This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/a33b29-bef3-461d-8878-2155126b1643/1/a_g1TDCKs0djGqyHBT2iLxMGygA.roa
File:                     a_g1TDCKs0djGqyHBT2iLxMGygA.roa (raw, json)
Hash identifier:          3E0lz2si/4Jtpa0xKFZpZcmoUUdUfMhPP/gPs109DNA=
Subject key identifier:   6B:F8:35:4C:30:8A:B3:47:63:1A:AC:87:05:3D:A2:2F:13:06:CA:00
Certificate issuer:       /CN=9cfc62ecdc91d11979cc1d21a47c6ec378dfa436
Certificate serial:       019B78A2AAE91BBB82D3B639068421546DF7
Authority key identifier: 9C:FC:62:EC:DC:91:D1:19:79:CC:1D:21:A4:7C:6E:C3:78:DF:A4:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nPxi7NyR0Rl5zB0hpHxuw3jfpDY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/a33b29-bef3-461d-8878-2155126b1643/1/a_g1TDCKs0djGqyHBT2iLxMGygA.roa
Signing time:             Thu 01 Jan 2026 08:18:05 +0000
ROA not before:           Thu 01 Jan 2026 08:18:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41582
IP address blocks:        195.138.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/a33b29-bef3-461d-8878-2155126b1643/1/nPxi7NyR0Rl5zB0hpHxuw3jfpDY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/a33b29-bef3-461d-8878-2155126b1643/1/nPxi7NyR0Rl5zB0hpHxuw3jfpDY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nPxi7NyR0Rl5zB0hpHxuw3jfpDY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:aa:e9:1b:bb:82:d3:b6:39:06:84:21:54:6d:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9cfc62ecdc91d11979cc1d21a47c6ec378dfa436
        Validity
            Not Before: Jan  1 08:18:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6bf8354c308ab347631aac87053da22f1306ca00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:4f:64:4b:ec:64:9d:ba:c5:a2:48:96:35:a4:
                    fa:57:7f:b7:ca:b2:a8:81:30:0a:58:7a:80:33:80:
                    2a:8b:0f:96:e6:2a:33:e4:e0:bf:44:ff:72:db:2b:
                    27:16:a6:fb:35:15:86:50:d4:49:9b:ae:ee:ee:5a:
                    16:88:d1:1a:8c:7e:7f:6a:40:d4:ef:cd:17:7f:0c:
                    82:c9:b9:51:a5:49:e2:75:20:62:87:3d:a0:70:63:
                    80:95:d0:cb:3c:b5:ce:6c:18:c2:48:b2:cb:34:b5:
                    ee:ee:74:cf:b6:df:a6:3c:8b:83:7e:3e:c9:96:22:
                    ae:8d:fe:2f:bd:ee:3f:f8:54:97:e2:0e:89:c7:18:
                    cc:83:85:91:f8:1d:84:9b:cb:0e:13:98:66:5d:2d:
                    6c:8a:c9:83:f3:ae:ad:e6:69:a9:ca:16:ca:27:af:
                    d6:3b:61:e0:2e:37:6a:73:59:a2:d9:40:cd:b3:4e:
                    15:b2:e3:0b:33:7f:fc:1d:05:d8:3b:9a:37:8a:fa:
                    cb:51:2f:fc:8c:c6:9e:a5:ce:19:99:95:06:a1:70:
                    24:ea:1c:db:23:7c:bc:a9:7c:f7:68:7b:ff:05:c2:
                    5a:a7:26:75:db:14:fb:59:5f:78:d5:71:ad:ca:bb:
                    42:06:a2:ac:3e:17:4a:0e:5c:c9:d4:95:35:92:e7:
                    ef:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:F8:35:4C:30:8A:B3:47:63:1A:AC:87:05:3D:A2:2F:13:06:CA:00
            X509v3 Authority Key Identifier:
                keyid:9C:FC:62:EC:DC:91:D1:19:79:CC:1D:21:A4:7C:6E:C3:78:DF:A4:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nPxi7NyR0Rl5zB0hpHxuw3jfpDY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/a33b29-bef3-461d-8878-2155126b1643/1/a_g1TDCKs0djGqyHBT2iLxMGygA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/a33b29-bef3-461d-8878-2155126b1643/1/nPxi7NyR0Rl5zB0hpHxuw3jfpDY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.138.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:7a:51:c5:8e:e9:c0:b8:76:9a:f1:da:c9:95:04:9e:5b:af:
         40:32:20:19:8b:c3:a0:2a:ac:79:9d:08:a5:bb:69:bc:57:7b:
         31:41:19:ba:0e:29:e9:80:4d:ed:df:79:87:f1:da:c7:d1:04:
         32:3a:99:1e:28:01:48:5e:53:32:81:dc:a8:9c:94:ff:7a:38:
         27:a0:b7:fd:35:67:19:b8:e4:8c:a6:8b:67:cb:e2:6e:d6:8e:
         e9:35:dc:38:70:7b:c7:2a:93:54:9f:ec:68:0b:63:b5:df:bc:
         fb:3a:06:0b:0a:a2:62:50:e3:c7:b4:83:85:ff:df:8e:b2:d2:
         3c:8b:fd:97:c2:11:e3:e2:86:d1:da:c7:dd:7f:26:27:45:fc:
         a1:dc:3c:7b:89:47:69:9e:33:ff:69:23:30:d7:71:cd:7d:45:
         6c:53:db:97:10:df:44:b6:bd:2b:2c:db:b5:d6:a8:01:40:2d:
         64:17:55:4d:48:85:93:3e:e4:0f:85:d2:f4:f5:c0:1c:d1:c4:
         c4:a7:0f:e1:e6:5a:1e:7c:1c:bf:79:d7:26:87:4d:84:26:11:
         57:ee:a7:2f:9b:f1:99:58:88:23:d2:5f:89:37:d5:5d:9f:3a:
         bd:df:39:60:1e:c0:51:42:1d:ed:56:77:7b:c0:08:3a:23:34:
         5b:ed:3d:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4oqrpG7uC07Y5BoQhVG33MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljZmM2MmVjZGM5MWQxMTk3OWNjMWQyMWE0N2M2ZWMzNzhk
ZmE0MzYwHhcNMjYwMTAxMDgxODA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmY4MzU0YzMwOGFiMzQ3NjMxYWFjODcwNTNkYTIyZjEzMDZjYTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxU9kS+xknbrFokiWNaT6V3+3yrKo
gTAKWHqAM4Aqiw+W5ioz5OC/RP9y2ysnFqb7NRWGUNRJm67u7loWiNEajH5/akDU
780XfwyCyblRpUnidSBihz2gcGOAldDLPLXObBjCSLLLNLXu7nTPtt+mPIuDfj7J
liKujf4vve4/+FSX4g6JxxjMg4WR+B2Em8sOE5hmXS1sismD866t5mmpyhbKJ6/W
O2HgLjdqc1mi2UDNs04VsuMLM3/8HQXYO5o3ivrLUS/8jMaepc4ZmZUGoXAk6hzb
I3y8qXz3aHv/BcJapyZ12xT7WV941XGtyrtCBqKsPhdKDlzJ1JU1kufvPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGv4NUwwirNHYxqshwU9oi8TBsoAMB8GA1UdIwQY
MBaAFJz8YuzckdEZecwdIaR8bsN436Q2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblB4aTdOeVIwUmw1ekIwaHBIeHV3M2pmcERZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9hMzNiMjktYmVmMy00NjFkLTg4Nzgt
MjE1NTEyNmIxNjQzLzEvYV9nMVREQ0tzMGRqR3F5SEJUMmlMeE1HeWdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9hMzNiMjktYmVmMy00NjFkLTg4NzgtMjE1NTEyNmIxNjQz
LzEvblB4aTdOeVIwUmw1ekIwaHBIeHV3M2pmcERZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4rJMA0G
CSqGSIb3DQEBCwUAA4IBAQBtelHFjunAuHaa8drJlQSeW69AMiAZi8OgKqx5nQil
u2m8V3sxQRm6DinpgE3t33mH8drH0QQyOpkeKAFIXlMygdyonJT/ejgnoLf9NWcZ
uOSMpotny+Ju1o7pNdw4cHvHKpNUn+xoC2O137z7OgYLCqJiUOPHtIOF/9+OstI8
i/2XwhHj4obR2sfdfyYnRfyh3Dx7iUdpnjP/aSMw13HNfUVsU9uXEN9Etr0rLNu1
1qgBQC1kF1VNSIWTPuQPhdL09cAc0cTEpw/h5loefBy/edcmh02EJhFX7qcvm/GZ
WIgj0l+JN9Vdnzq93zlgHsBRQh3tVnd7wAg6IzRb7T1h
-----END CERTIFICATE-----