This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/08164a-8821-47c1-bd48-5f9e482f1bf4/1/FxuwVLnHnHt0pOI70T0l53sDKLk.roa
File:                     FxuwVLnHnHt0pOI70T0l53sDKLk.roa (raw, json)
Hash identifier:          KIO/hmTJJrTCwAo9wG8KuHnCEMwo8KpjANEcd/SG3ds=
Subject key identifier:   17:1B:B0:54:B9:C7:9C:7B:74:A4:E2:3B:D1:3D:25:E7:7B:03:28:B9
Certificate issuer:       /CN=d09363cfebbbf92a51e428533d3e8ad412aa3374
Certificate serial:       019B7BA535F6107BE79EABD68DCEB89A4CA5
Authority key identifier: D0:93:63:CF:EB:BB:F9:2A:51:E4:28:53:3D:3E:8A:D4:12:AA:33:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0JNjz-u7-SpR5ChTPT6K1BKqM3Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/08164a-8821-47c1-bd48-5f9e482f1bf4/1/FxuwVLnHnHt0pOI70T0l53sDKLk.roa
Signing time:             Thu 01 Jan 2026 22:19:43 +0000
ROA not before:           Thu 01 Jan 2026 22:19:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12779
IP address blocks:        195.238.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/08164a-8821-47c1-bd48-5f9e482f1bf4/1/0JNjz-u7-SpR5ChTPT6K1BKqM3Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/08164a-8821-47c1-bd48-5f9e482f1bf4/1/0JNjz-u7-SpR5ChTPT6K1BKqM3Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0JNjz-u7-SpR5ChTPT6K1BKqM3Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Feb 2026 21:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:35:f6:10:7b:e7:9e:ab:d6:8d:ce:b8:9a:4c:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d09363cfebbbf92a51e428533d3e8ad412aa3374
        Validity
            Not Before: Jan  1 22:19:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=171bb054b9c79c7b74a4e23bd13d25e77b0328b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:80:ad:3a:f3:ef:68:fe:31:76:61:7f:a2:e6:
                    4c:64:59:d5:f2:dc:28:9b:a5:13:92:21:1d:27:d3:
                    2d:13:bb:cd:55:c4:f1:d3:ed:ae:c9:af:c5:a0:d5:
                    40:fa:ac:54:e2:68:9d:15:9c:62:8f:10:08:f6:5a:
                    09:63:c1:ee:75:b2:f1:24:36:36:80:20:39:c7:22:
                    11:db:1d:b4:42:8f:9d:9b:7d:aa:c2:90:1e:d1:83:
                    7f:c2:5a:63:42:68:d8:88:62:2c:63:26:fd:60:cb:
                    c1:20:86:b9:85:f2:97:35:de:a0:83:28:bf:d1:df:
                    16:d5:ff:71:3d:83:9e:a5:c5:09:20:e4:2f:1f:38:
                    5d:ea:cb:37:b1:a4:63:ec:4d:7d:5b:34:d3:9f:0a:
                    37:55:2f:6b:03:49:6f:34:5b:36:d8:14:2f:95:db:
                    38:49:69:6a:2b:11:d4:aa:df:29:74:8b:82:8a:5d:
                    77:d7:4b:b6:81:c2:4d:d7:d6:b7:4c:b9:40:a4:51:
                    cf:49:d5:0f:dc:63:b7:6a:10:24:85:00:c9:6e:ce:
                    52:1c:27:5d:55:2b:55:88:c1:73:5d:05:6a:33:ce:
                    23:35:7e:65:51:55:4b:5e:2f:85:3f:1d:1f:d5:ef:
                    21:8f:5f:6d:44:49:0c:0d:c2:17:78:3b:21:d2:7c:
                    f4:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:1B:B0:54:B9:C7:9C:7B:74:A4:E2:3B:D1:3D:25:E7:7B:03:28:B9
            X509v3 Authority Key Identifier:
                keyid:D0:93:63:CF:EB:BB:F9:2A:51:E4:28:53:3D:3E:8A:D4:12:AA:33:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0JNjz-u7-SpR5ChTPT6K1BKqM3Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/08164a-8821-47c1-bd48-5f9e482f1bf4/1/FxuwVLnHnHt0pOI70T0l53sDKLk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/08164a-8821-47c1-bd48-5f9e482f1bf4/1/0JNjz-u7-SpR5ChTPT6K1BKqM3Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.238.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:08:01:9f:35:90:d5:a4:52:28:d7:e8:00:84:3a:11:1b:ee:
         95:e6:7c:57:27:2f:27:b0:52:f4:ae:a4:f4:99:c4:91:1f:2f:
         a6:1e:1d:f2:dd:94:66:cf:d5:62:ca:c5:ac:39:13:4d:02:a9:
         20:69:de:6b:40:5e:64:c1:66:df:dc:b9:b4:b1:2a:db:53:5b:
         cc:e8:8f:a4:7d:60:67:ce:0b:56:4c:84:43:3b:e2:a2:f7:e0:
         d1:46:34:92:82:74:4e:4e:a9:f2:13:12:32:24:cb:f9:3e:83:
         08:2d:37:19:51:f0:bb:42:4e:51:04:52:84:81:51:44:07:76:
         d2:3f:13:19:1d:42:eb:79:d3:22:fa:a6:85:50:80:90:67:10:
         b8:b0:eb:63:ce:1a:d4:4b:fe:d2:b6:df:9e:74:9b:5c:cb:63:
         03:da:02:68:f4:ca:54:9a:2a:bd:9f:a8:e7:8a:cc:aa:ad:df:
         b8:db:2f:53:c0:65:12:15:c3:14:be:52:53:96:8c:07:cb:ee:
         08:90:35:91:61:ce:85:36:14:12:fc:f3:95:31:c0:b2:3a:1e:
         d6:fb:c9:5b:fb:f1:06:b5:9f:d9:dd:08:ca:63:58:22:e1:f5:
         88:aa:25:68:88:84:60:d9:17:74:07:85:87:5b:ab:d8:6e:4b:
         6f:a2:e0:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pTX2EHvnnqvWjc64mkylMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOTM2M2NmZWJiYmY5MmE1MWU0Mjg1MzNkM2U4YWQ0MTJh
YTMzNzQwHhcNMjYwMTAxMjIxOTQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzFiYjA1NGI5Yzc5YzdiNzRhNGUyM2JkMTNkMjVlNzdiMDMyOGI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq4CtOvPvaP4xdmF/ouZMZFnV8two
m6UTkiEdJ9MtE7vNVcTx0+2uya/FoNVA+qxU4midFZxijxAI9loJY8HudbLxJDY2
gCA5xyIR2x20Qo+dm32qwpAe0YN/wlpjQmjYiGIsYyb9YMvBIIa5hfKXNd6ggyi/
0d8W1f9xPYOepcUJIOQvHzhd6ss3saRj7E19WzTTnwo3VS9rA0lvNFs22BQvlds4
SWlqKxHUqt8pdIuCil1310u2gcJN19a3TLlApFHPSdUP3GO3ahAkhQDJbs5SHCdd
VStViMFzXQVqM84jNX5lUVVLXi+FPx0f1e8hj19tREkMDcIXeDsh0nz0oQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBcbsFS5x5x7dKTiO9E9Jed7Ayi5MB8GA1UdIwQY
MBaAFNCTY8/ru/kqUeQoUz0+itQSqjN0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEpOanotdTctU3BSNUNoVFBUNksxQktxTTNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni8wODE2NGEtODgyMS00N2MxLWJkNDgt
NWY5ZTQ4MmYxYmY0LzEvRnh1d1ZMbkhuSHQwcE9JNzBUMGw1M3NES0xrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni8wODE2NGEtODgyMS00N2MxLWJkNDgtNWY5ZTQ4MmYxYmY0
LzEvMEpOanotdTctU3BSNUNoVFBUNksxQktxTTNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+7rMA0G
CSqGSIb3DQEBCwUAA4IBAQAeCAGfNZDVpFIo1+gAhDoRG+6V5nxXJy8nsFL0rqT0
mcSRHy+mHh3y3ZRmz9ViysWsORNNAqkgad5rQF5kwWbf3Lm0sSrbU1vM6I+kfWBn
zgtWTIRDO+Ki9+DRRjSSgnROTqnyExIyJMv5PoMILTcZUfC7Qk5RBFKEgVFEB3bS
PxMZHULredMi+qaFUICQZxC4sOtjzhrUS/7Stt+edJtcy2MD2gJo9MpUmiq9n6jn
isyqrd+42y9TwGUSFcMUvlJTlowHy+4IkDWRYc6FNhQS/POVMcCyOh7W+8lb+/EG
tZ/Z3QjKY1gi4fWIqiVoiIRg2Rd0B4WHW6vYbktvouAr
-----END CERTIFICATE-----