This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/gH8loGqHuQUgS7s-27j8UFtooRI.roa
File:                     gH8loGqHuQUgS7s-27j8UFtooRI.roa (raw, json)
Hash identifier:          3c/uPZsoFkC/+vu1WnVFt+9jcD0vxFLrQc/tSOZVhig=
Subject key identifier:   80:7F:25:A0:6A:87:B9:05:20:4B:BB:3E:DB:B8:FC:50:5B:68:A1:12
Certificate issuer:       /CN=4dd1b2587490ad061cb207176bdeec81a531588c
Certificate serial:       019B7AC951DFAAE24A28A44E0FAF1C5EE1D9
Authority key identifier: 4D:D1:B2:58:74:90:AD:06:1C:B2:07:17:6B:DE:EC:81:A5:31:58:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/gH8loGqHuQUgS7s-27j8UFtooRI.roa
Signing time:             Thu 01 Jan 2026 18:19:32 +0000
ROA not before:           Thu 01 Jan 2026 18:19:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42298
IP address blocks:        195.219.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c9:51:df:aa:e2:4a:28:a4:4e:0f:af:1c:5e:e1:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd1b2587490ad061cb207176bdeec81a531588c
        Validity
            Not Before: Jan  1 18:19:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=807f25a06a87b905204bbb3edbb8fc505b68a112
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:ea:9a:b8:ec:ec:f2:e6:79:ef:18:fa:09:ea:
                    cd:09:9f:ea:0c:74:bd:2e:0f:68:1e:38:dd:3a:e5:
                    97:6f:74:66:e3:13:d2:f4:83:99:bf:52:a2:e6:4b:
                    95:a9:e4:b4:4c:e9:91:20:e4:e1:c3:f0:52:58:2a:
                    c7:84:0c:d6:90:11:7d:91:ad:28:44:a9:76:dc:dc:
                    a7:9e:59:79:22:97:5d:41:dd:1e:2e:68:de:ee:dd:
                    f9:1e:d5:db:ce:b7:5d:d0:b5:63:27:e8:a9:cf:bd:
                    76:47:3f:45:03:93:f4:be:28:f9:94:c9:0a:ca:8a:
                    d6:af:b3:c3:ec:1e:ce:8c:c9:42:c6:7d:dc:7a:14:
                    4a:60:80:d0:c3:2f:bd:53:1a:05:a1:1b:1c:06:fa:
                    19:25:90:d0:7f:30:49:b9:bd:f5:aa:bc:97:b4:aa:
                    fb:52:9e:e7:73:db:df:cc:df:b1:5c:e1:db:1a:c0:
                    b1:55:ca:0c:db:b2:d8:aa:81:90:a3:0e:30:82:f6:
                    3f:d5:d4:fe:bf:73:b6:e3:df:38:b5:08:87:f4:0d:
                    c7:2e:8a:e5:c5:25:2f:de:f2:d0:d8:9a:7e:7e:85:
                    94:dc:2a:98:36:15:e8:e6:0e:9a:30:80:a1:25:28:
                    31:f5:ff:4e:3e:90:af:db:1b:9a:8d:28:c7:0e:3d:
                    88:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:7F:25:A0:6A:87:B9:05:20:4B:BB:3E:DB:B8:FC:50:5B:68:A1:12
            X509v3 Authority Key Identifier:
                keyid:4D:D1:B2:58:74:90:AD:06:1C:B2:07:17:6B:DE:EC:81:A5:31:58:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/gH8loGqHuQUgS7s-27j8UFtooRI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.219.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:24:72:34:04:09:5f:f8:48:2d:6f:2d:28:12:2d:05:2d:46:
         a5:d5:78:3a:41:4e:52:3d:ed:9a:3a:0d:8f:94:d5:80:24:5f:
         d7:04:51:49:2e:39:8a:f2:cc:d3:a0:0d:e4:f9:67:10:9a:ae:
         ac:e7:45:89:33:53:41:7a:28:0d:88:75:73:d1:26:ad:a5:12:
         ec:f4:6f:90:be:02:56:0b:ca:b8:a8:25:77:7d:18:72:1e:7c:
         0e:8d:22:88:97:55:07:55:92:36:d4:20:f3:29:13:e1:65:0a:
         a2:89:42:d2:a9:1e:c9:c5:27:80:fb:ff:42:0e:5d:05:8f:bc:
         3d:ed:24:3f:fb:39:2f:f4:b7:c7:d2:e9:f0:09:0c:32:8a:20:
         7b:9f:97:b3:56:79:29:92:14:23:4d:41:58:81:0c:08:fd:27:
         63:3c:d8:b0:31:86:df:c1:3d:26:33:8c:db:14:ae:78:60:d8:
         87:27:98:a0:52:57:aa:f4:88:47:a4:8e:17:c3:4b:48:ae:87:
         be:e9:53:d9:11:dd:8e:0b:6c:7c:04:02:77:06:03:b7:52:ca:
         5c:ae:bd:47:0d:6d:ec:8c:6e:8c:3d:44:07:15:60:4b:dd:ee:
         e5:23:59:ca:95:50:0e:74:b7:aa:da:07:6f:82:2a:38:19:52:
         00:cd:40:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yVHfquJKKKROD68cXuHZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDFiMjU4NzQ5MGFkMDYxY2IyMDcxNzZiZGVlYzgxYTUz
MTU4OGMwHhcNMjYwMTAxMTgxOTMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDdmMjVhMDZhODdiOTA1MjA0YmJiM2VkYmI4ZmM1MDViNjhhMTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAluqauOzs8uZ57xj6CerNCZ/qDHS9
Lg9oHjjdOuWXb3Rm4xPS9IOZv1Ki5kuVqeS0TOmRIOThw/BSWCrHhAzWkBF9ka0o
RKl23Nynnll5IpddQd0eLmje7t35HtXbzrdd0LVjJ+ipz712Rz9FA5P0vij5lMkK
yorWr7PD7B7OjMlCxn3cehRKYIDQwy+9UxoFoRscBvoZJZDQfzBJub31qryXtKr7
Up7nc9vfzN+xXOHbGsCxVcoM27LYqoGQow4wgvY/1dT+v3O24984tQiH9A3HLorl
xSUv3vLQ2Jp+foWU3CqYNhXo5g6aMIChJSgx9f9OPpCv2xuajSjHDj2I+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIB/JaBqh7kFIEu7Ptu4/FBbaKESMB8GA1UdIwQY
MBaAFE3Rslh0kK0GHLIHF2ve7IGlMViMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRHeVdIU1FyUVljc2djWGE5N3NnYVV4V0l3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8wMWQyYWYtMWYyMS00YjgwLWI2NjUt
ZGI0NjNjNWZiMGI0LzEvZ0g4bG9HcUh1UVVnUzdzLTI3ajhVRnRvb1JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8wMWQyYWYtMWYyMS00YjgwLWI2NjUtZGI0NjNjNWZiMGI0
LzEvVGRHeVdIU1FyUVljc2djWGE5N3NnYVV4V0l3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9sqMA0G
CSqGSIb3DQEBCwUAA4IBAQB+JHI0BAlf+Egtby0oEi0FLUal1Xg6QU5SPe2aOg2P
lNWAJF/XBFFJLjmK8szToA3k+WcQmq6s50WJM1NBeigNiHVz0SatpRLs9G+QvgJW
C8q4qCV3fRhyHnwOjSKIl1UHVZI21CDzKRPhZQqiiULSqR7JxSeA+/9CDl0Fj7w9
7SQ/+zkv9LfH0unwCQwyiiB7n5ezVnkpkhQjTUFYgQwI/SdjPNiwMYbfwT0mM4zb
FK54YNiHJ5igUleq9IhHpI4Xw0tIroe+6VPZEd2OC2x8BAJ3BgO3Uspcrr1HDW3s
jG6MPUQHFWBL3e7lI1nKlVAOdLeq2gdvgio4GVIAzUDX
-----END CERTIFICATE-----