This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/Aj8KieaG8qx5u2aa1bJzU4pVvNE.roa
File:                     Aj8KieaG8qx5u2aa1bJzU4pVvNE.roa (raw, json)
Hash identifier:          RyUlRFDCuQp/8+lZNd5KLk6q19PTJGKyZRaYp2W5rpk=
Subject key identifier:   02:3F:0A:89:E6:86:F2:AC:79:BB:66:9A:D5:B2:73:53:8A:55:BC:D1
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       019B775955C847E1AAEC4649003D8781A13A
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/Aj8KieaG8qx5u2aa1bJzU4pVvNE.roa
Signing time:             Thu 01 Jan 2026 02:18:21 +0000
ROA not before:           Thu 01 Jan 2026 02:18:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51099
IP address blocks:        89.47.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:55:c8:47:e1:aa:ec:46:49:00:3d:87:81:a1:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  1 02:18:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=023f0a89e686f2ac79bb669ad5b273538a55bcd1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:c0:17:2b:ed:31:fb:02:c1:80:be:84:29:b3:
                    98:cc:aa:7b:cf:ea:39:50:29:de:63:ea:e5:a8:b2:
                    86:2e:80:53:43:01:08:28:0c:00:3d:22:26:97:d5:
                    dc:f9:c7:ff:96:ce:37:90:14:32:c1:b4:0b:2c:bb:
                    c8:07:6c:6b:c5:d9:4c:58:a6:21:b6:4f:a6:c2:26:
                    86:f8:5c:76:a4:fd:ba:04:dc:4e:5c:f8:66:7c:36:
                    75:9e:10:c5:76:58:72:9b:f3:36:b0:7e:35:9a:24:
                    e7:76:54:19:a3:2c:1b:42:94:03:f5:28:0a:ea:67:
                    d4:59:84:97:ea:39:e0:e6:81:74:d9:77:bd:f8:01:
                    ac:7e:bf:a0:47:e1:18:b0:b5:97:b4:58:b7:a3:86:
                    2a:d1:7c:6f:e6:42:bd:75:d4:2c:6b:cc:00:c8:8e:
                    7c:60:71:5f:3e:74:f9:1d:03:37:48:d8:bc:ee:88:
                    28:3d:68:ce:2b:79:94:37:e3:7f:d8:70:e8:ba:5b:
                    5b:16:ff:9a:85:9d:95:e7:f3:a1:3c:d6:cc:c1:12:
                    38:56:90:df:89:62:06:4b:3e:b3:bf:12:4f:c0:53:
                    bf:e9:a5:6e:9c:ea:86:ab:b0:23:31:af:81:60:0e:
                    d0:e7:7b:85:91:da:c4:54:df:4e:af:2d:61:ab:25:
                    c7:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:3F:0A:89:E6:86:F2:AC:79:BB:66:9A:D5:B2:73:53:8A:55:BC:D1
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/Aj8KieaG8qx5u2aa1bJzU4pVvNE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.47.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c0:03:d7:98:0e:2a:98:85:5e:08:7f:a4:ce:4f:46:a4:65:2b:
         90:1b:e5:da:77:85:71:e7:d5:b1:8c:07:60:c0:b5:6d:9f:b1:
         46:09:20:da:8a:66:c2:d1:28:ec:a1:22:d3:56:70:d6:2b:0c:
         02:73:5f:3d:3a:6f:9d:77:65:b4:27:26:8c:1e:18:ac:73:3b:
         56:e3:5f:d8:2d:9b:b6:a9:e2:4d:66:f2:f6:4c:b1:fa:db:2f:
         01:f8:51:5e:1a:81:c6:62:da:4f:56:3e:e7:cc:d6:80:14:bd:
         5a:a2:94:34:33:fa:cb:c0:35:f3:6d:b1:52:f9:34:4c:30:11:
         e6:4c:00:a5:a4:7b:c9:b5:4f:cd:c3:2a:f1:5f:c3:bc:78:35:
         df:d4:80:bd:0f:9a:43:2a:34:44:7c:20:24:66:4f:4b:30:fc:
         ea:c5:ee:22:c1:36:3f:e2:31:5c:53:e1:57:5f:4f:5d:80:a1:
         8a:93:cc:cc:e1:e6:aa:4b:46:a8:4a:54:2d:38:fe:38:35:9a:
         22:2d:18:fa:39:c8:c0:fe:da:ea:ca:b6:23:4f:59:df:e4:f7:
         78:2a:30:14:5d:24:86:ec:9d:6e:25:80:bc:d6:e0:2b:56:b2:
         54:0a:75:9f:d2:d7:0d:d6:56:d0:74:70:6a:bf:c6:45:15:0f:
         2b:2b:b5:fe
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt3WVXIR+Gq7EZJAD2HgaE6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjYwMTAxMDIxODIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjNmMGE4OWU2ODZmMmFjNzliYjY2OWFkNWIyNzM1MzhhNTViY2QxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmcAXK+0x+wLBgL6EKbOYzKp7z+o5
UCneY+rlqLKGLoBTQwEIKAwAPSIml9Xc+cf/ls43kBQywbQLLLvIB2xrxdlMWKYh
tk+mwiaG+Fx2pP26BNxOXPhmfDZ1nhDFdlhym/M2sH41miTndlQZoywbQpQD9SgK
6mfUWYSX6jng5oF02Xe9+AGsfr+gR+EYsLWXtFi3o4Yq0Xxv5kK9ddQsa8wAyI58
YHFfPnT5HQM3SNi87ogoPWjOK3mUN+N/2HDoultbFv+ahZ2V5/OhPNbMwRI4VpDf
iWIGSz6zvxJPwFO/6aVunOqGq7AjMa+BYA7Q53uFkdrEVN9Ory1hqyXHlwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFAI/ConmhvKsebtmmtWyc1OKVbzRMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL0FqOEtpZWFHOHF4NXUyYWExYkp6VTRwVnZORS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABZL/4w
DQYJKoZIhvcNAQELBQADggEBAMAD15gOKpiFXgh/pM5PRqRlK5Ab5dp3hXHn1bGM
B2DAtW2fsUYJINqKZsLRKOyhItNWcNYrDAJzXz06b513ZbQnJoweGKxzO1bjX9gt
m7ap4k1m8vZMsfrbLwH4UV4agcZi2k9WPufM1oAUvVqilDQz+svANfNtsVL5NEww
EeZMAKWke8m1T83DKvFfw7x4Nd/UgL0PmkMqNER8ICRmT0sw/OrF7iLBNj/iMVxT
4VdfT12AoYqTzMzh5qpLRqhKVC04/jg1miItGPo5yMD+2urKtiNPWd/k93gqMBRd
JIbsnW4lgLzW4CtWslQKdZ/S1w3WVtB0cGq/xkUVDysrtf4=
-----END CERTIFICATE-----