This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/faea65-90b4-46db-beef-84b473b9ebcd/1/AlG308eUrdACgBL2wLNqtHFgCfE.roa
File:                     AlG308eUrdACgBL2wLNqtHFgCfE.roa (raw, json)
Hash identifier:          ln/5TqimsvosBxc2NaYRg6677es5mps+ZXNF6/n2oDg=
Subject key identifier:   02:51:B7:D3:C7:94:AD:D0:02:80:12:F6:C0:B3:6A:B4:71:60:09:F1
Certificate issuer:       /CN=ab8520ec83e30eb7938b8002f470f0d1c505c451
Certificate serial:       019B7F156383DCC44E33F7D0E1744F3FD6A5
Authority key identifier: AB:85:20:EC:83:E3:0E:B7:93:8B:80:02:F4:70:F0:D1:C5:05:C4:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q4Ug7IPjDreTi4AC9HDw0cUFxFE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/faea65-90b4-46db-beef-84b473b9ebcd/1/AlG308eUrdACgBL2wLNqtHFgCfE.roa
Signing time:             Fri 02 Jan 2026 14:21:06 +0000
ROA not before:           Fri 02 Jan 2026 14:21:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49590
IP address blocks:        195.95.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/faea65-90b4-46db-beef-84b473b9ebcd/1/q4Ug7IPjDreTi4AC9HDw0cUFxFE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/faea65-90b4-46db-beef-84b473b9ebcd/1/q4Ug7IPjDreTi4AC9HDw0cUFxFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q4Ug7IPjDreTi4AC9HDw0cUFxFE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 20:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:63:83:dc:c4:4e:33:f7:d0:e1:74:4f:3f:d6:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab8520ec83e30eb7938b8002f470f0d1c505c451
        Validity
            Not Before: Jan  2 14:21:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0251b7d3c794add0028012f6c0b36ab4716009f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:7f:12:a8:6f:76:49:3a:dc:cb:d1:97:4d:fe:
                    be:f5:a7:b9:98:b0:ba:2d:78:83:ec:c3:9f:16:0c:
                    ad:3b:30:4f:cb:ac:42:ad:35:08:da:06:66:11:66:
                    88:a0:1e:3d:aa:df:e7:93:33:68:a1:7b:97:ce:f2:
                    18:32:94:5b:a2:42:db:d1:2f:ad:4e:31:f9:56:77:
                    52:38:18:c4:1e:99:10:23:fd:d1:9c:38:c4:a4:2d:
                    3d:89:68:0b:21:51:ff:08:21:ea:18:ec:6a:7c:49:
                    6a:25:95:21:42:4f:48:d4:64:58:07:ba:22:23:b1:
                    3c:bb:1b:51:84:04:27:59:4f:8c:a0:63:bb:69:c9:
                    21:c1:98:6d:67:f8:ca:8b:f5:ae:e2:fd:ee:af:dd:
                    ce:4d:e5:32:82:53:a2:ad:b3:bc:60:ab:dc:be:dd:
                    76:40:b0:61:33:d2:5b:4c:38:fe:c1:5b:e0:b1:d2:
                    ac:4e:df:d7:88:e7:06:e7:4f:c8:4d:58:cb:b3:2f:
                    36:13:ea:2e:08:ef:cb:fd:c9:fa:49:ac:04:92:43:
                    44:c0:18:a3:35:22:e3:b3:49:fd:c9:d0:0e:c9:98:
                    3e:aa:99:35:8f:61:58:77:51:09:05:a4:ce:bd:9a:
                    36:af:c3:9c:22:e8:11:80:73:6d:56:cd:0f:e2:a1:
                    67:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:51:B7:D3:C7:94:AD:D0:02:80:12:F6:C0:B3:6A:B4:71:60:09:F1
            X509v3 Authority Key Identifier:
                keyid:AB:85:20:EC:83:E3:0E:B7:93:8B:80:02:F4:70:F0:D1:C5:05:C4:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q4Ug7IPjDreTi4AC9HDw0cUFxFE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/faea65-90b4-46db-beef-84b473b9ebcd/1/AlG308eUrdACgBL2wLNqtHFgCfE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/faea65-90b4-46db-beef-84b473b9ebcd/1/q4Ug7IPjDreTi4AC9HDw0cUFxFE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.95.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:58:8a:b6:01:6e:5b:d3:a1:a4:32:14:db:5b:7d:85:76:e8:
         3d:5f:5d:88:5c:b8:ca:c6:ce:bf:28:7a:82:1d:32:48:37:24:
         f3:63:43:54:d2:f6:c0:77:b0:b9:0e:7d:9e:a6:e4:1c:05:e8:
         3a:c8:6b:b4:c8:4f:f1:09:93:ed:a5:d0:cd:b1:2e:ef:ea:2d:
         42:e7:03:4d:e6:9a:ed:e6:4d:5d:bd:4d:dd:45:36:01:43:b4:
         36:a9:6c:ef:43:da:a7:ac:55:38:a4:4d:e9:29:05:6d:f6:7f:
         86:eb:14:74:15:ab:d5:de:a4:4b:ee:42:3b:ba:d5:1f:58:56:
         b6:ba:20:ad:f6:a6:73:8f:91:c8:81:09:73:b0:0b:4d:5a:17:
         c5:c7:7e:e9:9f:77:27:2a:da:b2:87:15:e2:f3:86:b5:24:6c:
         7c:c1:0d:d6:2e:32:c8:9b:c7:1b:e4:77:fa:5d:fe:8c:9a:5d:
         7b:59:e8:ec:f5:75:f7:e3:58:33:94:4f:5c:03:7e:26:db:1f:
         4e:3c:ef:9c:35:1e:99:6e:4a:de:20:23:e9:aa:b9:f2:c4:65:
         3e:5c:25:c7:9c:a0:7e:ab:21:b3:6e:25:6b:4a:c1:23:c3:38:
         da:1c:71:5e:94:c4:9a:75:ee:fc:c9:13:ad:cc:72:12:a3:8e:
         73:18:a6:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FWOD3MROM/fQ4XRPP9alMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiODUyMGVjODNlMzBlYjc5MzhiODAwMmY0NzBmMGQxYzUw
NWM0NTEwHhcNMjYwMTAyMTQyMTA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjUxYjdkM2M3OTRhZGQwMDI4MDEyZjZjMGIzNmFiNDcxNjAwOWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxH8SqG92STrcy9GXTf6+9ae5mLC6
LXiD7MOfFgytOzBPy6xCrTUI2gZmEWaIoB49qt/nkzNooXuXzvIYMpRbokLb0S+t
TjH5VndSOBjEHpkQI/3RnDjEpC09iWgLIVH/CCHqGOxqfElqJZUhQk9I1GRYB7oi
I7E8uxtRhAQnWU+MoGO7ackhwZhtZ/jKi/Wu4v3ur93OTeUyglOirbO8YKvcvt12
QLBhM9JbTDj+wVvgsdKsTt/XiOcG50/ITVjLsy82E+ouCO/L/cn6SawEkkNEwBij
NSLjs0n9ydAOyZg+qpk1j2FYd1EJBaTOvZo2r8OcIugRgHNtVs0P4qFneQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAJRt9PHlK3QAoAS9sCzarRxYAnxMB8GA1UdIwQY
MBaAFKuFIOyD4w63k4uAAvRw8NHFBcRRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTRVZzdJUGpEcmVUaTRBQzlIRHcwY1VGeEZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9mYWVhNjUtOTBiNC00NmRiLWJlZWYt
ODRiNDczYjllYmNkLzEvQWxHMzA4ZVVyZEFDZ0JMMndMTnF0SEZnQ2ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9mYWVhNjUtOTBiNC00NmRiLWJlZWYtODRiNDczYjllYmNk
LzEvcTRVZzdJUGpEcmVUaTRBQzlIRHcwY1VGeEZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1+hMA0G
CSqGSIb3DQEBCwUAA4IBAQBKWIq2AW5b06GkMhTbW32Fdug9X12IXLjKxs6/KHqC
HTJINyTzY0NU0vbAd7C5Dn2epuQcBeg6yGu0yE/xCZPtpdDNsS7v6i1C5wNN5prt
5k1dvU3dRTYBQ7Q2qWzvQ9qnrFU4pE3pKQVt9n+G6xR0FavV3qRL7kI7utUfWFa2
uiCt9qZzj5HIgQlzsAtNWhfFx37pn3cnKtqyhxXi84a1JGx8wQ3WLjLIm8cb5Hf6
Xf6Mml17Wejs9XX341gzlE9cA34m2x9OPO+cNR6ZbkreICPpqrnyxGU+XCXHnKB+
qyGzbiVrSsEjwzjaHHFelMSade78yROtzHISo45zGKbw
-----END CERTIFICATE-----