This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/58Z_30RmGqTf6FCU3PrZd5bogs8.roa
File:                     58Z_30RmGqTf6FCU3PrZd5bogs8.roa (raw, json)
Hash identifier:          TXG7g3IJzMwe+V0RYfLs59E5lWWsjUfuIPwuhzRGQhQ=
Subject key identifier:   E7:C6:7F:DF:44:66:1A:A4:DF:E8:50:94:DC:FA:D9:77:96:E8:82:CF
Certificate issuer:       /CN=05f3e160172ecc75c8cab1bae271be3ebf407a80
Certificate serial:       019B7D5B8129EFB36782C7363DA23695D597
Authority key identifier: 05:F3:E1:60:17:2E:CC:75:C8:CA:B1:BA:E2:71:BE:3E:BF:40:7A:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/58Z_30RmGqTf6FCU3PrZd5bogs8.roa
Signing time:             Fri 02 Jan 2026 06:18:27 +0000
ROA not before:           Fri 02 Jan 2026 06:18:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44815
IP address blocks:        89.167.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 12:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5b:81:29:ef:b3:67:82:c7:36:3d:a2:36:95:d5:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05f3e160172ecc75c8cab1bae271be3ebf407a80
        Validity
            Not Before: Jan  2 06:18:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e7c67fdf44661aa4dfe85094dcfad97796e882cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:7e:65:a8:59:b6:dd:41:a3:46:62:d7:61:13:
                    9c:c7:bb:2b:db:f3:7c:62:0c:df:ff:13:80:7c:7b:
                    fe:ac:e7:22:8a:82:de:6f:57:00:31:a6:4e:94:6d:
                    86:07:f2:81:32:d7:87:57:a6:32:14:45:51:25:d0:
                    e0:3c:7e:35:d6:e7:bb:7e:6d:f0:ec:34:9b:00:5e:
                    88:00:32:06:39:be:ea:a3:cd:b6:c5:40:7d:2f:e1:
                    11:e7:34:cc:48:8a:c8:6a:f4:74:f5:84:33:ad:f2:
                    a7:bd:ec:cc:27:a9:ab:f0:e2:3c:c7:eb:ea:46:1e:
                    78:c3:8a:26:60:12:90:33:94:44:fd:68:8d:0c:c4:
                    9d:33:6e:3e:f3:41:f8:c4:6a:ed:57:f5:4a:3c:02:
                    1f:fa:6e:9c:68:5f:9b:36:bf:2a:47:f1:bb:5b:27:
                    c3:96:d6:ce:cb:a8:38:2a:31:e0:27:b7:2d:0a:0b:
                    eb:3a:85:58:ae:8c:c8:64:a3:1e:ff:44:2d:09:57:
                    d5:4e:e1:4f:ee:81:0a:90:7e:a5:72:83:57:51:8d:
                    d1:5d:50:7c:37:39:e9:52:c9:34:11:66:2f:fe:86:
                    6d:01:cc:77:bb:6d:6c:1b:95:f0:52:19:72:c3:31:
                    a5:17:23:20:a9:f7:bc:4f:b4:ef:a8:21:4a:6e:3e:
                    8f:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:C6:7F:DF:44:66:1A:A4:DF:E8:50:94:DC:FA:D9:77:96:E8:82:CF
            X509v3 Authority Key Identifier:
                keyid:05:F3:E1:60:17:2E:CC:75:C8:CA:B1:BA:E2:71:BE:3E:BF:40:7A:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/58Z_30RmGqTf6FCU3PrZd5bogs8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.167.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:f1:a2:e9:f5:97:25:2e:8f:5e:af:ea:98:13:1f:16:99:ce:
         14:fa:5b:cd:b1:b4:b4:9f:22:5b:55:cf:44:5e:c4:34:d8:7a:
         39:1e:2e:e7:79:21:f1:86:de:90:ab:6c:df:a1:07:9c:53:22:
         b5:61:e0:b0:13:4e:f2:a4:ec:d3:38:51:b6:e2:24:d7:58:c4:
         a2:41:ad:14:89:01:e1:d5:0a:53:41:77:ab:ae:bf:e1:5c:05:
         18:34:bb:8a:c1:f5:98:58:e2:85:bd:64:67:43:23:b7:69:eb:
         49:5a:f9:0b:ec:75:f9:57:55:bf:de:6d:65:51:c2:5d:3c:26:
         fd:dd:1b:3c:34:44:0f:02:19:e6:44:21:34:6a:ef:cf:db:c2:
         af:82:8f:16:11:03:d4:ce:07:18:3b:a7:10:b6:e7:27:79:dd:
         33:83:a3:95:fb:72:82:c3:a8:42:cc:91:d2:34:b4:63:bf:e5:
         e4:d3:a9:b3:e9:b3:bb:81:76:99:7b:bc:5f:af:8d:f4:84:0e:
         2e:c0:c3:96:10:9e:a6:6b:b7:5d:98:6f:4d:0b:be:49:84:dc:
         6e:de:8a:bf:c9:4c:34:0b:d8:f1:b8:7b:9a:34:d9:a9:44:e2:
         e2:8f:e3:e0:95:50:ef:f8:ca:77:24:9e:a8:9c:d5:1e:eb:91:
         52:89:f6:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9W4Ep77Nngsc2PaI2ldWXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZjNlMTYwMTcyZWNjNzVjOGNhYjFiYWUyNzFiZTNlYmY0
MDdhODAwHhcNMjYwMTAyMDYxODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2M2N2ZkZjQ0NjYxYWE0ZGZlODUwOTRkY2ZhZDk3Nzk2ZTg4MmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkn5lqFm23UGjRmLXYROcx7sr2/N8
Ygzf/xOAfHv+rOciioLeb1cAMaZOlG2GB/KBMteHV6YyFEVRJdDgPH411ue7fm3w
7DSbAF6IADIGOb7qo822xUB9L+ER5zTMSIrIavR09YQzrfKnvezMJ6mr8OI8x+vq
Rh54w4omYBKQM5RE/WiNDMSdM24+80H4xGrtV/VKPAIf+m6caF+bNr8qR/G7WyfD
ltbOy6g4KjHgJ7ctCgvrOoVYrozIZKMe/0QtCVfVTuFP7oEKkH6lcoNXUY3RXVB8
NznpUsk0EWYv/oZtAcx3u21sG5XwUhlywzGlFyMgqfe8T7TvqCFKbj6PYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOfGf99EZhqk3+hQlNz62XeW6ILPMB8GA1UdIwQY
MBaAFAXz4WAXLsx1yMqxuuJxvj6/QHqAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmZQaFlCY3V6SFhJeXJHNjRuRy1QcjlBZW9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS9hYThiNDYtOTY0NS00NjIwLTg0Nzkt
NWQ1NjA5ODljZjdiLzEvNThaXzMwUm1HcVRmNkZDVTNQclpkNWJvZ3M4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS9hYThiNDYtOTY0NS00NjIwLTg0NzktNWQ1NjA5ODljZjdi
LzEvQmZQaFlCY3V6SFhJeXJHNjRuRy1QcjlBZW9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWafcMA0G
CSqGSIb3DQEBCwUAA4IBAQA38aLp9ZclLo9er+qYEx8Wmc4U+lvNsbS0nyJbVc9E
XsQ02Ho5Hi7neSHxht6Qq2zfoQecUyK1YeCwE07ypOzTOFG24iTXWMSiQa0UiQHh
1QpTQXerrr/hXAUYNLuKwfWYWOKFvWRnQyO3aetJWvkL7HX5V1W/3m1lUcJdPCb9
3Rs8NEQPAhnmRCE0au/P28Kvgo8WEQPUzgcYO6cQtucned0zg6OV+3KCw6hCzJHS
NLRjv+Xk06mz6bO7gXaZe7xfr430hA4uwMOWEJ6ma7ddmG9NC75JhNxu3oq/yUw0
C9jxuHuaNNmpROLij+PglVDv+Mp3JJ6onNUe65FSifZ4
-----END CERTIFICATE-----