This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/d5e5cb-5b27-47f6-8acb-0350787225c8/1/FZljvcxVC3KvOuVQwDjBOz6vLKQ.roa
File:                     FZljvcxVC3KvOuVQwDjBOz6vLKQ.roa (raw, json)
Hash identifier:          kpnpQoylGbXqrj/XYTN9KcgWeq6V6Ko8315VlpltUrA=
Subject key identifier:   15:99:63:BD:CC:55:0B:72:AF:3A:E5:50:C0:38:C1:3B:3E:AF:2C:A4
Certificate issuer:       /CN=bc903403c20a6cdb22366cc7acf48e9f99be34ff
Certificate serial:       019B7F154555039F8CD1FDC6F452841DE7B8
Authority key identifier: BC:90:34:03:C2:0A:6C:DB:22:36:6C:C7:AC:F4:8E:9F:99:BE:34:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vJA0A8IKbNsiNmzHrPSOn5m-NP8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/d5e5cb-5b27-47f6-8acb-0350787225c8/1/FZljvcxVC3KvOuVQwDjBOz6vLKQ.roa
Signing time:             Fri 02 Jan 2026 14:20:59 +0000
ROA not before:           Fri 02 Jan 2026 14:20:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39385
IP address blocks:        195.254.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/d5e5cb-5b27-47f6-8acb-0350787225c8/1/vJA0A8IKbNsiNmzHrPSOn5m-NP8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/d5e5cb-5b27-47f6-8acb-0350787225c8/1/vJA0A8IKbNsiNmzHrPSOn5m-NP8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vJA0A8IKbNsiNmzHrPSOn5m-NP8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 11:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:45:55:03:9f:8c:d1:fd:c6:f4:52:84:1d:e7:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc903403c20a6cdb22366cc7acf48e9f99be34ff
        Validity
            Not Before: Jan  2 14:20:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=159963bdcc550b72af3ae550c038c13b3eaf2ca4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:a3:4c:db:d5:b5:b4:9d:bb:ea:52:f2:f3:cf:
                    6e:36:4c:47:b6:0d:95:31:ca:13:ac:8f:0b:b9:61:
                    12:ab:df:df:66:67:ae:03:83:ef:32:cf:53:d0:f4:
                    0e:5a:c3:bb:2a:b1:ca:b4:2b:49:1e:48:47:0a:8c:
                    b9:43:69:ff:b5:0d:31:e7:f6:26:cc:df:f8:92:d9:
                    a8:8e:00:99:07:12:43:18:f6:c1:65:8e:f2:17:84:
                    fc:77:5a:d2:72:03:d4:df:02:eb:b7:50:fc:30:fa:
                    98:57:32:02:8c:87:a9:43:23:fb:1a:5c:cb:e4:4a:
                    8f:d2:ec:de:bc:0c:60:29:42:db:b7:e4:b2:ba:1e:
                    00:0e:cd:f4:c5:f9:f4:3f:59:59:a1:4d:fc:be:e3:
                    51:82:d0:df:85:ea:89:6a:b9:d6:7a:91:58:b7:18:
                    6f:33:be:30:0a:81:67:ef:c6:51:a2:4a:94:17:cd:
                    57:66:a5:00:6f:b1:0b:2f:07:29:41:79:75:d3:40:
                    1f:03:a4:c9:b5:75:6a:4e:b3:4e:e8:5a:4a:20:cc:
                    70:6b:aa:58:fa:42:43:f3:d7:4c:b9:f4:90:ba:c2:
                    98:75:c9:c5:65:16:f3:05:2b:b8:72:db:bb:21:62:
                    63:aa:57:56:5b:c8:5f:8a:ae:86:dc:03:ac:4d:09:
                    62:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:99:63:BD:CC:55:0B:72:AF:3A:E5:50:C0:38:C1:3B:3E:AF:2C:A4
            X509v3 Authority Key Identifier:
                keyid:BC:90:34:03:C2:0A:6C:DB:22:36:6C:C7:AC:F4:8E:9F:99:BE:34:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vJA0A8IKbNsiNmzHrPSOn5m-NP8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/d5e5cb-5b27-47f6-8acb-0350787225c8/1/FZljvcxVC3KvOuVQwDjBOz6vLKQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/d5e5cb-5b27-47f6-8acb-0350787225c8/1/vJA0A8IKbNsiNmzHrPSOn5m-NP8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.254.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:c3:c8:82:e0:a4:42:78:63:77:a9:63:39:12:27:84:cb:35:
         16:5d:87:c7:32:d6:19:19:bd:75:bf:3e:fe:7e:0e:8a:f1:c0:
         59:73:8e:9a:d1:7e:0d:69:1a:81:8c:ac:33:99:a2:15:92:81:
         04:3f:82:23:69:dc:fe:4f:a9:22:41:73:82:31:3b:51:a7:16:
         53:6a:5e:cb:7a:27:a0:29:32:0f:9c:9e:f1:e0:81:39:39:19:
         66:6e:68:51:52:e9:8e:d0:b8:34:b2:e5:e8:de:fb:c1:38:09:
         55:1c:b7:9d:92:ca:31:bd:2e:cd:5d:08:5f:42:b9:ff:5c:50:
         26:48:b1:2e:31:9f:1c:99:46:c6:dd:b2:8a:47:c9:45:b2:61:
         9e:f4:5b:41:d9:47:dc:c3:00:1a:d4:c0:08:49:9e:11:0b:da:
         46:38:08:62:8c:7c:a4:68:48:e4:71:7b:e4:3d:dc:39:01:be:
         7b:05:c0:74:83:35:cf:fc:fe:6b:6e:74:87:af:6d:55:6a:1a:
         c0:d1:6e:31:17:fb:b8:b5:6c:3e:5d:70:fa:aa:f2:38:ab:8d:
         56:93:88:76:f3:82:ef:fb:7e:15:4b:93:04:4d:3c:b3:b5:14:
         02:c7:1f:d8:21:74:ae:f5:5c:f2:65:12:18:75:39:e7:2e:5c:
         7f:25:c4:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FUVVA5+M0f3G9FKEHee4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjOTAzNDAzYzIwYTZjZGIyMjM2NmNjN2FjZjQ4ZTlmOTli
ZTM0ZmYwHhcNMjYwMTAyMTQyMDU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTk5NjNiZGNjNTUwYjcyYWYzYWU1NTBjMDM4YzEzYjNlYWYyY2E0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsKNM29W1tJ276lLy889uNkxHtg2V
McoTrI8LuWESq9/fZmeuA4PvMs9T0PQOWsO7KrHKtCtJHkhHCoy5Q2n/tQ0x5/Ym
zN/4ktmojgCZBxJDGPbBZY7yF4T8d1rScgPU3wLrt1D8MPqYVzICjIepQyP7GlzL
5EqP0uzevAxgKULbt+Syuh4ADs30xfn0P1lZoU38vuNRgtDfheqJarnWepFYtxhv
M74wCoFn78ZRokqUF81XZqUAb7ELLwcpQXl100AfA6TJtXVqTrNO6FpKIMxwa6pY
+kJD89dMufSQusKYdcnFZRbzBSu4ctu7IWJjqldWW8hfiq6G3AOsTQlipQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBWZY73MVQtyrzrlUMA4wTs+ryykMB8GA1UdIwQY
MBaAFLyQNAPCCmzbIjZsx6z0jp+ZvjT/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkpBMEE4SUtiTnNpTm16SHJQU09uNW0tTlA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9kNWU1Y2ItNWIyNy00N2Y2LThhY2It
MDM1MDc4NzIyNWM4LzEvRlpsanZjeFZDM0t2T3VWUXdEakJPejZ2TEtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9kNWU1Y2ItNWIyNy00N2Y2LThhY2ItMDM1MDc4NzIyNWM4
LzEvdkpBMEE4SUtiTnNpTm16SHJQU09uNW0tTlA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/6FMA0G
CSqGSIb3DQEBCwUAA4IBAQCNw8iC4KRCeGN3qWM5EieEyzUWXYfHMtYZGb11vz7+
fg6K8cBZc46a0X4NaRqBjKwzmaIVkoEEP4Ijadz+T6kiQXOCMTtRpxZTal7Leieg
KTIPnJ7x4IE5ORlmbmhRUumO0Lg0suXo3vvBOAlVHLedksoxvS7NXQhfQrn/XFAm
SLEuMZ8cmUbG3bKKR8lFsmGe9FtB2UfcwwAa1MAISZ4RC9pGOAhijHykaEjkcXvk
Pdw5Ab57BcB0gzXP/P5rbnSHr21VahrA0W4xF/u4tWw+XXD6qvI4q41Wk4h284Lv
+34VS5METTyztRQCxx/YIXSu9VzyZRIYdTnnLlx/JcQv
-----END CERTIFICATE-----