This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/rtiE1g00ygxdO1tTtGobMSI8MfQ.roa
File:                     rtiE1g00ygxdO1tTtGobMSI8MfQ.roa (raw, json)
Hash identifier:          1+qhvfyyWdOjy7p4VdnyDBwRoLGDkk0RvotZmYLEvbM=
Subject key identifier:   AE:D8:84:D6:0D:34:CA:0C:5D:3B:5B:53:B4:6A:1B:31:22:3C:31:F4
Certificate issuer:       /CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
Certificate serial:       019B7BA51B7D7523AE278AA7737E8F1C7E75
Authority key identifier: CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/rtiE1g00ygxdO1tTtGobMSI8MfQ.roa
Signing time:             Thu 01 Jan 2026 22:19:36 +0000
ROA not before:           Thu 01 Jan 2026 22:19:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206647
IP address blocks:        89.223.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:1b:7d:75:23:ae:27:8a:a7:73:7e:8f:1c:7e:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
        Validity
            Not Before: Jan  1 22:19:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=aed884d60d34ca0c5d3b5b53b46a1b31223c31f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:cd:a0:93:81:de:a0:ff:a1:68:f2:65:bb:c6:
                    a7:34:fc:c1:01:2d:28:bf:ec:d6:a7:78:df:fe:a3:
                    c4:e4:11:43:ea:1e:a0:ea:1a:a0:77:57:cf:57:55:
                    b7:21:ff:3b:ee:71:40:b3:9d:d9:6c:d7:70:3d:c6:
                    7d:21:b9:a4:86:2a:cb:93:43:4d:67:08:99:bd:07:
                    99:f9:75:56:0a:81:e3:57:5a:0b:8c:d0:a3:2e:ef:
                    7f:05:0c:2f:77:4b:3a:88:f7:f9:6e:9b:85:18:0a:
                    18:9e:3f:ad:34:ea:50:40:7b:8a:8d:7e:e5:34:f0:
                    12:22:47:04:4f:61:0c:44:ac:11:28:00:7a:1b:b1:
                    ec:05:3c:98:15:b6:6e:65:29:b3:d3:4d:1a:90:e2:
                    80:65:a0:f0:c8:56:14:37:f8:78:6d:97:19:e8:93:
                    7a:e6:42:98:a7:ed:40:53:29:3c:b2:4b:d9:5d:5e:
                    30:a7:4e:b1:cb:56:b6:12:36:df:98:9b:8a:50:23:
                    4f:72:e4:34:1d:85:34:db:20:55:b4:32:59:38:a7:
                    f2:a8:3e:d5:96:62:19:20:b8:56:4b:7d:71:33:fe:
                    ae:80:c8:44:8b:03:0c:f9:be:95:d4:bb:c6:47:2c:
                    d7:54:28:8e:40:fb:65:7d:f3:24:64:4a:25:e1:c9:
                    14:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:D8:84:D6:0D:34:CA:0C:5D:3B:5B:53:B4:6A:1B:31:22:3C:31:F4
            X509v3 Authority Key Identifier:
                keyid:CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/rtiE1g00ygxdO1tTtGobMSI8MfQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.223.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:b2:47:6c:14:89:34:7b:f9:0c:6d:54:de:80:8f:fc:d4:0d:
         b0:e1:c2:e9:c0:b6:18:13:2a:c2:d7:19:4c:1b:ba:76:a8:f9:
         65:e0:0a:3e:8f:57:f7:1c:0c:7b:02:84:5a:73:f7:25:f0:39:
         d9:9c:b1:d4:17:36:f3:a2:67:f4:a0:66:26:5b:88:9a:ca:24:
         f5:85:a0:0b:44:ba:16:19:5e:f1:42:2c:60:41:bf:8c:eb:89:
         67:f8:2b:c5:90:8d:ba:17:52:ee:22:74:dc:d3:59:1f:16:67:
         64:41:a6:f0:aa:a8:c2:7f:a6:82:fe:dd:d7:4a:32:38:ed:3a:
         89:ee:12:b8:58:00:3c:20:f5:4b:a6:27:8f:c3:88:03:1c:0a:
         4f:fe:95:d3:12:07:36:83:09:ba:3e:23:5b:27:10:dd:23:dc:
         f8:02:8e:a2:06:46:b3:ed:da:f6:98:67:26:dd:32:67:9d:87:
         5e:2b:b6:4f:db:22:76:8f:a5:d2:3e:28:66:69:b5:f5:94:bc:
         30:2d:c3:f1:f4:e2:f1:27:d2:89:08:ed:de:97:aa:70:b4:7d:
         1c:78:9e:0b:6c:ec:0b:7d:9a:82:57:87:9d:ef:57:71:45:b7:
         37:6b:41:dc:50:bb:c8:a2:53:b4:36:bc:15:4d:bc:cb:d9:e6:
         fa:7d:b7:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pRt9dSOuJ4qnc36PHH51MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkODMxM2U0MWU2NDZhMDljZDAxZTJlNmY0NzM5ZDNiZDIz
NmM0ZmYwHhcNMjYwMTAxMjIxOTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWQ4ODRkNjBkMzRjYTBjNWQzYjViNTNiNDZhMWIzMTIyM2MzMWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2s2gk4HeoP+haPJlu8anNPzBAS0o
v+zWp3jf/qPE5BFD6h6g6hqgd1fPV1W3If877nFAs53ZbNdwPcZ9IbmkhirLk0NN
ZwiZvQeZ+XVWCoHjV1oLjNCjLu9/BQwvd0s6iPf5bpuFGAoYnj+tNOpQQHuKjX7l
NPASIkcET2EMRKwRKAB6G7HsBTyYFbZuZSmz000akOKAZaDwyFYUN/h4bZcZ6JN6
5kKYp+1AUyk8skvZXV4wp06xy1a2EjbfmJuKUCNPcuQ0HYU02yBVtDJZOKfyqD7V
lmIZILhWS31xM/6ugMhEiwMM+b6V1LvGRyzXVCiOQPtlffMkZEol4ckUcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK7YhNYNNMoMXTtbU7RqGzEiPDH0MB8GA1UdIwQY
MBaAFM2DE+QeZGoJzQHi5vRznTvSNsT/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvellNVDVCNWthZ25OQWVMbTlIT2RPOUkyeFA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8zNDY1ZjMtMDNjMi00ZWFhLWE2NzQt
ODg2MmI1MTczMTdjLzEvcnRpRTFnMDB5Z3hkTzF0VHRHb2JNU0k4TWZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8zNDY1ZjMtMDNjMi00ZWFhLWE2NzQtODg2MmI1MTczMTdj
LzEvellNVDVCNWthZ25OQWVMbTlIT2RPOUkyeFA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWd8RMA0G
CSqGSIb3DQEBCwUAA4IBAQBoskdsFIk0e/kMbVTegI/81A2w4cLpwLYYEyrC1xlM
G7p2qPll4Ao+j1f3HAx7AoRac/cl8DnZnLHUFzbzomf0oGYmW4iayiT1haALRLoW
GV7xQixgQb+M64ln+CvFkI26F1LuInTc01kfFmdkQabwqqjCf6aC/t3XSjI47TqJ
7hK4WAA8IPVLpiePw4gDHApP/pXTEgc2gwm6PiNbJxDdI9z4Ao6iBkaz7dr2mGcm
3TJnnYdeK7ZP2yJ2j6XSPihmabX1lLwwLcPx9OLxJ9KJCO3el6pwtH0ceJ4LbOwL
fZqCV4ed71dxRbc3a0HcULvIolO0NrwVTbzL2eb6fbdb
-----END CERTIFICATE-----