This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/xSEYJ36rS-kznLQUl3DFtM3R1jM.roa
File:                     xSEYJ36rS-kznLQUl3DFtM3R1jM.roa (raw, json)
Hash identifier:          3mFKbERmZQc21I9KRtXeu1S3oH9xaIQQ0cmDzkgXhUM=
Subject key identifier:   C5:21:18:27:7E:AB:4B:E9:33:9C:B4:14:97:70:C5:B4:CD:D1:D6:33
Certificate issuer:       /CN=ba9d30e6035be8b8386061f271481c707e04ce2b
Certificate serial:       019B76EB8ABE952066475A0517C554C42813
Authority key identifier: BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/xSEYJ36rS-kznLQUl3DFtM3R1jM.roa
Signing time:             Thu 01 Jan 2026 00:18:26 +0000
ROA not before:           Thu 01 Jan 2026 00:18:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200006
IP address blocks:        195.214.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 18:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:8a:be:95:20:66:47:5a:05:17:c5:54:c4:28:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba9d30e6035be8b8386061f271481c707e04ce2b
        Validity
            Not Before: Jan  1 00:18:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c52118277eab4be9339cb4149770c5b4cdd1d633
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:28:69:35:f3:77:dd:de:05:cb:35:c8:4c:ca:
                    f7:10:01:55:fe:b1:a1:52:f7:d1:bf:c1:78:64:97:
                    51:13:a5:05:b7:52:fb:fc:9d:88:d1:da:ce:a5:8d:
                    82:22:9e:49:d2:e7:ad:ee:25:78:e7:b9:f1:7e:0c:
                    fb:c1:87:2e:42:a5:ef:a2:90:55:89:db:02:d3:7e:
                    86:08:cf:f7:a6:91:7e:9a:fa:93:f6:45:65:ab:f4:
                    e9:5d:4b:aa:11:18:1b:71:26:a4:a0:f9:df:79:7f:
                    e1:9d:f8:d3:b0:f1:e6:34:fe:fa:f9:9c:28:08:4a:
                    28:9c:49:94:25:6d:76:a1:e1:f4:2b:62:1c:31:08:
                    b1:15:d4:4c:58:d6:e3:ee:f6:4b:33:28:22:d8:3d:
                    ed:59:b6:f9:e9:c9:5b:a2:70:09:b1:7f:e0:f3:66:
                    37:5e:26:2a:29:88:91:41:02:14:b5:9c:f4:52:38:
                    e9:e8:8d:fe:c5:aa:d9:6b:f2:ee:0e:b3:f8:cf:99:
                    92:2f:74:38:2c:5b:76:22:89:03:91:1f:7b:9d:ad:
                    9a:3f:a4:da:34:1b:ca:3a:8a:e8:e8:c3:49:13:41:
                    9e:8a:db:a0:13:b4:c9:e5:52:94:3c:aa:0d:76:1e:
                    0f:dc:23:7f:2c:02:b0:9b:82:b4:7f:a9:23:38:52:
                    72:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:21:18:27:7E:AB:4B:E9:33:9C:B4:14:97:70:C5:B4:CD:D1:D6:33
            X509v3 Authority Key Identifier:
                keyid:BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/xSEYJ36rS-kznLQUl3DFtM3R1jM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.214.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:af:82:55:9a:ea:ba:85:1d:52:7e:7a:6d:68:71:92:5a:ec:
         8b:53:44:d2:3a:cb:2a:e1:a2:42:7b:fa:af:41:d3:3d:92:85:
         78:14:83:a4:80:c0:f0:58:a9:68:83:db:0f:2e:83:08:8d:0d:
         58:5a:3b:74:33:a0:55:ac:6f:cb:b6:1f:ef:4f:86:e3:65:37:
         95:ac:2a:9c:fd:41:eb:94:02:17:53:e2:b7:32:99:02:3c:bf:
         95:e2:5d:6c:59:a3:8b:f4:3b:8f:85:af:f9:00:c8:72:55:af:
         15:af:52:4f:ae:8c:1b:0e:fb:71:21:3d:f4:c3:15:31:b7:a4:
         2c:d9:9b:70:10:2d:b5:15:8c:d1:1a:21:33:18:d1:91:ec:7f:
         ee:74:f6:12:3c:49:23:cd:b0:2f:bc:48:a2:2a:23:29:b8:80:
         0d:3a:2e:d8:20:7a:ad:78:ac:1f:b8:54:a3:04:f1:ad:fa:4b:
         88:43:18:2f:fd:9b:f5:bb:0c:ae:79:5f:0d:71:b0:31:2a:26:
         cd:89:ba:f1:e7:ca:34:be:a9:c4:58:94:ab:f6:f6:4f:80:8a:
         2b:d5:b5:e5:c8:db:98:7b:68:55:18:2a:22:4d:7d:e9:08:43:
         e9:6d:01:4a:c7:72:c2:fe:0d:2a:a3:fe:b5:76:b0:6f:e6:ba:
         08:0e:c8:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt264q+lSBmR1oFF8VUxCgTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhOWQzMGU2MDM1YmU4YjgzODYwNjFmMjcxNDgxYzcwN2Uw
NGNlMmIwHhcNMjYwMTAxMDAxODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTIxMTgyNzdlYWI0YmU5MzM5Y2I0MTQ5NzcwYzViNGNkZDFkNjMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyChpNfN33d4FyzXITMr3EAFV/rGh
UvfRv8F4ZJdRE6UFt1L7/J2I0drOpY2CIp5J0uet7iV457nxfgz7wYcuQqXvopBV
idsC036GCM/3ppF+mvqT9kVlq/TpXUuqERgbcSakoPnfeX/hnfjTsPHmNP76+Zwo
CEoonEmUJW12oeH0K2IcMQixFdRMWNbj7vZLMygi2D3tWbb56clbonAJsX/g82Y3
XiYqKYiRQQIUtZz0Ujjp6I3+xarZa/LuDrP4z5mSL3Q4LFt2IokDkR97na2aP6Ta
NBvKOoro6MNJE0GeitugE7TJ5VKUPKoNdh4P3CN/LAKwm4K0f6kjOFJywwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMUhGCd+q0vpM5y0FJdwxbTN0dYzMB8GA1UdIwQY
MBaAFLqdMOYDW+i4OGBh8nFIHHB+BM4rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgt
NWQ1ODRmYmM1ZDI3LzEveFNFWUozNnJTLWt6bkxRVWwzREZ0TTNSMWpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgtNWQ1ODRmYmM1ZDI3
LzEvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9aYMA0G
CSqGSIb3DQEBCwUAA4IBAQAjr4JVmuq6hR1SfnptaHGSWuyLU0TSOssq4aJCe/qv
QdM9koV4FIOkgMDwWKlog9sPLoMIjQ1YWjt0M6BVrG/Lth/vT4bjZTeVrCqc/UHr
lAIXU+K3MpkCPL+V4l1sWaOL9DuPha/5AMhyVa8Vr1JProwbDvtxIT30wxUxt6Qs
2ZtwEC21FYzRGiEzGNGR7H/udPYSPEkjzbAvvEiiKiMpuIANOi7YIHqteKwfuFSj
BPGt+kuIQxgv/Zv1uwyueV8NcbAxKibNibrx58o0vqnEWJSr9vZPgIor1bXlyNuY
e2hVGCoiTX3pCEPpbQFKx3LC/g0qo/61drBv5roIDsjU
-----END CERTIFICATE-----