This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/1295d0-3911-4a18-a8d2-752d59a042c2/1/KDlCkTZJ_trioChGEq3qqR2sW-g.roa
File:                     KDlCkTZJ_trioChGEq3qqR2sW-g.roa (raw, json)
Hash identifier:          jNNvN3keVzRoRmynZdoMPevs+yPDhsuaoYcA8SI2cJs=
Subject key identifier:   28:39:42:91:36:49:FE:DA:E2:A0:28:46:12:AD:EA:A9:1D:AC:5B:E8
Certificate issuer:       /CN=854c5f298d81acc5573fd59fb05dd86f20abcba8
Certificate serial:       019B7911052BB87B3315C588A8C265FEE7F7
Authority key identifier: 85:4C:5F:29:8D:81:AC:C5:57:3F:D5:9F:B0:5D:D8:6F:20:AB:CB:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hUxfKY2BrMVXP9WfsF3YbyCry6g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/1295d0-3911-4a18-a8d2-752d59a042c2/1/KDlCkTZJ_trioChGEq3qqR2sW-g.roa
Signing time:             Thu 01 Jan 2026 10:18:37 +0000
ROA not before:           Thu 01 Jan 2026 10:18:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39715
IP address blocks:        195.12.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/1295d0-3911-4a18-a8d2-752d59a042c2/1/hUxfKY2BrMVXP9WfsF3YbyCry6g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/1295d0-3911-4a18-a8d2-752d59a042c2/1/hUxfKY2BrMVXP9WfsF3YbyCry6g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hUxfKY2BrMVXP9WfsF3YbyCry6g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:11:05:2b:b8:7b:33:15:c5:88:a8:c2:65:fe:e7:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=854c5f298d81acc5573fd59fb05dd86f20abcba8
        Validity
            Not Before: Jan  1 10:18:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=283942913649fedae2a0284612adeaa91dac5be8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:91:fa:9b:9d:d4:86:6d:71:41:a4:f0:42:74:
                    e2:87:f7:19:28:60:be:b6:85:12:a8:7e:0c:3a:34:
                    7b:cf:59:e3:6d:f8:53:02:59:cf:ec:00:4b:08:9f:
                    b3:dd:65:9c:7e:b9:b4:15:26:dc:e8:7c:3f:c7:a7:
                    59:b3:7c:83:45:6e:0b:3c:19:56:3d:b4:c4:cd:16:
                    0e:d9:31:7a:2c:cb:8d:9d:9c:f8:c2:fe:c1:fa:22:
                    8b:d1:0f:34:90:36:91:29:2e:61:e9:34:8c:39:fc:
                    1e:60:8f:3d:96:f1:c8:43:ca:7c:64:b1:f6:74:e9:
                    2c:9a:8b:d4:40:70:b6:5d:66:99:e9:be:95:d8:f9:
                    bd:24:b1:f4:c2:1d:61:0d:2f:af:ef:bd:9e:ab:72:
                    ea:7a:50:3e:b0:fa:4e:6b:3e:6d:3c:65:ad:98:60:
                    23:b0:d6:e1:16:50:22:ef:8c:b6:72:10:85:58:fb:
                    bb:44:fe:ad:f6:d7:8b:8a:92:8e:6b:9a:ab:e3:49:
                    38:ee:44:bb:e6:70:4a:e4:be:95:e1:25:e8:f6:38:
                    22:ca:87:67:7e:c2:88:41:77:2f:9c:89:da:9b:e6:
                    64:c9:4f:38:d8:10:85:d2:0c:69:7f:63:5a:80:e0:
                    c8:3d:c1:aa:93:27:ca:8b:3c:0c:bd:35:7f:6d:4f:
                    4a:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:39:42:91:36:49:FE:DA:E2:A0:28:46:12:AD:EA:A9:1D:AC:5B:E8
            X509v3 Authority Key Identifier:
                keyid:85:4C:5F:29:8D:81:AC:C5:57:3F:D5:9F:B0:5D:D8:6F:20:AB:CB:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hUxfKY2BrMVXP9WfsF3YbyCry6g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/1295d0-3911-4a18-a8d2-752d59a042c2/1/KDlCkTZJ_trioChGEq3qqR2sW-g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/1295d0-3911-4a18-a8d2-752d59a042c2/1/hUxfKY2BrMVXP9WfsF3YbyCry6g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.12.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:ee:a7:0a:3f:5a:75:88:d0:58:04:e0:29:50:dc:1f:f0:46:
         46:07:c7:3f:16:a4:08:a8:87:e7:26:52:4b:96:62:cd:bc:48:
         9d:9e:a1:fe:3c:a7:57:42:ea:81:69:1c:60:7a:fd:01:61:83:
         16:ab:18:88:6b:ed:89:3f:d6:57:7e:b7:1e:98:66:86:9a:ed:
         cd:a6:13:a1:8b:21:75:91:d4:72:47:5a:4f:aa:90:f2:52:7d:
         2a:91:10:75:e8:5c:5b:0c:72:48:6e:2e:e3:4e:0f:5a:a3:8c:
         f6:bb:c1:a1:68:47:72:fb:ea:d5:f0:e5:f1:7a:c5:71:af:33:
         8f:73:a4:a9:8f:6b:cf:78:e5:24:34:9d:a4:82:db:fd:b5:bb:
         b5:13:83:2a:ff:6a:61:ce:49:1f:87:a9:2e:d8:d8:31:9f:57:
         b0:db:e5:98:a4:29:ef:f7:e1:c4:a5:23:eb:97:60:35:7c:48:
         3b:28:19:c2:14:63:6e:e5:4a:61:bb:44:8b:85:9a:e5:78:42:
         3e:d2:b7:cc:16:9a:8a:b9:ed:ac:2d:4a:78:7b:7b:3e:61:5f:
         b2:ba:88:6a:b5:a4:d9:c1:58:1a:bf:cf:19:76:8a:65:4d:8d:
         61:e1:e0:a8:07:0c:2c:46:20:c8:1c:0c:62:5c:a1:02:66:29:
         ff:f6:02:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EQUruHszFcWIqMJl/uf3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1NGM1ZjI5OGQ4MWFjYzU1NzNmZDU5ZmIwNWRkODZmMjBh
YmNiYTgwHhcNMjYwMTAxMTAxODM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODM5NDI5MTM2NDlmZWRhZTJhMDI4NDYxMmFkZWFhOTFkYWM1YmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuZH6m53Uhm1xQaTwQnTih/cZKGC+
toUSqH4MOjR7z1njbfhTAlnP7ABLCJ+z3WWcfrm0FSbc6Hw/x6dZs3yDRW4LPBlW
PbTEzRYO2TF6LMuNnZz4wv7B+iKL0Q80kDaRKS5h6TSMOfweYI89lvHIQ8p8ZLH2
dOksmovUQHC2XWaZ6b6V2Pm9JLH0wh1hDS+v772eq3LqelA+sPpOaz5tPGWtmGAj
sNbhFlAi74y2chCFWPu7RP6t9teLipKOa5qr40k47kS75nBK5L6V4SXo9jgiyodn
fsKIQXcvnInam+ZkyU842BCF0gxpf2NagODIPcGqkyfKizwMvTV/bU9KOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCg5QpE2Sf7a4qAoRhKt6qkdrFvoMB8GA1UdIwQY
MBaAFIVMXymNgazFVz/Vn7Bd2G8gq8uoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFV4ZktZMkJyTVZYUDlXZnNGM1lieUNyeTZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy8xMjk1ZDAtMzkxMS00YTE4LWE4ZDIt
NzUyZDU5YTA0MmMyLzEvS0RsQ2tUWkpfdHJpb0NoR0VxM3FxUjJzVy1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy8xMjk1ZDAtMzkxMS00YTE4LWE4ZDItNzUyZDU5YTA0MmMy
LzEvaFV4ZktZMkJyTVZYUDlXZnNGM1lieUNyeTZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwwkMA0G
CSqGSIb3DQEBCwUAA4IBAQCn7qcKP1p1iNBYBOApUNwf8EZGB8c/FqQIqIfnJlJL
lmLNvEidnqH+PKdXQuqBaRxgev0BYYMWqxiIa+2JP9ZXfrcemGaGmu3NphOhiyF1
kdRyR1pPqpDyUn0qkRB16FxbDHJIbi7jTg9ao4z2u8GhaEdy++rV8OXxesVxrzOP
c6Spj2vPeOUkNJ2kgtv9tbu1E4Mq/2phzkkfh6ku2Ngxn1ew2+WYpCnv9+HEpSPr
l2A1fEg7KBnCFGNu5Uphu0SLhZrleEI+0rfMFpqKue2sLUp4e3s+YV+yuohqtaTZ
wVgav88ZdoplTY1h4eCoBwwsRiDIHAxiXKECZin/9gK7
-----END CERTIFICATE-----