This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/jKshf8wnc15011tXTFSj3TTXJFA.roa
File:                     jKshf8wnc15011tXTFSj3TTXJFA.roa (raw, json)
Hash identifier:          K6mzJUE9dYVEi81Gnv2fYao7OX/tyLrwWkjFdI+z8Z0=
Subject key identifier:   8C:AB:21:7F:CC:27:73:5E:74:D7:5B:57:4C:54:A3:DD:34:D7:24:50
Certificate issuer:       /CN=60325c21d2fafe743398dc1e5574433280110469
Certificate serial:       019B7A5AC100BDB966399B328786CC1BEBBF
Authority key identifier: 60:32:5C:21:D2:FA:FE:74:33:98:DC:1E:55:74:43:32:80:11:04:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YDJcIdL6_nQzmNweVXRDMoARBGk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/jKshf8wnc15011tXTFSj3TTXJFA.roa
Signing time:             Thu 01 Jan 2026 16:18:46 +0000
ROA not before:           Thu 01 Jan 2026 16:18:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        195.10.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/YDJcIdL6_nQzmNweVXRDMoARBGk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/YDJcIdL6_nQzmNweVXRDMoARBGk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YDJcIdL6_nQzmNweVXRDMoARBGk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 01:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:c1:00:bd:b9:66:39:9b:32:87:86:cc:1b:eb:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60325c21d2fafe743398dc1e5574433280110469
        Validity
            Not Before: Jan  1 16:18:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8cab217fcc27735e74d75b574c54a3dd34d72450
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:54:f1:e3:40:87:5a:39:78:f5:a1:54:84:e7:
                    15:6e:bf:50:2e:d1:4f:39:31:4e:e3:a5:21:51:dc:
                    30:79:49:0a:91:6b:7d:f0:45:48:e9:fa:6d:9f:5b:
                    6c:a2:ec:ab:d4:a4:ca:16:59:23:1c:22:3a:f7:d8:
                    ec:a0:96:6a:1e:78:18:5d:0f:33:3d:6b:2b:9f:69:
                    57:eb:cd:f0:b6:ff:42:9a:50:ae:38:6d:19:0d:d3:
                    34:84:0e:47:26:4f:5c:21:e8:6e:0f:7d:94:71:02:
                    2c:e6:da:4b:ba:76:6c:3f:2a:a3:28:6f:ef:10:8e:
                    43:62:00:12:cb:83:8b:3e:f4:3b:a4:84:36:92:58:
                    b5:62:c2:a1:41:8f:32:32:08:36:a5:09:f0:a6:6a:
                    d9:2d:7d:4e:ff:61:00:96:9b:6e:5a:91:d5:13:73:
                    da:81:a4:ee:9c:66:e5:9e:4f:6d:21:ed:cc:7a:db:
                    08:c6:a4:32:2a:a3:9d:50:7a:59:ec:0e:04:9a:32:
                    69:5a:58:50:07:33:40:96:1c:8b:95:7d:73:45:01:
                    a0:7e:62:0b:1e:8c:d8:f7:0b:a2:a1:a3:f7:45:70:
                    c7:8e:69:6b:9c:69:5a:49:75:78:78:76:83:2f:3d:
                    0b:c9:c4:8e:86:84:5e:d1:e0:96:c5:2f:4d:77:ca:
                    e9:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:AB:21:7F:CC:27:73:5E:74:D7:5B:57:4C:54:A3:DD:34:D7:24:50
            X509v3 Authority Key Identifier:
                keyid:60:32:5C:21:D2:FA:FE:74:33:98:DC:1E:55:74:43:32:80:11:04:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YDJcIdL6_nQzmNweVXRDMoARBGk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/jKshf8wnc15011tXTFSj3TTXJFA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/YDJcIdL6_nQzmNweVXRDMoARBGk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.10.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:11:c9:99:9a:73:15:d6:61:f3:ff:fe:d8:3b:30:cf:24:20:
         37:45:12:b5:60:41:08:3d:2a:20:5b:76:c5:6c:71:63:ed:2f:
         d4:91:5e:1c:f0:ed:ce:6f:27:de:1b:e8:8b:fe:57:ab:96:24:
         3c:09:af:62:2f:3b:66:81:3c:a7:2d:dd:4e:3d:c4:e2:66:f4:
         97:49:0d:15:3a:42:81:ed:e5:f4:be:f2:35:bf:06:36:52:e7:
         f7:49:42:da:6b:6c:01:ca:fe:c9:2a:ce:28:7f:f3:0b:ad:2a:
         cd:f5:c6:80:7d:f2:f3:8d:5f:5e:26:18:43:b2:39:07:39:ac:
         f2:13:71:e8:5b:0c:6a:0f:9f:c9:69:aa:99:7c:f1:38:05:ff:
         52:f1:83:41:b3:50:1a:03:a5:00:21:58:22:a3:d4:c8:29:4b:
         3c:23:63:2a:ab:4d:7a:7b:f0:a8:e9:f3:11:aa:6a:89:f5:e0:
         1e:a5:ff:6f:cb:ca:f0:b2:7d:1a:bc:44:24:6f:85:2f:53:fc:
         09:df:73:40:b7:21:c2:fd:de:96:46:d8:dc:2b:99:2a:cf:ab:
         db:96:86:f7:3e:cd:6d:af:95:e0:2a:7b:c1:18:77:67:90:cd:
         4c:88:e5:af:f7:4e:3e:92:b2:17:ce:a9:58:01:b5:3f:d5:66:
         b5:41:ee:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WsEAvblmOZsyh4bMG+u/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwMzI1YzIxZDJmYWZlNzQzMzk4ZGMxZTU1NzQ0MzMyODAx
MTA0NjkwHhcNMjYwMTAxMTYxODQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2FiMjE3ZmNjMjc3MzVlNzRkNzViNTc0YzU0YTNkZDM0ZDcyNDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAklTx40CHWjl49aFUhOcVbr9QLtFP
OTFO46UhUdwweUkKkWt98EVI6fptn1tsouyr1KTKFlkjHCI699jsoJZqHngYXQ8z
PWsrn2lX683wtv9CmlCuOG0ZDdM0hA5HJk9cIehuD32UcQIs5tpLunZsPyqjKG/v
EI5DYgASy4OLPvQ7pIQ2kli1YsKhQY8yMgg2pQnwpmrZLX1O/2EAlptuWpHVE3Pa
gaTunGblnk9tIe3MetsIxqQyKqOdUHpZ7A4EmjJpWlhQBzNAlhyLlX1zRQGgfmIL
HozY9wuioaP3RXDHjmlrnGlaSXV4eHaDLz0LycSOhoRe0eCWxS9Nd8rpNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIyrIX/MJ3NedNdbV0xUo9001yRQMB8GA1UdIwQY
MBaAFGAyXCHS+v50M5jcHlV0QzKAEQRpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWURKY0lkTDZfblF6bU53ZVZYUkRNb0FSQkdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9mMjc3MGItZGExOS00NzkwLWE0OTQt
YzU4ZTk1Y2Q0Mjc3LzEvaktzaGY4d25jMTUwMTF0WFRGU2ozVFRYSkZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9mMjc3MGItZGExOS00NzkwLWE0OTQtYzU4ZTk1Y2Q0Mjc3
LzEvWURKY0lkTDZfblF6bU53ZVZYUkRNb0FSQkdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwrZMA0G
CSqGSIb3DQEBCwUAA4IBAQCHEcmZmnMV1mHz//7YOzDPJCA3RRK1YEEIPSogW3bF
bHFj7S/UkV4c8O3ObyfeG+iL/lerliQ8Ca9iLztmgTynLd1OPcTiZvSXSQ0VOkKB
7eX0vvI1vwY2Uuf3SULaa2wByv7JKs4of/MLrSrN9caAffLzjV9eJhhDsjkHOazy
E3HoWwxqD5/JaaqZfPE4Bf9S8YNBs1AaA6UAIVgio9TIKUs8I2Mqq016e/Co6fMR
qmqJ9eAepf9vy8rwsn0avEQkb4UvU/wJ33NAtyHC/d6WRtjcK5kqz6vblob3Ps1t
r5XgKnvBGHdnkM1MiOWv904+krIXzqlYAbU/1Wa1Qe4M
-----END CERTIFICATE-----