This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/3sJ6F883UE4toONTcAneJxfZCig.roa
File:                     3sJ6F883UE4toONTcAneJxfZCig.roa (raw, json)
Hash identifier:          ufXqJ4GZO0y/jJw+oVkfQY3Jd0w/SaLieFtWrMb5hjA=
Subject key identifier:   DE:C2:7A:17:CF:37:50:4E:2D:A0:E3:53:70:09:DE:27:17:D9:0A:28
Certificate issuer:       /CN=5fe53c0bfc3c8fb56b81191317144443e0e29d25
Certificate serial:       019BEB322403B24B6AACD717CCEF1D6C5BBE
Authority key identifier: 5F:E5:3C:0B:FC:3C:8F:B5:6B:81:19:13:17:14:44:43:E0:E2:9D:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X-U8C_w8j7VrgRkTFxREQ-DinSU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/3sJ6F883UE4toONTcAneJxfZCig.roa
Signing time:             Fri 23 Jan 2026 14:11:30 +0000
ROA not before:           Fri 23 Jan 2026 14:11:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214025
IP address blocks:        89.126.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/X-U8C_w8j7VrgRkTFxREQ-DinSU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/X-U8C_w8j7VrgRkTFxREQ-DinSU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X-U8C_w8j7VrgRkTFxREQ-DinSU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:eb:32:24:03:b2:4b:6a:ac:d7:17:cc:ef:1d:6c:5b:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fe53c0bfc3c8fb56b81191317144443e0e29d25
        Validity
            Not Before: Jan 23 14:11:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dec27a17cf37504e2da0e3537009de2717d90a28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:a3:a6:04:ca:54:0b:34:65:28:89:cd:39:b4:
                    91:62:b3:61:82:80:09:55:7c:72:fb:f8:bd:de:eb:
                    d8:f8:91:05:08:6b:e9:9a:2f:10:52:48:d8:64:6c:
                    67:de:b3:c7:6f:82:9d:ab:82:8d:5a:06:0e:d9:e5:
                    34:25:68:fb:5b:ab:98:e1:fb:b5:e0:c2:60:68:86:
                    31:96:3f:fa:1a:eb:ba:10:f8:19:21:88:99:d8:67:
                    01:5f:f1:73:92:7e:0d:9f:ac:bf:aa:be:73:37:9c:
                    03:50:5b:a1:e0:a6:1a:47:5b:19:f9:0e:c5:4c:74:
                    ec:81:37:c6:71:87:6b:70:c6:43:7c:fa:ac:45:6c:
                    7f:4f:27:6e:e5:ce:44:3f:29:09:e3:66:f2:80:ab:
                    62:7f:d4:b9:82:32:15:75:3a:8d:54:b6:76:d8:1a:
                    48:48:82:27:43:58:96:c8:1a:1a:72:e4:2a:e0:eb:
                    60:5d:b8:a4:e5:58:5d:99:10:89:e1:cb:f0:0c:c1:
                    da:be:90:06:07:d5:3f:55:19:b8:09:12:c9:87:48:
                    c1:92:68:ac:0c:9c:4b:02:57:67:38:25:04:88:25:
                    fb:e9:7e:aa:e7:db:62:a9:ca:53:04:89:f0:44:40:
                    c6:bd:07:08:5d:01:ba:d1:ef:84:9d:82:28:9e:f8:
                    32:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:C2:7A:17:CF:37:50:4E:2D:A0:E3:53:70:09:DE:27:17:D9:0A:28
            X509v3 Authority Key Identifier:
                keyid:5F:E5:3C:0B:FC:3C:8F:B5:6B:81:19:13:17:14:44:43:E0:E2:9D:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X-U8C_w8j7VrgRkTFxREQ-DinSU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/3sJ6F883UE4toONTcAneJxfZCig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/X-U8C_w8j7VrgRkTFxREQ-DinSU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.126.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:92:d0:e3:05:2a:33:2e:a3:84:72:ab:db:8b:74:7a:41:cd:
         76:cf:04:df:86:61:e1:b5:22:ed:fb:ac:c3:67:b7:a0:a2:83:
         bc:11:48:35:ac:c2:ca:05:ad:36:dc:ec:4a:a3:75:dd:3e:1e:
         5d:77:43:75:b7:d6:b2:9b:e4:8a:ba:af:b7:16:1a:b4:16:cf:
         76:80:1b:7c:40:51:06:95:28:46:a2:fd:95:22:e4:5a:be:03:
         bf:66:3b:41:1f:d4:f2:7d:bd:80:76:71:da:0f:4b:fe:3c:a2:
         cd:a5:8f:7a:38:07:bb:fd:0f:4d:81:98:05:ad:07:ba:42:6c:
         f1:e7:28:ba:be:9a:4a:ef:d8:6c:cd:53:a4:a4:ed:4b:3e:cf:
         66:50:1e:20:3c:9f:d3:7b:45:80:6e:17:e6:eb:ff:95:f1:5f:
         c8:2a:0a:b3:e9:37:aa:0f:78:87:53:5c:94:25:c6:f7:17:98:
         35:d5:3a:ed:ab:05:06:85:cc:6e:6b:ce:34:44:f5:90:e5:ec:
         db:6f:13:40:31:c6:06:79:32:ea:d9:03:05:e6:b4:ef:cd:3a:
         0f:10:78:f7:9b:81:67:7e:f3:62:93:f1:0c:4b:b6:76:bf:09:
         ff:0f:67:b5:b4:b0:54:c7:23:cb:c9:b2:ec:79:a6:31:10:69:
         25:96:72:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZvrMiQDsktqrNcXzO8dbFu+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmZTUzYzBiZmMzYzhmYjU2YjgxMTkxMzE3MTQ0NDQzZTBl
MjlkMjUwHhcNMjYwMTIzMTQxMTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWMyN2ExN2NmMzc1MDRlMmRhMGUzNTM3MDA5ZGUyNzE3ZDkwYTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3KOmBMpUCzRlKInNObSRYrNhgoAJ
VXxy+/i93uvY+JEFCGvpmi8QUkjYZGxn3rPHb4Kdq4KNWgYO2eU0JWj7W6uY4fu1
4MJgaIYxlj/6Guu6EPgZIYiZ2GcBX/Fzkn4Nn6y/qr5zN5wDUFuh4KYaR1sZ+Q7F
THTsgTfGcYdrcMZDfPqsRWx/Tydu5c5EPykJ42bygKtif9S5gjIVdTqNVLZ22BpI
SIInQ1iWyBoacuQq4OtgXbik5VhdmRCJ4cvwDMHavpAGB9U/VRm4CRLJh0jBkmis
DJxLAldnOCUEiCX76X6q59tiqcpTBInwREDGvQcIXQG60e+EnYIonvgy4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN7CehfPN1BOLaDjU3AJ3icX2QooMB8GA1UdIwQY
MBaAFF/lPAv8PI+1a4EZExcUREPg4p0lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWC1VOENfdzhqN1ZyZ1JrVEZ4UkVRLURpblNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9iYzYwODktM2Q5MC00NTI5LWJiNDct
NWNmNTZlZTQzNWIzLzEvM3NKNkY4ODNVRTR0b09OVGNBbmVKeGZaQ2lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9iYzYwODktM2Q5MC00NTI5LWJiNDctNWNmNTZlZTQzNWIz
LzEvWC1VOENfdzhqN1ZyZ1JrVEZ4UkVRLURpblNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWX7gMA0G
CSqGSIb3DQEBCwUAA4IBAQArktDjBSozLqOEcqvbi3R6Qc12zwTfhmHhtSLt+6zD
Z7egooO8EUg1rMLKBa023OxKo3XdPh5dd0N1t9aym+SKuq+3Fhq0Fs92gBt8QFEG
lShGov2VIuRavgO/ZjtBH9Tyfb2AdnHaD0v+PKLNpY96OAe7/Q9NgZgFrQe6Qmzx
5yi6vppK79hszVOkpO1LPs9mUB4gPJ/Te0WAbhfm6/+V8V/IKgqz6TeqD3iHU1yU
Jcb3F5g11TrtqwUGhcxua840RPWQ5ezbbxNAMcYGeTLq2QMF5rTvzToPEHj3m4Fn
fvNik/EMS7Z2vwn/D2e1tLBUxyPLybLseaYxEGkllnKS
-----END CERTIFICATE-----