This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/pXmxylidYiS8qdJ3VaZ9yLskNbE.roa
File:                     pXmxylidYiS8qdJ3VaZ9yLskNbE.roa (raw, json)
Hash identifier:          TusGBQalo9CLc6zboQZGITSpw51x7npY2VYZcmB0+eY=
Subject key identifier:   A5:79:B1:CA:58:9D:62:24:BC:A9:D2:77:55:A6:7D:C8:BB:24:35:B1
Certificate issuer:       /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial:       019B7AC9077C5DF2971418A409B3F4ACE30B
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/pXmxylidYiS8qdJ3VaZ9yLskNbE.roa
Signing time:             Thu 01 Jan 2026 18:19:13 +0000
ROA not before:           Thu 01 Jan 2026 18:19:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211529
IP address blocks:        194.5.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 06:01:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c9:07:7c:5d:f2:97:14:18:a4:09:b3:f4:ac:e3:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
        Validity
            Not Before: Jan  1 18:19:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a579b1ca589d6224bca9d27755a67dc8bb2435b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:fe:35:81:54:cb:2d:d7:b9:b6:28:fe:eb:96:
                    1c:54:b6:73:53:a3:1d:d1:ea:75:61:cd:a3:d6:c1:
                    9e:53:c6:68:c7:20:18:f9:2f:a1:65:82:46:9f:ac:
                    75:26:2c:cb:71:00:7b:3f:09:e2:8b:e6:03:af:5d:
                    be:f0:df:f2:83:7d:da:82:25:1b:84:df:d4:ae:9e:
                    7c:e7:24:34:32:2b:ee:9f:11:26:73:14:82:32:f1:
                    4f:8c:b8:0e:53:16:52:64:35:ab:1c:24:3f:b9:db:
                    95:f3:f1:22:85:e0:87:b7:1a:d2:3c:35:29:31:76:
                    00:d6:99:97:92:6b:7d:1e:66:1b:3c:9b:d2:2b:2c:
                    3e:83:f8:7e:fb:91:a4:fc:97:59:9c:d6:b2:82:32:
                    28:51:85:de:c8:0f:3e:4e:2b:81:a0:16:24:6b:fd:
                    9c:80:a2:a2:35:1f:54:2c:18:2d:e7:83:0d:a3:8c:
                    0a:3b:0b:e1:a7:5e:d6:f3:6a:a8:5e:ba:2f:73:a8:
                    41:42:ed:e4:55:6d:2c:7e:52:84:65:13:f0:96:7d:
                    60:93:62:f3:ed:ed:2c:4b:b0:81:99:e2:a1:f0:1a:
                    ea:ce:ee:56:3e:7d:2d:80:a1:e8:60:a8:78:b5:50:
                    75:bf:77:ea:c4:ae:c6:94:69:4c:ba:dd:b8:7d:a3:
                    e5:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:79:B1:CA:58:9D:62:24:BC:A9:D2:77:55:A6:7D:C8:BB:24:35:B1
            X509v3 Authority Key Identifier:
                keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/pXmxylidYiS8qdJ3VaZ9yLskNbE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.5.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:69:b8:7c:f0:9a:91:b8:16:2d:f7:34:21:54:d1:83:ef:6c:
         ba:c5:f9:f8:10:c1:61:43:25:af:b4:31:05:bb:c3:25:93:40:
         f2:2f:ac:b8:63:4a:17:22:91:3b:f2:5e:4f:bb:b3:80:2d:d7:
         d4:7e:16:48:0e:77:1d:20:13:1a:49:7a:9d:b4:98:ca:62:ac:
         b7:93:35:66:db:f4:12:b8:1a:02:71:2e:19:6c:ae:92:6e:dd:
         c4:f0:38:4d:dc:4e:55:f4:5a:e9:99:c7:29:0f:92:4e:2e:3d:
         50:47:d8:1f:85:f3:d6:0e:46:98:53:39:d7:97:c7:41:3a:4d:
         aa:6c:5f:05:20:c8:2e:9e:d3:33:b5:64:d2:66:3c:97:bf:f2:
         43:fb:17:48:dc:2f:76:72:40:ac:91:e4:08:5a:03:27:10:b0:
         79:79:3b:65:e4:38:6f:12:29:72:39:db:2c:51:79:0e:91:25:
         49:83:c0:19:a7:11:ba:2e:87:55:dd:93:47:89:61:ad:dd:86:
         3b:a7:9b:a6:01:d1:84:d0:34:31:7b:d4:ab:af:1c:c6:39:b9:
         b6:31:1e:1f:5f:cf:57:ee:1d:4b:6f:cc:5c:e4:45:ae:99:c3:
         98:d4:db:7c:08:ca:0f:ad:78:63:ad:8d:1f:06:fb:94:f8:e7:
         c9:4b:15:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yQd8XfKXFBikCbP0rOMLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjYwMTAxMTgxOTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTc5YjFjYTU4OWQ2MjI0YmNhOWQyNzc1NWE2N2RjOGJiMjQzNWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmv41gVTLLde5tij+65YcVLZzU6Md
0ep1Yc2j1sGeU8ZoxyAY+S+hZYJGn6x1JizLcQB7Pwnii+YDr12+8N/yg33agiUb
hN/Urp585yQ0MivunxEmcxSCMvFPjLgOUxZSZDWrHCQ/uduV8/EiheCHtxrSPDUp
MXYA1pmXkmt9HmYbPJvSKyw+g/h++5Gk/JdZnNaygjIoUYXeyA8+TiuBoBYka/2c
gKKiNR9ULBgt54MNo4wKOwvhp17W82qoXrovc6hBQu3kVW0sflKEZRPwln1gk2Lz
7e0sS7CBmeKh8Brqzu5WPn0tgKHoYKh4tVB1v3fqxK7GlGlMut24faPl5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKV5scpYnWIkvKnSd1Wmfci7JDWxMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvcFhteHlsaWRZaVM4cWRKM1ZhWjl5THNrTmJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgVfMA0G
CSqGSIb3DQEBCwUAA4IBAQCMabh88JqRuBYt9zQhVNGD72y6xfn4EMFhQyWvtDEF
u8Mlk0DyL6y4Y0oXIpE78l5Pu7OALdfUfhZIDncdIBMaSXqdtJjKYqy3kzVm2/QS
uBoCcS4ZbK6Sbt3E8DhN3E5V9FrpmccpD5JOLj1QR9gfhfPWDkaYUznXl8dBOk2q
bF8FIMguntMztWTSZjyXv/JD+xdI3C92ckCskeQIWgMnELB5eTtl5DhvEilyOdss
UXkOkSVJg8AZpxG6LodV3ZNHiWGt3YY7p5umAdGE0DQxe9SrrxzGObm2MR4fX89X
7h1Lb8xc5EWumcOY1Nt8CMoPrXhjrY0fBvuU+OfJSxWl
-----END CERTIFICATE-----