This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/p-SDzm4FN6LykEAhdrDAOjy94ZE.roa
File:                     p-SDzm4FN6LykEAhdrDAOjy94ZE.roa (raw, json)
Hash identifier:          Ng4UbKdOJYG40kQVSh6my67Ip5d+xjp4B2Q1wvyXqLk=
Subject key identifier:   A7:E4:83:CE:6E:05:37:A2:F2:90:40:21:76:B0:C0:3A:3C:BD:E1:91
Certificate issuer:       /CN=20e425a32b62d39818c4cbb0081075686fc4c8e8
Certificate serial:       019A9CB98ECBF3E624DB082EE6BF2CA60B83
Authority key identifier: 20:E4:25:A3:2B:62:D3:98:18:C4:CB:B0:08:10:75:68:6F:C4:C8:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/p-SDzm4FN6LykEAhdrDAOjy94ZE.roa
Signing time:             Wed 19 Nov 2025 15:26:37 +0000
ROA not before:           Wed 19 Nov 2025 15:26:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     984
IP address blocks:        95.170.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Dec 2025 12:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:9c:b9:8e:cb:f3:e6:24:db:08:2e:e6:bf:2c:a6:0b:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20e425a32b62d39818c4cbb0081075686fc4c8e8
        Validity
            Not Before: Nov 19 15:26:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a7e483ce6e0537a2f290402176b0c03a3cbde191
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:b4:65:60:54:88:12:25:3f:ef:96:ff:9e:15:
                    42:c2:bf:96:3e:e9:39:03:9d:f3:a8:f4:fe:30:4a:
                    89:4d:cf:77:9d:9a:28:04:bc:c7:f5:bf:63:7e:61:
                    31:cc:0f:24:77:f6:f2:9b:24:5c:94:54:90:2a:f8:
                    ae:e8:c7:91:ec:b1:0f:dc:1c:be:b3:70:1a:ca:d7:
                    b4:10:9b:30:8b:9f:4f:5f:69:88:9f:df:54:d3:9b:
                    2e:9b:ee:7f:f8:d7:9f:15:ba:20:05:0c:03:63:75:
                    a1:bc:4c:48:02:de:e9:26:f7:8f:8f:71:86:05:c0:
                    58:be:1e:e7:66:c9:f6:da:78:e9:dc:99:2c:84:3a:
                    62:2f:43:91:58:4b:64:5d:d1:75:9d:ba:7f:64:a4:
                    c4:b8:47:5e:a3:d3:73:79:0b:7e:b0:71:bf:b0:f5:
                    50:4d:94:d0:7e:2e:1b:aa:87:2c:ba:07:d7:4f:68:
                    e9:4d:46:04:50:72:1c:0d:b4:69:fd:89:18:cb:ed:
                    5d:77:d4:8b:17:2b:a5:73:62:c6:13:ef:40:64:4a:
                    ca:48:da:ea:64:c3:75:29:d3:36:67:8b:c7:06:d4:
                    60:c9:cf:dc:4f:50:89:06:50:b0:54:f1:fd:3e:85:
                    64:28:8a:2a:ee:71:a2:34:eb:3e:b3:3c:bd:33:9e:
                    91:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:E4:83:CE:6E:05:37:A2:F2:90:40:21:76:B0:C0:3A:3C:BD:E1:91
            X509v3 Authority Key Identifier:
                keyid:20:E4:25:A3:2B:62:D3:98:18:C4:CB:B0:08:10:75:68:6F:C4:C8:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/p-SDzm4FN6LykEAhdrDAOjy94ZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.170.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:1e:24:fd:49:84:7e:a9:e1:8d:95:1e:54:66:2f:47:70:5d:
         52:3d:b9:ba:ed:05:bb:d4:e2:fc:6f:25:42:49:e7:ab:64:62:
         92:a8:47:93:b8:20:bc:99:7f:86:57:0b:93:5b:06:49:24:2c:
         e2:3e:1c:e4:19:8d:04:db:ef:cd:cb:5d:70:d5:98:28:46:5f:
         b9:6e:03:95:c8:51:4c:01:68:af:61:fa:a4:ec:80:06:29:3a:
         da:30:29:01:24:ba:32:58:16:da:a8:9e:2c:62:1f:b8:5b:85:
         1d:6c:40:2c:8f:0d:2c:56:51:7f:53:20:ef:3d:df:38:64:11:
         fd:40:ca:9d:29:3d:ef:c2:eb:82:d2:c5:9e:04:76:41:96:7a:
         4d:97:8e:94:91:34:4a:69:88:e0:d6:fb:17:30:6c:2b:de:6e:
         37:c8:32:e7:66:6d:f3:c0:cb:92:16:04:a3:5b:6a:2a:5a:0d:
         60:7a:92:d0:de:37:a3:5b:ae:cc:28:1d:d7:47:78:fe:ae:80:
         2a:af:cd:72:77:b6:4e:b4:e7:13:de:6c:ad:17:18:dc:f0:eb:
         51:1e:6b:de:a9:81:b6:55:0e:dd:e0:89:50:ae:81:f8:22:74:
         d3:8d:f3:83:f7:b6:f9:44:32:14:16:f2:f4:c2:af:d1:3f:33:
         e7:57:63:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZqcuY7L8+Yk2wgu5r8spguDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZTQyNWEzMmI2MmQzOTgxOGM0Y2JiMDA4MTA3NTY4NmZj
NGM4ZTgwHhcNMjUxMTE5MTUyNjM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2U0ODNjZTZlMDUzN2EyZjI5MDQwMjE3NmIwYzAzYTNjYmRlMTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2rRlYFSIEiU/75b/nhVCwr+WPuk5
A53zqPT+MEqJTc93nZooBLzH9b9jfmExzA8kd/bymyRclFSQKviu6MeR7LEP3By+
s3Aayte0EJswi59PX2mIn99U05sum+5/+NefFbogBQwDY3WhvExIAt7pJvePj3GG
BcBYvh7nZsn22njp3JkshDpiL0ORWEtkXdF1nbp/ZKTEuEdeo9NzeQt+sHG/sPVQ
TZTQfi4bqocsugfXT2jpTUYEUHIcDbRp/YkYy+1dd9SLFyulc2LGE+9AZErKSNrq
ZMN1KdM2Z4vHBtRgyc/cT1CJBlCwVPH9PoVkKIoq7nGiNOs+szy9M56RvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKfkg85uBTei8pBAIXawwDo8veGRMB8GA1UdIwQY
MBaAFCDkJaMrYtOYGMTLsAgQdWhvxMjoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSU9RbG95dGkwNWdZeE11d0NCQjFhR19FeU9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9mZDhjMDEtN2I3MS00NDJjLTlhZGIt
ZWNkMjk2NWNiN2U3LzEvcC1TRHptNEZONkx5a0VBaGRyREFPank5NFpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9mZDhjMDEtN2I3MS00NDJjLTlhZGItZWNkMjk2NWNiN2U3
LzEvSU9RbG95dGkwNWdZeE11d0NCQjFhR19FeU9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX6odMA0G
CSqGSIb3DQEBCwUAA4IBAQBYHiT9SYR+qeGNlR5UZi9HcF1SPbm67QW71OL8byVC
SeerZGKSqEeTuCC8mX+GVwuTWwZJJCziPhzkGY0E2+/Ny11w1ZgoRl+5bgOVyFFM
AWivYfqk7IAGKTraMCkBJLoyWBbaqJ4sYh+4W4UdbEAsjw0sVlF/UyDvPd84ZBH9
QMqdKT3vwuuC0sWeBHZBlnpNl46UkTRKaYjg1vsXMGwr3m43yDLnZm3zwMuSFgSj
W2oqWg1gepLQ3jejW67MKB3XR3j+roAqr81yd7ZOtOcT3mytFxjc8OtRHmveqYG2
VQ7d4IlQroH4InTTjfOD97b5RDIUFvL0wq/RPzPnV2MY
-----END CERTIFICATE-----