This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/0N--KoxInsnsXzGcwfmNBlxfs78.roa
File:                     0N--KoxInsnsXzGcwfmNBlxfs78.roa (raw, json)
Hash identifier:          7AEcbAbb6sKMf8LE9K99/qvnVr+OpcWbi+hxS/gOhss=
Subject key identifier:   D0:DF:BE:2A:8C:48:9E:C9:EC:5F:31:9C:C1:F9:8D:06:5C:5F:B3:BF
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       019B7D5D08433F6307CA91F1C5B5EA6CF189
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/0N--KoxInsnsXzGcwfmNBlxfs78.roa
Signing time:             Fri 02 Jan 2026 06:20:07 +0000
ROA not before:           Fri 02 Jan 2026 06:20:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201472
IP address blocks:        89.174.181.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 12:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5d:08:43:3f:63:07:ca:91:f1:c5:b5:ea:6c:f1:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Jan  2 06:20:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d0dfbe2a8c489ec9ec5f319cc1f98d065c5fb3bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:e5:f0:58:27:0d:2d:5d:07:b5:ac:ba:ec:e0:
                    ce:4a:96:37:a1:9a:ee:3e:a3:86:44:72:7f:a9:70:
                    a9:21:b9:2a:ef:d3:2f:e8:68:62:83:48:67:2d:c5:
                    0c:6e:0a:6e:39:1e:df:b9:ee:0a:23:63:f9:dc:7b:
                    59:ba:07:bb:73:18:8d:b6:1f:40:96:25:d3:d5:ea:
                    ff:03:39:ac:0a:b1:c8:26:5f:03:ae:2a:64:65:e7:
                    14:93:09:74:40:23:49:78:32:15:38:6c:c6:2a:a6:
                    16:92:3f:36:79:33:a8:da:be:d4:ea:91:6d:95:74:
                    33:16:1a:d7:1c:cd:1f:01:26:3e:cf:51:b5:4e:bf:
                    80:13:38:1d:fa:c6:2d:87:9b:d0:8f:74:bd:68:2a:
                    32:ba:cc:94:78:b3:29:93:d1:6f:d6:bf:5b:e4:84:
                    d8:f7:60:75:3e:ab:38:1a:34:18:c3:bd:39:46:f2:
                    df:1d:2e:4e:70:27:80:5c:15:cf:87:f1:c9:7d:9b:
                    94:4d:3c:01:ec:6a:46:10:bf:d7:27:f0:16:a3:56:
                    be:49:9e:2e:fe:06:ca:f4:fc:c2:cb:c0:84:e3:f7:
                    0e:d3:a8:22:ed:f0:c0:82:c4:1d:be:f3:9d:b5:20:
                    bc:e6:97:a2:82:64:53:0b:a5:08:ed:09:fe:35:4d:
                    44:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:DF:BE:2A:8C:48:9E:C9:EC:5F:31:9C:C1:F9:8D:06:5C:5F:B3:BF
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/0N--KoxInsnsXzGcwfmNBlxfs78.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.174.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:84:53:0a:ac:52:a7:ae:05:7f:55:22:b1:f8:9d:21:f3:bc:
         54:e7:f6:fd:a7:72:39:0a:a4:19:c2:39:2f:4e:da:c3:64:86:
         d7:57:9d:58:dc:8f:be:60:1c:15:cb:6e:f2:d6:24:3e:c7:5a:
         b9:89:fb:3c:81:30:69:69:c7:d8:f0:88:28:8d:ac:39:a1:7c:
         82:7f:4c:63:99:b6:79:af:c6:6d:d1:06:01:57:13:16:d7:0e:
         51:70:6f:07:a7:45:3e:a8:f0:49:db:2e:af:c3:c0:a6:52:61:
         77:90:91:16:22:76:3d:d2:7e:76:3b:5b:31:af:af:02:c6:bf:
         9c:82:85:ff:91:fc:0f:eb:2c:cb:f1:be:79:a3:29:dc:5c:91:
         44:37:09:d5:24:90:bb:dc:0e:9c:05:de:87:1a:b5:62:f8:98:
         e2:2a:a9:63:8f:f0:71:51:43:08:9d:67:75:80:34:33:31:ac:
         9c:c5:84:46:26:0f:8f:f1:19:88:8a:0a:07:3e:cb:16:8d:0b:
         c1:56:ec:fb:61:3e:f0:eb:b6:90:0b:21:00:f4:e7:cc:09:a7:
         92:c5:5a:29:6e:ae:6b:36:10:ae:ed:37:71:ee:05:aa:6f:05:
         de:76:79:1b:b6:eb:84:eb:0d:ee:37:1b:ef:d8:32:d8:43:77:
         78:9e:91:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XQhDP2MHypHxxbXqbPGJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjYwMTAyMDYyMDA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGRmYmUyYThjNDg5ZWM5ZWM1ZjMxOWNjMWY5OGQwNjVjNWZiM2JmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyeXwWCcNLV0Htay67ODOSpY3oZru
PqOGRHJ/qXCpIbkq79Mv6Ghig0hnLcUMbgpuOR7fue4KI2P53HtZuge7cxiNth9A
liXT1er/AzmsCrHIJl8DripkZecUkwl0QCNJeDIVOGzGKqYWkj82eTOo2r7U6pFt
lXQzFhrXHM0fASY+z1G1Tr+AEzgd+sYth5vQj3S9aCoyusyUeLMpk9Fv1r9b5ITY
92B1Pqs4GjQYw705RvLfHS5OcCeAXBXPh/HJfZuUTTwB7GpGEL/XJ/AWo1a+SZ4u
/gbK9PzCy8CE4/cO06gi7fDAgsQdvvOdtSC85peigmRTC6UI7Qn+NU1E4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNDfviqMSJ7J7F8xnMH5jQZcX7O/MB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEvME4tLUtveEluc25zWHpHY3dmbU5CbHhmczc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWa61MA0G
CSqGSIb3DQEBCwUAA4IBAQAQhFMKrFKnrgV/VSKx+J0h87xU5/b9p3I5CqQZwjkv
TtrDZIbXV51Y3I++YBwVy27y1iQ+x1q5ifs8gTBpacfY8Igojaw5oXyCf0xjmbZ5
r8Zt0QYBVxMW1w5RcG8Hp0U+qPBJ2y6vw8CmUmF3kJEWInY90n52O1sxr68Cxr+c
goX/kfwP6yzL8b55oyncXJFENwnVJJC73A6cBd6HGrVi+JjiKqljj/BxUUMInWd1
gDQzMaycxYRGJg+P8RmIigoHPssWjQvBVuz7YT7w67aQCyEA9OfMCaeSxVopbq5r
NhCu7Tdx7gWqbwXednkbtuuE6w3uNxvv2DLYQ3d4npFC
-----END CERTIFICATE-----