This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/cfea9e-bee2-4bcb-8def-3e4b74dd058d/1/I0FnsRSHuCIlE5UfwEVWK3D0hR8.roa
File:                     I0FnsRSHuCIlE5UfwEVWK3D0hR8.roa (raw, json)
Hash identifier:          dR+nGhBOUGjcCFb5F8ZxMzX7iIcWLc6xb1ZqHmYGR/c=
Subject key identifier:   23:41:67:B1:14:87:B8:22:25:13:95:1F:C0:45:56:2B:70:F4:85:1F
Certificate issuer:       /CN=0e298900355fdf4254c20831f2d7ee3bec429bdb
Certificate serial:       019B797DFD78F1EAA569F573EE745A5E6727
Authority key identifier: 0E:29:89:00:35:5F:DF:42:54:C2:08:31:F2:D7:EE:3B:EC:42:9B:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DimJADVf30JUwggx8tfuO-xCm9s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/cfea9e-bee2-4bcb-8def-3e4b74dd058d/1/I0FnsRSHuCIlE5UfwEVWK3D0hR8.roa
Signing time:             Thu 01 Jan 2026 12:17:38 +0000
ROA not before:           Thu 01 Jan 2026 12:17:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     400909
IP address blocks:        195.211.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/cfea9e-bee2-4bcb-8def-3e4b74dd058d/1/DimJADVf30JUwggx8tfuO-xCm9s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/cfea9e-bee2-4bcb-8def-3e4b74dd058d/1/DimJADVf30JUwggx8tfuO-xCm9s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DimJADVf30JUwggx8tfuO-xCm9s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7d:fd:78:f1:ea:a5:69:f5:73:ee:74:5a:5e:67:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e298900355fdf4254c20831f2d7ee3bec429bdb
        Validity
            Not Before: Jan  1 12:17:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=234167b11487b8222513951fc045562b70f4851f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:9f:2d:a7:ab:0a:2b:ec:4b:b0:30:27:9d:e1:
                    13:cd:4b:0c:6f:8b:2d:a5:2f:2b:10:e3:a0:b9:d1:
                    72:42:76:93:fb:51:50:3f:5e:de:8d:50:c2:06:05:
                    bf:f9:14:6a:26:3c:33:d6:f6:54:43:2d:9f:73:d1:
                    d8:c1:a8:e9:8c:59:d2:8c:39:f0:ba:3f:56:10:73:
                    ef:bc:99:ea:f9:47:6e:8f:71:54:f0:39:9a:c3:ec:
                    55:34:b2:41:20:1f:3a:1b:34:03:06:22:22:bb:a4:
                    a0:82:77:f9:26:b8:8d:39:7a:2b:74:4e:88:c8:a3:
                    b5:89:43:b8:cc:90:3a:7a:b0:b1:c6:2d:2e:c7:1e:
                    ed:63:c8:cf:f5:d8:85:04:63:f0:a2:44:e7:fe:09:
                    53:96:e7:80:b6:4c:b7:6b:e6:bf:6e:3a:12:bd:16:
                    f8:7e:44:a2:12:9f:a0:83:99:5b:15:7c:18:a5:ba:
                    9e:db:67:48:ff:dc:1c:1a:1a:dd:47:89:06:ae:63:
                    50:87:fe:bf:5e:26:96:ae:d2:77:01:c4:f1:00:0f:
                    48:d6:f5:f0:09:35:fb:79:01:49:3f:6b:75:70:cc:
                    16:71:b8:ad:e0:34:b8:04:97:9d:5f:5f:51:bc:dc:
                    d7:18:13:88:94:a0:8e:41:86:c0:cd:0d:fd:4f:85:
                    84:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:41:67:B1:14:87:B8:22:25:13:95:1F:C0:45:56:2B:70:F4:85:1F
            X509v3 Authority Key Identifier:
                keyid:0E:29:89:00:35:5F:DF:42:54:C2:08:31:F2:D7:EE:3B:EC:42:9B:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DimJADVf30JUwggx8tfuO-xCm9s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/cfea9e-bee2-4bcb-8def-3e4b74dd058d/1/I0FnsRSHuCIlE5UfwEVWK3D0hR8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/cfea9e-bee2-4bcb-8def-3e4b74dd058d/1/DimJADVf30JUwggx8tfuO-xCm9s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.211.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:8e:2c:42:96:ab:ee:7d:5e:9a:82:22:5f:1b:68:0e:d7:a2:
         27:f8:61:31:ba:2f:3c:9c:c6:6d:47:6a:64:ab:40:ef:19:32:
         33:03:69:d2:22:aa:8c:07:a9:69:d3:b3:b9:de:a8:dc:1d:2d:
         5d:ae:a4:d2:9a:d8:10:c5:ca:44:d1:a7:b6:f1:5d:2b:c5:97:
         2d:49:93:7f:48:fd:26:da:db:f3:e8:ec:c8:f9:aa:8d:cc:6d:
         d2:01:42:29:93:af:7a:1b:02:7e:ef:f0:79:33:d9:25:c9:50:
         6e:69:9b:63:4b:d3:05:13:00:2f:1d:34:e8:84:b6:e7:64:cf:
         5e:f3:ad:e6:80:a0:41:40:62:17:95:b6:4e:69:77:b9:c9:3f:
         90:f0:0d:fd:8c:58:2d:15:c7:0d:1c:97:b2:c4:15:dc:48:1d:
         99:bf:65:bb:f7:fd:9b:bb:6e:f3:f6:08:00:65:5c:0a:ac:6d:
         7a:dd:ed:36:0e:c9:08:ff:53:2f:9e:db:39:36:b3:0c:25:ee:
         1d:27:73:cf:79:c8:9f:49:26:57:47:8d:5f:d6:8f:a0:5e:de:
         db:3b:4a:d9:64:49:68:d7:58:bc:42:d3:54:4b:72:4e:de:35:
         33:6e:d0:e8:67:aa:fc:e9:a6:58:d7:02:65:f9:fa:ab:f4:45:
         1a:c5:42:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5ff148eqlafVz7nRaXmcnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlMjk4OTAwMzU1ZmRmNDI1NGMyMDgzMWYyZDdlZTNiZWM0
MjliZGIwHhcNMjYwMTAxMTIxNzM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzQxNjdiMTE0ODdiODIyMjUxMzk1MWZjMDQ1NTYyYjcwZjQ4NTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv58tp6sKK+xLsDAnneETzUsMb4st
pS8rEOOgudFyQnaT+1FQP17ejVDCBgW/+RRqJjwz1vZUQy2fc9HYwajpjFnSjDnw
uj9WEHPvvJnq+Uduj3FU8Dmaw+xVNLJBIB86GzQDBiIiu6Sggnf5JriNOXordE6I
yKO1iUO4zJA6erCxxi0uxx7tY8jP9diFBGPwokTn/glTlueAtky3a+a/bjoSvRb4
fkSiEp+gg5lbFXwYpbqe22dI/9wcGhrdR4kGrmNQh/6/XiaWrtJ3AcTxAA9I1vXw
CTX7eQFJP2t1cMwWcbit4DS4BJedX19RvNzXGBOIlKCOQYbAzQ39T4WEiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCNBZ7EUh7giJROVH8BFVitw9IUfMB8GA1UdIwQY
MBaAFA4piQA1X99CVMIIMfLX7jvsQpvbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGltSkFEVmYzMEpVd2dneDh0ZnVPLXhDbTlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi9jZmVhOWUtYmVlMi00YmNiLThkZWYt
M2U0Yjc0ZGQwNThkLzEvSTBGbnNSU0h1Q0lsRTVVZndFVldLM0QwaFI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi9jZmVhOWUtYmVlMi00YmNiLThkZWYtM2U0Yjc0ZGQwNThk
LzEvRGltSkFEVmYzMEpVd2dneDh0ZnVPLXhDbTlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9MzMA0G
CSqGSIb3DQEBCwUAA4IBAQAfjixClqvufV6agiJfG2gO16In+GExui88nMZtR2pk
q0DvGTIzA2nSIqqMB6lp07O53qjcHS1drqTSmtgQxcpE0ae28V0rxZctSZN/SP0m
2tvz6OzI+aqNzG3SAUIpk696GwJ+7/B5M9klyVBuaZtjS9MFEwAvHTTohLbnZM9e
863mgKBBQGIXlbZOaXe5yT+Q8A39jFgtFccNHJeyxBXcSB2Zv2W79/2bu27z9ggA
ZVwKrG163e02DskI/1Mvnts5NrMMJe4dJ3PPecifSSZXR41f1o+gXt7bO0rZZElo
11i8QtNUS3JO3jUzbtDoZ6r86aZY1wJl+fqr9EUaxUKp
-----END CERTIFICATE-----