This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/49d859-610a-4242-8ddf-37a0e474ab15/1/CXGcHwGiTiAFOY7NjCNCxVUi-RQ.roa
File:                     CXGcHwGiTiAFOY7NjCNCxVUi-RQ.roa (raw, json)
Hash identifier:          zsZdBBsP2qLk8Wzoqm4TOlRxt7Nv3YTcIgc+45WHFnM=
Subject key identifier:   09:71:9C:1F:01:A2:4E:20:05:39:8E:CD:8C:23:42:C5:55:22:F9:14
Certificate issuer:       /CN=d9ff9e17b9b41988a92599cbcaba0391ffb61a20
Certificate serial:       019B7E3810B3670C6C1DA50DA53DBBC28765
Authority key identifier: D9:FF:9E:17:B9:B4:19:88:A9:25:99:CB:CA:BA:03:91:FF:B6:1A:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2f-eF7m0GYipJZnLyroDkf-2GiA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/49d859-610a-4242-8ddf-37a0e474ab15/1/CXGcHwGiTiAFOY7NjCNCxVUi-RQ.roa
Signing time:             Fri 02 Jan 2026 10:19:22 +0000
ROA not before:           Fri 02 Jan 2026 10:19:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     24951
IP address blocks:        195.234.64.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/49d859-610a-4242-8ddf-37a0e474ab15/1/2f-eF7m0GYipJZnLyroDkf-2GiA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/49d859-610a-4242-8ddf-37a0e474ab15/1/2f-eF7m0GYipJZnLyroDkf-2GiA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2f-eF7m0GYipJZnLyroDkf-2GiA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:10:b3:67:0c:6c:1d:a5:0d:a5:3d:bb:c2:87:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9ff9e17b9b41988a92599cbcaba0391ffb61a20
        Validity
            Not Before: Jan  2 10:19:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=09719c1f01a24e2005398ecd8c2342c55522f914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:37:db:42:37:6f:8d:78:74:01:5f:88:11:15:
                    41:a5:9e:24:9c:32:c5:f5:01:89:a0:ed:89:76:a1:
                    e1:4f:7a:2d:92:a6:f6:ba:59:14:20:a1:71:43:3f:
                    be:9c:1b:fe:ab:c9:84:22:8a:f0:08:1f:ca:4c:d7:
                    98:81:33:78:c8:ac:0d:d1:61:5f:5c:ac:03:c5:90:
                    88:5c:ff:0a:74:f5:68:04:40:39:df:ed:14:13:1e:
                    e9:40:87:c7:86:ea:c9:13:ec:b8:5b:74:d8:24:1b:
                    97:84:34:d6:e6:8e:be:8a:11:77:26:f5:c0:79:01:
                    9c:f5:32:93:af:62:44:ad:c1:09:8a:a9:82:79:c8:
                    a3:5a:23:d8:cb:72:8c:eb:e4:05:e2:67:9c:23:27:
                    31:a1:ad:a7:d5:e2:a1:4a:a1:91:0e:2d:ed:9e:77:
                    07:66:81:df:3b:f3:de:20:34:e7:ba:d3:11:a4:8b:
                    e1:32:30:22:27:91:50:c8:17:29:f3:76:3e:3a:97:
                    b9:de:f2:d5:b9:19:92:6e:bd:b4:d8:58:33:ea:b8:
                    2f:26:87:83:22:33:fc:4f:fb:d2:1f:09:ee:2c:f5:
                    5d:3c:41:43:63:01:b2:c0:2e:e6:99:5c:63:b7:fd:
                    85:66:ae:4a:01:63:24:a4:f4:09:81:bf:83:fe:c1:
                    fa:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:71:9C:1F:01:A2:4E:20:05:39:8E:CD:8C:23:42:C5:55:22:F9:14
            X509v3 Authority Key Identifier:
                keyid:D9:FF:9E:17:B9:B4:19:88:A9:25:99:CB:CA:BA:03:91:FF:B6:1A:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f-eF7m0GYipJZnLyroDkf-2GiA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/49d859-610a-4242-8ddf-37a0e474ab15/1/CXGcHwGiTiAFOY7NjCNCxVUi-RQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/49d859-610a-4242-8ddf-37a0e474ab15/1/2f-eF7m0GYipJZnLyroDkf-2GiA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.234.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b8:c2:f5:57:4f:23:49:cf:46:c3:98:d5:3d:3b:f8:4a:aa:af:
         fb:85:2b:ed:71:dc:78:66:72:22:51:fa:30:74:94:8f:c8:66:
         7c:06:c2:33:0a:b2:b4:af:fc:7c:7d:40:2b:ba:c9:58:64:88:
         a4:df:25:17:30:eb:af:1c:4c:60:1d:91:80:a1:56:18:5b:6c:
         76:01:97:72:6a:07:e3:ff:5a:49:55:6c:99:04:80:6d:d6:af:
         55:89:78:f4:af:17:bb:b9:23:94:cd:00:6b:f9:4e:dc:49:f8:
         fe:0b:93:2a:70:ca:5e:10:af:4c:5e:9c:e3:2e:33:b3:07:48:
         72:57:18:fe:52:dd:c6:ab:a9:dd:4e:3e:53:7e:f7:6d:e3:a9:
         1c:f6:f3:e1:63:5e:67:ef:3c:95:2b:0b:85:0f:40:6f:d9:44:
         ab:76:af:9c:14:8c:e8:cd:14:6e:1a:49:fe:fc:8a:03:8f:a2:
         a1:7a:f6:71:46:34:bc:26:13:dd:59:90:70:45:f4:19:ae:d8:
         34:cf:be:b5:45:ba:2a:7e:72:9c:2e:45:de:1c:ca:fa:8b:8f:
         e4:df:c6:d7:cb:21:de:21:7c:57:e8:ad:b6:75:75:d2:3e:e4:
         ed:d2:3a:19:d3:f8:5d:2b:39:04:1c:d8:2e:ff:23:b4:e6:0b:
         71:3d:1a:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OBCzZwxsHaUNpT27wodlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ZmY5ZTE3YjliNDE5ODhhOTI1OTljYmNhYmEwMzkxZmZi
NjFhMjAwHhcNMjYwMTAyMTAxOTIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTcxOWMxZjAxYTI0ZTIwMDUzOThlY2Q4YzIzNDJjNTU1MjJmOTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2jfbQjdvjXh0AV+IERVBpZ4knDLF
9QGJoO2JdqHhT3otkqb2ulkUIKFxQz++nBv+q8mEIorwCB/KTNeYgTN4yKwN0WFf
XKwDxZCIXP8KdPVoBEA53+0UEx7pQIfHhurJE+y4W3TYJBuXhDTW5o6+ihF3JvXA
eQGc9TKTr2JErcEJiqmCecijWiPYy3KM6+QF4mecIycxoa2n1eKhSqGRDi3tnncH
ZoHfO/PeIDTnutMRpIvhMjAiJ5FQyBcp83Y+Ope53vLVuRmSbr202Fgz6rgvJoeD
IjP8T/vSHwnuLPVdPEFDYwGywC7mmVxjt/2FZq5KAWMkpPQJgb+D/sH6cwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAlxnB8Bok4gBTmOzYwjQsVVIvkUMB8GA1UdIwQY
MBaAFNn/nhe5tBmIqSWZy8q6A5H/thogMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmYtZUY3bTBHWWlwSlpuTHlyb0RrZi0yR2lBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy80OWQ4NTktNjEwYS00MjQyLThkZGYt
MzdhMGU0NzRhYjE1LzEvQ1hHY0h3R2lUaUFGT1k3TmpDTkN4VlVpLVJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy80OWQ4NTktNjEwYS00MjQyLThkZGYtMzdhMGU0NzRhYjE1
LzEvMmYtZUY3bTBHWWlwSlpuTHlyb0RrZi0yR2lBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw+pAMA0G
CSqGSIb3DQEBCwUAA4IBAQC4wvVXTyNJz0bDmNU9O/hKqq/7hSvtcdx4ZnIiUfow
dJSPyGZ8BsIzCrK0r/x8fUAruslYZIik3yUXMOuvHExgHZGAoVYYW2x2AZdyagfj
/1pJVWyZBIBt1q9ViXj0rxe7uSOUzQBr+U7cSfj+C5MqcMpeEK9MXpzjLjOzB0hy
Vxj+Ut3Gq6ndTj5Tfvdt46kc9vPhY15n7zyVKwuFD0Bv2USrdq+cFIzozRRuGkn+
/IoDj6KhevZxRjS8JhPdWZBwRfQZrtg0z761RboqfnKcLkXeHMr6i4/k38bXyyHe
IXxX6K22dXXSPuTt0joZ0/hdKzkEHNgu/yO05gtxPRr8
-----END CERTIFICATE-----