This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/5kDznLF2iub5SH7yTkqIdOVNzq4.roa
File:                     5kDznLF2iub5SH7yTkqIdOVNzq4.roa (raw, json)
Hash identifier:          13sFTXcdr3CdMxedPw3I/HtBIthzt0CqwuFiPpwURzo=
Subject key identifier:   E6:40:F3:9C:B1:76:8A:E6:F9:48:7E:F2:4E:4A:88:74:E5:4D:CE:AE
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       019B7BA54E163F696EB852D3ED9F04F0E0E6
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/5kDznLF2iub5SH7yTkqIdOVNzq4.roa
Signing time:             Thu 01 Jan 2026 22:19:49 +0000
ROA not before:           Thu 01 Jan 2026 22:19:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207772
IP address blocks:        95.43.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:4e:16:3f:69:6e:b8:52:d3:ed:9f:04:f0:e0:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 22:19:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e640f39cb1768ae6f9487ef24e4a8874e54dceae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:4f:77:6f:08:b0:ed:0f:d2:88:bc:a9:97:d9:
                    57:73:ab:49:e3:ca:a0:d4:c1:ca:e5:ef:8b:f5:9f:
                    35:b0:e3:75:02:d3:d1:be:1b:69:36:8b:cb:47:02:
                    01:b0:7f:b2:73:cb:98:3b:68:38:8d:e4:e9:50:e2:
                    82:3b:5a:41:db:e4:8b:79:30:40:13:42:bc:a8:ab:
                    cf:2e:d5:e0:e8:1a:52:9e:c6:c4:49:a8:97:68:78:
                    7a:c4:f4:d7:14:36:d3:5f:91:98:a4:a2:cc:fa:4b:
                    67:c0:fa:32:8e:82:63:e4:6b:0b:6d:d0:a4:da:4f:
                    cf:38:f1:ff:e7:29:17:3e:de:e6:a6:01:22:49:02:
                    9c:88:f0:23:d2:f4:dc:1b:d9:a2:cd:3e:e5:be:6b:
                    07:4d:3e:1c:b8:4b:63:84:05:ce:9c:6e:73:cd:24:
                    f8:68:2a:a2:7b:df:59:c5:dd:28:97:43:b3:de:1f:
                    81:0e:f4:e6:b4:09:ac:ce:3a:fb:5d:2e:38:33:a2:
                    e5:a4:db:68:56:25:65:51:b2:b7:3a:81:96:4b:dc:
                    3e:76:de:dc:1f:ce:34:0d:f5:13:68:c3:8f:2e:25:
                    a5:01:31:e7:c1:5b:b6:9d:db:cf:77:2e:e1:84:08:
                    6d:a9:70:55:e3:56:47:f5:b4:2e:b3:31:ae:76:91:
                    43:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:40:F3:9C:B1:76:8A:E6:F9:48:7E:F2:4E:4A:88:74:E5:4D:CE:AE
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/5kDznLF2iub5SH7yTkqIdOVNzq4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.43.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:13:15:67:71:a9:f4:8d:37:6c:8b:ba:64:4b:8c:9f:dc:56:
         c6:db:04:0e:16:9a:b7:d0:2c:02:28:0d:7f:6d:0e:cf:d6:39:
         cc:ba:3f:ae:21:34:ac:c1:e7:30:01:d6:3c:fc:6a:5b:6f:54:
         6a:17:9d:06:a0:e5:96:1e:50:ca:18:48:7f:5f:7d:5b:28:74:
         49:63:ce:c0:13:41:cd:56:5b:5c:6a:4e:c7:cb:84:14:1c:75:
         ff:9d:d6:72:41:fc:0b:1d:ac:07:3d:76:69:ca:2c:95:44:5d:
         c2:02:a7:1c:03:a6:15:c4:ee:82:61:8a:e2:2e:68:92:11:c9:
         09:31:76:ce:67:b3:f3:d5:53:21:06:5f:e0:91:36:d9:03:1c:
         fe:af:ea:f1:45:5c:78:cd:be:9b:f1:9b:a5:ea:41:78:0e:8e:
         44:6e:b7:c3:95:0e:76:c5:2b:4e:bf:91:d5:f4:aa:93:97:e5:
         c7:ab:c8:b4:c7:81:74:38:1f:1f:b4:05:1f:4c:1e:09:79:fc:
         f4:f3:a6:7b:cf:c9:79:cc:ef:36:ab:5f:0b:26:54:1a:19:23:
         fc:f7:c4:db:ad:eb:48:92:8c:fa:c4:55:e2:1c:48:9d:65:9a:
         e1:e9:2f:0d:42:05:d0:7e:16:6f:fc:7c:87:4c:6a:7c:58:e3:
         e0:2d:a1:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pU4WP2luuFLT7Z8E8ODmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjYwMTAxMjIxOTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjQwZjM5Y2IxNzY4YWU2Zjk0ODdlZjI0ZTRhODg3NGU1NGRjZWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx093bwiw7Q/SiLypl9lXc6tJ48qg
1MHK5e+L9Z81sON1AtPRvhtpNovLRwIBsH+yc8uYO2g4jeTpUOKCO1pB2+SLeTBA
E0K8qKvPLtXg6BpSnsbESaiXaHh6xPTXFDbTX5GYpKLM+ktnwPoyjoJj5GsLbdCk
2k/POPH/5ykXPt7mpgEiSQKciPAj0vTcG9mizT7lvmsHTT4cuEtjhAXOnG5zzST4
aCqie99Zxd0ol0Oz3h+BDvTmtAmszjr7XS44M6LlpNtoViVlUbK3OoGWS9w+dt7c
H840DfUTaMOPLiWlATHnwVu2ndvPdy7hhAhtqXBV41ZH9bQuszGudpFDTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOZA85yxdorm+Uh+8k5KiHTlTc6uMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvNWtEem5MRjJpdWI1U0g3eVRrcUlkT1ZOenE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXytyMA0G
CSqGSIb3DQEBCwUAA4IBAQA9ExVncan0jTdsi7pkS4yf3FbG2wQOFpq30CwCKA1/
bQ7P1jnMuj+uITSswecwAdY8/Gpbb1RqF50GoOWWHlDKGEh/X31bKHRJY87AE0HN
Vltcak7Hy4QUHHX/ndZyQfwLHawHPXZpyiyVRF3CAqccA6YVxO6CYYriLmiSEckJ
MXbOZ7Pz1VMhBl/gkTbZAxz+r+rxRVx4zb6b8Zul6kF4Do5EbrfDlQ52xStOv5HV
9KqTl+XHq8i0x4F0OB8ftAUfTB4Jefz086Z7z8l5zO82q18LJlQaGSP898TbretI
koz6xFXiHEidZZrh6S8NQgXQfhZv/HyHTGp8WOPgLaFt
-----END CERTIFICATE-----