This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/d612a3-4631-47de-940d-8be0d97682ab/1/dMiPF5hRDsmVGyczjp5h0yMXvNA.roa
File:                     dMiPF5hRDsmVGyczjp5h0yMXvNA.roa (raw, json)
Hash identifier:          3OGMUms6N3Q+YmbW4ivKKL6p/UH/QnXPY3TzgOYxtkk=
Subject key identifier:   74:C8:8F:17:98:51:0E:C9:95:1B:27:33:8E:9E:61:D3:23:17:BC:D0
Certificate issuer:       /CN=e0e3976d9ecb8309a8181fbd025ca52fef161999
Certificate serial:       019B7E37906EFEAC7DAE6E27D04D4AF8E8D9
Authority key identifier: E0:E3:97:6D:9E:CB:83:09:A8:18:1F:BD:02:5C:A5:2F:EF:16:19:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4OOXbZ7LgwmoGB-9AlylL-8WGZk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/d612a3-4631-47de-940d-8be0d97682ab/1/dMiPF5hRDsmVGyczjp5h0yMXvNA.roa
Signing time:             Fri 02 Jan 2026 10:18:49 +0000
ROA not before:           Fri 02 Jan 2026 10:18:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200348
IP address blocks:        185.179.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/d612a3-4631-47de-940d-8be0d97682ab/1/4OOXbZ7LgwmoGB-9AlylL-8WGZk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/d612a3-4631-47de-940d-8be0d97682ab/1/4OOXbZ7LgwmoGB-9AlylL-8WGZk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4OOXbZ7LgwmoGB-9AlylL-8WGZk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:90:6e:fe:ac:7d:ae:6e:27:d0:4d:4a:f8:e8:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0e3976d9ecb8309a8181fbd025ca52fef161999
        Validity
            Not Before: Jan  2 10:18:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=74c88f1798510ec9951b27338e9e61d32317bcd0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:de:8c:5e:4a:cd:90:d1:69:60:51:ae:28:e1:
                    b6:60:34:b5:36:71:44:4e:ac:77:e1:03:07:11:04:
                    77:54:fd:9c:94:23:86:c4:64:71:8a:84:73:52:96:
                    5a:9e:61:19:0a:d6:91:c5:83:2a:17:99:6e:cc:d4:
                    1f:a7:17:d7:77:a7:76:38:61:5b:33:38:a6:2d:a7:
                    d3:2a:70:e2:96:6a:fa:88:5e:85:8e:9c:9d:2f:06:
                    15:df:bd:32:d2:80:7a:68:41:62:f5:9b:8a:7f:d4:
                    9b:88:4d:63:af:ca:25:a5:7c:fe:56:01:0f:30:63:
                    d3:f1:fa:3a:f6:c0:f0:cc:36:5d:ca:71:c4:6e:f5:
                    f7:f6:32:19:38:b0:15:cb:2a:d1:c7:73:46:8f:4e:
                    8c:d8:0d:a5:64:d7:76:0b:8a:26:25:dc:8f:50:f7:
                    7d:37:0d:60:95:45:c5:91:07:e9:64:31:d8:5e:08:
                    37:01:9b:13:6d:5b:e7:29:60:cd:fa:bd:8d:37:42:
                    ee:53:e1:2c:7e:af:31:75:2d:42:53:69:e6:6d:da:
                    8f:ce:b8:ff:2f:bf:8e:c2:c3:b7:6d:14:02:2c:cb:
                    05:73:50:44:ee:b5:d6:15:96:3e:33:42:74:7d:02:
                    d8:d7:00:c2:72:03:41:37:79:93:76:a4:1a:4f:ca:
                    3a:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:C8:8F:17:98:51:0E:C9:95:1B:27:33:8E:9E:61:D3:23:17:BC:D0
            X509v3 Authority Key Identifier:
                keyid:E0:E3:97:6D:9E:CB:83:09:A8:18:1F:BD:02:5C:A5:2F:EF:16:19:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4OOXbZ7LgwmoGB-9AlylL-8WGZk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/d612a3-4631-47de-940d-8be0d97682ab/1/dMiPF5hRDsmVGyczjp5h0yMXvNA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/d612a3-4631-47de-940d-8be0d97682ab/1/4OOXbZ7LgwmoGB-9AlylL-8WGZk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.179.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:06:8c:9f:0b:8a:ba:cf:05:49:8a:81:51:8e:c0:f9:51:2c:
         4b:cb:a9:9f:15:d8:17:91:42:cb:df:f5:a0:43:fa:3c:01:b6:
         65:72:56:29:f3:e9:79:59:3a:c8:62:b8:9d:cf:f2:dc:e6:d9:
         58:7a:c2:cb:47:af:6d:f1:94:95:2c:ac:41:95:d7:d8:16:49:
         a2:34:7c:c3:94:4c:4e:f4:90:70:22:6b:8c:db:a9:84:6f:91:
         53:a3:ad:ba:ca:9f:c8:d8:dc:4f:20:c9:38:fc:da:32:e7:4f:
         ad:61:1a:3a:57:c5:a6:dd:e6:cc:93:b0:13:db:f8:b7:93:24:
         ef:82:40:a9:5d:bf:8a:73:2a:84:04:ca:1e:ba:68:bb:b8:f7:
         5b:c2:18:5c:e5:1f:1f:e3:c9:68:08:07:dd:5a:e6:46:97:79:
         8c:8e:bd:df:65:38:a0:ce:0f:77:27:af:8a:bc:95:8e:f7:a1:
         5a:67:78:22:65:bc:48:e0:cd:2b:a3:45:ab:b1:08:7f:3d:da:
         cd:48:7b:08:34:94:3a:f0:e5:3a:b0:e6:93:b6:e0:38:f3:34:
         76:92:78:77:94:98:e4:d1:19:66:a7:7f:2e:08:2c:06:b2:c9:
         cf:e4:8f:c8:81:aa:42:36:8e:ea:58:bb:e3:0d:2a:6b:ed:04:
         26:2d:e6:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+N5Bu/qx9rm4n0E1K+OjZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwZTM5NzZkOWVjYjgzMDlhODE4MWZiZDAyNWNhNTJmZWYx
NjE5OTkwHhcNMjYwMTAyMTAxODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGM4OGYxNzk4NTEwZWM5OTUxYjI3MzM4ZTllNjFkMzIzMTdiY2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj96MXkrNkNFpYFGuKOG2YDS1NnFE
Tqx34QMHEQR3VP2clCOGxGRxioRzUpZanmEZCtaRxYMqF5luzNQfpxfXd6d2OGFb
MzimLafTKnDilmr6iF6FjpydLwYV370y0oB6aEFi9ZuKf9SbiE1jr8olpXz+VgEP
MGPT8fo69sDwzDZdynHEbvX39jIZOLAVyyrRx3NGj06M2A2lZNd2C4omJdyPUPd9
Nw1glUXFkQfpZDHYXgg3AZsTbVvnKWDN+r2NN0LuU+Esfq8xdS1CU2nmbdqPzrj/
L7+OwsO3bRQCLMsFc1BE7rXWFZY+M0J0fQLY1wDCcgNBN3mTdqQaT8o6GwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHTIjxeYUQ7JlRsnM46eYdMjF7zQMB8GA1UdIwQY
MBaAFODjl22ey4MJqBgfvQJcpS/vFhmZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNE9PWGJaN0xnd21vR0ItOUFseWxMLThXR1prLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC9kNjEyYTMtNDYzMS00N2RlLTk0MGQt
OGJlMGQ5NzY4MmFiLzEvZE1pUEY1aFJEc21WR3ljempwNWgweU1Ydk5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC9kNjEyYTMtNDYzMS00N2RlLTk0MGQtOGJlMGQ5NzY4MmFi
LzEvNE9PWGJaN0xnd21vR0ItOUFseWxMLThXR1prLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubNZMA0G
CSqGSIb3DQEBCwUAA4IBAQB/BoyfC4q6zwVJioFRjsD5USxLy6mfFdgXkULL3/Wg
Q/o8AbZlclYp8+l5WTrIYridz/Lc5tlYesLLR69t8ZSVLKxBldfYFkmiNHzDlExO
9JBwImuM26mEb5FTo626yp/I2NxPIMk4/Noy50+tYRo6V8Wm3ebMk7AT2/i3kyTv
gkCpXb+KcyqEBMoeumi7uPdbwhhc5R8f48loCAfdWuZGl3mMjr3fZTigzg93J6+K
vJWO96FaZ3giZbxI4M0ro0WrsQh/PdrNSHsINJQ68OU6sOaTtuA48zR2knh3lJjk
0Rlmp38uCCwGssnP5I/IgapCNo7qWLvjDSpr7QQmLeZo
-----END CERTIFICATE-----