This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/pENhJnCXZya-iYRk80N4Pd-aEug.roa
File:                     pENhJnCXZya-iYRk80N4Pd-aEug.roa (raw, json)
Hash identifier:          hv4+3v2T5Lhm4hAfGEYfOPyvjdkc6BCY1gyPXk3cXmE=
Subject key identifier:   A4:43:61:26:70:97:67:26:BE:89:84:64:F3:43:78:3D:DF:9A:12:E8
Certificate issuer:       /CN=60661758ce330622470a39ae8d6ef4a2044f83c4
Certificate serial:       019BE04A010A05F7451300E3BE47A6D3F35C
Authority key identifier: 60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/pENhJnCXZya-iYRk80N4Pd-aEug.roa
Signing time:             Wed 21 Jan 2026 11:21:44 +0000
ROA not before:           Wed 21 Jan 2026 11:21:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49915
IP address blocks:        95.173.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 05:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:e0:4a:01:0a:05:f7:45:13:00:e3:be:47:a6:d3:f3:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60661758ce330622470a39ae8d6ef4a2044f83c4
        Validity
            Not Before: Jan 21 11:21:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a443612670976726be898464f343783ddf9a12e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:5d:3f:3a:4d:1e:0a:c2:64:57:1f:10:4e:82:
                    52:3d:40:a2:d2:1e:78:b6:aa:5e:80:e9:bd:b6:2e:
                    68:19:95:b6:9c:1b:c7:cf:51:a6:2d:1c:6b:8d:95:
                    2a:b2:d5:a6:f4:08:35:f8:b5:2f:66:9d:03:3e:0a:
                    b1:69:ff:c3:d1:56:bc:b0:17:84:81:b8:ea:22:99:
                    5a:c7:72:bb:4f:91:7a:84:3d:b0:46:8d:41:76:a2:
                    8b:87:07:a5:a0:cf:53:53:f5:a3:ff:70:1e:b3:af:
                    c8:58:8e:02:b4:a3:6f:23:25:a6:89:29:18:9f:23:
                    06:61:2b:8b:cd:f6:23:07:b5:c7:53:7c:30:79:ed:
                    dd:3f:6a:c2:3a:bb:f0:5e:76:53:e0:c5:6b:03:db:
                    d5:b5:37:4e:90:01:cc:d4:4a:7d:4a:48:18:8c:7a:
                    b5:7c:41:86:6e:01:31:34:f9:34:d4:5d:11:ff:d3:
                    2f:38:fc:f5:b0:15:ad:d8:86:b2:6a:fa:ad:91:10:
                    d5:27:20:fc:d7:68:68:12:59:aa:3f:d1:ee:52:7c:
                    f7:cd:6d:62:89:ee:8b:48:b4:eb:d6:77:b3:4c:6b:
                    d1:84:39:2a:d7:e7:c1:05:c9:4e:f5:de:96:8e:6c:
                    5a:d8:57:f9:c7:59:74:98:85:45:90:96:a0:38:05:
                    6f:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:43:61:26:70:97:67:26:BE:89:84:64:F3:43:78:3D:DF:9A:12:E8
            X509v3 Authority Key Identifier:
                keyid:60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/pENhJnCXZya-iYRk80N4Pd-aEug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.173.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:da:8e:15:05:08:ca:0c:91:b8:36:a8:d7:52:9c:c9:b1:32:
         0b:86:e5:a9:76:14:b4:03:70:21:09:7b:8f:8b:16:75:58:3e:
         e2:22:a3:fe:4e:9e:67:8a:56:07:1c:dc:1f:70:10:24:eb:0f:
         87:bd:32:2f:8d:05:87:7d:9d:b1:90:56:79:0c:7d:41:00:0a:
         9c:f2:6d:60:39:fd:0f:c7:7c:a4:28:df:d5:d1:ac:88:60:da:
         9a:66:15:fe:8d:a9:af:3e:26:c4:79:14:75:c0:17:e5:43:d4:
         30:f6:ba:86:ec:71:8d:75:3a:f7:76:7f:b8:69:3f:b1:4d:25:
         99:18:a7:7f:2c:78:3d:83:32:88:a4:4f:b6:82:68:e4:39:cb:
         8f:1d:63:8e:19:f4:d2:78:f9:ab:c0:f6:c2:1a:65:95:9a:58:
         4b:ec:59:23:08:36:34:c0:4e:9b:87:9c:c1:94:04:04:cc:76:
         98:db:ac:30:cf:d2:3c:3b:bd:bb:ac:4d:7e:31:30:62:8f:aa:
         50:9f:2e:71:37:4e:e0:cc:a7:fb:5a:80:7a:22:6e:bd:81:de:
         be:90:58:e1:43:7f:d7:3f:ff:c5:ef:ef:fe:e0:ff:cd:57:63:
         0f:7c:36:92:c8:fb:0f:aa:99:21:12:3c:a3:f2:a4:8b:14:57:
         15:27:f1:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZvgSgEKBfdFEwDjvkem0/NcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjYxNzU4Y2UzMzA2MjI0NzBhMzlhZThkNmVmNGEyMDQ0
ZjgzYzQwHhcNMjYwMTIxMTEyMTQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDQzNjEyNjcwOTc2NzI2YmU4OTg0NjRmMzQzNzgzZGRmOWExMmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA110/Ok0eCsJkVx8QToJSPUCi0h54
tqpegOm9ti5oGZW2nBvHz1GmLRxrjZUqstWm9Ag1+LUvZp0DPgqxaf/D0Va8sBeE
gbjqIplax3K7T5F6hD2wRo1BdqKLhweloM9TU/Wj/3Aes6/IWI4CtKNvIyWmiSkY
nyMGYSuLzfYjB7XHU3wwee3dP2rCOrvwXnZT4MVrA9vVtTdOkAHM1Ep9SkgYjHq1
fEGGbgExNPk01F0R/9MvOPz1sBWt2IayavqtkRDVJyD812hoElmqP9HuUnz3zW1i
ie6LSLTr1nezTGvRhDkq1+fBBclO9d6Wjmxa2Ff5x1l0mIVFkJagOAVv5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKRDYSZwl2cmvomEZPNDeD3fmhLoMB8GA1UdIwQY
MBaAFGBmF1jOMwYiRwo5ro1u9KIET4PEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2Ut
MWY4NzQ2OTQ1NDgzLzEvcEVOaEpuQ1haeWEtaVlSazgwTjRQZC1hRXVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2UtMWY4NzQ2OTQ1NDgz
LzEvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX606MA0G
CSqGSIb3DQEBCwUAA4IBAQAe2o4VBQjKDJG4NqjXUpzJsTILhuWpdhS0A3AhCXuP
ixZ1WD7iIqP+Tp5nilYHHNwfcBAk6w+HvTIvjQWHfZ2xkFZ5DH1BAAqc8m1gOf0P
x3ykKN/V0ayIYNqaZhX+jamvPibEeRR1wBflQ9Qw9rqG7HGNdTr3dn+4aT+xTSWZ
GKd/LHg9gzKIpE+2gmjkOcuPHWOOGfTSePmrwPbCGmWVmlhL7FkjCDY0wE6bh5zB
lAQEzHaY26wwz9I8O727rE1+MTBij6pQny5xN07gzKf7WoB6Im69gd6+kFjhQ3/X
P//F7+/+4P/NV2MPfDaSyPsPqpkhEjyj8qSLFFcVJ/HE
-----END CERTIFICATE-----