This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/3e2165-3bb5-45c3-989a-2953894b1f6d/1/7KmiHeTQXRSzn1pRizVCv_INZ1Y.roa
File:                     7KmiHeTQXRSzn1pRizVCv_INZ1Y.roa (raw, json)
Hash identifier:          ovjEW9N/bVELgNzaDJYrGYeSdyjGcKIXWsIKwlhcxp8=
Subject key identifier:   EC:A9:A2:1D:E4:D0:5D:14:B3:9F:5A:51:8B:35:42:BF:F2:0D:67:56
Certificate issuer:       /CN=351a14ce9d25239b92fe5abce532515044c1aba4
Certificate serial:       019B7DCB0C4280B15DCB5AD81C8CF3D032EB
Authority key identifier: 35:1A:14:CE:9D:25:23:9B:92:FE:5A:BC:E5:32:51:50:44:C1:AB:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NRoUzp0lI5uS_lq85TJRUETBq6Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/3e2165-3bb5-45c3-989a-2953894b1f6d/1/7KmiHeTQXRSzn1pRizVCv_INZ1Y.roa
Signing time:             Fri 02 Jan 2026 08:20:17 +0000
ROA not before:           Fri 02 Jan 2026 08:20:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9050
IP address blocks:        89.39.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/3e2165-3bb5-45c3-989a-2953894b1f6d/1/NRoUzp0lI5uS_lq85TJRUETBq6Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/3e2165-3bb5-45c3-989a-2953894b1f6d/1/NRoUzp0lI5uS_lq85TJRUETBq6Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NRoUzp0lI5uS_lq85TJRUETBq6Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:cb:0c:42:80:b1:5d:cb:5a:d8:1c:8c:f3:d0:32:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=351a14ce9d25239b92fe5abce532515044c1aba4
        Validity
            Not Before: Jan  2 08:20:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=eca9a21de4d05d14b39f5a518b3542bff20d6756
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:8a:53:3c:83:a9:17:24:a5:cc:62:ad:e0:ae:
                    bf:69:a3:0e:03:21:32:66:0e:a7:d3:f2:e8:cf:2c:
                    ad:16:70:40:b5:60:cf:ad:8b:33:83:01:74:5a:e5:
                    29:ba:1b:0d:9c:7a:b0:5c:a7:e0:d2:9d:f6:ed:55:
                    a2:c4:e4:59:e8:a8:07:fc:0e:f6:d6:72:bc:b3:26:
                    c6:5e:8a:56:73:62:15:a2:df:a1:55:6e:d5:4d:27:
                    3e:01:f4:26:af:84:46:5a:6b:1a:06:a8:b9:75:85:
                    50:cb:38:fa:56:8a:02:8a:2a:13:9d:27:c1:00:c4:
                    ab:e7:1a:53:ee:18:08:72:ee:9d:e0:fa:9b:2c:cd:
                    e5:f3:13:e8:3b:d2:1f:11:92:76:fc:e1:73:68:15:
                    cc:97:21:ae:c4:f5:77:1a:2e:30:18:74:c5:14:77:
                    9b:42:97:13:db:43:02:eb:46:73:3e:d3:98:a9:62:
                    89:40:ea:2b:21:35:b7:00:8a:bd:34:a0:0e:c0:12:
                    a9:c0:f7:c5:42:b4:86:6e:a8:b6:49:62:8a:83:88:
                    c3:0d:1c:5a:61:27:c3:b8:52:5b:4b:e0:da:cf:72:
                    e2:93:db:26:ab:6b:8f:06:d0:4a:5d:dd:00:6f:12:
                    19:82:fc:09:9d:1a:50:78:8b:4c:4d:b1:bf:0c:b9:
                    61:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:A9:A2:1D:E4:D0:5D:14:B3:9F:5A:51:8B:35:42:BF:F2:0D:67:56
            X509v3 Authority Key Identifier:
                keyid:35:1A:14:CE:9D:25:23:9B:92:FE:5A:BC:E5:32:51:50:44:C1:AB:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRoUzp0lI5uS_lq85TJRUETBq6Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/3e2165-3bb5-45c3-989a-2953894b1f6d/1/7KmiHeTQXRSzn1pRizVCv_INZ1Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/3e2165-3bb5-45c3-989a-2953894b1f6d/1/NRoUzp0lI5uS_lq85TJRUETBq6Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.39.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:d3:c8:1c:ee:5e:cb:14:6f:21:5e:6f:5a:4f:86:22:28:a0:
         2b:eb:1f:fe:27:c8:4e:97:b9:07:60:f4:eb:53:8c:6c:7c:5b:
         8f:ed:7f:13:41:99:e8:92:f1:52:7e:0a:d7:cd:b1:c7:7f:07:
         6a:b3:97:fc:fe:5b:8d:35:d2:da:63:3e:94:19:da:d6:62:4a:
         fa:98:31:69:b6:99:08:6c:02:ce:19:b2:ec:68:ba:75:25:04:
         49:de:8c:42:61:56:e5:9e:27:56:d0:20:66:db:94:e5:fa:b4:
         34:75:a9:2c:70:55:c8:40:97:f7:16:84:01:d4:29:f1:42:66:
         1e:ab:ac:38:3a:cf:96:e8:1c:4a:57:b0:12:d5:1f:50:ad:f9:
         fa:4a:71:01:a5:05:b9:c1:b4:f2:34:03:eb:79:73:4e:1d:b2:
         85:4d:06:1c:a1:d6:9e:be:d8:3c:9e:0f:56:04:3c:85:e5:79:
         c0:ed:71:d3:5e:41:cc:98:51:5d:1f:56:79:1a:10:b3:04:76:
         ea:12:85:71:d7:a4:90:57:3a:54:06:66:e2:63:19:89:0f:a3:
         0b:88:c9:96:18:58:69:4c:9c:d9:77:cf:75:bd:5f:21:0c:1c:
         bd:92:d3:3a:da:97:30:7e:20:b0:ca:9d:01:1b:33:6f:74:85:
         10:8d:8a:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9ywxCgLFdy1rYHIzz0DLrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MWExNGNlOWQyNTIzOWI5MmZlNWFiY2U1MzI1MTUwNDRj
MWFiYTQwHhcNMjYwMTAyMDgyMDE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2E5YTIxZGU0ZDA1ZDE0YjM5ZjVhNTE4YjM1NDJiZmYyMGQ2NzU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw4pTPIOpFySlzGKt4K6/aaMOAyEy
Zg6n0/LozyytFnBAtWDPrYszgwF0WuUpuhsNnHqwXKfg0p327VWixORZ6KgH/A72
1nK8sybGXopWc2IVot+hVW7VTSc+AfQmr4RGWmsaBqi5dYVQyzj6VooCiioTnSfB
AMSr5xpT7hgIcu6d4PqbLM3l8xPoO9IfEZJ2/OFzaBXMlyGuxPV3Gi4wGHTFFHeb
QpcT20MC60ZzPtOYqWKJQOorITW3AIq9NKAOwBKpwPfFQrSGbqi2SWKKg4jDDRxa
YSfDuFJbS+Daz3Lik9smq2uPBtBKXd0AbxIZgvwJnRpQeItMTbG/DLlh9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOypoh3k0F0Us59aUYs1Qr/yDWdWMB8GA1UdIwQY
MBaAFDUaFM6dJSObkv5avOUyUVBEwaukMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJvVXpwMGxJNXVTX2xxODVUSlJVRVRCcTZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy8zZTIxNjUtM2JiNS00NWMzLTk4OWEt
Mjk1Mzg5NGIxZjZkLzEvN0ttaUhlVFFYUlN6bjFwUml6VkN2X0lOWjFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy8zZTIxNjUtM2JiNS00NWMzLTk4OWEtMjk1Mzg5NGIxZjZk
LzEvTlJvVXpwMGxJNXVTX2xxODVUSlJVRVRCcTZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSdDMA0G
CSqGSIb3DQEBCwUAA4IBAQB908gc7l7LFG8hXm9aT4YiKKAr6x/+J8hOl7kHYPTr
U4xsfFuP7X8TQZnokvFSfgrXzbHHfwdqs5f8/luNNdLaYz6UGdrWYkr6mDFptpkI
bALOGbLsaLp1JQRJ3oxCYVblnidW0CBm25Tl+rQ0dakscFXIQJf3FoQB1CnxQmYe
q6w4Os+W6BxKV7AS1R9Qrfn6SnEBpQW5wbTyNAPreXNOHbKFTQYcodaevtg8ng9W
BDyF5XnA7XHTXkHMmFFdH1Z5GhCzBHbqEoVx16SQVzpUBmbiYxmJD6MLiMmWGFhp
TJzZd891vV8hDBy9ktM62pcwfiCwyp0BGzNvdIUQjYri
-----END CERTIFICATE-----