This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/28d600-a869-4ab1-9b2e-446019966a19/1/e99HCBjQgcssRPkCDiUE7eAcY_w.roa
File:                     e99HCBjQgcssRPkCDiUE7eAcY_w.roa (raw, json)
Hash identifier:          IYb3xBr9j8PdXiJfn/hO3V8a/I7VRwJ3UbeucKB0LsU=
Subject key identifier:   7B:DF:47:08:18:D0:81:CB:2C:44:F9:02:0E:25:04:ED:E0:1C:63:FC
Certificate issuer:       /CN=e0574c2878d6b536139b895f08c9c6db18e12a9b
Certificate serial:       019B7DCABD776C1F38273CA30B94F816ED15
Authority key identifier: E0:57:4C:28:78:D6:B5:36:13:9B:89:5F:08:C9:C6:DB:18:E1:2A:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4FdMKHjWtTYTm4lfCMnG2xjhKps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/28d600-a869-4ab1-9b2e-446019966a19/1/e99HCBjQgcssRPkCDiUE7eAcY_w.roa
Signing time:             Fri 02 Jan 2026 08:19:57 +0000
ROA not before:           Fri 02 Jan 2026 08:19:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60455
IP address blocks:        195.69.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/28d600-a869-4ab1-9b2e-446019966a19/1/4FdMKHjWtTYTm4lfCMnG2xjhKps.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/28d600-a869-4ab1-9b2e-446019966a19/1/4FdMKHjWtTYTm4lfCMnG2xjhKps.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4FdMKHjWtTYTm4lfCMnG2xjhKps.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 14:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:bd:77:6c:1f:38:27:3c:a3:0b:94:f8:16:ed:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0574c2878d6b536139b895f08c9c6db18e12a9b
        Validity
            Not Before: Jan  2 08:19:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7bdf470818d081cb2c44f9020e2504ede01c63fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:32:de:a6:ce:ee:77:1d:2d:d4:1c:cb:54:57:
                    48:60:06:29:2a:9a:4f:a9:be:86:4d:d7:d8:d2:c9:
                    47:f4:7a:bd:1e:7c:81:48:e6:a2:cc:01:91:af:2d:
                    14:af:2c:a0:86:36:31:8b:5c:da:58:91:84:56:9e:
                    08:6f:15:f3:7c:46:70:18:06:20:d2:8c:4c:e4:45:
                    0f:6a:de:a9:37:99:21:08:3d:79:9c:2d:15:7b:7f:
                    73:cf:4a:e8:d0:ff:a8:ba:d2:4c:61:8e:7a:46:44:
                    63:01:c2:69:cb:0a:91:ba:f0:fe:1e:8b:2b:85:34:
                    36:ee:64:8a:5a:01:af:26:14:1b:af:f3:68:3f:30:
                    89:15:38:38:cb:b8:92:9d:6b:53:fc:a0:f3:7d:6f:
                    cf:4b:2e:f0:f4:0c:fa:27:fb:c4:97:e4:cd:5a:12:
                    89:7a:1a:76:66:bb:02:48:71:cf:c2:c9:47:42:ad:
                    81:12:52:a6:f8:05:d1:be:8f:91:f1:5a:8e:31:3f:
                    51:ac:39:06:ee:cd:dd:29:fe:b5:0b:e5:35:f3:15:
                    aa:0a:45:a6:94:fd:b1:93:5a:e4:4e:6b:7f:17:7b:
                    22:1c:ad:64:6b:94:ca:e7:45:12:a8:55:ac:38:73:
                    55:63:54:14:ae:65:1e:13:a5:57:e7:ab:70:40:77:
                    66:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:DF:47:08:18:D0:81:CB:2C:44:F9:02:0E:25:04:ED:E0:1C:63:FC
            X509v3 Authority Key Identifier:
                keyid:E0:57:4C:28:78:D6:B5:36:13:9B:89:5F:08:C9:C6:DB:18:E1:2A:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4FdMKHjWtTYTm4lfCMnG2xjhKps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/28d600-a869-4ab1-9b2e-446019966a19/1/e99HCBjQgcssRPkCDiUE7eAcY_w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/28d600-a869-4ab1-9b2e-446019966a19/1/4FdMKHjWtTYTm4lfCMnG2xjhKps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.69.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:76:db:bc:ae:ac:15:73:50:35:af:d8:12:de:bc:e2:01:bf:
         17:9e:6c:f6:8a:5a:92:0b:5b:46:1c:3a:db:58:3e:59:f1:17:
         a7:08:ed:3e:63:ca:fa:a3:d5:2f:36:71:4d:40:c8:13:dc:0f:
         ce:15:8e:20:d1:70:8d:e2:37:35:7b:8e:2a:92:61:eb:be:ee:
         f1:83:bc:ae:22:1f:37:ab:ca:f8:d3:04:29:fc:d0:02:56:c0:
         e7:4f:fb:7c:c1:28:c6:e0:43:4d:74:b4:91:7c:1b:9a:e8:fa:
         2e:70:ab:8b:ff:24:df:ba:51:57:0e:e2:19:f0:78:8f:d0:c5:
         aa:e4:0f:92:e3:10:02:26:24:1e:3d:8c:b9:2f:2f:bc:de:dd:
         0a:47:dd:ca:b9:ff:02:05:09:d8:82:d9:c8:50:ae:ac:55:86:
         79:58:5e:06:43:45:b4:85:cf:0f:0f:2d:e3:b1:db:83:64:66:
         ed:e3:7d:c2:be:ca:a8:ed:ad:d7:69:de:06:a3:1b:0d:64:1d:
         ba:13:87:d3:f4:af:09:dd:76:c2:7f:68:f0:0d:34:39:52:f0:
         2b:71:fc:05:0a:a9:07:4b:d4:56:75:20:fc:c4:91:73:f0:1c:
         7a:5d:e4:38:19:05:a9:b6:0b:dd:1d:97:58:81:96:a8:71:0e:
         e4:73:7e:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yr13bB84JzyjC5T4Fu0VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNTc0YzI4NzhkNmI1MzYxMzliODk1ZjA4YzljNmRiMThl
MTJhOWIwHhcNMjYwMTAyMDgxOTU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmRmNDcwODE4ZDA4MWNiMmM0NGY5MDIwZTI1MDRlZGUwMWM2M2ZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqTLeps7udx0t1BzLVFdIYAYpKppP
qb6GTdfY0slH9Hq9HnyBSOaizAGRry0UryyghjYxi1zaWJGEVp4IbxXzfEZwGAYg
0oxM5EUPat6pN5khCD15nC0Ve39zz0ro0P+outJMYY56RkRjAcJpywqRuvD+Hosr
hTQ27mSKWgGvJhQbr/NoPzCJFTg4y7iSnWtT/KDzfW/PSy7w9Az6J/vEl+TNWhKJ
ehp2ZrsCSHHPwslHQq2BElKm+AXRvo+R8VqOMT9RrDkG7s3dKf61C+U18xWqCkWm
lP2xk1rkTmt/F3siHK1ka5TK50USqFWsOHNVY1QUrmUeE6VX56twQHdmaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHvfRwgY0IHLLET5Ag4lBO3gHGP8MB8GA1UdIwQY
MBaAFOBXTCh41rU2E5uJXwjJxtsY4SqbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEZkTUtIald0VFlUbTRsZkNNbkcyeGpoS3BzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8yOGQ2MDAtYTg2OS00YWIxLTliMmUt
NDQ2MDE5OTY2YTE5LzEvZTk5SENCalFnY3NzUlBrQ0RpVUU3ZUFjWV93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8yOGQ2MDAtYTg2OS00YWIxLTliMmUtNDQ2MDE5OTY2YTE5
LzEvNEZkTUtIald0VFlUbTRsZkNNbkcyeGpoS3BzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0W7MA0G
CSqGSIb3DQEBCwUAA4IBAQANdtu8rqwVc1A1r9gS3rziAb8Xnmz2ilqSC1tGHDrb
WD5Z8RenCO0+Y8r6o9UvNnFNQMgT3A/OFY4g0XCN4jc1e44qkmHrvu7xg7yuIh83
q8r40wQp/NACVsDnT/t8wSjG4ENNdLSRfBua6PoucKuL/yTfulFXDuIZ8HiP0MWq
5A+S4xACJiQePYy5Ly+83t0KR93Kuf8CBQnYgtnIUK6sVYZ5WF4GQ0W0hc8PDy3j
sduDZGbt433Cvsqo7a3Xad4GoxsNZB26E4fT9K8J3XbCf2jwDTQ5UvArcfwFCqkH
S9RWdSD8xJFz8Bx6XeQ4GQWptgvdHZdYgZaocQ7kc35k
-----END CERTIFICATE-----