This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/usru7aF7Qk_ffJeQ0EFKoc4fUuc.roa
File:                     usru7aF7Qk_ffJeQ0EFKoc4fUuc.roa (raw, json)
Hash identifier:          qkaoKI1z1JM17/6IOkvgSikXMOdggPM7AMM3gUDHAdM=
Subject key identifier:   BA:CA:EE:ED:A1:7B:42:4F:DF:7C:97:90:D0:41:4A:A1:CE:1F:52:E7
Certificate issuer:       /CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
Certificate serial:       019B79100CE901769ABAB6AA128F46CDE28D
Authority key identifier: 2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/usru7aF7Qk_ffJeQ0EFKoc4fUuc.roa
Signing time:             Thu 01 Jan 2026 10:17:33 +0000
ROA not before:           Thu 01 Jan 2026 10:17:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215802
IP address blocks:        188.95.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:0c:e9:01:76:9a:ba:b6:aa:12:8f:46:cd:e2:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
        Validity
            Not Before: Jan  1 10:17:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bacaeeeda17b424fdf7c9790d0414aa1ce1f52e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:56:1f:62:c6:9f:04:e7:29:27:a3:38:06:84:
                    22:23:fa:1b:ae:2e:ee:d2:ae:2e:67:ad:ca:91:4b:
                    91:14:e8:30:36:bc:81:71:35:aa:0e:3c:88:16:1a:
                    ce:e5:74:bd:78:10:0a:44:a3:8f:57:a0:58:d7:5b:
                    be:10:e3:69:d2:b2:2c:85:09:02:f7:35:f0:0c:2b:
                    16:d9:df:92:ae:a5:ce:87:87:6d:e3:9b:38:c5:0f:
                    82:40:59:8b:6c:38:87:e2:01:05:a0:56:8a:c2:a5:
                    42:18:f5:c2:ba:58:c4:c8:a8:d3:da:3f:a9:a6:c8:
                    ab:8e:bf:21:3b:f5:d4:d6:88:f9:fd:eb:fe:49:96:
                    e3:de:c7:41:31:44:01:0d:c7:ee:a8:c4:8c:aa:a8:
                    1e:bc:52:51:ca:2e:fc:e6:7d:7d:b3:a6:c0:12:2f:
                    7f:8f:72:f2:78:13:59:cb:0f:39:fb:a1:35:a6:5c:
                    18:5d:80:2b:1f:46:b9:cb:ba:d9:d8:ec:02:00:a8:
                    09:51:96:47:04:53:67:a9:60:4a:80:e1:7e:e3:b5:
                    0d:bd:0a:44:0b:b8:de:64:dd:8a:9d:97:c8:89:4f:
                    e9:3b:b4:46:51:37:e5:c6:28:1c:3e:6b:dd:6c:e3:
                    2f:89:3c:88:b1:8c:4a:1e:8f:ca:24:b0:df:70:58:
                    7b:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:CA:EE:ED:A1:7B:42:4F:DF:7C:97:90:D0:41:4A:A1:CE:1F:52:E7
            X509v3 Authority Key Identifier:
                keyid:2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/usru7aF7Qk_ffJeQ0EFKoc4fUuc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.95.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:f9:73:da:96:6b:91:38:3f:62:38:4f:20:9c:b0:7d:81:83:
         14:37:1c:ed:95:25:97:e1:aa:cf:72:54:2b:ab:d4:7f:4a:9b:
         3a:e1:eb:65:cb:40:38:f0:4b:e3:1b:65:75:bd:fb:09:15:8f:
         8d:cb:de:1c:57:c8:ac:30:8b:b2:87:44:32:3b:6d:b3:e4:b1:
         4a:04:1e:13:0d:13:b0:f6:c7:84:ac:11:00:e3:fd:44:f3:7a:
         13:87:e7:7e:40:86:53:e7:58:2a:97:cc:56:36:5b:a2:97:bf:
         e1:2b:42:be:c0:b2:59:34:2a:31:80:97:15:98:04:ee:1e:d7:
         cc:74:c1:41:d5:64:8c:00:29:9f:f2:74:08:95:7a:1b:5e:1d:
         65:72:4e:0c:b8:e9:7e:ab:80:74:90:03:50:ee:1f:c7:fa:e5:
         6d:54:e3:5a:28:b8:34:a5:ea:4e:b0:94:0e:08:c1:c2:bd:f8:
         7d:fc:dc:f5:fe:bf:ab:a3:cb:c2:aa:c5:f4:c8:76:69:f9:13:
         71:53:c2:80:75:35:3c:83:d8:46:2d:63:0b:ed:05:87:ca:10:
         68:e0:15:5a:f4:c1:97:da:27:e2:39:33:37:f0:65:75:9f:d4:
         ca:4e:c7:e6:53:01:0f:e6:0d:71:bd:6b:d2:47:a0:f1:4c:56:
         df:f8:aa:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EAzpAXaauraqEo9GzeKNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmOTNkM2JhMTk3ZjVjZTMwOThiZmE3NzAwYjQzODU0ZWFh
ODBlOWUwHhcNMjYwMTAxMTAxNzMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWNhZWVlZGExN2I0MjRmZGY3Yzk3OTBkMDQxNGFhMWNlMWY1MmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5FYfYsafBOcpJ6M4BoQiI/obri7u
0q4uZ63KkUuRFOgwNryBcTWqDjyIFhrO5XS9eBAKRKOPV6BY11u+EONp0rIshQkC
9zXwDCsW2d+SrqXOh4dt45s4xQ+CQFmLbDiH4gEFoFaKwqVCGPXCuljEyKjT2j+p
psirjr8hO/XU1oj5/ev+SZbj3sdBMUQBDcfuqMSMqqgevFJRyi785n19s6bAEi9/
j3LyeBNZyw85+6E1plwYXYArH0a5y7rZ2OwCAKgJUZZHBFNnqWBKgOF+47UNvQpE
C7jeZN2KnZfIiU/pO7RGUTflxigcPmvdbOMviTyIsYxKHo/KJLDfcFh7aQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLrK7u2he0JP33yXkNBBSqHOH1LnMB8GA1UdIwQY
MBaAFC+T07oZf1zjCYv6dwC0OFTqqA6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUt
OWU3MWRjMjRhNjgzLzEvdXNydTdhRjdRa19mZkplUTBFRktvYzRmVXVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUtOWU3MWRjMjRhNjgz
LzEvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvF9fMA0G
CSqGSIb3DQEBCwUAA4IBAQAg+XPalmuROD9iOE8gnLB9gYMUNxztlSWX4arPclQr
q9R/Sps64etly0A48EvjG2V1vfsJFY+Ny94cV8isMIuyh0QyO22z5LFKBB4TDROw
9seErBEA4/1E83oTh+d+QIZT51gql8xWNluil7/hK0K+wLJZNCoxgJcVmATuHtfM
dMFB1WSMACmf8nQIlXobXh1lck4MuOl+q4B0kANQ7h/H+uVtVONaKLg0pepOsJQO
CMHCvfh9/Nz1/r+ro8vCqsX0yHZp+RNxU8KAdTU8g9hGLWML7QWHyhBo4BVa9MGX
2ifiOTM38GV1n9TKTsfmUwEP5g1xvWvSR6DxTFbf+KoZ
-----END CERTIFICATE-----