This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/a3fbf8-45a7-49c2-a4b8-8e1514ccaa4a/1/l8Y52p5aI63FDuq51m4qJ-mPHY4.roa
File:                     l8Y52p5aI63FDuq51m4qJ-mPHY4.roa (raw, json)
Hash identifier:          wSpWuBqn1Tlul2t7+8SYMlOp535GnFPP8F8ir7MJTSU=
Subject key identifier:   97:C6:39:DA:9E:5A:23:AD:C5:0E:EA:B9:D6:6E:2A:27:E9:8F:1D:8E
Certificate issuer:       /CN=ad054036dad32d17a8c916dc2dfbb3ce8a36452c
Certificate serial:       019B76EAF17DE44BD5A1E852880E47E49096
Authority key identifier: AD:05:40:36:DA:D3:2D:17:A8:C9:16:DC:2D:FB:B3:CE:8A:36:45:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rQVANtrTLReoyRbcLfuzzoo2RSw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/a3fbf8-45a7-49c2-a4b8-8e1514ccaa4a/1/l8Y52p5aI63FDuq51m4qJ-mPHY4.roa
Signing time:             Thu 01 Jan 2026 00:17:47 +0000
ROA not before:           Thu 01 Jan 2026 00:17:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13278
IP address blocks:        195.234.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/a3fbf8-45a7-49c2-a4b8-8e1514ccaa4a/1/rQVANtrTLReoyRbcLfuzzoo2RSw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/a3fbf8-45a7-49c2-a4b8-8e1514ccaa4a/1/rQVANtrTLReoyRbcLfuzzoo2RSw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rQVANtrTLReoyRbcLfuzzoo2RSw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:f1:7d:e4:4b:d5:a1:e8:52:88:0e:47:e4:90:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad054036dad32d17a8c916dc2dfbb3ce8a36452c
        Validity
            Not Before: Jan  1 00:17:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=97c639da9e5a23adc50eeab9d66e2a27e98f1d8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:12:07:b2:5b:11:21:a1:33:00:af:37:b7:72:
                    ea:f8:f0:13:8a:02:96:3b:aa:3f:f7:b3:85:ba:ad:
                    09:7e:3e:a7:a9:95:69:b2:01:a8:8b:97:c6:9b:6e:
                    86:3c:da:90:f7:44:19:33:65:85:1a:01:97:96:1c:
                    ba:12:f9:3a:5a:b5:8e:94:c5:74:d2:07:a3:6a:1b:
                    58:e1:b3:84:ad:16:3c:5d:0f:a8:aa:06:14:f1:df:
                    9a:ea:01:b9:b7:83:6c:32:09:af:4d:02:7b:dd:3c:
                    a4:aa:5e:25:25:03:dc:61:2c:fa:41:de:b2:6f:53:
                    fe:6c:a9:bf:07:4c:84:3c:4f:f8:ad:64:c6:96:97:
                    6f:b3:1d:c2:88:8f:09:a5:13:1e:7b:c4:c7:4a:22:
                    be:0d:1c:09:58:98:b1:d4:46:13:c5:6e:90:0e:aa:
                    54:3b:db:3b:aa:19:d6:0f:53:ab:1d:c7:84:01:f1:
                    1a:91:6d:25:a4:b9:fd:e0:6f:6b:3f:86:15:27:f6:
                    db:34:59:b0:c3:03:78:39:d7:74:9e:3b:8d:e1:50:
                    2e:93:b9:c3:5e:93:8b:1a:f8:9a:4f:56:79:e2:ff:
                    b4:41:14:eb:86:77:f6:5f:67:0c:94:01:27:65:f2:
                    c6:2b:3d:7a:d1:95:ac:8b:ce:d2:8b:88:74:e5:ee:
                    bb:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:C6:39:DA:9E:5A:23:AD:C5:0E:EA:B9:D6:6E:2A:27:E9:8F:1D:8E
            X509v3 Authority Key Identifier:
                keyid:AD:05:40:36:DA:D3:2D:17:A8:C9:16:DC:2D:FB:B3:CE:8A:36:45:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rQVANtrTLReoyRbcLfuzzoo2RSw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/a3fbf8-45a7-49c2-a4b8-8e1514ccaa4a/1/l8Y52p5aI63FDuq51m4qJ-mPHY4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/a3fbf8-45a7-49c2-a4b8-8e1514ccaa4a/1/rQVANtrTLReoyRbcLfuzzoo2RSw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.234.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:26:c1:19:ea:ac:79:dd:00:dd:9a:5b:98:5d:34:48:7f:9c:
         ba:b2:e8:b0:40:10:ec:47:a6:d1:70:42:68:86:44:08:a3:f1:
         cb:94:d7:52:79:8f:dc:94:14:2a:0a:e2:27:f0:cd:73:5c:36:
         3f:ee:2a:19:bc:ec:59:be:d1:4c:33:72:6d:9b:b6:98:1e:0e:
         03:72:e7:79:10:2b:4f:87:3c:40:c7:b2:ae:84:bb:0c:49:57:
         ee:0f:cb:43:21:36:a5:ee:83:ad:5a:9d:f1:47:85:88:d7:4f:
         5a:dd:29:c6:9c:ae:de:3c:dd:67:e3:00:dc:fc:0d:32:19:31:
         43:e2:c8:16:c8:1c:26:31:c7:77:9a:61:7b:21:91:6e:75:ba:
         9e:39:58:03:84:99:84:ee:b2:48:da:b0:43:1b:46:67:dc:e4:
         fa:15:fc:99:3e:a6:12:53:d1:72:7f:9f:68:27:47:03:83:36:
         04:b1:91:7a:e3:b6:f3:15:1a:22:c5:71:a1:a5:75:db:3a:45:
         c7:df:df:2c:79:9b:08:dd:2d:ff:c5:d8:3f:d6:3d:40:f5:3f:
         89:e5:e5:5a:6e:d7:c9:88:5f:6a:21:91:00:c7:9f:ef:65:5c:
         70:c8:d0:d3:b2:03:a8:c3:aa:ae:a2:f6:3a:29:af:30:d9:09:
         c3:e1:d3:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26vF95EvVoehSiA5H5JCWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMDU0MDM2ZGFkMzJkMTdhOGM5MTZkYzJkZmJiM2NlOGEz
NjQ1MmMwHhcNMjYwMTAxMDAxNzQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2M2MzlkYTllNWEyM2FkYzUwZWVhYjlkNjZlMmEyN2U5OGYxZDhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlRIHslsRIaEzAK83t3Lq+PATigKW
O6o/97OFuq0Jfj6nqZVpsgGoi5fGm26GPNqQ90QZM2WFGgGXlhy6Evk6WrWOlMV0
0gejahtY4bOErRY8XQ+oqgYU8d+a6gG5t4NsMgmvTQJ73Tykql4lJQPcYSz6Qd6y
b1P+bKm/B0yEPE/4rWTGlpdvsx3CiI8JpRMee8THSiK+DRwJWJix1EYTxW6QDqpU
O9s7qhnWD1OrHceEAfEakW0lpLn94G9rP4YVJ/bbNFmwwwN4Odd0njuN4VAuk7nD
XpOLGviaT1Z54v+0QRTrhnf2X2cMlAEnZfLGKz160ZWsi87Si4h05e67CwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJfGOdqeWiOtxQ7qudZuKifpjx2OMB8GA1UdIwQY
MBaAFK0FQDba0y0XqMkW3C37s86KNkUsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclFWQU50clRMUmVveVJiY0xmdXp6b28yUlN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC9hM2ZiZjgtNDVhNy00OWMyLWE0Yjgt
OGUxNTE0Y2NhYTRhLzEvbDhZNTJwNWFJNjNGRHVxNTFtNHFKLW1QSFk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC9hM2ZiZjgtNDVhNy00OWMyLWE0YjgtOGUxNTE0Y2NhYTRh
LzEvclFWQU50clRMUmVveVJiY0xmdXp6b28yUlN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+qlMA0G
CSqGSIb3DQEBCwUAA4IBAQBmJsEZ6qx53QDdmluYXTRIf5y6suiwQBDsR6bRcEJo
hkQIo/HLlNdSeY/clBQqCuIn8M1zXDY/7ioZvOxZvtFMM3Jtm7aYHg4Dcud5ECtP
hzxAx7KuhLsMSVfuD8tDITal7oOtWp3xR4WI109a3SnGnK7ePN1n4wDc/A0yGTFD
4sgWyBwmMcd3mmF7IZFudbqeOVgDhJmE7rJI2rBDG0Zn3OT6FfyZPqYSU9Fyf59o
J0cDgzYEsZF647bzFRoixXGhpXXbOkXH398seZsI3S3/xdg/1j1A9T+J5eVabtfJ
iF9qIZEAx5/vZVxwyNDTsgOow6quovY6Ka8w2QnD4dNZ
-----END CERTIFICATE-----