This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/95MFkPBc3XGChfPlHplNO3GFSzo.roa
File:                     95MFkPBc3XGChfPlHplNO3GFSzo.roa (raw, json)
Hash identifier:          jy9JstNK7bQYzsPIvri5vKpCq3q0hIpAPO8fPFcENAQ=
Subject key identifier:   F7:93:05:90:F0:5C:DD:71:82:85:F3:E5:1E:99:4D:3B:71:85:4B:3A
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       019B7B3604AD3D98E889021AC1CF221D35AA
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/95MFkPBc3XGChfPlHplNO3GFSzo.roa
Signing time:             Thu 01 Jan 2026 20:18:16 +0000
ROA not before:           Thu 01 Jan 2026 20:18:16 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50969
IP address blocks:        185.140.172.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 16 Jan 2026 04:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:04:ad:3d:98:e8:89:02:1a:c1:cf:22:1d:35:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Jan  1 20:18:16 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f7930590f05cdd718285f3e51e994d3b71854b3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:68:38:67:5e:57:48:ff:00:b8:4f:f1:1c:e8:
                    e6:c7:75:69:86:3f:83:9b:66:82:72:1c:20:33:ec:
                    2e:a3:ec:05:e9:78:03:0f:91:47:4e:a7:98:aa:a8:
                    a2:94:b2:f4:2b:de:4a:12:ff:e4:c4:1f:97:cc:ac:
                    de:91:0e:5e:0b:a0:e1:83:e3:bb:16:73:1a:32:64:
                    ce:68:99:c6:ef:9c:01:2b:ad:94:88:c6:cf:36:60:
                    d4:e3:ba:1f:3e:1e:97:03:a5:19:7d:89:55:4f:45:
                    25:c7:e0:4c:ee:c0:0b:69:97:59:70:6a:6e:5a:16:
                    16:13:ae:9d:08:18:72:49:10:2d:58:ee:d1:85:96:
                    48:c4:35:68:e7:2f:50:01:19:f5:99:ae:e2:1e:62:
                    8d:7f:a4:23:ff:c8:d8:a9:48:13:d6:90:fc:cd:13:
                    0c:42:4a:b2:35:c1:e8:0c:0b:6e:06:c1:ce:dc:48:
                    22:8f:e6:e0:2f:71:59:c6:38:0d:6d:c9:be:cc:2c:
                    9e:77:1c:df:f4:03:c5:78:07:ec:05:61:56:22:6e:
                    65:15:ba:d3:4d:c1:f2:46:6f:bf:e3:a5:4d:33:52:
                    ef:56:dc:c4:0c:2f:44:f9:c0:a4:52:0c:e9:6a:93:
                    5e:15:59:0b:1b:de:c7:93:83:97:74:ee:ba:93:b0:
                    ec:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:93:05:90:F0:5C:DD:71:82:85:F3:E5:1E:99:4D:3B:71:85:4B:3A
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/95MFkPBc3XGChfPlHplNO3GFSzo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.140.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:60:75:f4:c5:e3:f9:d8:5e:22:2d:da:24:9f:e0:df:bc:33:
         93:74:ea:87:87:bd:97:12:2a:ad:62:4d:b4:40:4b:8d:4d:90:
         33:0f:e5:08:07:a9:5c:97:08:bd:c7:5a:13:94:93:12:c8:7c:
         46:06:f2:2a:75:06:34:2b:4c:64:85:2b:2c:d3:32:d0:28:a9:
         0c:c9:90:5a:cf:29:79:c3:e7:58:cd:a7:0c:6a:65:6f:93:49:
         c2:d5:6d:6b:c9:0c:26:2b:c6:be:f9:79:d6:45:5a:29:50:b0:
         5d:e8:19:94:4c:de:25:dd:86:b7:8d:05:62:a7:44:a1:94:80:
         a8:af:30:3c:f2:c5:6b:65:ae:33:9c:a7:7c:f3:ad:39:2d:2a:
         7c:1e:ca:b9:e6:4a:3c:e7:18:a9:20:be:73:89:01:d0:72:87:
         90:dc:4a:d8:e0:8e:b6:11:2f:ad:71:c4:86:6d:a3:41:c7:b1:
         cb:43:6a:80:29:f1:8e:3c:41:d7:b5:c1:07:43:4f:c4:04:f2:
         6f:fd:46:77:37:4b:7d:e6:8e:b3:4b:97:8f:b7:6a:1c:79:09:
         ab:2d:f3:75:01:84:9b:41:bc:66:f2:8a:6b:77:04:49:ac:b2:
         59:26:ff:23:8f:fd:96:a5:bb:f2:1a:94:7c:36:d9:f3:2c:01:
         64:8c:f9:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NgStPZjoiQIawc8iHTWqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjYwMTAxMjAxODE2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzkzMDU5MGYwNWNkZDcxODI4NWYzZTUxZTk5NGQzYjcxODU0YjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2g4Z15XSP8AuE/xHOjmx3Vphj+D
m2aCchwgM+wuo+wF6XgDD5FHTqeYqqiilLL0K95KEv/kxB+XzKzekQ5eC6Dhg+O7
FnMaMmTOaJnG75wBK62UiMbPNmDU47ofPh6XA6UZfYlVT0Ulx+BM7sALaZdZcGpu
WhYWE66dCBhySRAtWO7RhZZIxDVo5y9QARn1ma7iHmKNf6Qj/8jYqUgT1pD8zRMM
QkqyNcHoDAtuBsHO3Egij+bgL3FZxjgNbcm+zCyedxzf9APFeAfsBWFWIm5lFbrT
TcHyRm+/46VNM1LvVtzEDC9E+cCkUgzpapNeFVkLG97Hk4OXdO66k7DsKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPeTBZDwXN1xgoXz5R6ZTTtxhUs6MB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvOTVNRmtQQmMzWEdDaGZQbEhwbE5PM0dGU3pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYysMA0G
CSqGSIb3DQEBCwUAA4IBAQBxYHX0xeP52F4iLdokn+DfvDOTdOqHh72XEiqtYk20
QEuNTZAzD+UIB6lclwi9x1oTlJMSyHxGBvIqdQY0K0xkhSss0zLQKKkMyZBazyl5
w+dYzacMamVvk0nC1W1ryQwmK8a++XnWRVopULBd6BmUTN4l3Ya3jQVip0ShlICo
rzA88sVrZa4znKd88605LSp8Hsq55ko85xipIL5ziQHQcoeQ3ErY4I62ES+tccSG
baNBx7HLQ2qAKfGOPEHXtcEHQ0/EBPJv/UZ3N0t95o6zS5ePt2oceQmrLfN1AYSb
Qbxm8oprdwRJrLJZJv8jj/2WpbvyGpR8NtnzLAFkjPkt
-----END CERTIFICATE-----