This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/746410-026b-45c9-81cd-f12835f0247b/1/8rDvMkxptJnltjzzUCN1e7h2mu0.roa
File:                     8rDvMkxptJnltjzzUCN1e7h2mu0.roa (raw, json)
Hash identifier:          bN6iyJOU8RYfCqW0mfWStueUrIARdx585ED2RX3ioso=
Subject key identifier:   F2:B0:EF:32:4C:69:B4:99:E5:B6:3C:F3:50:23:75:7B:B8:76:9A:ED
Certificate issuer:       /CN=85d0e763f935c171694f172056eb44209db2e2cd
Certificate serial:       019B78345C9EC6FB68C99A6288026D9A1E7E
Authority key identifier: 85:D0:E7:63:F9:35:C1:71:69:4F:17:20:56:EB:44:20:9D:B2:E2:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hdDnY_k1wXFpTxcgVutEIJ2y4s0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/746410-026b-45c9-81cd-f12835f0247b/1/8rDvMkxptJnltjzzUCN1e7h2mu0.roa
Signing time:             Thu 01 Jan 2026 06:17:36 +0000
ROA not before:           Thu 01 Jan 2026 06:17:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198404
IP address blocks:        89.39.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/746410-026b-45c9-81cd-f12835f0247b/1/hdDnY_k1wXFpTxcgVutEIJ2y4s0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/746410-026b-45c9-81cd-f12835f0247b/1/hdDnY_k1wXFpTxcgVutEIJ2y4s0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hdDnY_k1wXFpTxcgVutEIJ2y4s0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 06:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:5c:9e:c6:fb:68:c9:9a:62:88:02:6d:9a:1e:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85d0e763f935c171694f172056eb44209db2e2cd
        Validity
            Not Before: Jan  1 06:17:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f2b0ef324c69b499e5b63cf35023757bb8769aed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:58:67:9d:57:19:57:bb:5b:eb:6e:1a:ae:1c:
                    35:87:d9:77:c2:a8:13:90:c7:c5:0b:6f:db:43:d8:
                    96:e1:0d:2b:33:44:be:e2:23:2f:08:32:dc:56:03:
                    2a:1b:83:e2:a0:e1:8d:52:5b:95:5e:43:90:c1:ec:
                    38:f2:f0:01:75:94:7b:8d:c0:f9:d5:7f:25:69:d0:
                    e7:4d:73:74:ed:ca:56:dd:91:3b:c3:cd:e8:7a:57:
                    d5:8f:ee:1b:d7:f1:76:09:5d:c6:30:6a:45:99:75:
                    c8:43:0c:ef:35:eb:ae:87:c2:09:e9:a9:fe:e2:87:
                    18:a4:00:ae:56:11:f8:a6:f0:4c:c2:82:25:97:74:
                    75:23:1f:a5:6e:59:89:43:0c:c7:3e:e4:e4:1b:41:
                    81:6e:42:65:47:51:7b:a7:37:bc:8a:b6:d4:d0:1c:
                    06:0a:9c:d8:f7:90:47:b2:fe:a9:37:4c:21:4e:da:
                    49:e4:57:91:1b:1a:a0:b4:59:b5:c8:3c:22:0e:be:
                    9e:15:0e:6c:3c:5c:a1:76:f8:2d:4e:d0:7f:79:31:
                    79:3c:18:44:97:fd:0f:1b:1a:8b:35:c1:00:1f:64:
                    d5:45:2e:9e:50:af:49:47:36:dc:2a:a1:10:ba:f2:
                    2e:c6:2f:19:b1:50:2c:ce:34:b0:14:38:bf:6d:99:
                    44:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:B0:EF:32:4C:69:B4:99:E5:B6:3C:F3:50:23:75:7B:B8:76:9A:ED
            X509v3 Authority Key Identifier:
                keyid:85:D0:E7:63:F9:35:C1:71:69:4F:17:20:56:EB:44:20:9D:B2:E2:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hdDnY_k1wXFpTxcgVutEIJ2y4s0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/746410-026b-45c9-81cd-f12835f0247b/1/8rDvMkxptJnltjzzUCN1e7h2mu0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/746410-026b-45c9-81cd-f12835f0247b/1/hdDnY_k1wXFpTxcgVutEIJ2y4s0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.39.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:59:cd:a1:4b:f1:5a:43:04:f6:87:ce:85:3c:a6:ba:1e:9d:
         b1:ba:24:a7:73:55:c4:c4:5d:b9:48:0a:65:fc:cd:c1:8a:ae:
         66:95:ce:d5:52:3c:04:83:b2:8b:03:b8:40:19:5e:7f:f4:5a:
         b9:c0:e8:88:a1:18:97:33:c6:7b:2f:e6:63:4f:5c:e2:a4:f0:
         00:be:1d:0c:12:8c:a9:56:25:1a:d7:fa:77:3e:bb:5e:a7:b3:
         86:cb:e3:87:4b:9d:80:12:bc:dc:af:37:f0:60:31:1c:39:63:
         06:d5:55:f4:04:02:cf:07:02:99:bc:e6:4f:bb:79:25:7f:8d:
         f7:d5:7a:af:61:56:2d:92:2c:51:9b:ef:6d:cd:9e:b0:bd:d8:
         be:fc:4b:23:42:aa:14:15:13:78:d5:3b:12:ec:56:da:21:41:
         d9:f1:82:e9:20:f2:3c:c0:b9:34:dc:f7:92:20:26:41:90:72:
         79:54:9b:c6:38:8f:09:42:ef:c7:c5:70:f7:c1:ad:41:50:83:
         6e:7d:ba:f5:c3:04:28:dc:81:bf:a9:d9:fd:92:be:a0:87:a5:
         47:83:88:66:cd:69:01:de:5d:0a:09:bd:e9:c2:5b:45:1f:f1:
         a7:d9:bb:8a:28:b4:61:30:cc:f7:d2:96:fa:ed:75:d9:c7:c6:
         4a:bc:41:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NFyexvtoyZpiiAJtmh5+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1ZDBlNzYzZjkzNWMxNzE2OTRmMTcyMDU2ZWI0NDIwOWRi
MmUyY2QwHhcNMjYwMTAxMDYxNzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmIwZWYzMjRjNjliNDk5ZTViNjNjZjM1MDIzNzU3YmI4NzY5YWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl1hnnVcZV7tb624arhw1h9l3wqgT
kMfFC2/bQ9iW4Q0rM0S+4iMvCDLcVgMqG4PioOGNUluVXkOQwew48vABdZR7jcD5
1X8ladDnTXN07cpW3ZE7w83oelfVj+4b1/F2CV3GMGpFmXXIQwzvNeuuh8IJ6an+
4ocYpACuVhH4pvBMwoIll3R1Ix+lblmJQwzHPuTkG0GBbkJlR1F7pze8irbU0BwG
CpzY95BHsv6pN0whTtpJ5FeRGxqgtFm1yDwiDr6eFQ5sPFyhdvgtTtB/eTF5PBhE
l/0PGxqLNcEAH2TVRS6eUK9JRzbcKqEQuvIuxi8ZsVAszjSwFDi/bZlEhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPKw7zJMabSZ5bY881AjdXu4dprtMB8GA1UdIwQY
MBaAFIXQ52P5NcFxaU8XIFbrRCCdsuLNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGREbllfazF3WEZwVHhjZ1Z1dEVJSjJ5NHMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi83NDY0MTAtMDI2Yi00NWM5LTgxY2Qt
ZjEyODM1ZjAyNDdiLzEvOHJEdk1reHB0Sm5sdGp6elVDTjFlN2gybXUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi83NDY0MTAtMDI2Yi00NWM5LTgxY2QtZjEyODM1ZjAyNDdi
LzEvaGREbllfazF3WEZwVHhjZ1Z1dEVJSjJ5NHMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWScgMA0G
CSqGSIb3DQEBCwUAA4IBAQAcWc2hS/FaQwT2h86FPKa6Hp2xuiSnc1XExF25SApl
/M3Biq5mlc7VUjwEg7KLA7hAGV5/9Fq5wOiIoRiXM8Z7L+ZjT1zipPAAvh0MEoyp
ViUa1/p3Prtep7OGy+OHS52AErzcrzfwYDEcOWMG1VX0BALPBwKZvOZPu3klf433
1XqvYVYtkixRm+9tzZ6wvdi+/EsjQqoUFRN41TsS7FbaIUHZ8YLpIPI8wLk03PeS
ICZBkHJ5VJvGOI8JQu/HxXD3wa1BUINufbr1wwQo3IG/qdn9kr6gh6VHg4hmzWkB
3l0KCb3pwltFH/Gn2buKKLRhMMz30pb67XXZx8ZKvEGb
-----END CERTIFICATE-----