This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/O5b_7tKwlPMatzVkYYKBgBMnfM8.roa
File:                     O5b_7tKwlPMatzVkYYKBgBMnfM8.roa (raw, json)
Hash identifier:          260wtgrIyMYyB5Lq3vWLFsUlojYNN6+upJ5BFAmQs2c=
Subject key identifier:   3B:96:FF:EE:D2:B0:94:F3:1A:B7:35:64:61:82:81:80:13:27:7C:CF
Certificate issuer:       /CN=2e82963ff1aa70ab10d1d33e86b1d6d494d6ce51
Certificate serial:       019B77C67E2B857BF4C2BD27FF329CE64F05
Authority key identifier: 2E:82:96:3F:F1:AA:70:AB:10:D1:D3:3E:86:B1:D6:D4:94:D6:CE:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/O5b_7tKwlPMatzVkYYKBgBMnfM8.roa
Signing time:             Thu 01 Jan 2026 04:17:35 +0000
ROA not before:           Thu 01 Jan 2026 04:17:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42689
IP address blocks:        195.95.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 15:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:7e:2b:85:7b:f4:c2:bd:27:ff:32:9c:e6:4f:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e82963ff1aa70ab10d1d33e86b1d6d494d6ce51
        Validity
            Not Before: Jan  1 04:17:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3b96ffeed2b094f31ab735646182818013277ccf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:4d:26:ec:07:9d:78:4a:05:bf:55:06:a9:59:
                    08:05:15:47:10:0d:5e:61:80:ce:7f:fe:1f:3f:b7:
                    cf:bc:9c:39:41:7d:a4:7f:ba:6d:a1:b4:50:06:c3:
                    a4:99:28:41:56:6f:7b:1e:69:cd:a4:1e:20:29:10:
                    99:15:24:41:db:44:96:19:4a:e4:e8:e9:d2:ff:f1:
                    7c:59:25:22:69:b4:e6:db:35:c9:5f:ef:9c:77:92:
                    2b:61:da:2e:28:00:ac:5d:ba:9b:73:7e:9d:65:23:
                    e5:ab:0a:08:14:0b:c7:3e:38:a4:8c:58:dd:b0:a8:
                    1f:fe:30:d1:96:12:96:34:2f:d5:4e:6f:ab:92:06:
                    11:f7:af:30:0b:4a:0f:11:0d:80:02:cd:52:fd:de:
                    29:58:db:ca:cd:c2:d3:7b:71:ff:f3:b4:67:71:b1:
                    38:cb:7b:ab:8a:24:72:ba:a5:93:49:5e:4c:14:4a:
                    a9:b1:d1:27:b4:6b:7b:55:7d:d1:87:28:e3:c5:f6:
                    ca:d2:90:a9:f9:ad:8f:24:da:b7:70:5a:97:cf:4e:
                    43:e9:eb:97:ce:44:8b:54:50:2c:1e:2c:18:c6:14:
                    24:d7:b5:48:be:b3:96:08:43:2d:10:0d:7e:90:5e:
                    dc:e2:d2:11:fb:ff:5b:0a:7c:33:5d:fa:9c:a1:97:
                    ed:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:96:FF:EE:D2:B0:94:F3:1A:B7:35:64:61:82:81:80:13:27:7C:CF
            X509v3 Authority Key Identifier:
                keyid:2E:82:96:3F:F1:AA:70:AB:10:D1:D3:3E:86:B1:D6:D4:94:D6:CE:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/O5b_7tKwlPMatzVkYYKBgBMnfM8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.95.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:ad:34:d2:b0:d9:dc:12:bb:51:77:63:95:ec:d8:c9:54:a1:
         1d:10:44:d1:42:e2:cd:85:b7:b2:56:db:06:4e:83:d3:b7:11:
         9f:6e:14:54:9e:6f:1e:b5:a3:af:56:b1:40:a4:c3:1c:0c:32:
         25:f1:89:3a:a9:f6:17:09:ce:fa:a3:93:d9:9a:9f:0a:78:a2:
         1e:a4:43:ff:44:b6:08:2d:23:dd:22:80:b7:45:c8:33:d0:74:
         17:78:de:c1:f8:10:02:d5:29:eb:d3:f1:12:da:61:b4:c5:63:
         24:df:79:84:3c:23:5a:ba:8a:d2:fb:7b:0e:1c:56:e5:b0:89:
         41:f3:52:13:73:c5:59:18:24:6f:d6:2f:4d:9e:c0:2b:c7:83:
         97:e4:18:ab:53:04:61:a8:c0:c4:e1:72:d9:f9:64:c9:ea:6d:
         ce:b1:ac:28:57:d1:d9:f3:6e:84:9c:cd:4c:ab:de:b0:ff:b5:
         c3:86:3c:de:19:d3:91:98:7b:f7:4c:2e:2b:3b:77:02:4b:5f:
         52:18:ce:2a:30:82:26:1a:aa:99:9f:d1:a3:cc:d5:c7:78:e1:
         b5:a8:f6:3a:ee:d7:87:48:90:bc:95:ce:14:40:c2:88:12:6e:
         c7:04:d2:29:cf:7d:f5:eb:12:6f:68:3d:b1:e4:56:27:87:04:
         d1:60:f2:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xn4rhXv0wr0n/zKc5k8FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlODI5NjNmZjFhYTcwYWIxMGQxZDMzZTg2YjFkNmQ0OTRk
NmNlNTEwHhcNMjYwMTAxMDQxNzM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjk2ZmZlZWQyYjA5NGYzMWFiNzM1NjQ2MTgyODE4MDEzMjc3Y2NmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuk0m7AedeEoFv1UGqVkIBRVHEA1e
YYDOf/4fP7fPvJw5QX2kf7ptobRQBsOkmShBVm97HmnNpB4gKRCZFSRB20SWGUrk
6OnS//F8WSUiabTm2zXJX++cd5IrYdouKACsXbqbc36dZSPlqwoIFAvHPjikjFjd
sKgf/jDRlhKWNC/VTm+rkgYR968wC0oPEQ2AAs1S/d4pWNvKzcLTe3H/87RncbE4
y3uriiRyuqWTSV5MFEqpsdEntGt7VX3RhyjjxfbK0pCp+a2PJNq3cFqXz05D6euX
zkSLVFAsHiwYxhQk17VIvrOWCEMtEA1+kF7c4tIR+/9bCnwzXfqcoZft0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDuW/+7SsJTzGrc1ZGGCgYATJ3zPMB8GA1UdIwQY
MBaAFC6Clj/xqnCrENHTPoax1tSU1s5RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG9LV1BfR3FjS3NRMGRNLWhySFcxSlRXemxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi85NTdjNjgtNmYyNy00MGVkLWFiZWQt
ZGY2NGYwZTgyMzYwLzEvTzViXzd0S3dsUE1hdHpWa1lZS0JnQk1uZk04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi85NTdjNjgtNmYyNy00MGVkLWFiZWQtZGY2NGYwZTgyMzYw
LzEvTG9LV1BfR3FjS3NRMGRNLWhySFcxSlRXemxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1/IMA0G
CSqGSIb3DQEBCwUAA4IBAQCKrTTSsNncErtRd2OV7NjJVKEdEETRQuLNhbeyVtsG
ToPTtxGfbhRUnm8etaOvVrFApMMcDDIl8Yk6qfYXCc76o5PZmp8KeKIepEP/RLYI
LSPdIoC3Rcgz0HQXeN7B+BAC1Snr0/ES2mG0xWMk33mEPCNauorS+3sOHFblsIlB
81ITc8VZGCRv1i9NnsArx4OX5BirUwRhqMDE4XLZ+WTJ6m3OsawoV9HZ826EnM1M
q96w/7XDhjzeGdORmHv3TC4rO3cCS19SGM4qMIImGqqZn9GjzNXHeOG1qPY67teH
SJC8lc4UQMKIEm7HBNIpz3316xJvaD2x5FYnhwTRYPIM
-----END CERTIFICATE-----