This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/kD04CUjg_MqICR0s9XTXa_0lsjE.roa
File:                     kD04CUjg_MqICR0s9XTXa_0lsjE.roa (raw, json)
Hash identifier:          GhUHdSAXykY7wB/NoCCZCZI/ZAtHhgLcQXX44IHbUsI=
Subject key identifier:   90:3D:38:09:48:E0:FC:CA:88:09:1D:2C:F5:74:D7:6B:FD:25:B2:31
Certificate issuer:       /CN=7539b7a123417aa719325946aa89e0f30ab0ca09
Certificate serial:       019B78A256E75B1BC54FED7BF0B03574BF71
Authority key identifier: 75:39:B7:A1:23:41:7A:A7:19:32:59:46:AA:89:E0:F3:0A:B0:CA:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dTm3oSNBeqcZMllGqong8wqwygk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/kD04CUjg_MqICR0s9XTXa_0lsjE.roa
Signing time:             Thu 01 Jan 2026 08:17:43 +0000
ROA not before:           Thu 01 Jan 2026 08:17:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5394
IP address blocks:        194.20.96.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/dTm3oSNBeqcZMllGqong8wqwygk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/dTm3oSNBeqcZMllGqong8wqwygk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dTm3oSNBeqcZMllGqong8wqwygk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 20:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:56:e7:5b:1b:c5:4f:ed:7b:f0:b0:35:74:bf:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7539b7a123417aa719325946aa89e0f30ab0ca09
        Validity
            Not Before: Jan  1 08:17:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=903d380948e0fcca88091d2cf574d76bfd25b231
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:ac:4a:46:5a:21:e1:26:e3:ad:dc:ed:11:30:
                    20:90:28:23:f6:c4:69:71:61:50:a2:b2:b3:92:9a:
                    da:b0:62:e9:f3:4d:af:29:7a:e2:b9:22:2a:be:75:
                    59:0a:1c:43:95:50:28:19:a4:4f:62:fc:49:3d:23:
                    ac:f6:92:64:8c:4e:24:3a:6c:46:06:d0:49:f1:4d:
                    cb:60:2b:d9:70:1d:68:b7:f1:1b:c3:a1:20:31:ab:
                    5c:85:a7:15:8d:e1:92:84:dc:7e:d1:86:d6:b9:1b:
                    ec:6e:3b:42:65:d0:22:8d:85:b0:5a:20:e2:63:01:
                    18:eb:70:ee:3d:df:aa:29:11:6a:99:81:66:11:71:
                    7c:0d:d6:92:07:71:c9:b0:af:48:72:0e:c0:8f:54:
                    18:12:29:34:94:07:78:b6:2c:a1:26:12:57:e0:4c:
                    39:a8:04:34:33:aa:9b:77:d6:f2:3e:d7:e4:ee:b8:
                    7a:d6:98:03:ef:be:93:38:00:5c:e9:d7:c9:79:28:
                    50:64:25:52:f4:77:c5:20:e5:69:07:53:9c:c1:4b:
                    61:ab:d3:fd:65:34:51:8a:4b:a6:58:2c:a3:fa:07:
                    99:be:26:b3:d1:f1:53:46:02:89:b8:3f:7d:c6:3f:
                    95:79:20:9b:87:35:29:5f:72:83:42:fd:e1:4d:3f:
                    aa:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:3D:38:09:48:E0:FC:CA:88:09:1D:2C:F5:74:D7:6B:FD:25:B2:31
            X509v3 Authority Key Identifier:
                keyid:75:39:B7:A1:23:41:7A:A7:19:32:59:46:AA:89:E0:F3:0A:B0:CA:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dTm3oSNBeqcZMllGqong8wqwygk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/kD04CUjg_MqICR0s9XTXa_0lsjE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/dTm3oSNBeqcZMllGqong8wqwygk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.20.96.0/21

    Signature Algorithm: sha256WithRSAEncryption
         7b:fb:57:ce:f2:82:51:0f:0b:d4:2e:26:34:33:cc:a7:2a:db:
         5c:af:dc:8a:f5:ba:2b:f3:dd:d9:73:e4:e4:f1:13:a3:53:27:
         db:01:9e:d4:d5:a5:1f:40:b7:a5:fc:78:46:3a:d8:f8:7d:3e:
         1b:0a:af:f5:e5:8f:32:f7:b9:8d:ed:dd:e9:55:41:f6:c8:78:
         50:f9:55:ee:b8:4d:23:96:23:79:52:d7:3d:26:e1:c4:0b:f1:
         05:2e:6e:ed:18:de:19:42:74:0a:e1:4c:55:5a:22:ea:c5:fe:
         1d:a7:81:3e:db:71:82:8f:70:cf:31:f1:b4:b9:f2:17:fb:1b:
         fa:dd:bc:0e:d5:b4:62:ad:69:a9:86:2d:c9:e7:3f:1b:e4:53:
         99:cf:89:a5:e7:61:94:51:b3:fd:98:1d:4b:ca:f0:e2:b0:eb:
         44:24:7c:f8:1d:07:28:be:bb:50:00:57:16:2c:2a:53:5f:d2:
         85:ba:7b:4e:3e:bc:ab:04:fa:ce:19:42:21:29:b3:af:ea:9b:
         6a:ab:a5:d2:72:64:d6:20:ce:fc:d6:72:12:4d:e9:23:45:e6:
         a0:53:5e:f9:83:d7:8f:87:a4:8a:0c:61:37:d2:ff:ec:98:a8:
         64:c8:a9:69:1f:99:4d:fa:9d:f3:5b:d0:b8:7c:98:e1:18:f8:
         40:00:ec:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4olbnWxvFT+178LA1dL9xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MzliN2ExMjM0MTdhYTcxOTMyNTk0NmFhODllMGYzMGFi
MGNhMDkwHhcNMjYwMTAxMDgxNzQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDNkMzgwOTQ4ZTBmY2NhODgwOTFkMmNmNTc0ZDc2YmZkMjViMjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsKxKRloh4SbjrdztETAgkCgj9sRp
cWFQorKzkprasGLp802vKXriuSIqvnVZChxDlVAoGaRPYvxJPSOs9pJkjE4kOmxG
BtBJ8U3LYCvZcB1ot/Ebw6EgMatchacVjeGShNx+0YbWuRvsbjtCZdAijYWwWiDi
YwEY63DuPd+qKRFqmYFmEXF8DdaSB3HJsK9Icg7Aj1QYEik0lAd4tiyhJhJX4Ew5
qAQ0M6qbd9byPtfk7rh61pgD776TOABc6dfJeShQZCVS9HfFIOVpB1OcwUthq9P9
ZTRRikumWCyj+geZviaz0fFTRgKJuD99xj+VeSCbhzUpX3KDQv3hTT+qqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJA9OAlI4PzKiAkdLPV012v9JbIxMB8GA1UdIwQY
MBaAFHU5t6EjQXqnGTJZRqqJ4PMKsMoJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFRtM29TTkJlcWNaTWxsR3Fvbmc4d3F3eWdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi84MDdlZDUtNTBiMy00ZTVmLTkzNjct
NWI1ZTMzY2U3MGFkLzEva0QwNENVamdfTXFJQ1IwczlYVFhhXzBsc2pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi84MDdlZDUtNTBiMy00ZTVmLTkzNjctNWI1ZTMzY2U3MGFk
LzEvZFRtM29TTkJlcWNaTWxsR3Fvbmc4d3F3eWdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDwhRgMA0G
CSqGSIb3DQEBCwUAA4IBAQB7+1fO8oJRDwvULiY0M8ynKttcr9yK9bor893Zc+Tk
8ROjUyfbAZ7U1aUfQLel/HhGOtj4fT4bCq/15Y8y97mN7d3pVUH2yHhQ+VXuuE0j
liN5Utc9JuHEC/EFLm7tGN4ZQnQK4UxVWiLqxf4dp4E+23GCj3DPMfG0ufIX+xv6
3bwO1bRirWmphi3J5z8b5FOZz4ml52GUUbP9mB1LyvDisOtEJHz4HQcovrtQAFcW
LCpTX9KFuntOPryrBPrOGUIhKbOv6ptqq6XScmTWIM781nISTekjReagU175g9eP
h6SKDGE30v/smKhkyKlpH5lN+p3zW9C4fJjhGPhAAOyk
-----END CERTIFICATE-----