This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/SsNEWWg4xoOE5PlX53Euc4uAd7E.roa
File:                     SsNEWWg4xoOE5PlX53Euc4uAd7E.roa (raw, json)
Hash identifier:          kl5BjlPzzK1J+TGlDtWRVbJ2YUbDGZY31XrONLIir00=
Subject key identifier:   4A:C3:44:59:68:38:C6:83:84:E4:F9:57:E7:71:2E:73:8B:80:77:B1
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019B7F856A2B216E5FE85B45FB9385B4352B
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/SsNEWWg4xoOE5PlX53Euc4uAd7E.roa
Signing time:             Fri 02 Jan 2026 16:23:28 +0000
ROA not before:           Fri 02 Jan 2026 16:23:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209847
IP address blocks:        195.133.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 13:02:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:85:6a:2b:21:6e:5f:e8:5b:45:fb:93:85:b4:35:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 16:23:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4ac344596838c68384e4f957e7712e738b8077b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:99:df:4b:21:81:85:cc:00:12:09:59:21:5a:
                    21:6d:b5:fc:24:f2:fd:31:b7:bd:c7:fc:4e:b9:b4:
                    6c:83:5b:87:44:56:8d:dc:85:79:84:25:ad:fd:fe:
                    b6:dc:b8:a2:4b:b4:e8:b0:a2:72:d5:2d:87:e5:b7:
                    64:a4:33:93:cb:e7:bf:3a:52:d1:cf:2a:7d:20:80:
                    ea:e0:54:48:c6:8f:e1:de:b5:3e:e7:ff:f4:b0:0d:
                    51:42:c2:13:79:06:d3:5c:e3:f5:68:f7:56:79:97:
                    0f:b7:ac:09:14:3c:57:d1:11:46:5f:68:f5:3b:43:
                    85:fb:82:93:d4:30:1e:7d:c5:04:b1:7f:68:4f:91:
                    c5:45:a4:9a:58:f6:4b:9a:2a:43:2e:63:d4:cf:48:
                    56:c3:a1:df:75:f7:3a:6c:35:e0:54:02:7f:66:ac:
                    07:2d:c7:ba:2e:80:ba:d6:b2:b0:2b:94:a4:6c:1f:
                    e3:7a:a5:2c:4f:a9:4a:d5:94:1b:b3:a6:df:eb:4e:
                    9b:fb:f3:5d:db:61:31:f9:80:dc:6f:9d:a1:02:19:
                    71:22:21:9f:fd:50:cf:95:66:61:d1:54:d0:d7:be:
                    f7:b7:a8:b1:4c:85:61:f7:57:04:9c:b0:ee:b0:06:
                    9d:72:62:20:12:c3:fb:29:a1:f5:2e:07:e4:1c:0f:
                    fa:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:C3:44:59:68:38:C6:83:84:E4:F9:57:E7:71:2E:73:8B:80:77:B1
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/SsNEWWg4xoOE5PlX53Euc4uAd7E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.133.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:fe:0a:ad:f6:f4:33:d5:6e:b7:1e:ae:02:af:b9:55:e5:12:
         e7:6f:df:b5:a4:7d:e4:8c:ce:cb:aa:16:e0:c0:47:d1:b0:5f:
         d7:a0:66:e7:7f:7b:c5:c2:95:ed:1d:b0:d6:4b:ab:08:a3:8f:
         53:9a:87:b4:62:1e:00:32:6b:31:61:fa:e5:1c:6c:a2:12:91:
         44:1a:5f:1a:d1:a6:ee:ab:28:86:c5:3e:e7:c7:ac:ba:96:e9:
         99:f7:f3:73:74:26:18:89:bb:f1:27:c2:99:a3:1e:c1:fc:a6:
         b2:1f:31:29:ee:77:77:13:fd:98:3b:79:67:ec:7d:40:8c:23:
         38:3a:77:66:f9:90:56:b3:c8:64:3b:92:7e:44:ce:f7:c3:97:
         d8:fe:e5:88:0c:d7:6a:09:56:f0:dc:1d:1b:29:b4:38:97:3b:
         32:fa:a0:20:c1:d7:97:a6:10:84:4a:fe:7c:74:fb:27:0c:02:
         19:ce:4e:a2:9c:f4:51:49:4c:c9:4e:d2:67:f4:5d:ba:3d:bb:
         7e:f7:46:bb:2a:96:21:cc:64:c9:5b:82:fc:7c:b0:7e:8b:0d:
         09:03:1c:da:03:00:c7:46:c6:94:28:74:7d:ae:1a:79:0e:89:
         ba:76:64:f3:ef:44:11:74:65:fb:5c:1b:a7:90:fd:3a:f7:29:
         7c:65:72:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hWorIW5f6FtF+5OFtDUrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjYwMTAyMTYyMzI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWMzNDQ1OTY4MzhjNjgzODRlNGY5NTdlNzcxMmU3MzhiODA3N2IxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAspnfSyGBhcwAEglZIVohbbX8JPL9
Mbe9x/xOubRsg1uHRFaN3IV5hCWt/f623LiiS7TosKJy1S2H5bdkpDOTy+e/OlLR
zyp9IIDq4FRIxo/h3rU+5//0sA1RQsITeQbTXOP1aPdWeZcPt6wJFDxX0RFGX2j1
O0OF+4KT1DAefcUEsX9oT5HFRaSaWPZLmipDLmPUz0hWw6Hfdfc6bDXgVAJ/ZqwH
Lce6LoC61rKwK5SkbB/jeqUsT6lK1ZQbs6bf606b+/Nd22Ex+YDcb52hAhlxIiGf
/VDPlWZh0VTQ1773t6ixTIVh91cEnLDusAadcmIgEsP7KaH1LgfkHA/6iwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFErDRFloOMaDhOT5V+dxLnOLgHexMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvU3NORVdXZzR4b09FNVBsWDUzRXVjNHVBZDdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4UAMA0G
CSqGSIb3DQEBCwUAA4IBAQCJ/gqt9vQz1W63Hq4Cr7lV5RLnb9+1pH3kjM7Lqhbg
wEfRsF/XoGbnf3vFwpXtHbDWS6sIo49Tmoe0Yh4AMmsxYfrlHGyiEpFEGl8a0abu
qyiGxT7nx6y6lumZ9/NzdCYYibvxJ8KZox7B/KayHzEp7nd3E/2YO3ln7H1AjCM4
Ondm+ZBWs8hkO5J+RM73w5fY/uWIDNdqCVbw3B0bKbQ4lzsy+qAgwdeXphCESv58
dPsnDAIZzk6inPRRSUzJTtJn9F26Pbt+90a7KpYhzGTJW4L8fLB+iw0JAxzaAwDH
RsaUKHR9rhp5Dom6dmTz70QRdGX7XBunkP069yl8ZXJO
-----END CERTIFICATE-----