This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/158TDE08Owo5ezTmAf_omZbt1fc.roa
File:                     158TDE08Owo5ezTmAf_omZbt1fc.roa (raw, json)
Hash identifier:          CfCjZmBeHpfdBvedGCpxc4MbeChLHMEJmDq71Sthx2Y=
Subject key identifier:   D7:9F:13:0C:4D:3C:3B:0A:39:7B:34:E6:01:FF:E8:99:96:ED:D5:F7
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       019B7AC85C8A67D53781C866704C715DCF02
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/158TDE08Owo5ezTmAf_omZbt1fc.roa
Signing time:             Thu 01 Jan 2026 18:18:29 +0000
ROA not before:           Thu 01 Jan 2026 18:18:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     136744
IP address blocks:        89.106.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:5c:8a:67:d5:37:81:c8:66:70:4c:71:5d:cf:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Jan  1 18:18:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d79f130c4d3c3b0a397b34e601ffe89996edd5f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:67:48:73:28:66:91:25:0f:64:66:e7:f7:2b:
                    b9:64:b5:20:f2:fe:e0:4f:17:d2:b5:09:4a:40:9d:
                    a3:34:18:d3:d4:6d:ef:43:90:b0:c3:83:67:5a:86:
                    2a:d5:37:91:65:8b:0d:8a:6a:45:96:0d:c3:6d:11:
                    b4:88:f9:85:2a:0e:d6:cf:0a:ca:fa:b4:92:43:80:
                    f3:0a:ba:59:46:1a:38:df:8a:72:06:4e:48:ca:f5:
                    9b:2f:de:32:04:57:b0:78:e8:6a:c3:b6:4a:0e:ea:
                    4d:fd:2b:cd:d0:aa:20:86:04:83:18:b8:dc:42:6a:
                    1b:bb:9e:5f:d2:be:bf:80:91:90:91:e3:da:4c:1d:
                    cd:f7:29:b5:87:39:58:c5:57:c5:ff:07:73:c9:59:
                    3f:9e:8e:1e:e3:c1:fd:d0:5f:e9:d6:e8:17:af:78:
                    9d:f4:ce:20:e2:55:00:e4:fa:94:84:3b:80:91:b9:
                    3f:c5:cc:fe:0a:d8:c4:d8:0a:c4:67:5c:45:1b:83:
                    46:76:43:f9:04:f5:eb:f6:28:c9:48:f2:1c:b7:9a:
                    08:92:38:68:8a:a5:3c:5f:39:fa:1d:be:c1:41:72:
                    36:cb:5e:79:df:65:b2:e9:e3:6c:2c:7a:f1:1c:66:
                    5c:a6:99:fd:e9:ee:a6:0a:6e:e8:3d:f0:9b:73:f8:
                    7c:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:9F:13:0C:4D:3C:3B:0A:39:7B:34:E6:01:FF:E8:99:96:ED:D5:F7
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/158TDE08Owo5ezTmAf_omZbt1fc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.106.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e0:f6:42:b8:41:2a:07:f9:42:cf:9d:5a:1e:8f:f6:23:95:11:
         c0:ab:2c:fe:6c:3e:6f:8f:4b:82:0b:b5:a6:d7:19:27:e0:25:
         33:df:13:89:f5:b2:47:a9:58:c8:e7:21:f9:64:fc:5e:31:2c:
         a3:d4:14:94:39:f9:6c:6a:3b:70:a1:83:e2:b1:b0:af:6d:ce:
         c8:9b:6d:7a:93:93:58:69:4b:ab:1a:a6:09:2a:9b:89:17:22:
         09:3d:0b:f8:58:7a:f5:f7:2a:ce:8f:9f:79:43:ac:c7:87:15:
         96:fc:da:7d:84:52:ca:ea:e9:6a:2e:d2:2a:d6:f7:53:1d:07:
         db:f6:b6:5d:11:62:22:a9:e5:15:7d:3c:27:f6:0a:82:1f:ce:
         8e:8a:74:1f:f2:21:03:97:59:59:08:fc:9c:af:99:02:ea:46:
         4b:58:ab:53:1a:80:3a:35:8b:1a:13:72:d7:ab:c6:f5:b0:d3:
         cb:82:6e:7f:c3:7b:ad:9a:3d:30:69:26:b3:88:e9:59:63:2d:
         27:f6:35:4f:79:dd:84:cf:76:14:5c:56:95:3b:f5:89:88:37:
         f0:b6:f9:97:39:35:c9:43:a9:a6:ed:ac:e3:60:15:34:8e:46:
         c2:da:0d:62:3c:9e:05:a0:90:02:23:52:45:d0:d6:90:fe:3f:
         e6:24:c6:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yFyKZ9U3gchmcExxXc8CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjYwMTAxMTgxODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzlmMTMwYzRkM2MzYjBhMzk3YjM0ZTYwMWZmZTg5OTk2ZWRkNWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoWdIcyhmkSUPZGbn9yu5ZLUg8v7g
TxfStQlKQJ2jNBjT1G3vQ5Cww4NnWoYq1TeRZYsNimpFlg3DbRG0iPmFKg7WzwrK
+rSSQ4DzCrpZRho434pyBk5IyvWbL94yBFeweOhqw7ZKDupN/SvN0KoghgSDGLjc
Qmobu55f0r6/gJGQkePaTB3N9ym1hzlYxVfF/wdzyVk/no4e48H90F/p1ugXr3id
9M4g4lUA5PqUhDuAkbk/xcz+CtjE2ArEZ1xFG4NGdkP5BPXr9ijJSPIct5oIkjho
iqU8Xzn6Hb7BQXI2y15532Wy6eNsLHrxHGZcppn96e6mCm7oPfCbc/h8dQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNefEwxNPDsKOXs05gH/6JmW7dX3MB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvMTU4VERFMDhPd281ZXpUbUFmX29tWmJ0MWZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWWoZMA0G
CSqGSIb3DQEBCwUAA4IBAQDg9kK4QSoH+ULPnVoej/YjlRHAqyz+bD5vj0uCC7Wm
1xkn4CUz3xOJ9bJHqVjI5yH5ZPxeMSyj1BSUOflsajtwoYPisbCvbc7Im216k5NY
aUurGqYJKpuJFyIJPQv4WHr19yrOj595Q6zHhxWW/Np9hFLK6ulqLtIq1vdTHQfb
9rZdEWIiqeUVfTwn9gqCH86OinQf8iEDl1lZCPycr5kC6kZLWKtTGoA6NYsaE3LX
q8b1sNPLgm5/w3utmj0waSaziOlZYy0n9jVPed2Ez3YUXFaVO/WJiDfwtvmXOTXJ
Q6mm7azjYBU0jkbC2g1iPJ4FoJACI1JF0NaQ/j/mJMZ6
-----END CERTIFICATE-----