This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/hdiJUsn-mGkGSUlT1Hqx92eDVHA.roa
File:                     hdiJUsn-mGkGSUlT1Hqx92eDVHA.roa (raw, json)
Hash identifier:          LJKbx4az7vTER8ap7GuxbSzBoud2G6PQUC4oXRhpf84=
Subject key identifier:   85:D8:89:52:C9:FE:98:69:06:49:49:53:D4:7A:B1:F7:67:83:54:70
Certificate issuer:       /CN=53b62ace615b906b42ab27f4fb1d203df36d5436
Certificate serial:       019B77C675418DAB7A8CF36031577B3A7E18
Authority key identifier: 53:B6:2A:CE:61:5B:90:6B:42:AB:27:F4:FB:1D:20:3D:F3:6D:54:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U7YqzmFbkGtCqyf0-x0gPfNtVDY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/hdiJUsn-mGkGSUlT1Hqx92eDVHA.roa
Signing time:             Thu 01 Jan 2026 04:17:33 +0000
ROA not before:           Thu 01 Jan 2026 04:17:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197216
IP address blocks:        89.187.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/U7YqzmFbkGtCqyf0-x0gPfNtVDY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/U7YqzmFbkGtCqyf0-x0gPfNtVDY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U7YqzmFbkGtCqyf0-x0gPfNtVDY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:75:41:8d:ab:7a:8c:f3:60:31:57:7b:3a:7e:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53b62ace615b906b42ab27f4fb1d203df36d5436
        Validity
            Not Before: Jan  1 04:17:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=85d88952c9fe986906494953d47ab1f767835470
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:bd:8a:b5:a4:f3:a5:8b:1d:b1:70:8d:c7:66:
                    f3:2d:88:70:79:96:88:0c:2e:65:40:a1:d7:70:d4:
                    64:59:3a:9f:0a:59:be:c8:44:10:61:06:85:50:fb:
                    b9:8b:1b:e1:92:39:48:af:c1:f1:24:e3:9b:56:74:
                    ba:b7:97:94:cd:cd:b1:13:dd:4f:dc:a3:44:44:af:
                    71:dd:57:f3:9f:4e:16:31:5d:42:7b:b8:67:b8:f6:
                    6e:ec:71:62:9b:2d:0f:f2:2d:45:7b:d6:3f:5c:52:
                    61:8e:b5:81:5c:df:43:36:b4:b6:0e:36:c9:21:5b:
                    cf:f8:37:2e:d0:5b:61:30:73:80:85:59:0c:b5:e2:
                    ba:b4:d4:31:05:b0:ce:45:1c:c8:60:31:0a:09:49:
                    19:6b:91:93:b1:e0:25:65:67:f6:91:cb:62:4b:8a:
                    90:e3:35:3c:0a:28:93:e3:d0:4c:d8:dd:c8:d1:69:
                    13:8b:c1:3f:7f:4b:6b:eb:36:06:65:3c:2a:79:9d:
                    b5:9b:3a:e9:9b:0d:15:3f:07:f6:64:3c:b2:ab:71:
                    2a:ce:59:6e:a7:14:48:bb:04:d5:f3:ad:6b:7d:1f:
                    d4:86:80:06:e3:56:7f:9b:0b:48:6f:0d:94:39:54:
                    d8:18:fe:16:7f:f1:52:42:9d:05:0f:0e:bc:56:8e:
                    b9:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:D8:89:52:C9:FE:98:69:06:49:49:53:D4:7A:B1:F7:67:83:54:70
            X509v3 Authority Key Identifier:
                keyid:53:B6:2A:CE:61:5B:90:6B:42:AB:27:F4:FB:1D:20:3D:F3:6D:54:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U7YqzmFbkGtCqyf0-x0gPfNtVDY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/hdiJUsn-mGkGSUlT1Hqx92eDVHA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/U7YqzmFbkGtCqyf0-x0gPfNtVDY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.187.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:58:10:37:1a:75:8e:7e:33:64:34:d6:e7:cd:52:04:54:c3:
         a5:1d:b2:94:d9:62:e5:9b:0c:fb:b4:87:2f:7b:fa:6f:4c:e3:
         21:46:2d:3f:40:52:70:91:d7:9a:39:80:bc:2a:aa:ab:af:db:
         c0:a5:87:dc:ec:77:26:ac:b8:e8:bf:42:97:4e:96:2f:79:6d:
         2b:16:66:8b:2d:96:cb:36:68:43:ae:a7:73:55:12:c1:61:2e:
         c1:69:14:01:7a:30:26:8a:76:1b:d4:2d:d1:5e:3f:e6:a3:ff:
         e2:8b:18:78:71:48:d3:1d:20:9f:64:65:c8:34:74:98:ff:d7:
         5c:94:18:32:5f:6d:14:64:0c:17:4f:65:b6:1a:b5:dd:df:a3:
         b7:a2:2a:68:c0:2f:28:50:5f:2b:45:3c:22:89:95:2c:00:69:
         aa:2b:c0:90:12:09:89:4f:71:dd:f8:83:2f:af:2d:3e:13:00:
         c0:b7:d8:e7:a8:b5:28:e9:14:a5:0e:a8:30:b9:23:17:7d:67:
         f7:b6:4e:eb:18:86:27:90:1a:93:d6:c4:b5:77:ea:13:2b:85:
         ed:8c:74:35:c5:0e:5f:e0:2a:42:9b:b9:b6:ee:02:80:d8:b2:
         f8:e0:e2:7e:ef:6c:7b:5d:7a:a7:02:1d:4d:86:aa:2d:3f:d2:
         8a:64:84:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xnVBjat6jPNgMVd7On4YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzYjYyYWNlNjE1YjkwNmI0MmFiMjdmNGZiMWQyMDNkZjM2
ZDU0MzYwHhcNMjYwMTAxMDQxNzMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWQ4ODk1MmM5ZmU5ODY5MDY0OTQ5NTNkNDdhYjFmNzY3ODM1NDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwL2KtaTzpYsdsXCNx2bzLYhweZaI
DC5lQKHXcNRkWTqfClm+yEQQYQaFUPu5ixvhkjlIr8HxJOObVnS6t5eUzc2xE91P
3KNERK9x3Vfzn04WMV1Ce7hnuPZu7HFimy0P8i1Fe9Y/XFJhjrWBXN9DNrS2DjbJ
IVvP+Dcu0FthMHOAhVkMteK6tNQxBbDORRzIYDEKCUkZa5GTseAlZWf2kctiS4qQ
4zU8CiiT49BM2N3I0WkTi8E/f0tr6zYGZTwqeZ21mzrpmw0VPwf2ZDyyq3Eqzllu
pxRIuwTV861rfR/UhoAG41Z/mwtIbw2UOVTYGP4Wf/FSQp0FDw68Vo65JQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIXYiVLJ/phpBklJU9R6sfdng1RwMB8GA1UdIwQY
MBaAFFO2Ks5hW5BrQqsn9PsdID3zbVQ2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTdZcXptRmJrR3RDcXlmMC14MGdQZk50VkRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC84YjA3Y2QtMGNlZC00YWZjLThkMDIt
OTcyYTRjM2RjM2YzLzEvaGRpSlVzbi1tR2tHU1VsVDFIcXg5MmVEVkhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC84YjA3Y2QtMGNlZC00YWZjLThkMDItOTcyYTRjM2RjM2Yz
LzEvVTdZcXptRmJrR3RDcXlmMC14MGdQZk50VkRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWbtTMA0G
CSqGSIb3DQEBCwUAA4IBAQA0WBA3GnWOfjNkNNbnzVIEVMOlHbKU2WLlmwz7tIcv
e/pvTOMhRi0/QFJwkdeaOYC8Kqqrr9vApYfc7HcmrLjov0KXTpYveW0rFmaLLZbL
NmhDrqdzVRLBYS7BaRQBejAminYb1C3RXj/mo//iixh4cUjTHSCfZGXINHSY/9dc
lBgyX20UZAwXT2W2GrXd36O3oipowC8oUF8rRTwiiZUsAGmqK8CQEgmJT3Hd+IMv
ry0+EwDAt9jnqLUo6RSlDqgwuSMXfWf3tk7rGIYnkBqT1sS1d+oTK4XtjHQ1xQ5f
4CpCm7m27gKA2LL44OJ+72x7XXqnAh1NhqotP9KKZIQU
-----END CERTIFICATE-----