This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/I664kINdQYZZixjAjFJ2wff1nBk.roa
File:                     I664kINdQYZZixjAjFJ2wff1nBk.roa (raw, json)
Hash identifier:          DFrf3nmCfO170wrqgfcGuszwxV4XEHBmrCGavXVsdUM=
Subject key identifier:   23:AE:B8:90:83:5D:41:86:59:8B:18:C0:8C:52:76:C1:F7:F5:9C:19
Certificate issuer:       /CN=6228e7e01fada49c1a52fa13f3626c41b41a51b8
Certificate serial:       019B7DC889BFDCAA3786B7D6B7EDFC1799CB
Authority key identifier: 62:28:E7:E0:1F:AD:A4:9C:1A:52:FA:13:F3:62:6C:41:B4:1A:51:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/I664kINdQYZZixjAjFJ2wff1nBk.roa
Signing time:             Fri 02 Jan 2026 08:17:33 +0000
ROA not before:           Fri 02 Jan 2026 08:17:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211613
IP address blocks:        95.161.92.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 05:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:c8:89:bf:dc:aa:37:86:b7:d6:b7:ed:fc:17:99:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6228e7e01fada49c1a52fa13f3626c41b41a51b8
        Validity
            Not Before: Jan  2 08:17:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=23aeb890835d4186598b18c08c5276c1f7f59c19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:90:0c:5f:d6:3c:18:83:28:9e:6b:e8:d5:29:
                    ea:52:14:30:98:c3:58:0f:c9:f3:d6:17:fb:78:5a:
                    32:48:03:c5:00:7f:cd:1b:6a:b3:e2:bf:05:72:a0:
                    db:ee:14:9e:70:6a:75:c3:7e:ed:84:87:98:82:36:
                    39:98:2d:c0:de:a1:39:ff:ab:9d:cc:84:9a:ba:59:
                    df:5f:f6:41:51:3a:b7:df:ed:df:0a:12:33:bf:e1:
                    19:d2:27:5e:c5:0e:30:95:90:75:c3:40:a0:a6:9f:
                    b9:b3:0e:65:f2:c8:5a:3b:7e:4e:3e:92:34:8c:5b:
                    b3:2a:56:ab:fc:86:c8:84:81:fe:48:c6:c8:ee:5f:
                    a2:96:cb:47:1a:7b:01:65:62:c0:62:fe:8e:39:03:
                    af:ce:ef:59:d3:eb:fa:6a:73:2d:9f:4e:d8:38:d4:
                    4b:f9:c5:d9:7d:f2:41:a2:41:ae:e8:0b:f0:9d:b1:
                    e1:a4:01:25:6f:a9:93:4d:1e:76:6b:b7:d3:94:41:
                    30:36:c9:e9:19:30:a7:ba:66:d7:ff:b2:94:a1:8b:
                    55:29:5e:fe:12:01:bf:e1:cc:73:a1:db:bb:5d:cb:
                    6f:c2:3f:48:bc:a8:44:37:6e:df:06:36:7f:7d:e4:
                    0d:6b:6a:ee:f7:c9:ba:5e:76:87:45:6b:aa:26:d1:
                    e5:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:AE:B8:90:83:5D:41:86:59:8B:18:C0:8C:52:76:C1:F7:F5:9C:19
            X509v3 Authority Key Identifier:
                keyid:62:28:E7:E0:1F:AD:A4:9C:1A:52:FA:13:F3:62:6C:41:B4:1A:51:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/I664kINdQYZZixjAjFJ2wff1nBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.161.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         36:e5:82:74:a5:ab:37:e1:21:0e:e7:92:9d:c9:e1:d6:4a:7f:
         a3:d5:b2:9f:8a:97:08:14:ac:7b:d8:2e:cd:ad:5d:54:95:b1:
         0f:83:f1:0a:60:11:18:a4:d0:56:ee:cf:e1:1d:57:47:1f:a1:
         e2:f7:7a:f6:f6:c4:23:fd:f2:e7:c8:45:69:21:6d:79:c4:44:
         5a:42:60:3e:15:b3:67:82:a7:09:58:71:99:ce:20:8c:1b:39:
         e9:a6:7b:9a:db:ca:59:12:17:2e:42:d7:c3:ce:3c:bf:c7:1e:
         be:d5:b3:57:5a:fb:0b:54:10:3d:7f:66:ee:c4:00:04:0b:d6:
         87:24:22:3a:43:f4:04:4e:31:cd:11:e8:d2:e4:eb:c5:8e:37:
         bb:1e:3a:2c:a7:6b:fb:a3:e6:e7:14:00:65:f3:f9:f6:a3:05:
         db:69:06:3c:e3:2c:75:98:a2:48:0d:63:56:c6:8b:aa:57:fd:
         77:f9:61:78:16:41:4e:41:1e:dd:96:46:a2:4f:a1:94:30:8d:
         67:7d:cb:e3:1c:1a:da:e8:54:70:fb:4b:0b:f8:92:b5:05:76:
         21:f6:85:b2:d2:96:a6:4c:65:19:b4:ac:67:1c:04:76:27:70:
         f0:f0:06:79:7d:43:31:35:96:79:ca:e7:f0:6b:a2:b7:1c:aa:
         61:44:09:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yIm/3Ko3hrfWt+38F5nLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjhlN2UwMWZhZGE0OWMxYTUyZmExM2YzNjI2YzQxYjQx
YTUxYjgwHhcNMjYwMTAyMDgxNzMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2FlYjg5MDgzNWQ0MTg2NTk4YjE4YzA4YzUyNzZjMWY3ZjU5YzE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA25AMX9Y8GIMonmvo1SnqUhQwmMNY
D8nz1hf7eFoySAPFAH/NG2qz4r8FcqDb7hSecGp1w37thIeYgjY5mC3A3qE5/6ud
zISaulnfX/ZBUTq33+3fChIzv+EZ0idexQ4wlZB1w0Cgpp+5sw5l8shaO35OPpI0
jFuzKlar/IbIhIH+SMbI7l+ilstHGnsBZWLAYv6OOQOvzu9Z0+v6anMtn07YONRL
+cXZffJBokGu6AvwnbHhpAElb6mTTR52a7fTlEEwNsnpGTCnumbX/7KUoYtVKV7+
EgG/4cxzodu7Xctvwj9IvKhEN27fBjZ/feQNa2ru98m6XnaHRWuqJtHlQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCOuuJCDXUGGWYsYwIxSdsH39ZwZMB8GA1UdIwQY
MBaAFGIo5+AfraScGlL6E/NibEG0GlG4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlqbjRCLXRwSndhVXZvVDgySnNRYlFhVWJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iYWFmZjMtYWViNC00NjE2LThmYjUt
NzY3NDE2NTI1MTBkLzEvSTY2NGtJTmRRWVpaaXhqQWpGSjJ3ZmYxbkJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iYWFmZjMtYWViNC00NjE2LThmYjUtNzY3NDE2NTI1MTBk
LzEvWWlqbjRCLXRwSndhVXZvVDgySnNRYlFhVWJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBX6FcMA0G
CSqGSIb3DQEBCwUAA4IBAQA25YJ0pas34SEO55KdyeHWSn+j1bKfipcIFKx72C7N
rV1UlbEPg/EKYBEYpNBW7s/hHVdHH6Hi93r29sQj/fLnyEVpIW15xERaQmA+FbNn
gqcJWHGZziCMGznppnua28pZEhcuQtfDzjy/xx6+1bNXWvsLVBA9f2buxAAEC9aH
JCI6Q/QETjHNEejS5OvFjje7Hjosp2v7o+bnFABl8/n2owXbaQY84yx1mKJIDWNW
xouqV/13+WF4FkFOQR7dlkaiT6GUMI1nfcvjHBra6FRw+0sL+JK1BXYh9oWy0pam
TGUZtKxnHAR2J3Dw8AZ5fUMxNZZ5yufwa6K3HKphRAkO
-----END CERTIFICATE-----