This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/4a2e97-2570-478b-b9bc-5ebb6378009e/1/e8iBHRW1-cgbS8BVp39SAyWFIaQ.roa
File:                     e8iBHRW1-cgbS8BVp39SAyWFIaQ.roa (raw, json)
Hash identifier:          E5LC66hyjT+BDof0H0AqbFL6eWK7at8besZsrNd8iUs=
Subject key identifier:   7B:C8:81:1D:15:B5:F9:C8:1B:4B:C0:55:A7:7F:52:03:25:85:21:A4
Certificate issuer:       /CN=e292c8c779b6ed6ede72a8cf11490ef6d7a9e921
Certificate serial:       019BCC3D295C9EF69CFF0FC847D75B24EE46
Authority key identifier: E2:92:C8:C7:79:B6:ED:6E:DE:72:A8:CF:11:49:0E:F6:D7:A9:E9:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4pLIx3m27W7ecqjPEUkO9tep6SE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/4a2e97-2570-478b-b9bc-5ebb6378009e/1/e8iBHRW1-cgbS8BVp39SAyWFIaQ.roa
Signing time:             Sat 17 Jan 2026 13:55:18 +0000
ROA not before:           Sat 17 Jan 2026 13:55:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9304
IP address blocks:        95.128.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/4a2e97-2570-478b-b9bc-5ebb6378009e/1/4pLIx3m27W7ecqjPEUkO9tep6SE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/4a2e97-2570-478b-b9bc-5ebb6378009e/1/4pLIx3m27W7ecqjPEUkO9tep6SE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4pLIx3m27W7ecqjPEUkO9tep6SE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 18 Jan 2026 22:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:cc:3d:29:5c:9e:f6:9c:ff:0f:c8:47:d7:5b:24:ee:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e292c8c779b6ed6ede72a8cf11490ef6d7a9e921
        Validity
            Not Before: Jan 17 13:55:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7bc8811d15b5f9c81b4bc055a77f5203258521a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:54:66:52:5c:b9:b6:5d:a4:38:49:9e:45:cf:
                    69:4f:a6:31:93:d0:d5:56:97:d8:7a:d1:fb:e3:85:
                    c4:fc:64:19:b1:b6:0e:d4:c6:fc:0f:d1:fd:0a:9e:
                    08:a9:75:27:12:53:1f:ab:c1:df:64:16:34:b5:34:
                    89:f5:33:5c:8f:dd:d4:68:20:96:bd:e6:d1:1c:76:
                    d5:70:e4:69:ff:4e:36:86:b4:1e:33:1f:98:4b:f8:
                    b9:48:35:76:17:3b:b2:77:0f:b6:41:34:5a:2b:a3:
                    04:54:4c:d2:05:76:db:f3:ca:ec:80:93:26:fe:7d:
                    d6:63:8e:6f:43:b9:28:91:25:5c:7a:c0:fa:01:a7:
                    f7:bd:25:c0:f8:4b:85:49:2f:5e:44:72:e6:8b:54:
                    64:b9:ab:d4:49:50:0d:35:8d:32:55:9d:07:60:93:
                    5b:5b:82:25:e9:4f:93:ee:9a:74:31:4b:02:ba:25:
                    4a:49:4e:38:f6:e4:c5:f0:4d:d2:5b:dd:a9:08:97:
                    30:77:87:fe:93:df:5f:21:de:62:65:ce:59:a2:20:
                    91:bb:f4:5b:c4:2d:ee:8d:d0:7b:d6:c6:22:37:6e:
                    3a:af:88:6b:a4:72:fc:89:3d:58:75:17:03:33:7c:
                    f3:78:e2:f5:2d:3f:6d:95:ea:76:b8:88:70:ab:4c:
                    e4:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:C8:81:1D:15:B5:F9:C8:1B:4B:C0:55:A7:7F:52:03:25:85:21:A4
            X509v3 Authority Key Identifier:
                keyid:E2:92:C8:C7:79:B6:ED:6E:DE:72:A8:CF:11:49:0E:F6:D7:A9:E9:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4pLIx3m27W7ecqjPEUkO9tep6SE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/4a2e97-2570-478b-b9bc-5ebb6378009e/1/e8iBHRW1-cgbS8BVp39SAyWFIaQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/4a2e97-2570-478b-b9bc-5ebb6378009e/1/4pLIx3m27W7ecqjPEUkO9tep6SE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.128.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:a9:46:ca:72:96:73:47:11:a3:7f:ce:37:63:c9:9b:68:8d:
         76:1f:41:02:88:03:f2:59:cf:6e:89:8d:93:3e:4b:6f:aa:a0:
         c0:ec:b2:c7:3f:21:4a:c1:9f:26:36:31:c5:e3:d6:5a:53:26:
         0b:94:a1:e6:ce:5c:4c:5b:ac:1e:80:2f:78:ff:56:b5:ad:8d:
         76:de:48:fa:16:7b:e1:94:69:d0:de:13:8b:27:de:b6:df:c6:
         f6:a5:5c:2a:a8:85:0c:9a:77:b9:a6:b2:d9:0a:78:58:9c:54:
         e2:11:88:02:e8:77:38:d0:71:3b:95:c3:59:cd:45:6c:cd:d1:
         e3:0e:cb:fe:22:a3:67:a5:55:43:ec:07:2e:da:25:dc:7e:e6:
         51:82:a4:c5:f1:38:7c:ac:2a:a1:54:ea:f6:01:af:ca:22:ee:
         e5:b3:61:d1:ca:32:fd:35:0b:a0:45:23:ae:7a:f0:95:ac:a8:
         eb:f2:2e:d9:a9:f0:e7:d8:13:09:01:74:ff:4f:24:4e:98:26:
         74:66:a8:c7:96:76:09:02:e8:74:39:92:f5:99:44:6c:af:59:
         c1:e4:b1:6c:88:d3:d5:41:5a:59:69:57:9a:bd:4c:ef:99:51:
         14:77:8a:05:04:c3:36:d7:b5:ee:30:50:c5:8d:71:98:3e:19:
         25:93:37:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZvMPSlcnvac/w/IR9dbJO5GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyOTJjOGM3NzliNmVkNmVkZTcyYThjZjExNDkwZWY2ZDdh
OWU5MjEwHhcNMjYwMTE3MTM1NTE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmM4ODExZDE1YjVmOWM4MWI0YmMwNTVhNzdmNTIwMzI1ODUyMWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj1RmUly5tl2kOEmeRc9pT6Yxk9DV
VpfYetH744XE/GQZsbYO1Mb8D9H9Cp4IqXUnElMfq8HfZBY0tTSJ9TNcj93UaCCW
vebRHHbVcORp/042hrQeMx+YS/i5SDV2Fzuydw+2QTRaK6MEVEzSBXbb88rsgJMm
/n3WY45vQ7kokSVcesD6Aaf3vSXA+EuFSS9eRHLmi1RkuavUSVANNY0yVZ0HYJNb
W4Il6U+T7pp0MUsCuiVKSU449uTF8E3SW92pCJcwd4f+k99fId5iZc5ZoiCRu/Rb
xC3ujdB71sYiN246r4hrpHL8iT1YdRcDM3zzeOL1LT9tlep2uIhwq0zkUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHvIgR0VtfnIG0vAVad/UgMlhSGkMB8GA1UdIwQY
MBaAFOKSyMd5tu1u3nKozxFJDvbXqekhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHBMSXgzbTI3VzdlY3FqUEVVa085dGVwNlNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC80YTJlOTctMjU3MC00NzhiLWI5YmMt
NWViYjYzNzgwMDllLzEvZThpQkhSVzEtY2diUzhCVnAzOVNBeVdGSWFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC80YTJlOTctMjU3MC00NzhiLWI5YmMtNWViYjYzNzgwMDll
LzEvNHBMSXgzbTI3VzdlY3FqUEVVa085dGVwNlNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4DDMA0G
CSqGSIb3DQEBCwUAA4IBAQApqUbKcpZzRxGjf843Y8mbaI12H0ECiAPyWc9uiY2T
PktvqqDA7LLHPyFKwZ8mNjHF49ZaUyYLlKHmzlxMW6wegC94/1a1rY123kj6Fnvh
lGnQ3hOLJ96238b2pVwqqIUMmne5prLZCnhYnFTiEYgC6Hc40HE7lcNZzUVszdHj
Dsv+IqNnpVVD7Acu2iXcfuZRgqTF8Th8rCqhVOr2Aa/KIu7ls2HRyjL9NQugRSOu
evCVrKjr8i7ZqfDn2BMJAXT/TyROmCZ0ZqjHlnYJAuh0OZL1mURsr1nB5LFsiNPV
QVpZaVeavUzvmVEUd4oFBMM217XuMFDFjXGYPhklkzfG
-----END CERTIFICATE-----