This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/Fh-Fpr_uHjcMFD06n24XprpSG1M.roa
File:                     Fh-Fpr_uHjcMFD06n24XprpSG1M.roa (raw, json)
Hash identifier:          FmZcmk95+iBFV9lKN3BmY/9kElMyaU+AZ6vmkOB1orM=
Subject key identifier:   16:1F:85:A6:BF:EE:1E:37:0C:14:3D:3A:9F:6E:17:A6:BA:52:1B:53
Certificate issuer:       /CN=81fa48f40bc84540c46bd23be9b90897aa184f4d
Certificate serial:       019B7F16032B6BDEEECEC9BE47A102958315
Authority key identifier: 81:FA:48:F4:0B:C8:45:40:C4:6B:D2:3B:E9:B9:08:97:AA:18:4F:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gfpI9AvIRUDEa9I76bkIl6oYT00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/Fh-Fpr_uHjcMFD06n24XprpSG1M.roa
Signing time:             Fri 02 Jan 2026 14:21:47 +0000
ROA not before:           Fri 02 Jan 2026 14:21:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41229
IP address blocks:        195.64.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/gfpI9AvIRUDEa9I76bkIl6oYT00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/gfpI9AvIRUDEa9I76bkIl6oYT00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gfpI9AvIRUDEa9I76bkIl6oYT00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 20:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:16:03:2b:6b:de:ee:ce:c9:be:47:a1:02:95:83:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81fa48f40bc84540c46bd23be9b90897aa184f4d
        Validity
            Not Before: Jan  2 14:21:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=161f85a6bfee1e370c143d3a9f6e17a6ba521b53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:88:87:79:93:88:f7:d3:ba:8e:b4:5e:c3:de:
                    81:ae:96:fc:f7:d6:30:ea:b1:bf:a4:e6:15:69:b9:
                    65:d3:a4:02:39:f9:95:30:78:47:71:51:cd:61:57:
                    bb:fb:84:be:d0:6f:9a:1d:55:f4:6b:34:6f:dd:92:
                    1d:12:d8:6a:18:5b:21:a4:d4:9c:d6:26:af:78:02:
                    8c:fe:00:0e:f2:a7:84:a9:c0:56:c4:6f:c8:8b:73:
                    95:e4:88:ae:cc:b0:15:6d:9a:42:1b:c8:bd:9e:e9:
                    4d:66:35:1e:ce:a6:00:36:9e:73:44:fe:b4:0b:31:
                    dc:38:a7:71:c7:e0:ae:38:ca:c4:ea:34:a4:89:03:
                    51:3c:c0:16:1d:09:03:3a:5b:f8:71:e7:1e:15:bd:
                    60:c0:90:ad:b9:64:01:40:88:60:c7:7e:09:f4:74:
                    fa:8f:b4:da:2f:0f:53:74:ee:5a:33:3b:60:93:37:
                    49:2a:7f:aa:75:85:63:cd:c4:13:21:b8:37:ab:66:
                    1e:ad:c2:a7:f6:33:4e:c8:4a:5e:dc:80:8b:7f:cc:
                    44:be:b4:3f:be:14:21:bd:1c:34:98:58:59:1e:d1:
                    d5:4b:60:5b:52:63:11:c3:c7:cf:9a:e1:c0:6e:97:
                    8d:ad:ab:4f:8b:ee:8e:83:a8:e8:07:94:8f:f8:a0:
                    fb:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:1F:85:A6:BF:EE:1E:37:0C:14:3D:3A:9F:6E:17:A6:BA:52:1B:53
            X509v3 Authority Key Identifier:
                keyid:81:FA:48:F4:0B:C8:45:40:C4:6B:D2:3B:E9:B9:08:97:AA:18:4F:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gfpI9AvIRUDEa9I76bkIl6oYT00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/Fh-Fpr_uHjcMFD06n24XprpSG1M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/gfpI9AvIRUDEa9I76bkIl6oYT00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.64.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:c9:32:09:6c:fb:67:36:59:d7:21:c8:2a:25:dd:18:d6:f5:
         4e:18:0a:a6:0f:ec:02:77:54:93:18:cc:db:f6:29:ee:66:e9:
         3b:a9:bd:d7:be:3a:bc:ad:94:e3:70:88:6e:6b:2d:19:5d:37:
         a8:c4:a6:15:08:15:b8:e1:c6:c9:9f:fc:f1:93:e7:6c:7a:dc:
         b7:6e:4f:94:20:71:d0:cf:2e:4a:87:55:00:7f:ca:31:20:4d:
         93:0f:9a:82:e4:55:83:ae:f3:79:28:45:4e:54:40:de:fa:14:
         37:76:db:96:f1:ac:17:6c:d4:ed:3a:17:32:a0:bf:51:a3:3f:
         64:a1:ad:94:74:fe:cf:15:7e:af:fb:76:61:ce:93:b8:e5:3c:
         dd:79:f3:8c:51:1f:9a:d8:ad:7d:de:ae:e3:71:80:0e:ba:cc:
         4c:bf:62:20:ea:8a:06:11:20:32:c2:a5:ee:72:35:22:39:d8:
         84:c5:76:30:f7:3d:08:ba:1f:10:bb:71:95:86:f1:92:71:79:
         68:94:7f:d5:77:5a:bb:78:67:76:b9:0f:8d:99:00:28:08:ae:
         57:9e:d1:5c:ec:82:25:92:63:47:b7:6c:62:83:2e:8d:11:4c:
         b0:c0:cd:59:27:1b:08:a5:90:fd:90:b3:78:8e:69:2b:8d:e8:
         b1:51:fe:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FgMra97uzsm+R6EClYMVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxZmE0OGY0MGJjODQ1NDBjNDZiZDIzYmU5YjkwODk3YWEx
ODRmNGQwHhcNMjYwMTAyMTQyMTQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjFmODVhNmJmZWUxZTM3MGMxNDNkM2E5ZjZlMTdhNmJhNTIxYjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAloiHeZOI99O6jrRew96Brpb899Yw
6rG/pOYVabll06QCOfmVMHhHcVHNYVe7+4S+0G+aHVX0azRv3ZIdEthqGFshpNSc
1iaveAKM/gAO8qeEqcBWxG/Ii3OV5IiuzLAVbZpCG8i9nulNZjUezqYANp5zRP60
CzHcOKdxx+CuOMrE6jSkiQNRPMAWHQkDOlv4ceceFb1gwJCtuWQBQIhgx34J9HT6
j7TaLw9TdO5aMztgkzdJKn+qdYVjzcQTIbg3q2YercKn9jNOyEpe3ICLf8xEvrQ/
vhQhvRw0mFhZHtHVS2BbUmMRw8fPmuHAbpeNratPi+6Og6joB5SP+KD74wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBYfhaa/7h43DBQ9Op9uF6a6UhtTMB8GA1UdIwQY
MBaAFIH6SPQLyEVAxGvSO+m5CJeqGE9NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2ZwSTlBdklSVURFYTlJNzZia0lsNm9ZVDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My8xNDYwNzgtZjliMi00MTYzLWFmMWEt
OGU5M2NiNWM1MzU1LzEvRmgtRnByX3VIamNNRkQwNm4yNFhwcnBTRzFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My8xNDYwNzgtZjliMi00MTYzLWFmMWEtOGU5M2NiNWM1MzU1
LzEvZ2ZwSTlBdklSVURFYTlJNzZia0lsNm9ZVDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0D8MA0G
CSqGSIb3DQEBCwUAA4IBAQCFyTIJbPtnNlnXIcgqJd0Y1vVOGAqmD+wCd1STGMzb
9inuZuk7qb3Xvjq8rZTjcIhuay0ZXTeoxKYVCBW44cbJn/zxk+dsety3bk+UIHHQ
zy5Kh1UAf8oxIE2TD5qC5FWDrvN5KEVOVEDe+hQ3dtuW8awXbNTtOhcyoL9Roz9k
oa2UdP7PFX6v+3ZhzpO45TzdefOMUR+a2K193q7jcYAOusxMv2Ig6ooGESAywqXu
cjUiOdiExXYw9z0Iuh8Qu3GVhvGScXlolH/Vd1q7eGd2uQ+NmQAoCK5XntFc7IIl
kmNHt2xigy6NEUywwM1ZJxsIpZD9kLN4jmkrjeixUf7O
-----END CERTIFICATE-----