26:03:ba:81:1e:36:f4:ca:22:f9:ff:28:28:
         2e:06:e1:89:ee:4a:c9:a4:29:82:dc:c7:ee:0f:e3:38:84:2f:
         f4:dd:bd:d3:ec:df:0a:88:b2:4b:16:b4:f8:c3:61:56:27:5a:
         3b:b9:57:06:ca:4c:b1:c0:ae:33:d1:0c:e8:4c:01:87:18:11:
         73:49:bd:97:2a:f1:9b:4e:27:23:3a:0c:be:b8:fe:93:92:a6:
         98:77:2b:49:6d:82:43:ed:12:ba:03:89:b7:07:b8:87:70:50:
         fa:93:d1:85:f5:45:ef:f0:8c:b1:c5:f0:e1:6f:7f:63:a4:b3:
         cd:2d:e6:48:a8:4c:2c:44:ba:16:0f:c1:07:25:65:5a:4e:a9:
         da:34:ca:b4:7c:6f:3d:79:26:34:50:b8:33:94:07:be:02:7e:
         49:10:75:a8:5b:b0:1a:38:ad:85:67:c1:a5:65:4d:90:79:1e:
         1e:0d:71:97
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt3WVEzz1gkgqzE1b1iCUgZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjYwMTAxMDIxODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjgwY2MyY2ZiMDFlNWQzMzBmYjU5NmRhOWYzYWZlNTQzNjNjZmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA59ZgPZ7Etgjg6ZIOtUlGgN6Up7pP
7Cf3aqOkeU+rqMXczTpAFlrzvfymBOtrvJw1OPFcPcJFKtDsMgnS8K2DV3RWrolK
E3WbZ6eVyOpYm6erIQNfYkoJ8eOaV5A7S9+bsTws7VLcOQ8tk3lnjmhbd9wEalz+
pKIWpGiiLRp/teJNdlVSpeK46Uz8RmiRlH5HRB77ZsGX8cRF6ZXY9Cj28OyMcIXp
3ODHdpVPfzmeb1+I5Y31gQhlD3CaIVP3wSKXoJpuDrqPfM+eYQDMbmIODJZtmElp
Fesz9R45JB7CGabi1fAa/L+CDSM0b95lxDgDNuYexLYIEpwCBTWBklFeEwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPKAzCz7AeXTMPtZbanzr+VDY8/XMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xLzhvRE1MUHNCNWRNdy0xbHRxZk92NVVOano5Yy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABZKikw
DQYJKoZIhvcNAQELBQADggEBAJI85m9pVCuMs1zpV6U/qeaZ7++s9ERkMFI8BUUt
Vyp2wh2iw8POfqTiFLgu6uzkVeJA9f+CU37OPEyHVOkLi0U/lEx9E4yBI4EGMYHL
JgO6gR429Moi+f8oKC4G4YnuSsmkKYLcx+4P4ziEL/TdvdPs3wqIsksWtPjDYVYn
Wju5VwbKTLHArjPRDOhMAYcYEXNJvZcq8ZtOJyM6DL64/pOSpph3K0ltgkPtEroD
ibcHuIdwUPqT0YX1Re/wjLHF8OFvf2Oks80t5kioTCxEuhYPwQclZVpOqdo0yrR8
bz15JjRQuDOUB74CfkkQdahbsBo4rYVnwaVlTZB5Hh4NcZc=
-----END CERTIFICATE-----