This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/8wb0WyRl4-rnpHaXFcfz1iHb6aI.roa
File:                     8wb0WyRl4-rnpHaXFcfz1iHb6aI.roa (raw, json)
Hash identifier:          fX+xnIgHedszjwn5kqy5eBZiCRaQO2mrkD+/8UUZb8E=
Subject key identifier:   F3:06:F4:5B:24:65:E3:EA:E7:A4:76:97:15:C7:F3:D6:21:DB:E9:A2
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019B7F854E43F8A0821998796A35B807B92C
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/8wb0WyRl4-rnpHaXFcfz1iHb6aI.roa
Signing time:             Fri 02 Jan 2026 16:23:21 +0000
ROA not before:           Fri 02 Jan 2026 16:23:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47540
IP address blocks:        195.58.53.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 13:02:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:85:4e:43:f8:a0:82:19:98:79:6a:35:b8:07:b9:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 16:23:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f306f45b2465e3eae7a4769715c7f3d621dbe9a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:71:3a:2b:d3:5a:96:52:8c:3a:6f:5b:00:c5:
                    de:1c:00:aa:9b:9a:9a:4d:53:95:65:9c:d4:63:7e:
                    53:3b:21:25:6b:dd:45:8b:bb:a9:93:49:73:97:0f:
                    fd:20:77:91:91:8d:ee:81:5b:3f:4d:9c:c0:92:5c:
                    12:41:53:04:24:9a:ed:c9:ce:6f:1e:92:32:de:0d:
                    01:f8:42:cd:01:cc:37:c3:d7:15:98:94:1d:13:45:
                    dc:0a:8c:58:d4:cb:e4:fa:be:25:ca:2f:77:02:49:
                    df:b6:bb:1d:84:c4:8e:a4:a1:82:85:78:37:db:9b:
                    5c:3c:02:d3:04:2a:c6:aa:01:70:a8:42:ab:ca:09:
                    bb:3d:76:6c:8f:78:7e:7d:ea:86:79:fa:7e:d8:0e:
                    70:58:48:e9:39:3f:ab:a9:7a:7d:42:40:21:72:f3:
                    f0:94:a6:b6:23:cc:85:6f:05:b7:8d:0d:66:02:15:
                    0f:59:e1:ef:5c:e3:0e:d5:3e:12:26:d8:9d:c2:f8:
                    0e:49:5a:f7:ee:ff:63:42:d8:48:67:25:6b:d8:16:
                    d1:5c:c6:4b:ec:31:70:a7:e2:43:54:6f:3e:be:f3:
                    66:20:f6:15:3a:4e:9d:99:19:20:3b:b0:c2:cc:5c:
                    ea:cb:a3:ee:dc:7a:84:00:06:b4:33:4f:fe:f5:0e:
                    15:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:06:F4:5B:24:65:E3:EA:E7:A4:76:97:15:C7:F3:D6:21:DB:E9:A2
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/8wb0WyRl4-rnpHaXFcfz1iHb6aI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.58.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:61:0e:01:e6:64:3c:f4:a4:ba:d0:38:fc:01:c7:12:c5:89:
         e2:81:f3:8f:26:2a:40:17:a9:44:8f:95:c0:5a:b4:63:91:33:
         3e:c4:03:75:0e:83:1b:90:0a:fb:ba:20:22:fb:67:24:39:09:
         e3:19:50:6b:bf:e3:c9:dc:12:89:f2:5e:25:b1:ce:ae:e4:d0:
         dd:92:fc:a6:27:f1:ad:06:94:67:83:e4:bc:1b:39:a3:0b:a2:
         dd:76:a2:40:f6:5b:7f:3d:bd:c8:28:6f:58:f8:65:5b:a0:70:
         21:0a:3b:51:e5:b9:f4:cd:b1:68:09:6c:3f:ff:8a:f9:92:a0:
         b1:1a:d9:c0:0f:83:ce:6e:cb:48:d6:6c:b5:f0:cb:92:3c:3f:
         4d:f7:85:b2:37:cc:db:2b:43:ad:df:e1:59:d4:61:39:bb:81:
         0e:40:00:b8:f1:7b:69:bb:cd:c2:ef:3c:48:c3:63:a6:ab:c2:
         5d:fb:8b:f8:0a:71:42:e5:5f:d6:2d:76:b0:0f:ef:64:16:5e:
         d6:bf:8d:64:9b:88:db:75:9c:4b:e0:d1:2f:72:a6:fe:c8:f3:
         18:53:37:50:a8:e5:47:5c:12:db:de:ba:c4:0b:12:ba:06:18:
         c5:d3:a9:c4:b4:85:8c:69:4f:7b:6a:87:1d:71:45:a9:02:28:
         b9:76:a8:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hU5D+KCCGZh5ajW4B7ksMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjYwMTAyMTYyMzIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzA2ZjQ1YjI0NjVlM2VhZTdhNDc2OTcxNWM3ZjNkNjIxZGJlOWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwHE6K9NallKMOm9bAMXeHACqm5qa
TVOVZZzUY35TOyEla91Fi7upk0lzlw/9IHeRkY3ugVs/TZzAklwSQVMEJJrtyc5v
HpIy3g0B+ELNAcw3w9cVmJQdE0XcCoxY1Mvk+r4lyi93AknftrsdhMSOpKGChXg3
25tcPALTBCrGqgFwqEKrygm7PXZsj3h+feqGefp+2A5wWEjpOT+rqXp9QkAhcvPw
lKa2I8yFbwW3jQ1mAhUPWeHvXOMO1T4SJtidwvgOSVr37v9jQthIZyVr2BbRXMZL
7DFwp+JDVG8+vvNmIPYVOk6dmRkgO7DCzFzqy6Pu3HqEAAa0M0/+9Q4VHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPMG9FskZePq56R2lxXH89Yh2+miMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvOHdiMFd5Umw0LXJucEhhWEZjZnoxaUhiNmFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwzo1MA0G
CSqGSIb3DQEBCwUAA4IBAQA3YQ4B5mQ89KS60Dj8AccSxYnigfOPJipAF6lEj5XA
WrRjkTM+xAN1DoMbkAr7uiAi+2ckOQnjGVBrv+PJ3BKJ8l4lsc6u5NDdkvymJ/Gt
BpRng+S8GzmjC6LddqJA9lt/Pb3IKG9Y+GVboHAhCjtR5bn0zbFoCWw//4r5kqCx
GtnAD4PObstI1my18MuSPD9N94WyN8zbK0Ot3+FZ1GE5u4EOQAC48Xtpu83C7zxI
w2Omq8Jd+4v4CnFC5V/WLXawD+9kFl7Wv41km4jbdZxL4NEvcqb+yPMYUzdQqOVH
XBLb3rrECxK6BhjF06nEtIWMaU97aocdcUWpAii5dqj/
-----END CERTIFICATE-----