This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/mI1HuOhEOlv2NEwmoDVlsD32_LE.roa
File:                     mI1HuOhEOlv2NEwmoDVlsD32_LE.roa (raw, json)
Hash identifier:          QQYFVZtioyeC38QfOVBXY9H09adCRxKF9pUyi9nJ2dg=
Subject key identifier:   98:8D:47:B8:E8:44:3A:5B:F6:34:4C:26:A0:35:65:B0:3D:F6:FC:B1
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       019B7D5D0302B0A84405A99FCE2D549DBBE3
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/mI1HuOhEOlv2NEwmoDVlsD32_LE.roa
Signing time:             Fri 02 Jan 2026 06:20:06 +0000
ROA not before:           Fri 02 Jan 2026 06:20:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61338
IP address blocks:        89.174.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 12:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5d:03:02:b0:a8:44:05:a9:9f:ce:2d:54:9d:bb:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Jan  2 06:20:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=988d47b8e8443a5bf6344c26a03565b03df6fcb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:74:fa:45:5b:de:39:4d:a3:8f:8a:08:f4:69:
                    e2:01:6c:55:bb:a6:a2:b7:b3:11:d1:24:8a:eb:e3:
                    25:6e:eb:da:08:ce:28:2d:91:81:11:01:25:8e:ba:
                    60:9a:11:fe:fd:ca:53:c6:5b:83:68:0d:4c:4d:5d:
                    89:17:03:e5:06:fa:21:54:f0:6c:8c:d1:e5:b5:17:
                    61:0f:42:ed:4e:0e:08:95:76:06:ae:77:a9:90:d1:
                    f6:82:71:0a:79:9a:fd:55:ac:4d:79:b0:f2:40:d9:
                    3e:81:cd:10:10:b9:4e:e3:b5:e3:23:89:9e:ae:80:
                    9e:44:f5:6e:b8:95:be:5d:fa:c2:a5:b8:a4:33:e9:
                    93:4e:d8:b1:cd:82:df:9e:dd:6e:da:ee:02:6c:33:
                    a1:a0:48:38:17:8b:b8:ca:4c:c4:48:fe:e2:c2:6d:
                    e7:55:0b:2b:5c:a6:ef:0e:38:ba:2d:bd:7b:82:bb:
                    39:9c:0f:4d:34:c5:c3:e1:31:fe:ec:e7:ee:3d:e4:
                    d4:7c:2c:82:f1:32:82:2a:7d:73:ab:38:33:18:77:
                    bb:84:f4:26:06:1a:98:33:f2:7a:dd:02:5d:4f:e4:
                    8b:51:fa:46:74:c1:77:f6:90:f7:79:6e:1d:c7:8f:
                    2a:7a:51:5e:87:a5:ab:6b:1b:4f:da:4d:30:ae:d2:
                    c0:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:8D:47:B8:E8:44:3A:5B:F6:34:4C:26:A0:35:65:B0:3D:F6:FC:B1
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/mI1HuOhEOlv2NEwmoDVlsD32_LE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.174.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:aa:90:95:79:97:3e:d7:6e:06:f2:d7:ba:c6:86:da:55:94:
         26:dc:59:14:ec:a7:94:21:4f:9e:1c:33:b8:8f:ca:87:d8:65:
         23:f8:b8:11:f8:95:d1:07:bf:c4:b3:f1:87:34:f3:f7:55:c5:
         51:25:25:08:68:fc:ac:07:5d:20:5b:9a:7f:ee:3e:14:03:e8:
         57:ec:6a:53:df:e6:a0:2f:88:f1:00:ec:88:aa:9c:23:b5:02:
         8b:7e:a8:24:b1:90:7f:4d:da:5f:0a:16:6e:a3:1e:58:d4:40:
         29:19:73:f9:d0:ee:da:3e:25:5a:e8:0d:8f:a4:bb:47:85:09:
         93:54:0e:04:76:51:80:79:27:60:6c:34:60:19:c9:44:b0:ba:
         83:7f:43:86:2e:c4:92:f3:0b:d2:eb:62:61:18:a4:66:d2:00:
         3f:86:e5:2e:3b:36:d8:8a:3b:6d:37:c0:bf:c9:7a:15:63:7b:
         3b:18:61:3d:ad:48:ee:0c:81:bd:42:78:34:c6:28:19:ba:ad:
         67:30:1c:a6:4b:af:81:5d:38:99:f3:82:8a:4d:16:a4:fd:93:
         cc:36:0c:54:34:79:88:1e:40:47:07:0f:bc:dc:55:07:35:87:
         9b:c1:39:f7:06:5d:80:84:3a:bd:67:a6:0b:4e:fa:35:5d:8a:
         e0:49:15:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XQMCsKhEBamfzi1UnbvjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjYwMTAyMDYyMDA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODhkNDdiOGU4NDQzYTViZjYzNDRjMjZhMDM1NjViMDNkZjZmY2IxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1HT6RVveOU2jj4oI9GniAWxVu6ai
t7MR0SSK6+MlbuvaCM4oLZGBEQEljrpgmhH+/cpTxluDaA1MTV2JFwPlBvohVPBs
jNHltRdhD0LtTg4IlXYGrnepkNH2gnEKeZr9VaxNebDyQNk+gc0QELlO47XjI4me
roCeRPVuuJW+XfrCpbikM+mTTtixzYLfnt1u2u4CbDOhoEg4F4u4ykzESP7iwm3n
VQsrXKbvDji6Lb17grs5nA9NNMXD4TH+7OfuPeTUfCyC8TKCKn1zqzgzGHe7hPQm
BhqYM/J63QJdT+SLUfpGdMF39pD3eW4dx48qelFeh6WraxtP2k0wrtLAFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJiNR7joRDpb9jRMJqA1ZbA99vyxMB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEvbUkxSHVPaEVPbHYyTkV3bW9EVmxzRDMyX0xFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWa6jMA0G
CSqGSIb3DQEBCwUAA4IBAQCRqpCVeZc+124G8te6xobaVZQm3FkU7KeUIU+eHDO4
j8qH2GUj+LgR+JXRB7/Es/GHNPP3VcVRJSUIaPysB10gW5p/7j4UA+hX7GpT3+ag
L4jxAOyIqpwjtQKLfqgksZB/TdpfChZuox5Y1EApGXP50O7aPiVa6A2PpLtHhQmT
VA4EdlGAeSdgbDRgGclEsLqDf0OGLsSS8wvS62JhGKRm0gA/huUuOzbYijttN8C/
yXoVY3s7GGE9rUjuDIG9Qng0xigZuq1nMBymS6+BXTiZ84KKTRak/ZPMNgxUNHmI
HkBHBw+83FUHNYebwTn3Bl2AhDq9Z6YLTvo1XYrgSRVM
-----END CERTIFICATE-----