This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/ioNRHlUjrXZXGwM3yHXyNTZdMx0.roa
File:                     ioNRHlUjrXZXGwM3yHXyNTZdMx0.roa (raw, json)
Hash identifier:          BWD5RHei2js3p7ixFJ0GF6nZuII80HgQOTS+8kZsqzo=
Subject key identifier:   8A:83:51:1E:55:23:AD:76:57:1B:03:37:C8:75:F2:35:36:5D:33:1D
Certificate issuer:       /CN=f19918ed219e7d3d922737ecdc731f0ca60a68b8
Certificate serial:       019B7F8512471D711E6C09490BE5E51EB09D
Authority key identifier: F1:99:18:ED:21:9E:7D:3D:92:27:37:EC:DC:73:1F:0C:A6:0A:68:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8ZkY7SGefT2SJzfs3HMfDKYKaLg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/ioNRHlUjrXZXGwM3yHXyNTZdMx0.roa
Signing time:             Fri 02 Jan 2026 16:23:05 +0000
ROA not before:           Fri 02 Jan 2026 16:23:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5432
IP address blocks:        195.66.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/8ZkY7SGefT2SJzfs3HMfDKYKaLg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/8ZkY7SGefT2SJzfs3HMfDKYKaLg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8ZkY7SGefT2SJzfs3HMfDKYKaLg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:85:12:47:1d:71:1e:6c:09:49:0b:e5:e5:1e:b0:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f19918ed219e7d3d922737ecdc731f0ca60a68b8
        Validity
            Not Before: Jan  2 16:23:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8a83511e5523ad76571b0337c875f235365d331d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:a6:60:e9:16:fa:4a:5c:b2:91:2d:29:81:b1:
                    f3:95:e4:22:04:ac:ef:f7:13:34:5e:15:28:c2:c7:
                    5a:6f:b3:84:bf:6e:0a:05:65:c6:94:b6:1c:90:91:
                    ac:27:55:f9:10:46:7f:a4:99:e9:36:a8:d6:49:f7:
                    14:d2:cd:a3:62:b5:07:c1:47:f8:89:b9:b8:7b:06:
                    e5:ee:bd:72:20:c3:8f:b3:f8:9c:88:a0:14:b7:40:
                    d8:23:bb:a5:b9:54:c5:00:0a:10:45:44:18:e1:c2:
                    59:f6:c6:01:1d:fe:41:e4:a0:44:88:6b:cd:d8:95:
                    ba:87:15:7b:21:af:24:71:5a:d2:f8:e5:2e:47:b0:
                    ed:86:62:02:12:20:b7:85:cf:26:c2:d6:2a:b7:14:
                    57:b1:ce:9e:16:22:5e:88:68:a9:c8:ba:e2:c5:0e:
                    a9:d3:cc:91:fc:bc:40:a7:09:47:15:0f:9f:9b:8d:
                    26:94:08:4c:6e:cd:94:62:92:e6:9c:02:fe:37:49:
                    6f:03:7e:91:d4:49:9a:3a:0e:cf:c9:5e:13:53:f3:
                    bd:eb:85:0f:b5:6d:e7:05:31:35:ff:d2:73:7f:f4:
                    2a:ee:6b:29:8a:62:7e:be:35:66:3a:95:0f:7c:ac:
                    3e:9d:e2:8f:64:a0:82:1e:ea:5d:b3:96:76:8f:01:
                    8a:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:83:51:1E:55:23:AD:76:57:1B:03:37:C8:75:F2:35:36:5D:33:1D
            X509v3 Authority Key Identifier:
                keyid:F1:99:18:ED:21:9E:7D:3D:92:27:37:EC:DC:73:1F:0C:A6:0A:68:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8ZkY7SGefT2SJzfs3HMfDKYKaLg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/ioNRHlUjrXZXGwM3yHXyNTZdMx0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/8ZkY7SGefT2SJzfs3HMfDKYKaLg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.66.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:71:e4:83:a6:eb:3f:9e:03:28:14:ce:76:83:9a:ec:e0:33:
         fe:7d:bb:0a:cc:0c:b1:dc:87:d8:ca:79:b2:56:7c:8a:0a:30:
         52:2c:fe:b9:9d:de:40:36:eb:da:39:62:08:3e:a3:72:b0:5a:
         63:2f:fd:52:73:f4:cc:e9:ea:0a:32:b6:81:9c:58:f9:e0:7a:
         18:a0:21:a0:ef:9f:8c:89:2e:b9:cc:0d:1b:61:3c:aa:07:4c:
         00:3b:7f:c4:cb:23:71:5d:80:c5:47:91:50:e9:03:56:b4:63:
         47:6f:cd:cd:21:35:0e:75:b9:71:b5:b4:2d:e1:99:fd:25:7f:
         4f:3d:c2:2a:2a:d2:69:c4:61:30:0b:e9:f2:3f:98:99:f9:8a:
         74:fa:96:93:b9:ae:1b:e9:aa:38:41:f7:c9:4f:9a:86:8e:20:
         5a:3d:7e:88:ce:aa:87:0a:de:a2:59:4d:7f:5e:96:d3:fc:68:
         e4:f4:1b:e7:be:e5:48:37:55:cd:a4:9c:bb:1f:46:ef:2b:98:
         18:0b:7f:9e:50:ff:ef:22:83:d4:30:90:5d:de:44:ea:7a:47:
         45:d0:8b:a3:a8:aa:c9:61:9b:67:73:7d:e1:0c:5f:30:7d:1b:
         52:63:d4:b0:3b:b0:c7:1b:70:54:12:c0:03:a3:e5:6b:38:f7:
         53:9f:df:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hRJHHXEebAlJC+XlHrCdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxOTkxOGVkMjE5ZTdkM2Q5MjI3MzdlY2RjNzMxZjBjYTYw
YTY4YjgwHhcNMjYwMTAyMTYyMzA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTgzNTExZTU1MjNhZDc2NTcxYjAzMzdjODc1ZjIzNTM2NWQzMzFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7KZg6Rb6SlyykS0pgbHzleQiBKzv
9xM0XhUowsdab7OEv24KBWXGlLYckJGsJ1X5EEZ/pJnpNqjWSfcU0s2jYrUHwUf4
ibm4ewbl7r1yIMOPs/iciKAUt0DYI7uluVTFAAoQRUQY4cJZ9sYBHf5B5KBEiGvN
2JW6hxV7Ia8kcVrS+OUuR7DthmICEiC3hc8mwtYqtxRXsc6eFiJeiGipyLrixQ6p
08yR/LxApwlHFQ+fm40mlAhMbs2UYpLmnAL+N0lvA36R1EmaOg7PyV4TU/O964UP
tW3nBTE1/9Jzf/Qq7mspimJ+vjVmOpUPfKw+neKPZKCCHupds5Z2jwGKIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIqDUR5VI612VxsDN8h18jU2XTMdMB8GA1UdIwQY
MBaAFPGZGO0hnn09kic37NxzHwymCmi4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFprWTdTR2VmVDJTSnpmczNITWZES1lLYUxnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS82MmIwOTgtNTY4ZC00ODcyLWEwMzIt
MzEzZWZlYjBiMTlkLzEvaW9OUkhsVWpyWFpYR3dNM3lIWHlOVFpkTXgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS82MmIwOTgtNTY4ZC00ODcyLWEwMzItMzEzZWZlYjBiMTlk
LzEvOFprWTdTR2VmVDJTSnpmczNITWZES1lLYUxnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0JrMA0G
CSqGSIb3DQEBCwUAA4IBAQCYceSDpus/ngMoFM52g5rs4DP+fbsKzAyx3IfYynmy
VnyKCjBSLP65nd5ANuvaOWIIPqNysFpjL/1Sc/TM6eoKMraBnFj54HoYoCGg75+M
iS65zA0bYTyqB0wAO3/EyyNxXYDFR5FQ6QNWtGNHb83NITUOdblxtbQt4Zn9JX9P
PcIqKtJpxGEwC+nyP5iZ+Yp0+paTua4b6ao4QffJT5qGjiBaPX6IzqqHCt6iWU1/
XpbT/Gjk9BvnvuVIN1XNpJy7H0bvK5gYC3+eUP/vIoPUMJBd3kTqekdF0IujqKrJ
YZtnc33hDF8wfRtSY9SwO7DHG3BUEsADo+VrOPdTn9+n
-----END CERTIFICATE-----