This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/a3c055-b25a-425f-8d99-e5a7003e10de/1/IWc0e1xHvEeNaFpUiEHsoSj8LCQ.roa
File:                     IWc0e1xHvEeNaFpUiEHsoSj8LCQ.roa (raw, json)
Hash identifier:          FkF+LBfyPEQLntzgMJAsrXU06VpPmyg3zztpMpixRM4=
Subject key identifier:   21:67:34:7B:5C:47:BC:47:8D:68:5A:54:88:41:EC:A1:28:FC:2C:24
Certificate issuer:       /CN=c64d2286b5cc7be42f8aebaeb6aae57e7ce7da2b
Certificate serial:       019B7EA68654C2F19DF66A134FEE5498B58F
Authority key identifier: C6:4D:22:86:B5:CC:7B:E4:2F:8A:EB:AE:B6:AA:E5:7E:7C:E7:DA:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xk0ihrXMe-Qviuuutqrlfnzn2is.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/a3c055-b25a-425f-8d99-e5a7003e10de/1/IWc0e1xHvEeNaFpUiEHsoSj8LCQ.roa
Signing time:             Fri 02 Jan 2026 12:20:01 +0000
ROA not before:           Fri 02 Jan 2026 12:20:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48897
IP address blocks:        195.88.72.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/a3c055-b25a-425f-8d99-e5a7003e10de/1/xk0ihrXMe-Qviuuutqrlfnzn2is.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/a3c055-b25a-425f-8d99-e5a7003e10de/1/xk0ihrXMe-Qviuuutqrlfnzn2is.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xk0ihrXMe-Qviuuutqrlfnzn2is.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:86:54:c2:f1:9d:f6:6a:13:4f:ee:54:98:b5:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c64d2286b5cc7be42f8aebaeb6aae57e7ce7da2b
        Validity
            Not Before: Jan  2 12:20:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2167347b5c47bc478d685a548841eca128fc2c24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:39:af:ec:4b:8a:df:5a:ca:0c:5c:6e:d6:34:
                    0d:db:45:b4:96:15:71:ba:21:15:25:fa:ca:8c:7c:
                    40:45:aa:30:e3:f5:23:56:16:70:37:45:dd:62:87:
                    8f:e1:22:a0:fb:c3:dc:cc:12:f4:8b:43:ac:2d:23:
                    ee:88:ce:26:54:79:cd:2e:ea:49:ec:5f:07:f6:4f:
                    ca:99:47:04:9f:f1:f8:cc:7b:9d:01:e7:69:bb:57:
                    4d:72:08:52:63:39:cb:ad:de:89:a0:63:46:46:29:
                    3b:30:1c:d9:32:d3:03:b0:04:fa:8d:10:23:79:28:
                    ac:9d:df:db:f9:35:ad:15:c9:bc:84:8e:47:f1:a8:
                    06:b4:e3:f1:0f:06:02:60:72:ca:2f:ed:89:e4:31:
                    f2:d6:70:c0:1c:48:d1:92:21:5a:cc:76:05:21:b5:
                    5e:1e:c7:ac:d2:c3:38:e7:ca:d7:5a:e7:52:e4:61:
                    90:25:49:fd:c3:87:c5:c9:74:c1:36:1c:b6:6f:6f:
                    89:44:24:30:d9:a4:62:c2:89:45:f5:0d:47:16:a7:
                    8e:46:0f:6b:c0:81:01:16:9c:6b:c2:9e:ae:8d:b0:
                    bd:b4:b7:fe:61:d8:69:f6:3a:a8:1a:e6:55:e0:ac:
                    ea:27:85:6e:64:b3:19:61:a4:56:a2:5e:23:8d:0f:
                    54:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:67:34:7B:5C:47:BC:47:8D:68:5A:54:88:41:EC:A1:28:FC:2C:24
            X509v3 Authority Key Identifier:
                keyid:C6:4D:22:86:B5:CC:7B:E4:2F:8A:EB:AE:B6:AA:E5:7E:7C:E7:DA:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xk0ihrXMe-Qviuuutqrlfnzn2is.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/a3c055-b25a-425f-8d99-e5a7003e10de/1/IWc0e1xHvEeNaFpUiEHsoSj8LCQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/a3c055-b25a-425f-8d99-e5a7003e10de/1/xk0ihrXMe-Qviuuutqrlfnzn2is.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.88.72.0/23

    Signature Algorithm: sha256WithRSAEncryption
         36:45:02:02:16:94:bd:ca:fd:7d:f0:93:3b:da:50:95:3b:83:
         a7:ed:ab:ed:a7:b0:1d:25:58:db:e9:7d:3f:82:00:3a:b4:28:
         a9:f3:91:9d:23:95:f0:4e:ec:d6:a9:bd:36:cf:6c:ac:f6:8d:
         26:a5:3a:9a:f6:6d:90:bc:f7:8c:e7:8f:04:0e:bb:9f:28:72:
         65:b4:79:ea:c9:f2:b0:aa:66:55:af:9c:4c:bd:82:ad:84:d5:
         a3:5f:c2:68:b5:44:8d:f7:8f:7c:4e:13:44:2e:95:5f:ee:d2:
         f5:13:2a:91:75:6c:4b:e5:ba:ff:fb:fe:77:0c:9c:56:9f:42:
         bb:3d:bb:42:fa:10:17:87:60:60:32:87:c7:b2:19:30:cf:34:
         48:8e:3a:e5:9f:f1:a8:97:13:f8:61:ac:4a:fb:ac:01:e0:b3:
         5c:d9:cf:61:bb:49:ab:2d:da:2a:4b:01:c9:76:2b:d5:dd:86:
         96:34:47:d5:64:fa:36:f7:dc:eb:ed:7d:85:44:58:50:bf:90:
         db:56:cc:00:17:6b:df:41:98:df:a6:aa:a6:79:dd:23:38:20:
         e0:9a:7e:ef:55:17:1a:24:40:28:e0:0d:23:20:10:d9:88:d0:
         2b:8e:56:38:8d:82:7c:2f:85:b6:d2:16:ed:81:ad:1c:f8:b3:
         89:19:32:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+poZUwvGd9moTT+5UmLWPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NGQyMjg2YjVjYzdiZTQyZjhhZWJhZWI2YWFlNTdlN2Nl
N2RhMmIwHhcNMjYwMTAyMTIyMDAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTY3MzQ3YjVjNDdiYzQ3OGQ2ODVhNTQ4ODQxZWNhMTI4ZmMyYzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwTmv7EuK31rKDFxu1jQN20W0lhVx
uiEVJfrKjHxARaow4/UjVhZwN0XdYoeP4SKg+8PczBL0i0OsLSPuiM4mVHnNLupJ
7F8H9k/KmUcEn/H4zHudAedpu1dNcghSYznLrd6JoGNGRik7MBzZMtMDsAT6jRAj
eSisnd/b+TWtFcm8hI5H8agGtOPxDwYCYHLKL+2J5DHy1nDAHEjRkiFazHYFIbVe
Hses0sM458rXWudS5GGQJUn9w4fFyXTBNhy2b2+JRCQw2aRiwolF9Q1HFqeORg9r
wIEBFpxrwp6ujbC9tLf+Ydhp9jqoGuZV4KzqJ4VuZLMZYaRWol4jjQ9U7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCFnNHtcR7xHjWhaVIhB7KEo/CwkMB8GA1UdIwQY
MBaAFMZNIoa1zHvkL4rrrraq5X5859orMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGswaWhyWE1lLVF2aXV1dXRxcmxmbnpuMmlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9hM2MwNTUtYjI1YS00MjVmLThkOTkt
ZTVhNzAwM2UxMGRlLzEvSVdjMGUxeEh2RWVOYUZwVWlFSHNvU2o4TENRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9hM2MwNTUtYjI1YS00MjVmLThkOTktZTVhNzAwM2UxMGRl
LzEveGswaWhyWE1lLVF2aXV1dXRxcmxmbnpuMmlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw1hIMA0G
CSqGSIb3DQEBCwUAA4IBAQA2RQICFpS9yv198JM72lCVO4On7avtp7AdJVjb6X0/
ggA6tCip85GdI5XwTuzWqb02z2ys9o0mpTqa9m2QvPeM548EDrufKHJltHnqyfKw
qmZVr5xMvYKthNWjX8JotUSN9498ThNELpVf7tL1EyqRdWxL5br/+/53DJxWn0K7
PbtC+hAXh2BgMofHshkwzzRIjjrln/GolxP4YaxK+6wB4LNc2c9hu0mrLdoqSwHJ
divV3YaWNEfVZPo299zr7X2FRFhQv5DbVswAF2vfQZjfpqqmed0jOCDgmn7vVRca
JEAo4A0jIBDZiNArjlY4jYJ8L4W20hbtga0c+LOJGTIc
-----END CERTIFICATE-----