This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/e8fc9a-3b92-4798-8cfd-c6bdb1830694/1/0bOx0YvZLkBR8StVldUHmaMUt5w.roa
File:                     0bOx0YvZLkBR8StVldUHmaMUt5w.roa (raw, json)
Hash identifier:          pVplZjzT+88YgEabA8GOmB3FR2v0rED8d9SRhfrU2/E=
Subject key identifier:   D1:B3:B1:D1:8B:D9:2E:40:51:F1:2B:55:95:D5:07:99:A3:14:B7:9C
Certificate issuer:       /CN=5032f297789a194a8b507805f35d42ee78c0d4c3
Certificate serial:       019B7D5B5F60FA7AE7227B30B4989C116B2E
Authority key identifier: 50:32:F2:97:78:9A:19:4A:8B:50:78:05:F3:5D:42:EE:78:C0:D4:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UDLyl3iaGUqLUHgF811C7njA1MM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/e8fc9a-3b92-4798-8cfd-c6bdb1830694/1/0bOx0YvZLkBR8StVldUHmaMUt5w.roa
Signing time:             Fri 02 Jan 2026 06:18:18 +0000
ROA not before:           Fri 02 Jan 2026 06:18:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41037
IP address blocks:        195.95.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/e8fc9a-3b92-4798-8cfd-c6bdb1830694/1/UDLyl3iaGUqLUHgF811C7njA1MM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/e8fc9a-3b92-4798-8cfd-c6bdb1830694/1/UDLyl3iaGUqLUHgF811C7njA1MM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UDLyl3iaGUqLUHgF811C7njA1MM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5b:5f:60:fa:7a:e7:22:7b:30:b4:98:9c:11:6b:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5032f297789a194a8b507805f35d42ee78c0d4c3
        Validity
            Not Before: Jan  2 06:18:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d1b3b1d18bd92e4051f12b5595d50799a314b79c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:33:2b:7a:7c:d2:b3:19:58:60:c9:7f:9b:0c:
                    3b:fa:bc:d1:ef:4d:1d:41:e2:b0:d5:fb:39:a8:71:
                    94:dd:8f:bc:c4:32:ed:6e:1f:15:26:f2:9b:86:e9:
                    53:34:3f:34:6e:0d:48:67:e9:1f:45:24:25:13:92:
                    7b:0c:3f:8a:7e:45:49:24:29:85:b5:8d:44:88:6e:
                    02:b1:b8:a1:5d:8a:c7:7b:7a:d5:c4:55:21:86:54:
                    27:a7:93:6e:57:a3:35:e9:1e:c5:58:79:0e:ed:b9:
                    2d:3b:01:ed:75:c1:4a:bd:01:42:45:67:1c:3a:71:
                    74:29:62:f1:49:49:b2:c9:59:bd:77:b4:fb:7d:4e:
                    aa:0d:dc:9a:df:47:cf:8d:a9:00:4e:bf:cb:97:1a:
                    9d:a6:ff:31:81:cd:f0:6e:bb:ba:57:b9:23:1c:64:
                    31:d3:d5:c3:07:d8:dc:bb:39:68:40:d0:e4:a7:3b:
                    75:13:6c:67:79:ce:f3:94:ca:2a:c0:f0:40:bf:ef:
                    63:0a:39:89:61:18:17:b6:68:42:ff:7e:6a:14:ad:
                    69:76:e7:38:5e:03:17:28:b6:c1:da:c5:03:00:7e:
                    f2:14:3b:61:09:ca:9a:c0:bb:9d:ab:d1:31:55:c6:
                    81:43:b3:56:5f:20:b3:69:67:b9:17:5f:ca:9d:68:
                    4a:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:B3:B1:D1:8B:D9:2E:40:51:F1:2B:55:95:D5:07:99:A3:14:B7:9C
            X509v3 Authority Key Identifier:
                keyid:50:32:F2:97:78:9A:19:4A:8B:50:78:05:F3:5D:42:EE:78:C0:D4:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UDLyl3iaGUqLUHgF811C7njA1MM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/e8fc9a-3b92-4798-8cfd-c6bdb1830694/1/0bOx0YvZLkBR8StVldUHmaMUt5w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/e8fc9a-3b92-4798-8cfd-c6bdb1830694/1/UDLyl3iaGUqLUHgF811C7njA1MM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.95.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:aa:a4:c6:16:e1:7e:78:9a:ff:f6:35:37:09:98:69:47:da:
         a2:4a:b2:1d:ff:89:bd:0e:a9:ce:34:52:9e:13:42:a4:e7:37:
         77:26:ca:9b:d6:b1:bc:dc:9f:7b:76:8f:26:9a:6b:4a:f2:2a:
         84:ff:74:ed:26:9c:4e:da:0d:16:5a:20:a0:d1:15:2a:cf:aa:
         63:4f:03:4b:0e:4f:62:43:93:85:41:8f:07:f2:a7:4a:2e:6d:
         c7:2d:5f:d8:88:ec:92:1d:b8:e9:34:24:3f:14:0a:89:cc:e4:
         b0:61:66:95:dd:fe:30:5e:aa:a9:6c:9a:ad:ec:0b:c8:93:ec:
         0a:09:32:d9:60:59:ce:40:77:37:3f:f8:e4:83:a5:e7:fe:7f:
         63:4b:f1:d6:6f:ed:e3:24:22:2d:ec:db:ba:43:08:f5:c6:c9:
         80:51:c6:21:ee:69:f9:9b:6e:2e:26:53:10:e2:b6:7b:0a:da:
         53:a7:2a:f6:29:15:39:f6:e9:47:14:a5:31:dd:ec:06:ff:e1:
         a4:f2:45:98:11:d1:a6:07:ce:48:36:b8:c3:ab:94:fd:e2:f3:
         09:81:28:91:3a:eb:4e:59:c5:c9:ca:61:4b:af:fd:03:0e:f8:
         e5:27:05:d1:97:2d:59:b3:06:65:03:ab:9c:3e:22:de:41:1b:
         1c:5f:55:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9W19g+nrnInswtJicEWsuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwMzJmMjk3Nzg5YTE5NGE4YjUwNzgwNWYzNWQ0MmVlNzhj
MGQ0YzMwHhcNMjYwMTAyMDYxODE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWIzYjFkMThiZDkyZTQwNTFmMTJiNTU5NWQ1MDc5OWEzMTRiNzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAszMrenzSsxlYYMl/mww7+rzR700d
QeKw1fs5qHGU3Y+8xDLtbh8VJvKbhulTND80bg1IZ+kfRSQlE5J7DD+KfkVJJCmF
tY1EiG4CsbihXYrHe3rVxFUhhlQnp5NuV6M16R7FWHkO7bktOwHtdcFKvQFCRWcc
OnF0KWLxSUmyyVm9d7T7fU6qDdya30fPjakATr/Llxqdpv8xgc3wbru6V7kjHGQx
09XDB9jcuzloQNDkpzt1E2xnec7zlMoqwPBAv+9jCjmJYRgXtmhC/35qFK1pduc4
XgMXKLbB2sUDAH7yFDthCcqawLudq9ExVcaBQ7NWXyCzaWe5F1/KnWhK0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNGzsdGL2S5AUfErVZXVB5mjFLecMB8GA1UdIwQY
MBaAFFAy8pd4mhlKi1B4BfNdQu54wNTDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVURMeWwzaWFHVXFMVUhnRjgxMUM3bmpBMU1NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9lOGZjOWEtM2I5Mi00Nzk4LThjZmQt
YzZiZGIxODMwNjk0LzEvMGJPeDBZdlpMa0JSOFN0VmxkVUhtYU1VdDV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9lOGZjOWEtM2I5Mi00Nzk4LThjZmQtYzZiZGIxODMwNjk0
LzEvVURMeWwzaWFHVXFMVUhnRjgxMUM3bmpBMU1NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1+uMA0G
CSqGSIb3DQEBCwUAA4IBAQAEqqTGFuF+eJr/9jU3CZhpR9qiSrId/4m9DqnONFKe
E0Kk5zd3Jsqb1rG83J97do8mmmtK8iqE/3TtJpxO2g0WWiCg0RUqz6pjTwNLDk9i
Q5OFQY8H8qdKLm3HLV/YiOySHbjpNCQ/FAqJzOSwYWaV3f4wXqqpbJqt7AvIk+wK
CTLZYFnOQHc3P/jkg6Xn/n9jS/HWb+3jJCIt7Nu6Qwj1xsmAUcYh7mn5m24uJlMQ
4rZ7CtpTpyr2KRU59ulHFKUx3ewG/+Gk8kWYEdGmB85INrjDq5T94vMJgSiROutO
WcXJymFLr/0DDvjlJwXRly1ZswZlA6ucPiLeQRscX1Xy
-----END CERTIFICATE-----