This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/kvzJ4z4u71EvbDjK364raJ6WEGY.roa
File:                     kvzJ4z4u71EvbDjK364raJ6WEGY.roa (raw, json)
Hash identifier:          X7jFBMafkq6TdXlHD8jdf2lu7z2MV7abkwkmrenDNww=
Subject key identifier:   92:FC:C9:E3:3E:2E:EF:51:2F:6C:38:CA:DF:AE:2B:68:9E:96:10:66
Certificate issuer:       /CN=30c409613fea0a2b442ce112e9cbdb485e01188f
Certificate serial:       019B79ED16BAFC793DA4873ED1D76FF95909
Authority key identifier: 30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/kvzJ4z4u71EvbDjK364raJ6WEGY.roa
Signing time:             Thu 01 Jan 2026 14:18:59 +0000
ROA not before:           Thu 01 Jan 2026 14:18:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35275
IP address blocks:        195.187.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:35:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:16:ba:fc:79:3d:a4:87:3e:d1:d7:6f:f9:59:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30c409613fea0a2b442ce112e9cbdb485e01188f
        Validity
            Not Before: Jan  1 14:18:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=92fcc9e33e2eef512f6c38cadfae2b689e961066
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:ba:b3:01:22:9f:28:08:dd:f0:68:29:79:f6:
                    5b:d7:74:6d:6e:57:fc:ae:53:b4:4e:27:7a:49:78:
                    69:8e:f8:1f:57:19:7c:c7:5c:02:3b:92:06:a2:21:
                    c1:fd:63:f9:68:9f:d2:0d:93:3b:16:7c:b3:45:fa:
                    1b:88:b3:ff:04:cd:08:15:c8:3f:c8:1b:36:81:15:
                    cd:08:7f:28:d9:a2:dd:06:72:e8:ea:88:60:1b:1a:
                    dc:3c:73:d5:e4:08:ad:4a:01:52:22:cf:9b:82:fd:
                    2a:d2:fd:23:d7:ee:75:ff:b6:a1:85:f7:ab:94:44:
                    72:fe:72:92:6c:e9:10:1d:de:37:47:e7:ab:ea:35:
                    4b:64:b8:ff:5d:63:a6:19:d6:ae:ee:10:c3:88:b7:
                    a1:93:5b:9e:a9:ef:97:eb:85:e4:0a:37:ad:a6:f8:
                    c0:37:36:3f:9c:fa:13:15:81:70:91:86:f3:36:9e:
                    5f:27:8b:4e:e0:51:0b:ee:46:5e:a6:e4:65:29:c0:
                    0d:4c:09:8e:5e:72:88:ff:0b:08:94:24:86:9e:3f:
                    ce:8a:2e:63:2b:87:97:b2:27:00:c2:7b:d3:2a:ed:
                    8c:ac:a4:f0:95:f0:96:fb:50:7c:fe:06:e4:c3:3f:
                    22:69:42:73:71:a7:d7:27:e6:66:65:3c:e3:86:8f:
                    3e:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:FC:C9:E3:3E:2E:EF:51:2F:6C:38:CA:DF:AE:2B:68:9E:96:10:66
            X509v3 Authority Key Identifier:
                keyid:30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/kvzJ4z4u71EvbDjK364raJ6WEGY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.187.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:02:8a:9a:af:e7:6e:9c:c6:92:3f:d7:e5:5f:14:cf:2d:27:
         4f:3b:de:d4:37:c3:bb:79:b0:df:49:29:b2:1e:72:ae:d8:89:
         0c:b5:7d:cc:bc:ab:02:6f:70:8a:79:26:e9:31:9d:1f:42:ea:
         c3:8d:70:3f:a2:69:d8:cc:ea:e9:87:e9:55:b3:8a:0e:b3:a6:
         bd:98:62:e9:09:a9:5d:e1:f3:c9:d5:6d:25:cf:4e:69:1d:3a:
         c3:7c:8d:06:19:d5:cd:d0:7f:cc:46:5b:62:51:55:7a:1d:1a:
         d5:49:0a:26:c0:3e:5e:98:c8:2e:2e:86:f5:86:b4:30:93:a2:
         77:9c:b9:0a:3a:d2:01:01:31:ed:96:a9:6f:78:a3:71:3a:fc:
         79:02:71:31:6c:4b:34:a5:d1:db:f0:ef:d2:0d:20:9f:ba:c8:
         25:8a:8f:25:d5:7b:f2:ca:37:07:4e:a9:7c:22:b8:65:ae:92:
         23:63:ed:66:9f:fe:40:ec:62:7e:20:32:b7:99:01:6f:67:85:
         1f:26:09:d2:44:e7:0e:8e:7f:ae:ea:69:17:42:00:b5:b9:db:
         1c:71:d5:4f:dc:41:1a:30:5e:52:12:ec:20:e2:9d:72:b8:58:
         31:42:d7:19:17:22:19:0c:dd:aa:65:8d:84:ac:b2:4d:8b:0a:
         93:23:c1:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57Ra6/Hk9pIc+0ddv+VkJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwYzQwOTYxM2ZlYTBhMmI0NDJjZTExMmU5Y2JkYjQ4NWUw
MTE4OGYwHhcNMjYwMTAxMTQxODU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmZjYzllMzNlMmVlZjUxMmY2YzM4Y2FkZmFlMmI2ODllOTYxMDY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8bqzASKfKAjd8GgpefZb13Rtblf8
rlO0Tid6SXhpjvgfVxl8x1wCO5IGoiHB/WP5aJ/SDZM7FnyzRfobiLP/BM0IFcg/
yBs2gRXNCH8o2aLdBnLo6ohgGxrcPHPV5AitSgFSIs+bgv0q0v0j1+51/7ahhfer
lERy/nKSbOkQHd43R+er6jVLZLj/XWOmGdau7hDDiLehk1ueqe+X64XkCjetpvjA
NzY/nPoTFYFwkYbzNp5fJ4tO4FEL7kZepuRlKcANTAmOXnKI/wsIlCSGnj/Oii5j
K4eXsicAwnvTKu2MrKTwlfCW+1B8/gbkwz8iaUJzcafXJ+ZmZTzjho8+nQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJL8yeM+Lu9RL2w4yt+uK2ielhBmMB8GA1UdIwQY
MBaAFDDECWE/6gorRCzhEunL20heARiPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYt
YzA2NzFiZjRjZjNlLzEva3Z6SjR6NHU3MUV2YkRqSzM2NHJhSjZXRUdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYtYzA2NzFiZjRjZjNl
LzEvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7uaMA0G
CSqGSIb3DQEBCwUAA4IBAQA5Aoqar+dunMaSP9flXxTPLSdPO97UN8O7ebDfSSmy
HnKu2IkMtX3MvKsCb3CKeSbpMZ0fQurDjXA/omnYzOrph+lVs4oOs6a9mGLpCald
4fPJ1W0lz05pHTrDfI0GGdXN0H/MRltiUVV6HRrVSQomwD5emMguLob1hrQwk6J3
nLkKOtIBATHtlqlveKNxOvx5AnExbEs0pdHb8O/SDSCfusglio8l1XvyyjcHTql8
IrhlrpIjY+1mn/5A7GJ+IDK3mQFvZ4UfJgnSROcOjn+u6mkXQgC1udsccdVP3EEa
MF5SEuwg4p1yuFgxQtcZFyIZDN2qZY2ErLJNiwqTI8Hw
-----END CERTIFICATE-----