This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/0da847-1ae9-496c-89fa-9245a9ab978b/1/sKXut25F8mstcMlebmCBZ3ash14.roa
File:                     sKXut25F8mstcMlebmCBZ3ash14.roa (raw, json)
Hash identifier:          WdcSiIGfJAIq+j/hEE113/iMWyToETbAb54DBmpGZ9M=
Subject key identifier:   B0:A5:EE:B7:6E:45:F2:6B:2D:70:C9:5E:6E:60:81:67:76:AC:87:5E
Certificate issuer:       /CN=af030d3b4c589e94a3ef61ddd5401a8f3ff79b6d
Certificate serial:       019B7AC8A513EDE8AE0C5A6AF1CCF2F491CB
Authority key identifier: AF:03:0D:3B:4C:58:9E:94:A3:EF:61:DD:D5:40:1A:8F:3F:F7:9B:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rwMNO0xYnpSj72Hd1UAajz_3m20.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/0da847-1ae9-496c-89fa-9245a9ab978b/1/sKXut25F8mstcMlebmCBZ3ash14.roa
Signing time:             Thu 01 Jan 2026 18:18:48 +0000
ROA not before:           Thu 01 Jan 2026 18:18:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62119
IP address blocks:        95.131.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/0da847-1ae9-496c-89fa-9245a9ab978b/1/rwMNO0xYnpSj72Hd1UAajz_3m20.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/0da847-1ae9-496c-89fa-9245a9ab978b/1/rwMNO0xYnpSj72Hd1UAajz_3m20.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rwMNO0xYnpSj72Hd1UAajz_3m20.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 18:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:a5:13:ed:e8:ae:0c:5a:6a:f1:cc:f2:f4:91:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af030d3b4c589e94a3ef61ddd5401a8f3ff79b6d
        Validity
            Not Before: Jan  1 18:18:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b0a5eeb76e45f26b2d70c95e6e60816776ac875e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:4b:eb:d8:58:87:d4:e5:74:a0:ed:5d:7d:0a:
                    8d:71:1c:b4:a6:7a:7c:83:4f:0f:61:b0:25:81:1b:
                    ff:b3:6e:2b:7b:f9:a3:15:ce:38:52:fd:03:72:c9:
                    6b:45:d4:67:24:ff:47:85:8a:4c:2a:00:7a:61:ce:
                    a2:1d:17:c1:8e:bb:93:77:97:bd:47:53:8d:f0:c4:
                    c0:f0:37:38:ce:43:8a:37:3f:d1:f7:5b:b1:db:02:
                    6a:20:12:83:4b:56:0b:fe:f5:cb:90:07:55:08:58:
                    5e:96:eb:3c:ff:16:6a:54:6f:50:a1:a2:08:06:de:
                    a4:ee:90:ff:a8:bc:e1:2c:61:50:32:a9:c2:9d:3a:
                    bd:b5:be:b7:0d:1e:3e:79:59:d3:e6:03:dc:c6:f3:
                    43:b1:c5:2a:f1:a6:49:60:79:87:ec:03:3e:98:8e:
                    99:c2:50:5a:74:b3:31:93:37:3a:17:1a:32:82:61:
                    a2:24:6a:0e:b9:92:45:eb:d8:3c:11:4c:3d:5d:5d:
                    b9:5b:d6:50:5e:51:f9:7b:0d:52:9b:03:fb:50:5b:
                    b0:3f:e3:85:13:39:1e:9c:48:2e:7f:0d:89:fc:2a:
                    e0:4f:c7:9e:68:c6:26:89:14:79:d8:dd:29:a3:f5:
                    6e:f9:bc:7e:84:78:22:d8:0d:96:cf:db:a6:ae:d6:
                    ac:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:A5:EE:B7:6E:45:F2:6B:2D:70:C9:5E:6E:60:81:67:76:AC:87:5E
            X509v3 Authority Key Identifier:
                keyid:AF:03:0D:3B:4C:58:9E:94:A3:EF:61:DD:D5:40:1A:8F:3F:F7:9B:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rwMNO0xYnpSj72Hd1UAajz_3m20.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/0da847-1ae9-496c-89fa-9245a9ab978b/1/sKXut25F8mstcMlebmCBZ3ash14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/0da847-1ae9-496c-89fa-9245a9ab978b/1/rwMNO0xYnpSj72Hd1UAajz_3m20.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.131.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:1c:86:a0:e9:71:14:d8:7a:88:df:99:34:5a:d9:de:79:41:
         f4:cd:07:eb:cc:76:50:fd:11:2c:2c:ad:d2:24:ad:94:fa:ad:
         11:26:39:42:2b:26:58:73:81:89:5c:2e:97:00:10:91:bf:29:
         d8:54:5c:8f:cc:7e:cc:f6:37:e9:75:32:5d:ba:62:53:04:25:
         18:83:d9:6b:ef:39:66:de:a8:80:4b:12:af:fe:71:83:3b:79:
         5c:a5:7e:d5:8e:8e:d8:86:03:dc:3f:85:60:7a:0f:c7:82:01:
         dd:f5:72:73:2b:67:e1:d0:f0:d7:2d:21:22:68:5e:c0:70:bd:
         4b:35:d2:32:52:c8:73:6d:52:c0:bb:24:8e:e7:8c:4d:41:d9:
         12:a1:83:8e:ca:36:c1:14:32:57:2a:ed:35:0e:a9:f6:13:8e:
         14:cc:d0:fe:e4:34:31:ca:8e:6e:f9:aa:3a:34:d0:c1:9a:c2:
         c0:80:97:64:61:f3:cf:2a:1e:7a:ba:b9:38:40:56:48:34:13:
         2e:14:08:7b:34:ea:3a:bb:72:73:2a:b7:e9:31:d1:2f:81:59:
         90:29:54:f8:5c:ac:9b:99:ee:36:01:ea:59:6a:ef:b1:fd:5c:
         a2:99:89:b6:7e:a3:4d:42:2d:d9:39:2c:73:97:44:dc:63:3c:
         3d:08:a1:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yKUT7eiuDFpq8czy9JHLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmMDMwZDNiNGM1ODllOTRhM2VmNjFkZGQ1NDAxYThmM2Zm
NzliNmQwHhcNMjYwMTAxMTgxODQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGE1ZWViNzZlNDVmMjZiMmQ3MGM5NWU2ZTYwODE2Nzc2YWM4NzVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqkvr2FiH1OV0oO1dfQqNcRy0pnp8
g08PYbAlgRv/s24re/mjFc44Uv0DcslrRdRnJP9HhYpMKgB6Yc6iHRfBjruTd5e9
R1ON8MTA8Dc4zkOKNz/R91ux2wJqIBKDS1YL/vXLkAdVCFhelus8/xZqVG9QoaII
Bt6k7pD/qLzhLGFQMqnCnTq9tb63DR4+eVnT5gPcxvNDscUq8aZJYHmH7AM+mI6Z
wlBadLMxkzc6FxoygmGiJGoOuZJF69g8EUw9XV25W9ZQXlH5ew1SmwP7UFuwP+OF
EzkenEgufw2J/CrgT8eeaMYmiRR52N0po/Vu+bx+hHgi2A2Wz9umrtasHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLCl7rduRfJrLXDJXm5ggWd2rIdeMB8GA1UdIwQY
MBaAFK8DDTtMWJ6Uo+9h3dVAGo8/95ttMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcndNTk8weFlucFNqNzJIZDFVQWFqel8zbTIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi8wZGE4NDctMWFlOS00OTZjLTg5ZmEt
OTI0NWE5YWI5NzhiLzEvc0tYdXQyNUY4bXN0Y01sZWJtQ0JaM2FzaDE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi8wZGE4NDctMWFlOS00OTZjLTg5ZmEtOTI0NWE5YWI5Nzhi
LzEvcndNTk8weFlucFNqNzJIZDFVQWFqel8zbTIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4PNMA0G
CSqGSIb3DQEBCwUAA4IBAQBcHIag6XEU2HqI35k0WtneeUH0zQfrzHZQ/REsLK3S
JK2U+q0RJjlCKyZYc4GJXC6XABCRvynYVFyPzH7M9jfpdTJdumJTBCUYg9lr7zlm
3qiASxKv/nGDO3lcpX7Vjo7YhgPcP4Vgeg/HggHd9XJzK2fh0PDXLSEiaF7AcL1L
NdIyUshzbVLAuySO54xNQdkSoYOOyjbBFDJXKu01Dqn2E44UzND+5DQxyo5u+ao6
NNDBmsLAgJdkYfPPKh56urk4QFZINBMuFAh7NOo6u3JzKrfpMdEvgVmQKVT4XKyb
me42AepZau+x/VyimYm2fqNNQi3ZOSxzl0TcYzw9CKFJ
-----END CERTIFICATE-----