This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/91182a-f34b-4a15-b363-84f9ed87ac31/1/ge5kxbikwrvAEUuIO3lNRkFxLmw.roa
File:                     ge5kxbikwrvAEUuIO3lNRkFxLmw.roa (raw, json)
Hash identifier:          eEJ79T/++oL5XPtUGIItjARG2jFvNlWqvTqYFtL6EkY=
Subject key identifier:   81:EE:64:C5:B8:A4:C2:BB:C0:11:4B:88:3B:79:4D:46:41:71:2E:6C
Certificate issuer:       /CN=3a34889251e7cb133e906c70891ba1a0495ed860
Certificate serial:       019B77C6F1319040C0C8209DD75F70BF4C90
Authority key identifier: 3A:34:88:92:51:E7:CB:13:3E:90:6C:70:89:1B:A1:A0:49:5E:D8:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OjSIklHnyxM-kGxwiRuhoEle2GA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/91182a-f34b-4a15-b363-84f9ed87ac31/1/ge5kxbikwrvAEUuIO3lNRkFxLmw.roa
Signing time:             Thu 01 Jan 2026 04:18:05 +0000
ROA not before:           Thu 01 Jan 2026 04:18:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209854
IP address blocks:        185.195.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/91182a-f34b-4a15-b363-84f9ed87ac31/1/OjSIklHnyxM-kGxwiRuhoEle2GA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/91182a-f34b-4a15-b363-84f9ed87ac31/1/OjSIklHnyxM-kGxwiRuhoEle2GA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OjSIklHnyxM-kGxwiRuhoEle2GA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:f1:31:90:40:c0:c8:20:9d:d7:5f:70:bf:4c:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a34889251e7cb133e906c70891ba1a0495ed860
        Validity
            Not Before: Jan  1 04:18:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=81ee64c5b8a4c2bbc0114b883b794d4641712e6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:56:23:79:68:8b:5c:6f:8e:05:80:1e:0f:71:
                    6a:3e:c6:32:ae:32:30:1d:3d:6a:f1:e5:3c:d8:b9:
                    f3:60:93:02:8f:18:21:c8:f0:cf:4d:8a:31:92:2b:
                    6f:bc:69:97:b9:69:b3:d4:3d:ef:d6:89:41:98:e1:
                    47:6e:67:a1:bd:47:7a:5e:22:4c:52:5b:d3:ec:71:
                    c9:9a:85:bf:02:70:00:02:01:af:71:2a:25:fe:e1:
                    d3:b2:1d:05:bc:ca:00:66:50:66:a6:b5:11:a1:36:
                    fc:e3:01:45:fb:3f:95:96:c1:29:90:71:b3:d1:60:
                    4b:36:76:7e:2e:0a:ac:e4:cd:5d:26:e1:d5:c6:49:
                    28:9d:66:bc:4a:b2:7c:da:0f:3a:5e:88:70:06:b2:
                    2c:a1:16:9f:4f:6c:4f:f7:8e:56:6b:f2:13:4d:a0:
                    2d:79:d9:91:52:e8:17:a8:aa:e0:2e:93:fb:6e:68:
                    0a:5a:25:10:24:5a:a9:0e:40:65:1d:51:7f:aa:a1:
                    3a:21:46:51:61:f6:31:a1:33:36:99:59:3f:d9:7c:
                    9c:2c:ce:78:61:13:01:4f:d1:c1:87:f1:5d:96:5c:
                    9f:00:93:0c:c3:62:3d:41:5e:c8:3e:54:f3:53:62:
                    89:61:7b:2f:bf:b3:e7:cf:cd:4b:5b:2d:44:10:24:
                    50:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:EE:64:C5:B8:A4:C2:BB:C0:11:4B:88:3B:79:4D:46:41:71:2E:6C
            X509v3 Authority Key Identifier:
                keyid:3A:34:88:92:51:E7:CB:13:3E:90:6C:70:89:1B:A1:A0:49:5E:D8:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OjSIklHnyxM-kGxwiRuhoEle2GA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/91182a-f34b-4a15-b363-84f9ed87ac31/1/ge5kxbikwrvAEUuIO3lNRkFxLmw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/91182a-f34b-4a15-b363-84f9ed87ac31/1/OjSIklHnyxM-kGxwiRuhoEle2GA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.195.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:16:29:3f:78:e1:68:e4:93:f7:8b:40:ca:ef:46:49:2e:0e:
         9a:9d:86:84:0a:d5:96:be:f6:60:51:f7:81:48:93:e4:f5:06:
         0a:fe:c4:ab:52:cc:a9:1f:cd:12:da:19:e5:92:fb:77:7b:ef:
         2f:04:ef:99:b7:5c:15:72:66:e6:a5:ea:fb:81:5f:a0:74:f1:
         b3:f3:cf:98:14:9d:ff:3b:3c:7d:8e:4d:7c:b7:9e:73:81:9f:
         47:1c:81:1f:01:3f:a4:19:1b:b1:cb:a5:77:31:0e:b2:d9:66:
         53:f5:4d:47:84:fd:84:d9:75:39:21:79:02:db:ed:cb:70:b6:
         88:7f:c3:1f:27:33:2e:cf:7c:15:14:b0:1f:44:42:49:0f:a6:
         b6:08:d6:f5:27:47:4e:b4:d0:47:1f:76:a1:d9:08:8a:f6:f3:
         94:b3:d5:44:e2:5a:4d:22:5e:74:50:a4:de:cb:ba:65:f5:94:
         69:8c:80:ac:f0:7f:55:b5:33:04:0a:e1:63:77:5e:9e:ff:e6:
         22:4b:ae:f1:ac:f5:b0:ca:65:b9:58:16:7d:11:b0:2e:d2:33:
         cc:97:4b:b6:38:57:68:a9:de:e8:d5:ec:73:53:db:38:86:05:
         55:a2:40:4a:a4:63:cf:61:7b:4b:d3:1b:7d:11:53:78:78:74:
         9e:51:97:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xvExkEDAyCCd119wv0yQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMzQ4ODkyNTFlN2NiMTMzZTkwNmM3MDg5MWJhMWEwNDk1
ZWQ4NjAwHhcNMjYwMTAxMDQxODA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWVlNjRjNWI4YTRjMmJiYzAxMTRiODgzYjc5NGQ0NjQxNzEyZTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm1YjeWiLXG+OBYAeD3FqPsYyrjIw
HT1q8eU82LnzYJMCjxghyPDPTYoxkitvvGmXuWmz1D3v1olBmOFHbmehvUd6XiJM
UlvT7HHJmoW/AnAAAgGvcSol/uHTsh0FvMoAZlBmprURoTb84wFF+z+VlsEpkHGz
0WBLNnZ+Lgqs5M1dJuHVxkkonWa8SrJ82g86XohwBrIsoRafT2xP945Wa/ITTaAt
edmRUugXqKrgLpP7bmgKWiUQJFqpDkBlHVF/qqE6IUZRYfYxoTM2mVk/2XycLM54
YRMBT9HBh/FdllyfAJMMw2I9QV7IPlTzU2KJYXsvv7Pnz81LWy1EECRQHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIHuZMW4pMK7wBFLiDt5TUZBcS5sMB8GA1UdIwQY
MBaAFDo0iJJR58sTPpBscIkboaBJXthgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2pTSWtsSG55eE0ta0d4d2lSdWhvRWxlMkdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS85MTE4MmEtZjM0Yi00YTE1LWIzNjMt
ODRmOWVkODdhYzMxLzEvZ2U1a3hiaWt3cnZBRVV1SU8zbE5Sa0Z4TG13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS85MTE4MmEtZjM0Yi00YTE1LWIzNjMtODRmOWVkODdhYzMx
LzEvT2pTSWtsSG55eE0ta0d4d2lSdWhvRWxlMkdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucM9MA0G
CSqGSIb3DQEBCwUAA4IBAQCFFik/eOFo5JP3i0DK70ZJLg6anYaECtWWvvZgUfeB
SJPk9QYK/sSrUsypH80S2hnlkvt3e+8vBO+Zt1wVcmbmper7gV+gdPGz88+YFJ3/
Ozx9jk18t55zgZ9HHIEfAT+kGRuxy6V3MQ6y2WZT9U1HhP2E2XU5IXkC2+3LcLaI
f8MfJzMuz3wVFLAfREJJD6a2CNb1J0dOtNBHH3ah2QiK9vOUs9VE4lpNIl50UKTe
y7pl9ZRpjICs8H9VtTMECuFjd16e/+YiS67xrPWwymW5WBZ9EbAu0jPMl0u2OFdo
qd7o1exzU9s4hgVVokBKpGPPYXtL0xt9EVN4eHSeUZeN
-----END CERTIFICATE-----