This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/OUDYOq6gkhw3BFUzY2oSD0yypIs.roa
File:                     OUDYOq6gkhw3BFUzY2oSD0yypIs.roa (raw, json)
Hash identifier:          UCdu5WNK6uOqnWwAI7iuBO32rEGZsZ4Ij1+37kwWEpg=
Subject key identifier:   39:40:D8:3A:AE:A0:92:1C:37:04:55:33:63:6A:12:0F:4C:B2:A4:8B
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       019B7AC7A1D26D594978B6F196C1599FC523
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/OUDYOq6gkhw3BFUzY2oSD0yypIs.roa
Signing time:             Thu 01 Jan 2026 18:17:42 +0000
ROA not before:           Thu 01 Jan 2026 18:17:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212147
IP address blocks:        195.43.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c7:a1:d2:6d:59:49:78:b6:f1:96:c1:59:9f:c5:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Jan  1 18:17:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3940d83aaea0921c37045533636a120f4cb2a48b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:72:fa:fd:20:28:ef:c4:63:5d:8a:99:9e:67:
                    4d:ea:bf:ff:c5:44:bc:31:23:99:f5:c2:6b:ba:01:
                    7f:92:2c:23:e4:68:ef:d9:71:78:f6:3e:00:4c:3a:
                    b9:7c:83:33:90:dd:66:3b:a7:aa:76:18:1a:a0:d1:
                    88:4d:32:ab:32:a5:10:92:a3:bf:68:de:f2:25:23:
                    b4:81:63:07:e2:20:65:3c:6c:e0:d3:6f:e9:d4:95:
                    3f:7d:85:25:ac:8a:a7:93:13:5c:fc:89:6a:63:77:
                    d4:75:e9:b9:38:a9:0d:d1:99:7e:90:dc:9c:fd:2f:
                    c1:bf:9a:2e:90:d1:bc:86:f8:a8:ba:b9:ee:a0:32:
                    84:48:27:eb:25:d5:fa:78:00:19:d5:1d:4d:21:e9:
                    91:d6:d3:00:c0:56:d6:5a:6e:e3:fb:5b:98:53:86:
                    85:e6:48:bb:c0:d3:46:f7:cd:74:40:0e:4f:4d:85:
                    27:d4:2d:a7:12:35:e6:58:e7:74:70:a8:44:4d:75:
                    7b:2b:73:64:3b:c4:15:33:a1:d4:2a:da:0b:0c:29:
                    bb:df:0a:b3:67:e2:79:e2:4c:e4:e3:9d:0d:6f:72:
                    2c:43:00:4f:e1:c3:0b:69:a3:40:64:9f:ec:7a:1f:
                    3e:7b:bc:5b:b2:17:78:bd:56:33:41:3b:9b:0c:f6:
                    81:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:40:D8:3A:AE:A0:92:1C:37:04:55:33:63:6A:12:0F:4C:B2:A4:8B
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/OUDYOq6gkhw3BFUzY2oSD0yypIs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.43.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:f3:1a:f5:2b:64:0c:66:a9:9c:35:47:01:13:72:2a:96:62:
         f8:cc:4e:4a:29:df:90:8f:a2:20:2a:05:0f:2d:5b:e5:71:a9:
         70:08:63:9a:cd:f4:0a:69:78:6d:67:ac:a0:d5:06:da:93:09:
         ae:84:7c:91:b9:03:77:be:72:19:78:c0:3a:17:63:42:35:d7:
         ec:d1:ef:76:9e:09:6a:dc:08:44:19:b8:93:77:5f:36:a0:8e:
         4f:2c:4f:66:61:c5:56:d6:20:34:53:06:de:b7:59:2d:b9:1d:
         5a:6f:f5:88:43:09:ec:40:86:54:f4:76:0e:8f:bc:ed:59:ac:
         48:ef:74:8a:5b:24:c3:76:4d:45:63:69:f1:38:7a:3f:18:07:
         15:ec:8f:59:27:4a:cd:fe:88:a4:a3:b0:ff:9f:53:36:f4:1f:
         b2:48:d4:60:f2:41:31:ba:73:25:f0:96:18:61:a1:2b:cd:3c:
         3a:e6:4b:64:80:ee:7f:f2:5a:13:c6:ed:43:c7:e5:d8:93:44:
         77:ed:86:7d:c5:a5:22:ed:6b:7c:0f:62:ce:31:22:2f:47:b5:
         ab:d4:b3:f8:8c:df:39:6a:b7:40:ad:9b:f3:9f:01:4f:3e:23:
         ad:ac:c2:91:59:96:44:a8:68:60:6a:52:b0:73:00:bb:d5:9e:
         c4:7d:af:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6x6HSbVlJeLbxlsFZn8UjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjYwMTAxMTgxNzQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTQwZDgzYWFlYTA5MjFjMzcwNDU1MzM2MzZhMTIwZjRjYjJhNDhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHL6/SAo78RjXYqZnmdN6r//xUS8
MSOZ9cJrugF/kiwj5Gjv2XF49j4ATDq5fIMzkN1mO6eqdhgaoNGITTKrMqUQkqO/
aN7yJSO0gWMH4iBlPGzg02/p1JU/fYUlrIqnkxNc/IlqY3fUdem5OKkN0Zl+kNyc
/S/Bv5oukNG8hviournuoDKESCfrJdX6eAAZ1R1NIemR1tMAwFbWWm7j+1uYU4aF
5ki7wNNG9810QA5PTYUn1C2nEjXmWOd0cKhETXV7K3NkO8QVM6HUKtoLDCm73wqz
Z+J54kzk450Nb3IsQwBP4cMLaaNAZJ/seh8+e7xbshd4vVYzQTubDPaBVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDlA2DquoJIcNwRVM2NqEg9MsqSLMB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvT1VEWU9xNmdraHczQkZVelkyb1NEMHl5cElzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwyuGMA0G
CSqGSIb3DQEBCwUAA4IBAQAh8xr1K2QMZqmcNUcBE3IqlmL4zE5KKd+Qj6IgKgUP
LVvlcalwCGOazfQKaXhtZ6yg1QbakwmuhHyRuQN3vnIZeMA6F2NCNdfs0e92nglq
3AhEGbiTd182oI5PLE9mYcVW1iA0Uwbet1ktuR1ab/WIQwnsQIZU9HYOj7ztWaxI
73SKWyTDdk1FY2nxOHo/GAcV7I9ZJ0rN/oiko7D/n1M29B+ySNRg8kExunMl8JYY
YaErzTw65ktkgO5/8loTxu1Dx+XYk0R37YZ9xaUi7Wt8D2LOMSIvR7Wr1LP4jN85
ardArZvznwFPPiOtrMKRWZZEqGhgalKwcwC71Z7Efa9u
-----END CERTIFICATE-----