This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/d-X98ZEtp-BtQMI5MVTk6M2Ojpc.roa
File:                     d-X98ZEtp-BtQMI5MVTk6M2Ojpc.roa (raw, json)
Hash identifier:          78Bxza0dPqLPXoNnOQjMSeTT9I5AdaF98vNYTFQ0pQE=
Subject key identifier:   77:E5:FD:F1:91:2D:A7:E0:6D:40:C2:39:31:54:E4:E8:CD:8E:8E:97
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019B7F855CF998F55E4C6CF9C56414800097
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/d-X98ZEtp-BtQMI5MVTk6M2Ojpc.roa
Signing time:             Fri 02 Jan 2026 16:23:25 +0000
ROA not before:           Fri 02 Jan 2026 16:23:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199654
IP address blocks:        195.58.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 13:02:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:85:5c:f9:98:f5:5e:4c:6c:f9:c5:64:14:80:00:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 16:23:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=77e5fdf1912da7e06d40c2393154e4e8cd8e8e97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:c3:e1:6d:96:28:0e:58:99:74:62:ed:b2:e4:
                    3a:0f:f1:c9:89:91:6f:4b:30:46:5a:35:7f:34:6e:
                    ff:0e:ee:2e:13:91:76:9d:0c:2a:8d:42:fc:6d:f4:
                    b3:75:49:cd:2f:78:bf:aa:43:ed:a0:00:20:a8:12:
                    5a:ef:1a:b0:01:0a:56:61:c0:40:cd:da:82:ae:54:
                    21:25:30:3f:21:25:ac:3a:47:ed:40:58:cd:58:5d:
                    cc:4b:66:70:24:12:51:ca:33:ff:e2:a9:0c:39:60:
                    35:44:c8:90:d6:a7:2c:3e:ac:18:46:84:0b:da:39:
                    71:f7:a7:c7:3c:38:a2:85:7c:db:55:fb:d9:6c:25:
                    12:7b:3f:6a:0e:99:8a:ae:60:44:61:fa:f4:e9:ee:
                    fc:4d:78:11:13:88:cb:e2:32:b3:4a:b6:f9:a3:d2:
                    29:dc:80:0e:a5:6d:cd:d7:1f:6a:5f:78:24:9e:ae:
                    dd:86:20:f8:5c:65:6d:ec:8c:1b:5f:25:71:7d:a7:
                    ee:63:6a:c5:cb:92:93:d7:44:c4:e6:1d:83:f7:5a:
                    29:91:fa:19:91:81:80:51:61:53:05:45:96:bd:17:
                    87:5b:19:16:cf:51:0c:a3:5f:32:ae:04:1a:0a:fc:
                    81:37:7a:ce:d5:5d:51:da:ec:b2:d9:e3:29:58:5d:
                    23:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:E5:FD:F1:91:2D:A7:E0:6D:40:C2:39:31:54:E4:E8:CD:8E:8E:97
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/d-X98ZEtp-BtQMI5MVTk6M2Ojpc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.58.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:90:84:c7:76:9b:93:d8:95:81:ca:b2:ef:d7:be:1b:e4:cb:
         49:ec:31:22:0f:84:a6:93:2f:02:e2:92:b1:e7:81:92:72:9d:
         91:58:b4:67:0a:7e:1a:58:05:13:60:a6:ce:57:de:b5:63:35:
         d0:df:97:88:32:78:e5:e8:83:8f:ce:f6:da:30:22:e2:c3:9c:
         e3:f7:6b:6c:39:c9:9a:2a:e3:e5:b7:0d:2b:c3:54:78:86:81:
         51:92:73:da:e0:67:f7:7d:09:98:08:25:17:bf:63:0c:dc:20:
         65:0d:a0:01:e6:cb:ba:40:cd:99:77:52:93:7a:ba:33:7d:26:
         35:2f:3c:1e:6e:76:54:12:00:24:16:df:a1:87:b3:b9:74:dc:
         dc:4f:3c:92:1b:f9:d8:75:99:ec:be:e9:09:b6:a9:9f:04:68:
         49:e8:32:ac:b6:3f:68:6d:0f:52:44:71:b7:7d:e5:e3:3f:33:
         d9:2b:2b:37:7e:fd:18:79:a2:c3:22:ac:c9:2e:80:4b:c1:ce:
         0a:55:02:f0:de:8f:31:f9:51:10:33:7e:cf:65:e3:f7:f6:b2:
         f3:28:fd:77:9a:19:75:11:e7:e3:5f:f7:75:fe:6e:db:1d:39:
         a6:23:e9:e3:78:27:02:12:49:e1:4e:e0:f1:fd:8f:01:0b:3a:
         17:48:90:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hVz5mPVeTGz5xWQUgACXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjYwMTAyMTYyMzI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2U1ZmRmMTkxMmRhN2UwNmQ0MGMyMzkzMTU0ZTRlOGNkOGU4ZTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwsPhbZYoDliZdGLtsuQ6D/HJiZFv
SzBGWjV/NG7/Du4uE5F2nQwqjUL8bfSzdUnNL3i/qkPtoAAgqBJa7xqwAQpWYcBA
zdqCrlQhJTA/ISWsOkftQFjNWF3MS2ZwJBJRyjP/4qkMOWA1RMiQ1qcsPqwYRoQL
2jlx96fHPDiihXzbVfvZbCUSez9qDpmKrmBEYfr06e78TXgRE4jL4jKzSrb5o9Ip
3IAOpW3N1x9qX3gknq7dhiD4XGVt7IwbXyVxfafuY2rFy5KT10TE5h2D91opkfoZ
kYGAUWFTBUWWvReHWxkWz1EMo18yrgQaCvyBN3rO1V1R2uyy2eMpWF0j6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHfl/fGRLafgbUDCOTFU5OjNjo6XMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvZC1YOThaRXRwLUJ0UU1JNU1WVGs2TTJPanBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwzo6MA0G
CSqGSIb3DQEBCwUAA4IBAQCQkITHdpuT2JWByrLv174b5MtJ7DEiD4Smky8C4pKx
54GScp2RWLRnCn4aWAUTYKbOV961YzXQ35eIMnjl6IOPzvbaMCLiw5zj92tsOcma
KuPltw0rw1R4hoFRknPa4Gf3fQmYCCUXv2MM3CBlDaAB5su6QM2Zd1KTerozfSY1
LzwebnZUEgAkFt+hh7O5dNzcTzySG/nYdZnsvukJtqmfBGhJ6DKstj9obQ9SRHG3
feXjPzPZKys3fv0YeaLDIqzJLoBLwc4KVQLw3o8x+VEQM37PZeP39rLzKP13mhl1
EefjX/d1/m7bHTmmI+njeCcCEknhTuDx/Y8BCzoXSJDb
-----END CERTIFICATE-----