This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/RoiAthOj50QpYrn9VvJMEfxcNdQ.roa
File:                     RoiAthOj50QpYrn9VvJMEfxcNdQ.roa (raw, json)
Hash identifier:          kKotshUErmvc4fmaCrWUKg+FIEKcPXM5EKmx6H8SCpQ=
Subject key identifier:   46:88:80:B6:13:A3:E7:44:29:62:B9:FD:56:F2:4C:11:FC:5C:35:D4
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019B7F8567F30C37527BA50C9F7052FF01E9
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/RoiAthOj50QpYrn9VvJMEfxcNdQ.roa
Signing time:             Fri 02 Jan 2026 16:23:27 +0000
ROA not before:           Fri 02 Jan 2026 16:23:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207513
IP address blocks:        195.133.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 Jan 2026 11:01:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:85:67:f3:0c:37:52:7b:a5:0c:9f:70:52:ff:01:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 16:23:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=468880b613a3e7442962b9fd56f24c11fc5c35d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:5b:29:c7:c9:fb:b0:91:3b:a1:d9:ef:5f:ba:
                    28:5e:5d:7b:63:6c:9b:75:f7:9d:b7:3c:c5:49:5f:
                    50:f8:b1:b8:27:e6:95:dc:32:a4:59:e5:99:53:f2:
                    c0:5a:03:bd:18:15:75:dc:e5:65:19:4a:61:6d:65:
                    9a:c1:b0:aa:b3:d2:f7:c0:2b:d6:5b:03:d5:37:4e:
                    bc:bc:2f:da:dd:d4:a5:3d:bb:a5:7d:a6:b2:8d:86:
                    60:41:2f:3c:74:eb:39:80:cc:0a:ab:ab:e6:b9:de:
                    5d:c0:87:36:7b:6c:15:89:a5:bc:9b:5e:8e:86:ce:
                    c9:96:75:4d:8e:07:de:07:b0:3d:e9:6f:e4:60:5d:
                    60:c8:67:96:78:75:0d:fa:00:2e:1e:de:85:a9:b2:
                    7b:45:da:39:91:72:3a:48:21:6c:cf:53:1a:10:4d:
                    74:34:b4:e1:f3:05:10:6c:a4:ca:fc:af:fa:0d:e6:
                    1e:6a:22:e9:00:d9:bd:b4:b6:8d:d3:45:fa:29:b7:
                    8e:e8:9a:1d:56:a1:f6:ce:cd:0f:08:3a:f2:76:d5:
                    c6:e7:dd:e1:1d:92:04:60:04:0d:4d:7d:b8:23:bb:
                    bb:6b:15:c8:ad:f1:a2:e4:a3:62:e2:cf:2d:c6:f7:
                    14:d2:31:44:25:ab:a8:10:65:c5:a2:cd:6b:e8:80:
                    ec:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:88:80:B6:13:A3:E7:44:29:62:B9:FD:56:F2:4C:11:FC:5C:35:D4
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/RoiAthOj50QpYrn9VvJMEfxcNdQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.133.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:f1:0e:75:c1:25:d9:e2:a6:7b:f7:72:31:18:fb:e2:78:b3:
         3e:24:a7:7f:8b:a2:cf:3f:be:2b:76:03:24:0a:7f:04:4c:59:
         db:48:80:26:55:de:7f:f8:d3:55:1a:23:95:87:43:79:2c:94:
         05:94:2b:14:93:5e:7e:7f:66:ca:df:55:51:7f:cc:f6:88:8e:
         26:e7:b1:20:df:10:a2:55:9b:19:b1:d0:23:72:73:ea:54:39:
         7e:64:f3:72:98:95:cf:b7:0e:8f:6f:ac:60:d4:58:7e:d1:6f:
         19:77:a1:11:c2:83:49:e7:dc:54:74:05:21:a0:73:88:c3:02:
         4d:80:be:a0:bd:21:a9:ac:1d:ac:76:6f:c3:c1:9a:d6:9a:3e:
         79:92:e1:89:4f:be:64:43:aa:00:93:b8:96:e0:51:79:1b:34:
         0c:e5:9f:43:fa:12:15:10:c7:48:75:fd:cb:de:af:d2:80:8c:
         8e:d9:e2:10:05:15:5a:19:87:a2:29:1f:03:84:6a:97:d7:d9:
         e0:05:81:62:aa:4a:7d:94:62:3f:a9:9b:a3:bc:76:d5:c9:4e:
         25:06:53:28:18:51:dd:7f:d4:30:b9:6a:00:11:5e:8d:0d:49:
         7b:9f:7e:a6:3d:78:37:5a:53:76:5b:2c:b9:9f:0e:22:dc:1e:
         cd:1f:55:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hWfzDDdSe6UMn3BS/wHpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjYwMTAyMTYyMzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Njg4ODBiNjEzYTNlNzQ0Mjk2MmI5ZmQ1NmYyNGMxMWZjNWMzNWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA21spx8n7sJE7odnvX7ooXl17Y2yb
dfedtzzFSV9Q+LG4J+aV3DKkWeWZU/LAWgO9GBV13OVlGUphbWWawbCqs9L3wCvW
WwPVN068vC/a3dSlPbulfaayjYZgQS88dOs5gMwKq6vmud5dwIc2e2wViaW8m16O
hs7JlnVNjgfeB7A96W/kYF1gyGeWeHUN+gAuHt6FqbJ7Rdo5kXI6SCFsz1MaEE10
NLTh8wUQbKTK/K/6DeYeaiLpANm9tLaN00X6KbeO6JodVqH2zs0PCDrydtXG593h
HZIEYAQNTX24I7u7axXIrfGi5KNi4s8txvcU0jFEJauoEGXFos1r6IDsnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEaIgLYTo+dEKWK5/VbyTBH8XDXUMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvUm9pQXRoT2o1MFFwWXJuOVZ2Sk1FZnhjTmRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4XDMA0G
CSqGSIb3DQEBCwUAA4IBAQB78Q51wSXZ4qZ793IxGPvieLM+JKd/i6LPP74rdgMk
Cn8ETFnbSIAmVd5/+NNVGiOVh0N5LJQFlCsUk15+f2bK31VRf8z2iI4m57Eg3xCi
VZsZsdAjcnPqVDl+ZPNymJXPtw6Pb6xg1Fh+0W8Zd6ERwoNJ59xUdAUhoHOIwwJN
gL6gvSGprB2sdm/DwZrWmj55kuGJT75kQ6oAk7iW4FF5GzQM5Z9D+hIVEMdIdf3L
3q/SgIyO2eIQBRVaGYeiKR8DhGqX19ngBYFiqkp9lGI/qZujvHbVyU4lBlMoGFHd
f9QwuWoAEV6NDUl7n36mPXg3WlN2Wyy5nw4i3B7NH1Vj
-----END CERTIFICATE-----