This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/02c5ec-7c6f-4ae2-9897-3059c89b72ea/1/M_rnheFHEJEhvuv8N_w2Hds5XxU.roa
File:                     M_rnheFHEJEhvuv8N_w2Hds5XxU.roa (raw, json)
Hash identifier:          9c9DQN1bBCgnWk4FhLy9o/RslqwQ5t8KVo6nKa0ccUI=
Subject key identifier:   33:FA:E7:85:E1:47:10:91:21:BE:EB:FC:37:FC:36:1D:DB:39:5F:15
Certificate issuer:       /CN=4c54ecce6cbc9c54929eaa4b22b337b0fd9b36bf
Certificate serial:       019B7910589FD877737F2EC988DB6CB47296
Authority key identifier: 4C:54:EC:CE:6C:BC:9C:54:92:9E:AA:4B:22:B3:37:B0:FD:9B:36:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TFTszmy8nFSSnqpLIrM3sP2bNr8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/02c5ec-7c6f-4ae2-9897-3059c89b72ea/1/M_rnheFHEJEhvuv8N_w2Hds5XxU.roa
Signing time:             Thu 01 Jan 2026 10:17:52 +0000
ROA not before:           Thu 01 Jan 2026 10:17:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        195.82.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/02c5ec-7c6f-4ae2-9897-3059c89b72ea/1/TFTszmy8nFSSnqpLIrM3sP2bNr8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/02c5ec-7c6f-4ae2-9897-3059c89b72ea/1/TFTszmy8nFSSnqpLIrM3sP2bNr8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TFTszmy8nFSSnqpLIrM3sP2bNr8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:58:9f:d8:77:73:7f:2e:c9:88:db:6c:b4:72:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c54ecce6cbc9c54929eaa4b22b337b0fd9b36bf
        Validity
            Not Before: Jan  1 10:17:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=33fae785e147109121beebfc37fc361ddb395f15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:ce:59:e1:0c:8c:3d:46:44:ad:5f:5c:22:c1:
                    7f:19:93:56:94:62:82:6f:b3:02:11:25:fb:c4:58:
                    58:28:50:44:f9:25:c3:48:c5:e8:21:32:84:53:c0:
                    84:94:f4:be:68:da:69:98:73:1f:ed:2f:78:26:1b:
                    a4:7e:3f:db:03:0a:d5:71:99:c4:c2:8f:a9:45:0f:
                    95:56:84:8e:66:b2:4f:5f:51:f6:6b:a2:93:88:70:
                    05:a0:3c:3e:a9:7f:46:54:06:55:3f:84:2c:db:83:
                    a9:3e:f9:77:99:51:fd:e3:fe:e7:cf:9c:76:74:23:
                    f5:cb:ca:33:be:59:52:95:8a:6f:6f:9e:9b:40:c6:
                    3b:3c:ec:50:b7:1f:03:64:54:e9:4f:71:de:3a:af:
                    a1:76:6c:0c:11:b6:65:fd:aa:c8:46:06:c6:c7:1b:
                    21:a1:f2:77:ac:27:a9:e7:18:e0:43:16:d4:cb:37:
                    e7:de:a4:22:50:5b:9a:e8:95:dc:d8:fd:b4:d6:c8:
                    d3:83:6c:33:6c:70:1a:05:45:18:1a:6f:9f:0c:d2:
                    ec:16:df:cb:db:bc:9c:c4:85:44:a3:65:c8:d4:2d:
                    50:a2:aa:04:57:1d:b9:33:66:dc:0b:d7:d2:aa:f1:
                    f9:a4:11:b7:b4:a9:68:98:4f:6f:90:d7:2b:f1:09:
                    7b:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:FA:E7:85:E1:47:10:91:21:BE:EB:FC:37:FC:36:1D:DB:39:5F:15
            X509v3 Authority Key Identifier:
                keyid:4C:54:EC:CE:6C:BC:9C:54:92:9E:AA:4B:22:B3:37:B0:FD:9B:36:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TFTszmy8nFSSnqpLIrM3sP2bNr8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/02c5ec-7c6f-4ae2-9897-3059c89b72ea/1/M_rnheFHEJEhvuv8N_w2Hds5XxU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/02c5ec-7c6f-4ae2-9897-3059c89b72ea/1/TFTszmy8nFSSnqpLIrM3sP2bNr8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.82.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:12:47:d5:52:65:0b:e0:36:b1:83:36:d0:d9:ed:7f:c1:bd:
         d9:51:67:ca:e8:74:f6:6f:77:e3:96:e1:87:cc:c9:7e:e3:ee:
         f3:95:ac:70:b3:b2:b5:bf:1a:1b:32:17:7b:09:42:c9:c5:f8:
         ac:4b:ef:db:44:6c:94:dc:57:9a:7a:ee:a6:7b:65:6d:85:c6:
         26:ba:7a:18:cb:39:d8:52:ce:69:ae:af:d7:6e:2f:5c:f2:fb:
         3c:ee:9c:24:6b:1e:6c:ce:5e:6b:e7:5a:85:c0:e4:25:41:31:
         d6:d5:f4:08:cd:2a:77:d7:b3:d3:e0:31:b2:07:42:e7:5c:7f:
         32:6a:db:5f:79:e6:df:9b:9d:cb:4e:75:51:1b:84:1b:ad:1c:
         72:af:bc:8c:b4:10:cc:e0:d5:0d:cc:0c:e1:5e:ad:bf:3e:9b:
         54:26:1f:61:fc:38:21:95:57:cf:d8:f5:3b:68:04:22:82:4e:
         07:27:1b:87:ce:c4:98:ad:25:79:cc:c7:e4:77:22:1d:d1:11:
         35:48:98:de:78:ea:03:57:3d:44:24:a7:78:aa:73:a9:45:0b:
         fc:a7:48:11:d7:08:e9:5a:a9:e6:99:3a:46:eb:70:bc:a2:d0:
         71:c5:18:1f:42:49:b9:ab:15:82:77:93:a9:7e:7e:3a:a1:23:
         44:64:fd:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EFif2Hdzfy7JiNtstHKWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjNTRlY2NlNmNiYzljNTQ5MjllYWE0YjIyYjMzN2IwZmQ5
YjM2YmYwHhcNMjYwMTAxMTAxNzUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2ZhZTc4NWUxNDcxMDkxMjFiZWViZmMzN2ZjMzYxZGRiMzk1ZjE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA585Z4QyMPUZErV9cIsF/GZNWlGKC
b7MCESX7xFhYKFBE+SXDSMXoITKEU8CElPS+aNppmHMf7S94Jhukfj/bAwrVcZnE
wo+pRQ+VVoSOZrJPX1H2a6KTiHAFoDw+qX9GVAZVP4Qs24OpPvl3mVH94/7nz5x2
dCP1y8ozvllSlYpvb56bQMY7POxQtx8DZFTpT3HeOq+hdmwMEbZl/arIRgbGxxsh
ofJ3rCep5xjgQxbUyzfn3qQiUFua6JXc2P201sjTg2wzbHAaBUUYGm+fDNLsFt/L
27ycxIVEo2XI1C1QoqoEVx25M2bcC9fSqvH5pBG3tKlomE9vkNcr8Ql7CQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDP654XhRxCRIb7r/Df8Nh3bOV8VMB8GA1UdIwQY
MBaAFExU7M5svJxUkp6qSyKzN7D9mza/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEZUc3pteThuRlNTbnFwTElyTTNzUDJiTnI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8wMmM1ZWMtN2M2Zi00YWUyLTk4OTct
MzA1OWM4OWI3MmVhLzEvTV9ybmhlRkhFSkVodnV2OE5fdzJIZHM1WHhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8wMmM1ZWMtN2M2Zi00YWUyLTk4OTctMzA1OWM4OWI3MmVh
LzEvVEZUc3pteThuRlNTbnFwTElyTTNzUDJiTnI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1JhMA0G
CSqGSIb3DQEBCwUAA4IBAQBvEkfVUmUL4DaxgzbQ2e1/wb3ZUWfK6HT2b3fjluGH
zMl+4+7zlaxws7K1vxobMhd7CULJxfisS+/bRGyU3Feaeu6me2VthcYmunoYyznY
Us5prq/Xbi9c8vs87pwkax5szl5r51qFwOQlQTHW1fQIzSp317PT4DGyB0LnXH8y
attfeebfm53LTnVRG4QbrRxyr7yMtBDM4NUNzAzhXq2/PptUJh9h/DghlVfP2PU7
aAQigk4HJxuHzsSYrSV5zMfkdyId0RE1SJjeeOoDVz1EJKd4qnOpRQv8p0gR1wjp
WqnmmTpG63C8otBxxRgfQkm5qxWCd5Opfn46oSNEZP2I
-----END CERTIFICATE-----