This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/FWGJ0ZbSTgVIubiaw4dd5jNIaPA.roa
File:                     FWGJ0ZbSTgVIubiaw4dd5jNIaPA.roa (raw, json)
Hash identifier:          6HJCa4AjDeGNzbrzAtTTFZ47JbqJPDDrlYN1WdGf0N4=
Subject key identifier:   15:61:89:D1:96:D2:4E:05:48:B9:B8:9A:C3:87:5D:E6:33:48:68:F0
Certificate issuer:       /CN=1e5b334965788794d6f147a2f004d13be3257dc4
Certificate serial:       019B77C6FB007717FD753917752E78C95C27
Authority key identifier: 1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/FWGJ0ZbSTgVIubiaw4dd5jNIaPA.roa
Signing time:             Thu 01 Jan 2026 04:18:07 +0000
ROA not before:           Thu 01 Jan 2026 04:18:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     54339
IP address blocks:        195.8.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 15:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:fb:00:77:17:fd:75:39:17:75:2e:78:c9:5c:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5b334965788794d6f147a2f004d13be3257dc4
        Validity
            Not Before: Jan  1 04:18:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=156189d196d24e0548b9b89ac3875de6334868f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:5e:17:bf:8a:ad:c2:72:f1:06:97:22:e6:e2:
                    a3:be:00:6d:be:9f:31:a2:fa:ed:22:70:2a:9f:26:
                    25:dc:62:9e:7f:cc:26:b9:32:1f:02:a5:1f:a4:48:
                    43:41:09:48:68:3d:bf:3a:7f:f4:b9:99:61:a2:4f:
                    3e:7a:61:ec:ef:01:b1:4b:f3:0f:52:87:34:f0:05:
                    43:cf:a3:25:81:73:f9:6a:63:e6:3f:14:ee:22:62:
                    33:b0:ea:26:ec:02:44:14:86:c0:03:de:56:21:c9:
                    6e:9a:0f:b6:eb:11:92:90:34:92:1c:07:01:e4:e5:
                    68:a1:75:62:b3:7e:37:d2:e2:2c:6c:1f:e9:78:f6:
                    ee:da:f3:5a:9a:bd:eb:1f:1b:8b:f6:0a:f8:ae:c8:
                    e5:d6:d1:9c:4b:a7:3b:98:90:dd:88:a4:27:d5:2a:
                    f2:15:2b:99:8b:85:73:9d:3d:01:42:aa:fb:80:46:
                    27:e0:3e:8d:d9:50:40:0e:94:dd:bf:90:37:f1:f5:
                    f2:e3:71:9f:5c:f2:ed:b3:4d:33:8b:8a:1f:fc:76:
                    57:6d:a7:6b:d7:f6:15:59:c5:a7:77:c2:00:72:70:
                    96:3d:d2:85:07:a8:9a:37:74:b9:81:6e:33:4c:02:
                    77:3d:66:af:cf:40:56:15:01:50:13:b0:17:91:96:
                    bc:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:61:89:D1:96:D2:4E:05:48:B9:B8:9A:C3:87:5D:E6:33:48:68:F0
            X509v3 Authority Key Identifier:
                keyid:1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/FWGJ0ZbSTgVIubiaw4dd5jNIaPA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.8.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:7e:7c:31:e3:50:46:35:75:24:8d:a4:df:00:f2:a2:a8:69:
         6a:f7:2a:de:72:02:ab:7f:38:4b:27:5f:fa:a7:5d:6f:38:07:
         c6:1e:40:51:a4:f9:0d:ce:16:9c:60:0a:24:8e:18:68:b5:6c:
         fb:ee:cc:a3:9b:e7:19:fe:ff:12:d0:60:12:c8:d4:45:a5:8d:
         bc:7e:4b:93:c0:ff:96:ea:80:ff:ce:99:54:a4:96:fe:01:51:
         e8:16:3e:bd:0b:cc:42:59:1a:25:f4:09:f2:34:b6:e6:1e:61:
         d6:cb:87:3a:8d:05:05:69:4b:cb:73:e3:7d:ab:d5:d0:dc:b2:
         3a:57:3e:77:d6:1f:2f:a3:fd:25:39:8e:69:b7:97:f8:f0:86:
         8c:07:f1:54:93:00:e2:bf:21:8a:90:5a:60:2a:4a:5e:72:bf:
         c0:51:41:18:67:b8:57:cb:ef:a7:50:39:8f:3a:d1:74:66:0a:
         bb:cc:ee:b1:ac:47:9d:1e:c4:42:2c:bb:79:80:6b:ca:f9:b8:
         38:be:f8:75:15:50:c6:91:14:cf:43:f1:c5:f9:0c:63:7f:f5:
         22:f7:86:a5:60:0c:84:3f:ed:83:ed:b9:e9:f7:76:60:00:dc:
         fe:11:eb:71:c7:0c:58:f7:1c:0f:d8:49:0b:a5:79:e1:a7:40:
         fa:d7:42:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xvsAdxf9dTkXdS54yVwnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWIzMzQ5NjU3ODg3OTRkNmYxNDdhMmYwMDRkMTNiZTMy
NTdkYzQwHhcNMjYwMTAxMDQxODA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTYxODlkMTk2ZDI0ZTA1NDhiOWI4OWFjMzg3NWRlNjMzNDg2OGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu14Xv4qtwnLxBpci5uKjvgBtvp8x
ovrtInAqnyYl3GKef8wmuTIfAqUfpEhDQQlIaD2/On/0uZlhok8+emHs7wGxS/MP
Uoc08AVDz6MlgXP5amPmPxTuImIzsOom7AJEFIbAA95WIclumg+26xGSkDSSHAcB
5OVooXVis3430uIsbB/pePbu2vNamr3rHxuL9gr4rsjl1tGcS6c7mJDdiKQn1Sry
FSuZi4VznT0BQqr7gEYn4D6N2VBADpTdv5A38fXy43GfXPLts00zi4of/HZXbadr
1/YVWcWnd8IAcnCWPdKFB6iaN3S5gW4zTAJ3PWavz0BWFQFQE7AXkZa8iwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBVhidGW0k4FSLm4msOHXeYzSGjwMB8GA1UdIwQY
MBaAFB5bM0lleIeU1vFHovAE0TvjJX3EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDIt
OTk5MGUyZDllYWZlLzEvRldHSjBaYlNUZ1ZJdWJpYXc0ZGQ1ak5JYVBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDItOTk5MGUyZDllYWZl
LzEvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwjIMA0G
CSqGSIb3DQEBCwUAA4IBAQA+fnwx41BGNXUkjaTfAPKiqGlq9yrecgKrfzhLJ1/6
p11vOAfGHkBRpPkNzhacYAokjhhotWz77syjm+cZ/v8S0GASyNRFpY28fkuTwP+W
6oD/zplUpJb+AVHoFj69C8xCWRol9AnyNLbmHmHWy4c6jQUFaUvLc+N9q9XQ3LI6
Vz531h8vo/0lOY5pt5f48IaMB/FUkwDivyGKkFpgKkpecr/AUUEYZ7hXy++nUDmP
OtF0Zgq7zO6xrEedHsRCLLt5gGvK+bg4vvh1FVDGkRTPQ/HF+Qxjf/Ui94alYAyE
P+2D7bnp93ZgANz+EetxxwxY9xwP2EkLpXnhp0D610IG
-----END CERTIFICATE-----