This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/Cbas0g2gR07ffn-dISh755Oa8jI.roa
File:                     Cbas0g2gR07ffn-dISh755Oa8jI.roa (raw, json)
Hash identifier:          JrumCEaLcChVR162sO+6/nHAKdNjmGrmpSa1y3KAZ/A=
Subject key identifier:   09:B6:AC:D2:0D:A0:47:4E:DF:7E:7F:9D:21:28:7B:E7:93:9A:F2:32
Certificate issuer:       /CN=20e425a32b62d39818c4cbb0081075686fc4c8e8
Certificate serial:       019B7B35F3F4D6FCC38DEA1EDF7026187FCC
Authority key identifier: 20:E4:25:A3:2B:62:D3:98:18:C4:CB:B0:08:10:75:68:6F:C4:C8:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/Cbas0g2gR07ffn-dISh755Oa8jI.roa
Signing time:             Thu 01 Jan 2026 20:18:12 +0000
ROA not before:           Thu 01 Jan 2026 20:18:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2914
IP address blocks:        95.170.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 Jan 2026 15:30:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:f3:f4:d6:fc:c3:8d:ea:1e:df:70:26:18:7f:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20e425a32b62d39818c4cbb0081075686fc4c8e8
        Validity
            Not Before: Jan  1 20:18:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=09b6acd20da0474edf7e7f9d21287be7939af232
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:76:e0:f4:20:d1:1f:a0:6e:b7:fd:36:d2:88:
                    a4:b0:f0:d6:63:09:e9:27:e5:93:78:d8:5f:df:8b:
                    4b:89:e3:0c:37:6b:d5:39:b0:c1:00:87:40:23:de:
                    ce:53:c2:33:7d:78:25:b6:d3:1d:58:b8:18:f9:ec:
                    93:c7:12:f2:a3:d4:a3:de:90:b7:c5:9b:f6:74:2d:
                    2d:e2:58:53:9f:a5:09:87:16:14:d1:e2:9f:de:05:
                    51:2b:fe:92:8b:e3:ff:1c:2b:b7:76:fe:a9:62:c8:
                    87:1e:d4:f2:fb:6b:ad:a3:40:05:ef:5c:10:88:58:
                    56:11:06:5a:bd:aa:14:93:a9:8f:6b:03:bf:27:ca:
                    8f:96:48:e0:42:f8:af:99:8a:ca:99:e9:1b:5f:20:
                    23:1a:22:f9:73:d3:a1:48:17:95:99:58:eb:86:60:
                    9b:44:bf:31:60:d9:9a:f9:c4:22:db:96:c3:3c:4d:
                    84:89:53:96:e5:c9:ad:fe:39:a9:c2:0d:dc:14:a7:
                    5c:b8:50:7c:c1:8c:ab:95:9f:91:5d:a4:e5:69:16:
                    4d:26:4e:10:46:73:86:d4:58:45:4d:9c:ed:5d:a8:
                    a3:5f:ab:90:0c:12:42:23:ba:2e:81:28:6f:14:79:
                    ce:08:16:e7:d0:0b:cc:8a:4a:7e:4a:9e:bb:24:9d:
                    b4:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:B6:AC:D2:0D:A0:47:4E:DF:7E:7F:9D:21:28:7B:E7:93:9A:F2:32
            X509v3 Authority Key Identifier:
                keyid:20:E4:25:A3:2B:62:D3:98:18:C4:CB:B0:08:10:75:68:6F:C4:C8:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/Cbas0g2gR07ffn-dISh755Oa8jI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.170.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:2e:28:3a:b7:ab:88:be:b9:85:de:89:f5:90:66:4c:c4:04:
         fa:eb:dc:75:41:75:c4:dd:86:ab:40:f0:c4:6e:d2:d7:29:ba:
         0e:e7:c2:8f:ed:6a:a9:71:cc:54:8a:21:b4:2b:d3:a9:ce:c9:
         41:71:af:a4:cc:53:63:78:b4:eb:34:48:a4:09:8e:c0:24:e1:
         f0:8c:51:59:13:4a:37:14:49:40:c8:f9:67:9c:7b:21:a7:c0:
         15:6e:17:3b:6a:43:51:fd:99:e1:95:5c:a0:03:e6:e5:a0:f7:
         74:e3:1f:54:07:3e:25:aa:2b:77:4d:db:2e:ce:af:ca:66:84:
         59:c3:6e:e9:53:d6:92:71:01:c5:b3:14:cb:48:ca:b6:b1:72:
         5e:2e:80:e1:ce:5c:8c:28:91:6c:48:95:7f:ec:73:f5:c9:7d:
         4a:17:61:df:f6:c4:75:cd:44:e1:58:dd:59:4c:8a:0a:0d:f4:
         b9:50:57:38:bb:c7:7f:d4:90:70:1c:23:3c:22:fb:96:53:b2:
         d1:4e:e5:d6:15:99:0d:3e:bb:08:c7:cd:cb:21:fe:9c:2e:39:
         66:b9:39:cf:33:93:f5:21:ef:63:02:6a:4e:99:00:aa:eb:f4:
         fb:f4:29:67:55:39:58:49:a6:ad:b0:d8:d9:9a:9f:54:a7:7c:
         30:98:b8:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NfP01vzDjeoe33AmGH/MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZTQyNWEzMmI2MmQzOTgxOGM0Y2JiMDA4MTA3NTY4NmZj
NGM4ZTgwHhcNMjYwMTAxMjAxODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWI2YWNkMjBkYTA0NzRlZGY3ZTdmOWQyMTI4N2JlNzkzOWFmMjMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk3bg9CDRH6But/020oiksPDWYwnp
J+WTeNhf34tLieMMN2vVObDBAIdAI97OU8IzfXglttMdWLgY+eyTxxLyo9Sj3pC3
xZv2dC0t4lhTn6UJhxYU0eKf3gVRK/6Si+P/HCu3dv6pYsiHHtTy+2uto0AF71wQ
iFhWEQZavaoUk6mPawO/J8qPlkjgQvivmYrKmekbXyAjGiL5c9OhSBeVmVjrhmCb
RL8xYNma+cQi25bDPE2EiVOW5cmt/jmpwg3cFKdcuFB8wYyrlZ+RXaTlaRZNJk4Q
RnOG1FhFTZztXaijX6uQDBJCI7ougShvFHnOCBbn0AvMikp+Sp67JJ20QQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAm2rNINoEdO335/nSEoe+eTmvIyMB8GA1UdIwQY
MBaAFCDkJaMrYtOYGMTLsAgQdWhvxMjoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSU9RbG95dGkwNWdZeE11d0NCQjFhR19FeU9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9mZDhjMDEtN2I3MS00NDJjLTlhZGIt
ZWNkMjk2NWNiN2U3LzEvQ2JhczBnMmdSMDdmZm4tZElTaDc1NU9hOGpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9mZDhjMDEtN2I3MS00NDJjLTlhZGItZWNkMjk2NWNiN2U3
LzEvSU9RbG95dGkwNWdZeE11d0NCQjFhR19FeU9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX6oOMA0G
CSqGSIb3DQEBCwUAA4IBAQCRLig6t6uIvrmF3on1kGZMxAT669x1QXXE3YarQPDE
btLXKboO58KP7WqpccxUiiG0K9OpzslBca+kzFNjeLTrNEikCY7AJOHwjFFZE0o3
FElAyPlnnHshp8AVbhc7akNR/ZnhlVygA+bloPd04x9UBz4lqit3Tdsuzq/KZoRZ
w27pU9aScQHFsxTLSMq2sXJeLoDhzlyMKJFsSJV/7HP1yX1KF2Hf9sR1zUThWN1Z
TIoKDfS5UFc4u8d/1JBwHCM8IvuWU7LRTuXWFZkNPrsIx83LIf6cLjlmuTnPM5P1
Ie9jAmpOmQCq6/T79ClnVTlYSaatsNjZmp9Up3wwmLiJ
-----END CERTIFICATE-----