This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/f3b8a0-be43-44ee-8d54-85a0d1239923/1/xL9ifbNR1mOs9uO93ZIkaaIy3p8.roa
File:                     xL9ifbNR1mOs9uO93ZIkaaIy3p8.roa (raw, json)
Hash identifier:          VzaUpnGlk6PWKD7kHafESlUjnLnbyjchehYl4PxFAp0=
Subject key identifier:   C4:BF:62:7D:B3:51:D6:63:AC:F6:E3:BD:DD:92:24:69:A2:32:DE:9F
Certificate issuer:       /CN=67846b84c7790512281f80c2481be4b30a65d08d
Certificate serial:       019B790FFB3BA7F4AEBBBF82D038341D017E
Authority key identifier: 67:84:6B:84:C7:79:05:12:28:1F:80:C2:48:1B:E4:B3:0A:65:D0:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z4RrhMd5BRIoH4DCSBvkswpl0I0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/f3b8a0-be43-44ee-8d54-85a0d1239923/1/xL9ifbNR1mOs9uO93ZIkaaIy3p8.roa
Signing time:             Thu 01 Jan 2026 10:17:29 +0000
ROA not before:           Thu 01 Jan 2026 10:17:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41192
IP address blocks:        195.248.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/f3b8a0-be43-44ee-8d54-85a0d1239923/1/Z4RrhMd5BRIoH4DCSBvkswpl0I0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/f3b8a0-be43-44ee-8d54-85a0d1239923/1/Z4RrhMd5BRIoH4DCSBvkswpl0I0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z4RrhMd5BRIoH4DCSBvkswpl0I0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:0f:fb:3b:a7:f4:ae:bb:bf:82:d0:38:34:1d:01:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67846b84c7790512281f80c2481be4b30a65d08d
        Validity
            Not Before: Jan  1 10:17:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c4bf627db351d663acf6e3bddd922469a232de9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:2d:b1:6d:4a:4a:7e:40:98:97:8a:18:23:5c:
                    ea:cb:7f:49:82:4f:3f:5b:fc:00:8f:db:0e:ab:f2:
                    68:99:7f:c4:ef:b9:86:fc:b7:bc:98:7f:b0:9d:39:
                    17:ae:15:83:69:c5:ed:fa:e2:1d:93:5b:16:c0:8a:
                    b1:f8:b9:99:77:03:2e:ee:35:b2:6a:a1:39:d1:2e:
                    71:39:2d:4c:cd:f2:d6:aa:4d:35:01:14:1f:53:d4:
                    6a:9c:21:51:9e:f5:f6:b3:b0:4a:af:eb:82:64:55:
                    3a:b8:78:24:9c:35:b0:bd:38:40:08:1f:e9:a3:1d:
                    84:4a:96:91:c2:53:02:f6:4d:b6:61:d7:a0:55:76:
                    af:7c:6d:6f:10:14:d5:d9:0d:f7:48:18:54:ed:d1:
                    41:4e:b5:ad:47:50:00:d7:35:38:54:e6:db:05:e3:
                    ac:81:32:6c:d9:4a:e1:9c:60:5a:92:e2:43:ab:7f:
                    87:78:2c:90:66:e2:02:e0:19:c3:12:a5:89:01:86:
                    27:24:e5:10:f1:cb:9e:68:5a:cd:8a:27:1a:eb:92:
                    29:76:e9:67:36:87:f2:49:94:15:11:00:79:5b:7b:
                    10:31:f0:b2:02:cd:3c:48:b2:b0:ef:8b:e8:da:4c:
                    ca:6e:9f:e9:92:c2:ad:5f:58:81:c9:67:8c:91:b3:
                    ce:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:BF:62:7D:B3:51:D6:63:AC:F6:E3:BD:DD:92:24:69:A2:32:DE:9F
            X509v3 Authority Key Identifier:
                keyid:67:84:6B:84:C7:79:05:12:28:1F:80:C2:48:1B:E4:B3:0A:65:D0:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z4RrhMd5BRIoH4DCSBvkswpl0I0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/f3b8a0-be43-44ee-8d54-85a0d1239923/1/xL9ifbNR1mOs9uO93ZIkaaIy3p8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/f3b8a0-be43-44ee-8d54-85a0d1239923/1/Z4RrhMd5BRIoH4DCSBvkswpl0I0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.248.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:43:2f:72:a8:82:03:ab:80:c3:5d:c3:3d:aa:ae:c9:c3:32:
         51:e9:e2:74:19:86:57:d3:05:80:f6:a1:f7:96:80:db:55:96:
         57:5b:8d:27:ca:b6:8d:e2:fc:87:95:ba:55:3b:fb:fd:87:9d:
         09:a5:22:43:3c:fb:26:9e:93:a9:dc:3c:e0:81:8e:d9:e9:61:
         89:12:5a:43:42:9c:87:75:79:41:d0:76:8e:3f:ca:68:ca:73:
         22:8d:90:a2:7c:20:e7:3c:0a:3c:9a:c3:6c:67:6a:e0:d3:9a:
         53:ee:9a:bb:ad:72:78:a2:bd:68:5c:98:86:81:c5:d7:c9:fa:
         82:e1:6b:ea:67:fb:b1:23:c6:f8:70:5f:d8:77:75:93:08:93:
         9a:d6:ce:82:3f:4d:f2:4d:e1:ba:78:48:45:57:10:c0:71:ab:
         2d:ee:99:51:c2:03:20:83:89:e9:32:0e:d2:44:0e:94:40:51:
         9d:4a:7d:41:95:e0:b8:3d:52:bc:ff:02:dc:1c:85:d0:a2:d9:
         bb:1d:b4:36:e2:21:15:9d:6c:b3:c9:8e:f2:0e:cb:32:f9:87:
         e1:f8:60:e6:a5:68:9e:98:0b:9c:df:79:49:10:6a:1d:ed:52:
         26:d3:9a:fc:37:9f:99:47:e7:b3:6f:d3:1b:32:1a:18:c6:06:
         6b:64:ac:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5D/s7p/Suu7+C0Dg0HQF+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ODQ2Yjg0Yzc3OTA1MTIyODFmODBjMjQ4MWJlNGIzMGE2
NWQwOGQwHhcNMjYwMTAxMTAxNzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGJmNjI3ZGIzNTFkNjYzYWNmNmUzYmRkZDkyMjQ2OWEyMzJkZTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmS2xbUpKfkCYl4oYI1zqy39Jgk8/
W/wAj9sOq/JomX/E77mG/Le8mH+wnTkXrhWDacXt+uIdk1sWwIqx+LmZdwMu7jWy
aqE50S5xOS1MzfLWqk01ARQfU9RqnCFRnvX2s7BKr+uCZFU6uHgknDWwvThACB/p
ox2ESpaRwlMC9k22YdegVXavfG1vEBTV2Q33SBhU7dFBTrWtR1AA1zU4VObbBeOs
gTJs2UrhnGBakuJDq3+HeCyQZuIC4BnDEqWJAYYnJOUQ8cueaFrNiica65Ipduln
NofySZQVEQB5W3sQMfCyAs08SLKw74vo2kzKbp/pksKtX1iByWeMkbPOKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMS/Yn2zUdZjrPbjvd2SJGmiMt6fMB8GA1UdIwQY
MBaAFGeEa4THeQUSKB+Awkgb5LMKZdCNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjRScmhNZDVCUklvSDREQ1NCdmtzd3BsMEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9mM2I4YTAtYmU0My00NGVlLThkNTQt
ODVhMGQxMjM5OTIzLzEveEw5aWZiTlIxbU9zOXVPOTNaSWthYUl5M3A4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi9mM2I4YTAtYmU0My00NGVlLThkNTQtODVhMGQxMjM5OTIz
LzEvWjRScmhNZDVCUklvSDREQ1NCdmtzd3BsMEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/hMMA0G
CSqGSIb3DQEBCwUAA4IBAQBQQy9yqIIDq4DDXcM9qq7JwzJR6eJ0GYZX0wWA9qH3
loDbVZZXW40nyraN4vyHlbpVO/v9h50JpSJDPPsmnpOp3DzggY7Z6WGJElpDQpyH
dXlB0HaOP8poynMijZCifCDnPAo8msNsZ2rg05pT7pq7rXJ4or1oXJiGgcXXyfqC
4WvqZ/uxI8b4cF/Yd3WTCJOa1s6CP03yTeG6eEhFVxDAcast7plRwgMgg4npMg7S
RA6UQFGdSn1BleC4PVK8/wLcHIXQotm7HbQ24iEVnWyzyY7yDssy+Yfh+GDmpWie
mAuc33lJEGod7VIm05r8N5+ZR+ezb9MbMhoYxgZrZKxA
-----END CERTIFICATE-----