This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/ArhgU7rp7FQT9A4LoyMGhcr3cLs.roa
File:                     ArhgU7rp7FQT9A4LoyMGhcr3cLs.roa (raw, json)
Hash identifier:          oHGGq9BCjwsGbigK1i0tvnkd8z9zUxF68PL08Pmocf8=
Subject key identifier:   02:B8:60:53:BA:E9:EC:54:13:F4:0E:0B:A3:23:06:85:CA:F7:70:BB
Certificate issuer:       /CN=2e82963ff1aa70ab10d1d33e86b1d6d494d6ce51
Certificate serial:       019B77C67FE340B034253F1454BF32B2A0AF
Authority key identifier: 2E:82:96:3F:F1:AA:70:AB:10:D1:D3:3E:86:B1:D6:D4:94:D6:CE:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/ArhgU7rp7FQT9A4LoyMGhcr3cLs.roa
Signing time:             Thu 01 Jan 2026 04:17:36 +0000
ROA not before:           Thu 01 Jan 2026 04:17:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212384
IP address blocks:        195.95.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 07:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:7f:e3:40:b0:34:25:3f:14:54:bf:32:b2:a0:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e82963ff1aa70ab10d1d33e86b1d6d494d6ce51
        Validity
            Not Before: Jan  1 04:17:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=02b86053bae9ec5413f40e0ba3230685caf770bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:0c:ad:7b:ae:a2:40:99:3a:01:6e:5a:27:db:
                    5e:02:33:36:22:98:2f:aa:eb:da:dd:2d:33:29:4e:
                    ad:82:0e:4e:7e:a9:52:74:79:88:91:93:7e:fe:86:
                    61:8c:42:d7:6e:da:40:34:c3:26:c0:78:99:32:07:
                    5d:e1:e9:7e:92:a1:6b:38:1a:7f:1f:41:45:8b:61:
                    65:65:db:ff:d5:54:3a:cf:e0:0b:6f:b1:ad:08:05:
                    cf:8c:66:ce:bd:ae:99:f8:2a:b6:56:83:c3:54:e4:
                    2e:68:a1:3e:6e:d9:65:5d:99:d0:ea:29:e4:9f:b5:
                    2b:79:50:84:5b:be:ac:f7:47:26:c3:3d:f1:34:a5:
                    f1:17:57:9c:a5:47:5b:b7:00:3e:5c:cd:48:6f:94:
                    6d:31:1a:8c:7f:17:28:a0:b8:f6:c5:d3:11:95:95:
                    72:81:f5:7d:70:75:0d:4a:77:34:10:4d:29:72:d9:
                    bb:9f:a1:77:4b:08:9e:4d:0b:e9:7b:64:c3:83:04:
                    c5:5a:cf:0a:38:03:f5:59:0a:41:f3:5c:39:c9:78:
                    a7:55:df:97:c5:7c:be:0d:1b:8e:a3:6f:be:6a:90:
                    17:e7:f5:b8:cf:fa:b9:3b:f0:e5:f3:df:e6:c1:6f:
                    78:27:ee:48:8e:99:e8:c4:32:07:36:2b:bf:89:d9:
                    dc:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:B8:60:53:BA:E9:EC:54:13:F4:0E:0B:A3:23:06:85:CA:F7:70:BB
            X509v3 Authority Key Identifier:
                keyid:2E:82:96:3F:F1:AA:70:AB:10:D1:D3:3E:86:B1:D6:D4:94:D6:CE:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/ArhgU7rp7FQT9A4LoyMGhcr3cLs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.95.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:8f:d5:ff:d9:79:75:84:21:86:9d:84:4a:b5:f8:3c:93:8b:
         13:3a:a7:30:a2:41:14:4c:cc:78:1c:04:5a:50:5d:3e:11:48:
         4c:e0:4f:4b:b1:da:dc:c3:f2:d7:a7:19:21:4a:79:7d:f5:00:
         c1:23:a4:cc:a9:59:9f:13:66:d8:e9:1a:84:04:4d:de:c7:5a:
         52:1e:a5:e0:b5:e8:5e:ec:22:e4:d8:9c:d1:24:54:dd:f8:e1:
         e0:e6:22:77:cb:8d:3e:95:03:67:5e:25:98:e9:e1:85:97:c0:
         5a:fb:66:e3:97:63:a1:c1:ed:7e:2f:36:6f:22:56:9b:41:52:
         fb:cc:d2:e2:a1:49:8c:fb:ec:5d:0c:aa:65:61:06:35:09:bd:
         8b:22:f5:6b:65:bd:f5:79:16:ac:e9:cc:49:29:7c:4f:ac:4c:
         78:46:64:a7:19:7e:74:8d:66:ac:a9:36:ad:a7:3f:ac:3e:cd:
         94:9b:9f:f8:41:85:3d:85:1e:96:34:71:40:c6:66:93:8f:21:
         79:d7:b2:e8:c1:00:d2:e8:88:bf:d9:03:bd:ac:0e:01:45:39:
         e3:af:14:0b:bf:a7:47:87:af:66:64:7b:e7:2c:5e:93:e0:f9:
         55:19:d5:09:b8:89:4b:ee:ba:f8:5b:d8:9c:3c:12:d5:f9:f3:
         6e:ea:ec:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xn/jQLA0JT8UVL8ysqCvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlODI5NjNmZjFhYTcwYWIxMGQxZDMzZTg2YjFkNmQ0OTRk
NmNlNTEwHhcNMjYwMTAxMDQxNzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmI4NjA1M2JhZTllYzU0MTNmNDBlMGJhMzIzMDY4NWNhZjc3MGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAogyte66iQJk6AW5aJ9teAjM2Ipgv
quva3S0zKU6tgg5OfqlSdHmIkZN+/oZhjELXbtpANMMmwHiZMgdd4el+kqFrOBp/
H0FFi2FlZdv/1VQ6z+ALb7GtCAXPjGbOva6Z+Cq2VoPDVOQuaKE+btllXZnQ6ink
n7UreVCEW76s90cmwz3xNKXxF1ecpUdbtwA+XM1Ib5RtMRqMfxcooLj2xdMRlZVy
gfV9cHUNSnc0EE0pctm7n6F3SwieTQvpe2TDgwTFWs8KOAP1WQpB81w5yXinVd+X
xXy+DRuOo2++apAX5/W4z/q5O/Dl89/mwW94J+5IjpnoxDIHNiu/idncfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAK4YFO66exUE/QOC6MjBoXK93C7MB8GA1UdIwQY
MBaAFC6Clj/xqnCrENHTPoax1tSU1s5RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG9LV1BfR3FjS3NRMGRNLWhySFcxSlRXemxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi85NTdjNjgtNmYyNy00MGVkLWFiZWQt
ZGY2NGYwZTgyMzYwLzEvQXJoZ1U3cnA3RlFUOUE0TG95TUdoY3IzY0xzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi85NTdjNjgtNmYyNy00MGVkLWFiZWQtZGY2NGYwZTgyMzYw
LzEvTG9LV1BfR3FjS3NRMGRNLWhySFcxSlRXemxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1/NMA0G
CSqGSIb3DQEBCwUAA4IBAQAfj9X/2Xl1hCGGnYRKtfg8k4sTOqcwokEUTMx4HARa
UF0+EUhM4E9Lsdrcw/LXpxkhSnl99QDBI6TMqVmfE2bY6RqEBE3ex1pSHqXgtehe
7CLk2JzRJFTd+OHg5iJ3y40+lQNnXiWY6eGFl8Ba+2bjl2Ohwe1+LzZvIlabQVL7
zNLioUmM++xdDKplYQY1Cb2LIvVrZb31eRas6cxJKXxPrEx4RmSnGX50jWasqTat
pz+sPs2Um5/4QYU9hR6WNHFAxmaTjyF517LowQDS6Ii/2QO9rA4BRTnjrxQLv6dH
h69mZHvnLF6T4PlVGdUJuIlL7rr4W9icPBLV+fNu6uyf
-----END CERTIFICATE-----