This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/2977cb-6d42-4fab-94dc-3bf83b7e17bc/1/1-iShH5SYJiiJuCHyL-0EvBsap1I.roa
File:                     1-iShH5SYJiiJuCHyL-0EvBsap1I.roa (raw, json)
Hash identifier:          kLqxZPUtdZK8fLI/x0G9E1tU+TNPbPl9AKfGqEvxW9k=
Subject key identifier:   FA:24:A1:1F:94:98:26:28:89:B8:21:F2:2F:ED:04:BC:1B:1A:A7:52
Certificate issuer:       /CN=8de42c560fc228b5bb4f4cf00ede2dfe26c6630b
Certificate serial:       019A8144238BE273F0ABBD2E044700193C7E
Authority key identifier: 8D:E4:2C:56:0F:C2:28:B5:BB:4F:4C:F0:0E:DE:2D:FE:26:C6:63:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jeQsVg_CKLW7T0zwDt4t_ibGYws.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/2977cb-6d42-4fab-94dc-3bf83b7e17bc/1/1-iShH5SYJiiJuCHyL-0EvBsap1I.roa
Signing time:             Fri 14 Nov 2025 07:28:37 +0000
ROA not before:           Fri 14 Nov 2025 07:28:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29355
IP address blocks:        95.58.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/2977cb-6d42-4fab-94dc-3bf83b7e17bc/1/jeQsVg_CKLW7T0zwDt4t_ibGYws.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/2977cb-6d42-4fab-94dc-3bf83b7e17bc/1/jeQsVg_CKLW7T0zwDt4t_ibGYws.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jeQsVg_CKLW7T0zwDt4t_ibGYws.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 21:29:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:81:44:23:8b:e2:73:f0:ab:bd:2e:04:47:00:19:3c:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8de42c560fc228b5bb4f4cf00ede2dfe26c6630b
        Validity
            Not Before: Nov 14 07:28:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fa24a11f9498262889b821f22fed04bc1b1aa752
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:45:0c:a4:3a:64:16:6f:b8:f0:b8:1e:48:1c:
                    3d:b3:42:aa:0d:ef:db:23:d0:45:60:29:75:54:c3:
                    df:34:e4:69:f4:39:0a:58:1b:c3:36:61:1a:34:32:
                    48:57:2d:56:e3:74:f8:a0:ef:dd:aa:2f:a5:4a:70:
                    34:e6:5a:a1:1a:27:98:28:6d:a8:85:70:a0:d5:55:
                    a2:8a:59:8a:96:5c:9e:28:dc:82:31:4f:17:9e:48:
                    dd:bd:c6:69:a7:35:74:33:67:ec:c8:1a:c3:19:69:
                    69:00:5f:1a:19:ac:a9:d1:80:71:2b:f1:d6:a0:10:
                    d7:44:63:21:56:67:e7:bc:2f:db:28:88:5a:0b:93:
                    aa:7c:3a:51:84:ec:76:78:cf:93:eb:31:35:c6:38:
                    b3:34:f8:b7:c8:54:61:bd:45:5e:63:d4:8d:06:44:
                    de:ab:de:25:1a:da:f3:47:76:77:47:19:e4:e5:5a:
                    26:35:e5:f1:02:9e:d9:77:2f:07:82:34:a0:01:d9:
                    2a:73:98:99:b9:03:a9:e1:52:bf:d1:72:97:44:d8:
                    36:f4:f6:cd:9f:bd:fa:19:3c:eb:67:21:b3:0e:ae:
                    af:70:f4:cb:51:6b:e9:1a:ac:7a:26:1f:0d:35:a1:
                    61:28:18:be:45:1f:fa:db:22:a6:47:84:81:1c:02:
                    ab:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:24:A1:1F:94:98:26:28:89:B8:21:F2:2F:ED:04:BC:1B:1A:A7:52
            X509v3 Authority Key Identifier:
                keyid:8D:E4:2C:56:0F:C2:28:B5:BB:4F:4C:F0:0E:DE:2D:FE:26:C6:63:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jeQsVg_CKLW7T0zwDt4t_ibGYws.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/2977cb-6d42-4fab-94dc-3bf83b7e17bc/1/1-iShH5SYJiiJuCHyL-0EvBsap1I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/2977cb-6d42-4fab-94dc-3bf83b7e17bc/1/jeQsVg_CKLW7T0zwDt4t_ibGYws.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.58.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:a1:db:b8:2f:e4:b1:bc:23:e1:91:ef:d0:2f:bc:73:76:47:
         cd:d0:a2:e1:64:d0:96:e9:39:29:0f:f1:90:c9:de:1a:2e:fc:
         04:d7:d0:af:7b:35:fb:fa:d4:d8:42:a7:d0:0a:e1:ce:54:2e:
         51:20:76:f4:5a:f5:ff:af:59:35:df:66:45:a8:e8:10:9e:39:
         15:27:50:3a:c1:e4:5c:5a:ae:e3:a2:f1:91:82:98:b7:73:bb:
         79:d4:ee:79:03:69:0e:19:c7:f5:78:59:50:30:04:82:db:53:
         71:f8:49:c1:92:b7:6a:8d:ea:b0:7a:81:af:be:85:70:18:0d:
         de:7f:88:0c:64:20:7c:28:3b:24:7d:b5:0d:9b:0c:6b:37:33:
         9f:56:7d:09:52:b6:e2:3f:ad:4e:24:4a:30:9b:1c:83:08:06:
         8b:ac:03:9d:a0:aa:74:9c:54:6f:cd:4f:77:41:d7:80:4c:a4:
         2a:5d:e1:66:4d:ce:b9:f3:eb:61:99:a0:7b:85:c8:a2:d6:8a:
         4d:56:af:61:77:a0:97:c6:5b:23:85:bb:81:97:ee:e6:69:21:
         d8:93:41:56:40:e6:5b:b5:85:d4:d6:95:5e:ac:a3:14:43:52:
         a7:ab:a2:a7:27:ec:5a:e3:51:0c:61:78:56:96:5e:97:67:a2:
         5b:ff:28:3b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZqBRCOL4nPwq70uBEcAGTx+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkZTQyYzU2MGZjMjI4YjViYjRmNGNmMDBlZGUyZGZlMjZj
NjYzMGIwHhcNMjUxMTE0MDcyODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTI0YTExZjk0OTgyNjI4ODliODIxZjIyZmVkMDRiYzFiMWFhNzUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwUUMpDpkFm+48LgeSBw9s0KqDe/b
I9BFYCl1VMPfNORp9DkKWBvDNmEaNDJIVy1W43T4oO/dqi+lSnA05lqhGieYKG2o
hXCg1VWiilmKllyeKNyCMU8XnkjdvcZppzV0M2fsyBrDGWlpAF8aGayp0YBxK/HW
oBDXRGMhVmfnvC/bKIhaC5OqfDpRhOx2eM+T6zE1xjizNPi3yFRhvUVeY9SNBkTe
q94lGtrzR3Z3Rxnk5VomNeXxAp7Zdy8HgjSgAdkqc5iZuQOp4VK/0XKXRNg29PbN
n736GTzrZyGzDq6vcPTLUWvpGqx6Jh8NNaFhKBi+RR/62yKmR4SBHAKrhwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPokoR+UmCYoibgh8i/tBLwbGqdSMB8GA1UdIwQY
MBaAFI3kLFYPwii1u09M8A7eLf4mxmMLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamVRc1ZnX0NLTFc3VDB6d0R0NHRfaWJHWXdzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS8yOTc3Y2ItNmQ0Mi00ZmFiLTk0ZGMt
M2JmODNiN2UxN2JjLzEvMS1pU2hINVNZSmlpSnVDSHlMLTBFdkJzYXAxSS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMGEvMjk3N2NiLTZkNDItNGZhYi05NGRjLTNiZjgzYjdlMTdi
Yy8xL2plUXNWZ19DS0xXN1QwendEdDR0X2liR1l3cy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAF86wTAN
BgkqhkiG9w0BAQsFAAOCAQEAnKHbuC/ksbwj4ZHv0C+8c3ZHzdCi4WTQluk5KQ/x
kMneGi78BNfQr3s1+/rU2EKn0ArhzlQuUSB29Fr1/69ZNd9mRajoEJ45FSdQOsHk
XFqu46LxkYKYt3O7edTueQNpDhnH9XhZUDAEgttTcfhJwZK3ao3qsHqBr76FcBgN
3n+IDGQgfCg7JH21DZsMazczn1Z9CVK24j+tTiRKMJscgwgGi6wDnaCqdJxUb81P
d0HXgEykKl3hZk3OufPrYZmge4XIotaKTVavYXegl8ZbI4W7gZfu5mkh2JNBVkDm
W7WF1NaVXqyjFENSp6uipyfsWuNRDGF4VpZel2eiW/8oOw==
-----END CERTIFICATE-----