This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/445ed0-48b3-408e-a1bc-9979df52b018/1/a8xxFezDGCmHsEOSRqb1XFyjzzQ.roa
File:                     a8xxFezDGCmHsEOSRqb1XFyjzzQ.roa (raw, json)
Hash identifier:          UKvCG+Ut498aH2KrK/T04+U4clxpUw2ygew8dg+YGZ0=
Subject key identifier:   6B:CC:71:15:EC:C3:18:29:87:B0:43:92:46:A6:F5:5C:5C:A3:CF:34
Certificate issuer:       /CN=d27b877f899341269bec67c6e3a0a888ba7ae98d
Certificate serial:       019B7B36C6EFA6504F6D8A6EE24A76F4FDE5
Authority key identifier: D2:7B:87:7F:89:93:41:26:9B:EC:67:C6:E3:A0:A8:88:BA:7A:E9:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0nuHf4mTQSab7GfG46CoiLp66Y0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/445ed0-48b3-408e-a1bc-9979df52b018/1/a8xxFezDGCmHsEOSRqb1XFyjzzQ.roa
Signing time:             Thu 01 Jan 2026 20:19:05 +0000
ROA not before:           Thu 01 Jan 2026 20:19:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        195.234.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/445ed0-48b3-408e-a1bc-9979df52b018/1/0nuHf4mTQSab7GfG46CoiLp66Y0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/445ed0-48b3-408e-a1bc-9979df52b018/1/0nuHf4mTQSab7GfG46CoiLp66Y0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0nuHf4mTQSab7GfG46CoiLp66Y0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 Jan 2026 15:30:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:c6:ef:a6:50:4f:6d:8a:6e:e2:4a:76:f4:fd:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d27b877f899341269bec67c6e3a0a888ba7ae98d
        Validity
            Not Before: Jan  1 20:19:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6bcc7115ecc3182987b0439246a6f55c5ca3cf34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:f0:3b:af:fa:3d:e4:50:fc:d6:d6:3e:1f:07:
                    a7:33:1e:97:ca:2c:17:85:97:9f:5a:fa:82:f1:3c:
                    03:3d:8d:c9:12:26:27:84:7b:22:91:24:37:18:97:
                    43:d8:6e:05:75:56:e7:d3:a3:74:b5:38:f2:a0:63:
                    e4:28:1d:67:7d:ff:03:ee:65:23:0c:ca:3d:2e:07:
                    06:03:c8:78:59:26:5c:35:43:3f:e2:f9:f1:9a:38:
                    fb:25:6f:30:d7:aa:e9:cb:84:26:18:ce:f7:9a:f6:
                    a6:6c:a7:ff:98:d1:29:f0:bb:9f:79:ef:ca:63:b8:
                    e0:bf:25:7f:97:92:8f:7f:8d:2b:f4:d1:c5:23:83:
                    8d:27:01:c3:3c:ca:83:e4:e6:eb:bb:11:b5:28:72:
                    fb:56:ba:3d:c9:93:74:20:ea:7c:e9:b6:02:36:40:
                    61:9a:ef:ab:ea:51:68:33:f5:08:a1:da:fd:d0:be:
                    0d:8e:10:3a:7d:f1:89:97:c2:85:1c:e2:f2:19:0b:
                    3d:26:ac:d9:31:b8:1b:25:28:a2:17:3f:fb:21:c9:
                    80:d0:26:6b:dd:a1:fa:f6:68:0f:7c:d3:f5:f0:df:
                    e1:d2:12:27:1f:9b:f1:3d:5d:f2:b3:bf:2c:f6:a5:
                    0d:ec:62:7c:b0:ea:81:04:92:c1:67:a3:12:97:3d:
                    3f:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:CC:71:15:EC:C3:18:29:87:B0:43:92:46:A6:F5:5C:5C:A3:CF:34
            X509v3 Authority Key Identifier:
                keyid:D2:7B:87:7F:89:93:41:26:9B:EC:67:C6:E3:A0:A8:88:BA:7A:E9:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0nuHf4mTQSab7GfG46CoiLp66Y0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/445ed0-48b3-408e-a1bc-9979df52b018/1/a8xxFezDGCmHsEOSRqb1XFyjzzQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/445ed0-48b3-408e-a1bc-9979df52b018/1/0nuHf4mTQSab7GfG46CoiLp66Y0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.234.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:8d:57:8b:0d:fb:ec:e7:96:02:c7:de:43:fb:01:1a:81:cc:
         e0:5a:d8:b3:f4:48:6e:47:81:d1:b1:23:f4:9e:b4:79:6c:44:
         55:d6:14:05:81:ef:f7:0e:07:91:ce:95:1a:78:61:e7:5d:cd:
         1a:08:c7:b4:c8:3d:dd:56:3b:88:31:4d:ce:64:82:1c:bf:f1:
         41:c7:7c:a3:51:18:22:81:85:6d:f2:0b:f7:95:31:26:af:7d:
         2e:2b:6b:0b:d9:9e:02:d2:b2:ce:0c:64:19:06:4d:be:11:97:
         35:24:50:28:c2:21:f4:29:ae:d8:c7:2c:1b:0b:91:b3:e1:b8:
         52:ae:78:4b:c6:2f:23:61:32:7e:ae:64:18:d6:32:d6:95:6c:
         a5:02:44:f1:c7:69:27:e4:53:c2:6c:5f:76:3b:7e:54:c1:af:
         f5:a0:47:a3:83:ad:b8:2b:6c:de:ae:9d:2d:e3:1a:43:ac:ec:
         9f:0c:49:4d:bf:19:74:10:9e:92:0e:16:7e:75:86:ce:bb:14:
         20:1c:5e:43:4f:40:b4:04:20:33:13:a3:10:f5:0c:10:f0:aa:
         68:96:20:57:0a:7b:b3:7c:29:8c:29:d5:e5:4c:ef:60:d3:e8:
         05:5c:c9:5f:91:71:87:4b:01:39:11:6d:1d:f3:ba:ad:b7:30:
         54:f5:30:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NsbvplBPbYpu4kp29P3lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyN2I4NzdmODk5MzQxMjY5YmVjNjdjNmUzYTBhODg4YmE3
YWU5OGQwHhcNMjYwMTAxMjAxOTA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmNjNzExNWVjYzMxODI5ODdiMDQzOTI0NmE2ZjU1YzVjYTNjZjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwvA7r/o95FD81tY+HwenMx6XyiwX
hZefWvqC8TwDPY3JEiYnhHsikSQ3GJdD2G4FdVbn06N0tTjyoGPkKB1nff8D7mUj
DMo9LgcGA8h4WSZcNUM/4vnxmjj7JW8w16rpy4QmGM73mvambKf/mNEp8Lufee/K
Y7jgvyV/l5KPf40r9NHFI4ONJwHDPMqD5ObruxG1KHL7Vro9yZN0IOp86bYCNkBh
mu+r6lFoM/UIodr90L4NjhA6ffGJl8KFHOLyGQs9JqzZMbgbJSiiFz/7IcmA0CZr
3aH69mgPfNP18N/h0hInH5vxPV3ys78s9qUN7GJ8sOqBBJLBZ6MSlz0/NwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGvMcRXswxgph7BDkkam9Vxco880MB8GA1UdIwQY
MBaAFNJ7h3+Jk0Emm+xnxuOgqIi6eumNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMG51SGY0bVRRU2FiN0dmRzQ2Q29pTHA2NlkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS80NDVlZDAtNDhiMy00MDhlLWExYmMt
OTk3OWRmNTJiMDE4LzEvYTh4eEZlekRHQ21Ic0VPU1JxYjFYRnlqenpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS80NDVlZDAtNDhiMy00MDhlLWExYmMtOTk3OWRmNTJiMDE4
LzEvMG51SGY0bVRRU2FiN0dmRzQ2Q29pTHA2NlkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+oiMA0G
CSqGSIb3DQEBCwUAA4IBAQBkjVeLDfvs55YCx95D+wEagczgWtiz9EhuR4HRsSP0
nrR5bERV1hQFge/3DgeRzpUaeGHnXc0aCMe0yD3dVjuIMU3OZIIcv/FBx3yjURgi
gYVt8gv3lTEmr30uK2sL2Z4C0rLODGQZBk2+EZc1JFAowiH0Ka7YxywbC5Gz4bhS
rnhLxi8jYTJ+rmQY1jLWlWylAkTxx2kn5FPCbF92O35Uwa/1oEejg624K2zerp0t
4xpDrOyfDElNvxl0EJ6SDhZ+dYbOuxQgHF5DT0C0BCAzE6MQ9QwQ8KpoliBXCnuz
fCmMKdXlTO9g0+gFXMlfkXGHSwE5EW0d87qttzBU9TDv
-----END CERTIFICATE-----