This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/TsfF6totEPD5J_SD01aG26CeNlU.roa
File:                     TsfF6totEPD5J_SD01aG26CeNlU.roa (raw, json)
Hash identifier:          pacbzaruVfidutobZhr9cP689NUwwKv7FUw+m6XxsRo=
Subject key identifier:   4E:C7:C5:EA:DA:2D:10:F0:F9:27:F4:83:D3:56:86:DB:A0:9E:36:55
Certificate issuer:       /CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
Certificate serial:       019B7E389C2D977AC237FE10236599EC1B01
Authority key identifier: 06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/TsfF6totEPD5J_SD01aG26CeNlU.roa
Signing time:             Fri 02 Jan 2026 10:19:57 +0000
ROA not before:           Fri 02 Jan 2026 10:19:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9009
IP address blocks:        195.114.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 04:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:9c:2d:97:7a:c2:37:fe:10:23:65:99:ec:1b:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
        Validity
            Not Before: Jan  2 10:19:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4ec7c5eada2d10f0f927f483d35686dba09e3655
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:54:15:1f:31:13:e0:f8:a4:3e:c7:e2:0a:44:
                    f8:be:84:be:d9:9f:25:d4:f8:5a:f0:3d:7a:19:07:
                    3b:3e:c9:37:d1:d7:d7:52:3c:ec:df:3d:ab:ad:da:
                    26:30:8e:a0:76:5f:29:1f:cf:a0:73:8a:64:28:35:
                    cc:dd:07:37:86:49:a0:95:af:45:be:25:4a:0d:19:
                    6a:79:f3:92:e9:78:c9:e6:4b:a0:35:7d:f8:90:88:
                    b2:a7:cc:81:e1:79:9b:6f:1b:d7:f1:58:e3:d1:70:
                    d6:71:0e:8a:76:c6:af:f1:53:75:ea:30:22:4d:49:
                    ef:c6:80:39:8c:16:91:d0:c9:98:ef:a6:7f:4c:7b:
                    e5:95:a0:71:20:96:44:48:4f:09:c6:b1:ce:3e:70:
                    b7:9d:2d:34:2e:6b:ae:86:72:f3:0e:6f:e2:0a:ca:
                    02:39:83:8d:d7:81:dd:b9:95:cc:79:30:e8:34:32:
                    2e:e1:a9:e2:2b:ca:fe:e9:78:9f:94:53:c0:54:43:
                    44:78:e8:c9:28:75:f9:eb:89:4c:28:9e:ff:9b:92:
                    b9:93:2c:10:19:b0:a3:73:09:2e:ca:01:97:f1:49:
                    8b:05:fb:9d:dd:53:22:f5:9a:e6:36:02:03:b2:ef:
                    c6:8c:98:41:f8:c2:ef:4d:28:d7:ec:08:c2:2f:94:
                    fc:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:C7:C5:EA:DA:2D:10:F0:F9:27:F4:83:D3:56:86:DB:A0:9E:36:55
            X509v3 Authority Key Identifier:
                keyid:06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/TsfF6totEPD5J_SD01aG26CeNlU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.114.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:41:19:1a:9e:db:18:73:0d:70:f7:51:ec:c1:c7:b7:5e:95:
         26:13:76:4c:64:b0:c0:a7:d1:73:3f:b4:1f:6a:58:7f:d4:29:
         1b:77:1d:04:8b:4e:15:8b:07:56:62:4b:19:d8:7a:6c:d7:1b:
         13:fb:c0:21:ea:2b:f2:b8:52:ba:8e:16:90:34:04:50:46:0a:
         77:d7:d0:1e:52:36:c1:11:2e:f1:77:9e:ec:86:a2:b7:0e:54:
         83:44:ce:d0:7a:91:07:2f:23:a0:89:2a:ce:fe:34:6d:0f:dc:
         e1:c5:db:56:49:ce:a9:a6:e0:86:21:95:11:d8:6c:bf:63:3f:
         96:bc:f1:c3:2c:b7:84:e8:34:a9:c0:67:a6:7f:1c:48:1a:f2:
         fe:53:a5:0e:01:90:30:d8:4a:de:a1:d0:ea:c9:7f:bf:14:6b:
         01:47:46:5a:4e:57:8d:01:65:a4:f8:0d:3a:84:f0:8d:e4:35:
         89:89:74:3a:ae:33:a8:ca:63:ca:61:3f:53:3f:aa:f3:eb:7c:
         d3:7b:96:43:48:c2:d7:91:5d:3e:af:05:ca:8c:a4:f7:46:b6:
         a7:a4:1c:8c:b1:15:29:d6:e3:b9:10:e9:99:9c:37:25:b3:0b:
         a3:82:c1:72:2d:b4:53:41:fb:f6:32:60:3a:99:a7:a3:3a:f7:
         a2:3f:5c:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OJwtl3rCN/4QI2WZ7BsBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NzFkY2M3YTlhYzczNTFjNzFlMGJjMjI3OGNmNDVmZDAy
MGFlMmUwHhcNMjYwMTAyMTAxOTU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWM3YzVlYWRhMmQxMGYwZjkyN2Y0ODNkMzU2ODZkYmEwOWUzNjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlFQVHzET4PikPsfiCkT4voS+2Z8l
1Pha8D16GQc7Psk30dfXUjzs3z2rrdomMI6gdl8pH8+gc4pkKDXM3Qc3hkmgla9F
viVKDRlqefOS6XjJ5kugNX34kIiyp8yB4XmbbxvX8Vjj0XDWcQ6Kdsav8VN16jAi
TUnvxoA5jBaR0MmY76Z/THvllaBxIJZESE8JxrHOPnC3nS00LmuuhnLzDm/iCsoC
OYON14HduZXMeTDoNDIu4aniK8r+6XiflFPAVENEeOjJKHX564lMKJ7/m5K5kywQ
GbCjcwkuygGX8UmLBfud3VMi9ZrmNgIDsu/GjJhB+MLvTSjX7AjCL5T8rQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE7HxeraLRDw+Sf0g9NWhtugnjZVMB8GA1UdIwQY
MBaAFAZx3MeprHNRxx4LwieM9F/QIK4uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEvVHNmRjZ0b3RFUEQ1Sl9TRDAxYUcyNkNlTmxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw3LMMA0G
CSqGSIb3DQEBCwUAA4IBAQCNQRkantsYcw1w91Hswce3XpUmE3ZMZLDAp9FzP7Qf
alh/1Ckbdx0Ei04ViwdWYksZ2Hps1xsT+8Ah6ivyuFK6jhaQNARQRgp319AeUjbB
ES7xd57shqK3DlSDRM7QepEHLyOgiSrO/jRtD9zhxdtWSc6ppuCGIZUR2Gy/Yz+W
vPHDLLeE6DSpwGemfxxIGvL+U6UOAZAw2EreodDqyX+/FGsBR0ZaTleNAWWk+A06
hPCN5DWJiXQ6rjOoymPKYT9TP6rz63zTe5ZDSMLXkV0+rwXKjKT3RranpByMsRUp
1uO5EOmZnDclswujgsFyLbRTQfv2MmA6maejOveiP1xt
-----END CERTIFICATE-----