This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/38r2X0leHHTAmJ6zVJSwuzoD2E0.roa
File:                     38r2X0leHHTAmJ6zVJSwuzoD2E0.roa (raw, json)
Hash identifier:          uyTAZ2GgNW9/wIH0EkQGQyRV3AY/RO2eHsNraGcFPPk=
Subject key identifier:   DF:CA:F6:5F:49:5E:1C:74:C0:98:9E:B3:54:94:B0:BB:3A:03:D8:4D
Certificate issuer:       /CN=6991c56f11a7171c6153239769f557beba10182d
Certificate serial:       019B77C6F44810B3091D177F981009FFAF8B
Authority key identifier: 69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/38r2X0leHHTAmJ6zVJSwuzoD2E0.roa
Signing time:             Thu 01 Jan 2026 04:18:05 +0000
ROA not before:           Thu 01 Jan 2026 04:18:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39762
IP address blocks:        95.164.64.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:f4:48:10:b3:09:1d:17:7f:98:10:09:ff:af:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6991c56f11a7171c6153239769f557beba10182d
        Validity
            Not Before: Jan  1 04:18:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dfcaf65f495e1c74c0989eb35494b0bb3a03d84d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:80:e2:21:fb:c7:72:e5:36:f6:bd:7c:25:ae:
                    9d:3d:c4:6d:d7:f0:11:20:0a:ce:6d:e7:99:5c:e3:
                    84:f7:57:7f:13:cc:01:e8:23:15:cf:33:56:4f:a1:
                    dd:78:2b:27:8f:8e:b2:4c:64:6c:25:3e:49:b8:68:
                    cf:3b:08:66:14:68:12:28:0f:6a:69:8b:2d:62:c2:
                    60:c7:66:9a:a6:29:8b:eb:60:64:f5:c7:7d:5f:1c:
                    73:43:ec:7f:b4:76:a0:d8:c4:88:3c:2d:70:f4:7a:
                    67:4d:ef:0a:74:d6:f8:41:ff:39:55:d9:d6:f9:75:
                    96:27:6c:44:4f:15:5d:e1:db:04:0a:93:1f:81:d2:
                    4e:bd:36:a3:b8:78:f7:6c:d8:4e:e2:47:8f:84:6a:
                    7a:2b:2a:ff:9e:84:e9:d1:08:db:07:ad:ab:ec:67:
                    0c:8a:8f:5e:77:38:51:65:76:3d:b5:50:53:af:d4:
                    50:26:75:ed:7a:5d:38:ef:2d:01:33:46:ac:e7:8f:
                    20:37:ac:e7:3f:57:51:65:62:ac:d2:5d:6f:8e:74:
                    ea:37:e0:5c:27:76:88:89:58:12:e8:ba:6d:85:25:
                    1e:f5:bd:de:00:22:8a:46:18:88:60:1f:34:5c:24:
                    db:0b:04:dd:7d:bd:e4:52:fa:34:d8:d0:8d:ba:e9:
                    0e:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:CA:F6:5F:49:5E:1C:74:C0:98:9E:B3:54:94:B0:BB:3A:03:D8:4D
            X509v3 Authority Key Identifier:
                keyid:69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/38r2X0leHHTAmJ6zVJSwuzoD2E0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.164.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7e:70:c8:0d:e7:fc:69:20:d7:30:90:e8:62:2e:05:89:d6:c2:
         fd:12:f7:6b:a3:c0:d4:a5:8c:b2:1f:10:82:59:33:58:e1:86:
         2a:15:c4:44:a3:8c:ef:64:4b:12:0e:24:bd:2e:7e:57:8f:e0:
         38:bf:4a:8c:8d:a7:86:bc:cd:1e:18:98:ff:f0:ce:c1:63:ac:
         73:a5:fc:c8:72:8f:3a:5c:83:41:9e:ab:5b:ba:d4:6c:62:a4:
         c7:26:54:3a:5f:c8:f2:d4:81:b8:ed:26:c7:ee:0f:5e:cc:a4:
         97:f3:93:1a:23:47:ea:27:07:63:b8:29:fa:c2:56:b5:32:21:
         c4:d3:73:c3:61:6d:f3:60:2f:28:16:1e:ca:2c:30:83:95:ff:
         ce:45:4e:64:a3:04:3c:e4:72:3e:52:b6:6e:72:c3:12:67:7f:
         fc:84:7f:da:4e:38:68:71:64:32:7c:b5:47:62:09:4c:a7:ff:
         11:bc:c2:9b:4b:e9:57:89:5d:b3:09:34:eb:40:3f:f2:06:52:
         26:8b:9b:7f:5b:db:b8:0a:84:ab:48:d3:fa:6f:5d:17:78:c0:
         e0:9f:21:51:9e:a2:c9:0b:40:2d:68:b8:22:bd:ab:d9:14:90:
         52:2e:78:20:c6:c7:7c:dc:8b:ec:77:80:fe:92:97:97:e7:69:
         ec:d7:d3:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xvRIELMJHRd/mBAJ/6+LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5OTFjNTZmMTFhNzE3MWM2MTUzMjM5NzY5ZjU1N2JlYmEx
MDE4MmQwHhcNMjYwMTAxMDQxODA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmNhZjY1ZjQ5NWUxYzc0YzA5ODllYjM1NDk0YjBiYjNhMDNkODRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYDiIfvHcuU29r18Ja6dPcRt1/AR
IArObeeZXOOE91d/E8wB6CMVzzNWT6HdeCsnj46yTGRsJT5JuGjPOwhmFGgSKA9q
aYstYsJgx2aapimL62Bk9cd9XxxzQ+x/tHag2MSIPC1w9HpnTe8KdNb4Qf85VdnW
+XWWJ2xETxVd4dsECpMfgdJOvTajuHj3bNhO4kePhGp6Kyr/noTp0QjbB62r7GcM
io9edzhRZXY9tVBTr9RQJnXtel047y0BM0as548gN6znP1dRZWKs0l1vjnTqN+Bc
J3aIiVgS6LpthSUe9b3eACKKRhiIYB80XCTbCwTdfb3kUvo02NCNuukOqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN/K9l9JXhx0wJies1SUsLs6A9hNMB8GA1UdIwQY
MBaAFGmRxW8RpxccYVMjl2n1V766EBgtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYt
NjVkMTU2NzM0MGZkLzEvMzhyMlgwbGVISFRBbUo2elZKU3d1em9EMkUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYtNjVkMTU2NzM0MGZk
LzEvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCX6RAMA0G
CSqGSIb3DQEBCwUAA4IBAQB+cMgN5/xpINcwkOhiLgWJ1sL9Evdro8DUpYyyHxCC
WTNY4YYqFcREo4zvZEsSDiS9Ln5Xj+A4v0qMjaeGvM0eGJj/8M7BY6xzpfzIco86
XINBnqtbutRsYqTHJlQ6X8jy1IG47SbH7g9ezKSX85MaI0fqJwdjuCn6wla1MiHE
03PDYW3zYC8oFh7KLDCDlf/ORU5kowQ85HI+UrZucsMSZ3/8hH/aTjhocWQyfLVH
YglMp/8RvMKbS+lXiV2zCTTrQD/yBlImi5t/W9u4CoSrSNP6b10XeMDgnyFRnqLJ
C0AtaLgivavZFJBSLnggxsd83Ivsd4D+kpeX52ns19N+
-----END CERTIFICATE-----