This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/iexSuJ7aNuwziu2gqd21JtwFMKk.roa
File:                     iexSuJ7aNuwziu2gqd21JtwFMKk.roa (raw, json)
Hash identifier:          EsMJgMlB4xzc1Co5a9wO5NypESdA9IpowNIkEJLr1Ss=
Subject key identifier:   89:EC:52:B8:9E:DA:36:EC:33:8A:ED:A0:A9:DD:B5:26:DC:05:30:A9
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       019B7759666BE73CDE703194CF83A2BADC5D
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/iexSuJ7aNuwziu2gqd21JtwFMKk.roa
Signing time:             Thu 01 Jan 2026 02:18:26 +0000
ROA not before:           Thu 01 Jan 2026 02:18:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61389
IP address blocks:        89.42.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:66:6b:e7:3c:de:70:31:94:cf:83:a2:ba:dc:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  1 02:18:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=89ec52b89eda36ec338aeda0a9ddb526dc0530a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:5a:5e:20:78:a8:49:4f:90:17:6a:69:91:af:
                    75:17:84:70:67:26:4a:11:73:89:e3:3d:3b:d9:23:
                    f1:59:f3:4a:46:c1:3c:f2:33:3a:c9:95:12:06:d2:
                    96:16:2d:58:61:5c:e8:95:0d:fd:66:4c:ca:97:4a:
                    a1:f6:c7:59:f3:71:70:ec:c0:0a:00:79:f4:35:76:
                    10:89:b0:dc:df:90:57:d5:9e:71:b5:03:da:67:a6:
                    00:81:41:55:e3:d6:8f:47:f6:8c:13:9a:48:b5:a7:
                    c6:da:f8:34:d0:4f:3c:60:de:03:2e:19:97:a5:7d:
                    2e:71:4a:dd:d5:4d:98:4d:de:dd:03:83:c5:5c:de:
                    db:ee:d2:af:dd:51:c6:5d:69:c7:ae:99:d8:73:9d:
                    7a:31:c8:70:98:99:3e:ff:c7:39:cf:f1:a8:74:9f:
                    0b:02:c3:bd:30:af:fc:3f:d7:b8:9a:3d:a3:2c:d6:
                    8f:93:6e:fe:4d:ea:7a:1a:f1:30:66:46:d0:01:0c:
                    26:41:fe:96:f6:54:22:92:f0:c3:57:a7:a3:59:b6:
                    e7:f5:2d:05:0f:ea:12:e3:28:de:f1:69:5b:e9:76:
                    ce:8a:c9:e3:30:ee:20:97:d6:d0:71:9b:5e:4f:01:
                    de:0a:88:ce:d1:3a:8b:81:8f:41:eb:61:bb:20:b0:
                    2c:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:EC:52:B8:9E:DA:36:EC:33:8A:ED:A0:A9:DD:B5:26:DC:05:30:A9
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/iexSuJ7aNuwziu2gqd21JtwFMKk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.42.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:d5:5e:ca:7a:06:7f:aa:7a:59:1b:13:bd:c6:1d:2d:34:3a:
         33:ff:84:b1:c2:2c:cb:d4:71:0d:13:8a:4f:b9:a1:71:6b:0b:
         30:d2:ad:49:d2:2d:33:4d:91:fe:1c:ed:24:3a:e4:e6:84:de:
         95:c1:33:ca:70:fa:8d:38:1f:17:72:cc:41:9e:f7:ff:9e:86:
         db:b5:f7:49:7b:5d:04:0e:8e:46:b3:fc:d4:74:b5:fe:14:1f:
         d4:7c:65:5f:54:78:3b:34:6c:08:3c:52:3e:c6:65:70:6b:7a:
         ee:34:f9:68:60:d6:e5:1c:7e:57:a5:c5:0a:e7:c7:0b:2b:77:
         21:42:6d:41:10:8f:d9:6b:73:89:2f:b9:ac:ed:d3:4c:71:c8:
         ae:76:93:4e:5c:19:45:a6:82:e9:4b:67:ed:24:4a:55:b7:a0:
         bc:32:f3:56:b8:6a:df:8f:49:f1:35:7d:e9:72:db:14:8c:c8:
         9e:93:75:30:9f:c5:1d:66:4b:c1:36:eb:73:a8:86:6e:60:02:
         51:34:aa:a3:f5:6c:ea:02:f4:68:8f:71:7b:3d:b9:78:c3:0c:
         80:64:04:58:78:73:b8:4c:e7:33:88:93:7a:d2:5b:ae:38:84:
         e5:fd:a8:92:b1:75:cf:c0:67:eb:d5:d1:24:58:27:c4:3e:97:
         ae:81:fd:68
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt3WWZr5zzecDGUz4OiutxdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjYwMTAxMDIxODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWVjNTJiODllZGEzNmVjMzM4YWVkYTBhOWRkYjUyNmRjMDUzMGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoVpeIHioSU+QF2ppka91F4RwZyZK
EXOJ4z072SPxWfNKRsE88jM6yZUSBtKWFi1YYVzolQ39ZkzKl0qh9sdZ83Fw7MAK
AHn0NXYQibDc35BX1Z5xtQPaZ6YAgUFV49aPR/aME5pItafG2vg00E88YN4DLhmX
pX0ucUrd1U2YTd7dA4PFXN7b7tKv3VHGXWnHrpnYc516MchwmJk+/8c5z/GodJ8L
AsO9MK/8P9e4mj2jLNaPk27+Tep6GvEwZkbQAQwmQf6W9lQikvDDV6ejWbbn9S0F
D+oS4yje8Wlb6XbOisnjMO4gl9bQcZteTwHeCojO0TqLgY9B62G7ILAsiwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFInsUrie2jbsM4rtoKndtSbcBTCpMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL2lleFN1SjdhTnV3eml1MmdxZDIxSnR3Rk1Lay5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABZKg8w
DQYJKoZIhvcNAQELBQADggEBAKzVXsp6Bn+qelkbE73GHS00OjP/hLHCLMvUcQ0T
ik+5oXFrCzDSrUnSLTNNkf4c7SQ65OaE3pXBM8pw+o04HxdyzEGe9/+ehtu190l7
XQQOjkaz/NR0tf4UH9R8ZV9UeDs0bAg8Uj7GZXBreu40+Whg1uUcflelxQrnxwsr
dyFCbUEQj9lrc4kvuazt00xxyK52k05cGUWmgulLZ+0kSlW3oLwy81a4at+PSfE1
fely2xSMyJ6TdTCfxR1mS8E263Oohm5gAlE0qqP1bOoC9GiPcXs9uXjDDIBkBFh4
c7hM5zOIk3rSW644hOX9qJKxdc/AZ+vV0SRYJ8Q+l66B/Wg=
-----END CERTIFICATE-----