This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/70658b-377a-4915-b1e8-6af215bff1ce/1/aMBkxohgXCBHlVf4cqZehB-dZl8.roa
File:                     aMBkxohgXCBHlVf4cqZehB-dZl8.roa (raw, json)
Hash identifier:          52GsVdhZ9s3mGch2GNyJmZC5fofL+PlpDWV6v2/k90g=
Subject key identifier:   68:C0:64:C6:88:60:5C:20:47:95:57:F8:72:A6:5E:84:1F:9D:66:5F
Certificate issuer:       /CN=72e6fd2271dde10886d97ff14703e581a204b65e
Certificate serial:       019B7E376A212B94CDB8E316AB6883CF290C
Authority key identifier: 72:E6:FD:22:71:DD:E1:08:86:D9:7F:F1:47:03:E5:81:A2:04:B6:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cub9InHd4QiG2X_xRwPlgaIEtl4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/70658b-377a-4915-b1e8-6af215bff1ce/1/aMBkxohgXCBHlVf4cqZehB-dZl8.roa
Signing time:             Fri 02 Jan 2026 10:18:39 +0000
ROA not before:           Fri 02 Jan 2026 10:18:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41745
IP address blocks:        95.128.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/70658b-377a-4915-b1e8-6af215bff1ce/1/cub9InHd4QiG2X_xRwPlgaIEtl4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/70658b-377a-4915-b1e8-6af215bff1ce/1/cub9InHd4QiG2X_xRwPlgaIEtl4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cub9InHd4QiG2X_xRwPlgaIEtl4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 10:01:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:6a:21:2b:94:cd:b8:e3:16:ab:68:83:cf:29:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72e6fd2271dde10886d97ff14703e581a204b65e
        Validity
            Not Before: Jan  2 10:18:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=68c064c688605c20479557f872a65e841f9d665f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:93:b9:14:55:4c:b5:fe:07:3b:5f:70:1f:3b:
                    c4:0f:df:16:23:0a:b7:a0:46:00:35:56:97:01:f4:
                    ee:b1:09:7a:bd:fe:75:b2:c3:84:25:a1:b0:fa:15:
                    ca:ca:3d:a6:24:29:62:f1:2c:c4:64:d3:43:a5:37:
                    71:49:95:41:d8:93:f2:6b:ad:ce:a7:2e:b1:55:75:
                    ca:cb:d6:75:2c:e8:79:8c:92:bb:1e:88:04:ea:de:
                    eb:6a:88:c3:b4:db:2a:91:41:5b:6a:c2:cb:6a:fe:
                    fb:59:82:18:23:6b:4f:50:0b:81:a8:56:85:87:ad:
                    cb:87:57:44:82:71:dc:0a:be:eb:1d:7c:83:22:a1:
                    17:0f:e2:c7:88:44:01:93:d6:3d:d1:d3:f2:38:56:
                    b6:82:01:73:68:d3:4f:26:86:af:33:0f:0b:b8:92:
                    b4:77:79:6c:6f:f5:b6:ac:72:7f:df:95:39:77:e7:
                    f0:4c:d2:2c:4f:88:a7:e8:6a:a9:11:7b:67:0c:ca:
                    5c:c5:bc:dd:12:b1:fd:ba:f3:3f:9c:c0:15:af:8b:
                    c5:e8:62:0d:13:0f:4f:0e:53:c5:5a:14:e9:0a:e6:
                    b0:4a:58:c0:d7:10:56:a0:6f:5f:a6:59:c1:5d:d2:
                    73:d5:ce:f7:31:0b:b8:1d:2a:ee:54:59:ee:e9:9e:
                    44:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:C0:64:C6:88:60:5C:20:47:95:57:F8:72:A6:5E:84:1F:9D:66:5F
            X509v3 Authority Key Identifier:
                keyid:72:E6:FD:22:71:DD:E1:08:86:D9:7F:F1:47:03:E5:81:A2:04:B6:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cub9InHd4QiG2X_xRwPlgaIEtl4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/70658b-377a-4915-b1e8-6af215bff1ce/1/aMBkxohgXCBHlVf4cqZehB-dZl8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/70658b-377a-4915-b1e8-6af215bff1ce/1/cub9InHd4QiG2X_xRwPlgaIEtl4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.128.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:7e:b5:ca:b8:f4:5a:22:9b:89:81:8a:ae:1c:96:7f:37:5f:
         eb:fa:0a:ef:c6:ad:f1:65:1a:4d:b7:8c:3d:da:73:e1:94:36:
         3f:7a:01:1e:78:f2:40:53:46:23:15:5d:c7:69:6e:46:e6:70:
         d7:7b:69:bf:dc:31:23:ce:c3:8f:be:01:49:aa:5b:61:47:dd:
         1a:6b:34:36:51:f0:68:a2:1d:22:3a:26:5e:de:d3:2d:30:1d:
         a4:6a:ea:0c:90:8d:3c:1d:9c:b4:1e:96:d1:0c:70:57:d7:6f:
         4d:c6:38:36:28:5a:89:45:eb:a8:76:e5:ec:5a:b1:5b:89:9c:
         dc:eb:c3:55:63:9d:32:63:11:58:3c:e1:8f:b9:50:a8:cb:4a:
         2d:e7:2d:e2:08:4a:e3:49:05:0b:fc:df:81:ea:6e:99:3f:c9:
         89:d5:b2:99:77:32:43:2d:36:d9:53:62:c0:19:d2:4b:37:66:
         7e:e4:2d:ee:3a:b4:49:1e:79:c3:16:0f:7b:82:94:6e:44:ad:
         87:87:ef:36:da:2d:92:f7:72:6c:c7:50:c6:b9:cf:5e:ba:95:
         6c:4b:87:ff:9a:96:f8:67:26:35:7a:f0:22:2d:2a:45:34:6b:
         bf:d0:bf:19:ba:1d:bc:56:bd:4d:f1:8c:c5:80:0a:b6:28:e3:
         d9:da:dd:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+N2ohK5TNuOMWq2iDzykMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyZTZmZDIyNzFkZGUxMDg4NmQ5N2ZmMTQ3MDNlNTgxYTIw
NGI2NWUwHhcNMjYwMTAyMTAxODM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGMwNjRjNjg4NjA1YzIwNDc5NTU3Zjg3MmE2NWU4NDFmOWQ2NjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZO5FFVMtf4HO19wHzvED98WIwq3
oEYANVaXAfTusQl6vf51ssOEJaGw+hXKyj2mJCli8SzEZNNDpTdxSZVB2JPya63O
py6xVXXKy9Z1LOh5jJK7HogE6t7raojDtNsqkUFbasLLav77WYIYI2tPUAuBqFaF
h63Lh1dEgnHcCr7rHXyDIqEXD+LHiEQBk9Y90dPyOFa2ggFzaNNPJoavMw8LuJK0
d3lsb/W2rHJ/35U5d+fwTNIsT4in6GqpEXtnDMpcxbzdErH9uvM/nMAVr4vF6GIN
Ew9PDlPFWhTpCuawSljA1xBWoG9fplnBXdJz1c73MQu4HSruVFnu6Z5EgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGjAZMaIYFwgR5VX+HKmXoQfnWZfMB8GA1UdIwQY
MBaAFHLm/SJx3eEIhtl/8UcD5YGiBLZeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3ViOUluSGQ0UWlHMlhfeFJ3UGxnYUlFdGw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83MDY1OGItMzc3YS00OTE1LWIxZTgt
NmFmMjE1YmZmMWNlLzEvYU1Ca3hvaGdYQ0JIbFZmNGNxWmVoQi1kWmw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83MDY1OGItMzc3YS00OTE1LWIxZTgtNmFmMjE1YmZmMWNl
LzEvY3ViOUluSGQ0UWlHMlhfeFJ3UGxnYUlFdGw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4CdMA0G
CSqGSIb3DQEBCwUAA4IBAQB5frXKuPRaIpuJgYquHJZ/N1/r+grvxq3xZRpNt4w9
2nPhlDY/egEeePJAU0YjFV3HaW5G5nDXe2m/3DEjzsOPvgFJqlthR90aazQ2UfBo
oh0iOiZe3tMtMB2kauoMkI08HZy0HpbRDHBX129Nxjg2KFqJReuoduXsWrFbiZzc
68NVY50yYxFYPOGPuVCoy0ot5y3iCErjSQUL/N+B6m6ZP8mJ1bKZdzJDLTbZU2LA
GdJLN2Z+5C3uOrRJHnnDFg97gpRuRK2Hh+822i2S93Jsx1DGuc9eupVsS4f/mpb4
ZyY1evAiLSpFNGu/0L8Zuh28Vr1N8YzFgAq2KOPZ2t3I
-----END CERTIFICATE-----