This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/5dAVtaJIi1EXqqYU5USv7fZXPs4.roa
File:                     5dAVtaJIi1EXqqYU5USv7fZXPs4.roa (raw, json)
Hash identifier:          F+ZaLmkSoDDXKvEZfC55Pqn2Kegitmab6UvzlFAoMLA=
Subject key identifier:   E5:D0:15:B5:A2:48:8B:51:17:AA:A6:14:E5:44:AF:ED:F6:57:3E:CE
Certificate issuer:       /CN=1319f052bc9e7284888074390c9d0bc127606692
Certificate serial:       019B7CEE644DCC3604298DAFF7957FCCF31A
Authority key identifier: 13:19:F0:52:BC:9E:72:84:88:80:74:39:0C:9D:0B:C1:27:60:66:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExnwUryecoSIgHQ5DJ0LwSdgZpI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/5dAVtaJIi1EXqqYU5USv7fZXPs4.roa
Signing time:             Fri 02 Jan 2026 04:19:16 +0000
ROA not before:           Fri 02 Jan 2026 04:19:16 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199130
IP address blocks:        195.23.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/ExnwUryecoSIgHQ5DJ0LwSdgZpI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/ExnwUryecoSIgHQ5DJ0LwSdgZpI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExnwUryecoSIgHQ5DJ0LwSdgZpI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 10:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ee:64:4d:cc:36:04:29:8d:af:f7:95:7f:cc:f3:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1319f052bc9e7284888074390c9d0bc127606692
        Validity
            Not Before: Jan  2 04:19:16 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e5d015b5a2488b5117aaa614e544afedf6573ece
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:c8:3f:fa:e6:79:bc:fe:f0:35:4e:a8:88:c7:
                    2a:29:c7:6a:92:28:d3:46:f4:1b:8b:74:36:08:d9:
                    2b:07:ab:fb:05:58:44:c4:2c:f6:8c:4d:2c:38:ab:
                    e5:1e:16:86:7d:6f:6d:d6:e2:9c:1f:8e:40:e5:c0:
                    68:50:12:f4:11:38:94:d6:da:a1:80:ca:36:04:96:
                    14:0f:85:a6:b9:25:a5:12:af:64:c3:ef:23:96:96:
                    1a:cb:88:35:27:c6:c7:a6:57:0a:4d:3f:af:ec:dc:
                    7d:02:fc:2c:f9:89:8f:f6:25:e8:4d:92:64:f7:63:
                    4e:16:31:36:fd:12:b7:a1:ca:24:4d:61:5e:b4:b6:
                    fc:71:7c:1e:4d:60:c5:ef:fd:dc:c3:8b:a2:26:ec:
                    26:ae:68:e2:82:28:2e:e3:95:ec:54:e2:d6:74:1e:
                    34:73:22:15:80:df:c8:0b:63:9d:66:f7:7a:27:e9:
                    f2:63:4f:51:aa:f1:3c:58:0d:d0:27:41:2d:f4:56:
                    98:bf:1a:f8:96:a7:87:e0:4a:53:2a:17:ad:59:20:
                    25:a5:8f:d1:65:92:52:18:db:d4:80:2a:ca:21:b9:
                    2a:42:3a:a1:ff:c2:6b:79:be:11:51:56:b0:30:b6:
                    65:33:15:4a:a5:ff:71:05:e8:ce:9d:80:ee:16:e8:
                    37:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:D0:15:B5:A2:48:8B:51:17:AA:A6:14:E5:44:AF:ED:F6:57:3E:CE
            X509v3 Authority Key Identifier:
                keyid:13:19:F0:52:BC:9E:72:84:88:80:74:39:0C:9D:0B:C1:27:60:66:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExnwUryecoSIgHQ5DJ0LwSdgZpI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/5dAVtaJIi1EXqqYU5USv7fZXPs4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/ExnwUryecoSIgHQ5DJ0LwSdgZpI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.23.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:fa:79:76:5f:68:16:25:86:32:9c:a3:26:0f:78:e4:d7:da:
         3c:7a:99:e6:cb:d1:81:82:3a:b7:9d:48:0f:b4:69:df:bb:6b:
         79:ae:4b:24:2d:99:7c:f5:68:cb:e8:56:54:d1:92:d1:7f:18:
         a4:87:1d:9c:55:96:61:40:a6:df:71:e1:48:a0:3b:e1:e0:c7:
         78:20:50:05:c5:85:43:58:3a:f1:47:d2:d7:c5:c2:3a:3c:eb:
         bd:62:fb:18:94:99:b0:7b:06:69:86:08:be:ab:65:57:94:0e:
         0f:4f:5a:60:6c:74:69:ba:72:3d:5b:03:87:65:f6:22:0e:33:
         95:18:16:af:2f:f1:78:a4:fa:23:0d:37:de:93:ea:64:8d:26:
         59:d5:5b:96:97:ea:87:a1:f4:5c:30:79:4c:6c:c3:d4:51:81:
         e0:69:8f:a5:e3:5d:1f:19:94:76:59:f1:25:bd:fb:96:81:bb:
         59:87:6e:b2:a3:5b:ea:d5:c1:a5:08:b6:d5:69:33:ac:03:ae:
         4c:db:0e:31:10:0e:11:73:93:b7:f3:2e:62:74:90:51:3f:2e:
         0f:22:f6:7d:59:40:d7:16:91:ac:4f:d0:a5:6c:91:6e:cf:b1:
         c4:93:e3:13:ee:97:9a:69:e0:dd:28:c5:b9:06:a4:c2:57:96:
         3d:1c:be:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87mRNzDYEKY2v95V/zPMaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTlmMDUyYmM5ZTcyODQ4ODgwNzQzOTBjOWQwYmMxMjc2
MDY2OTIwHhcNMjYwMTAyMDQxOTE2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWQwMTViNWEyNDg4YjUxMTdhYWE2MTRlNTQ0YWZlZGY2NTczZWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4cg/+uZ5vP7wNU6oiMcqKcdqkijT
RvQbi3Q2CNkrB6v7BVhExCz2jE0sOKvlHhaGfW9t1uKcH45A5cBoUBL0ETiU1tqh
gMo2BJYUD4WmuSWlEq9kw+8jlpYay4g1J8bHplcKTT+v7Nx9Avws+YmP9iXoTZJk
92NOFjE2/RK3ocokTWFetLb8cXweTWDF7/3cw4uiJuwmrmjigigu45XsVOLWdB40
cyIVgN/IC2OdZvd6J+nyY09RqvE8WA3QJ0Et9FaYvxr4lqeH4EpTKhetWSAlpY/R
ZZJSGNvUgCrKIbkqQjqh/8Jreb4RUVawMLZlMxVKpf9xBejOnYDuFug3gQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOXQFbWiSItRF6qmFOVEr+32Vz7OMB8GA1UdIwQY
MBaAFBMZ8FK8nnKEiIB0OQydC8EnYGaSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhud1VyeWVjb1NJZ0hRNURKMEx3U2RnWnBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9kNWJiY2UtNDIyMC00ZWM0LThhZjUt
MmMxYTc3MzBiZDI1LzEvNWRBVnRhSklpMUVYcXFZVTVVU3Y3ZlpYUHM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9kNWJiY2UtNDIyMC00ZWM0LThhZjUtMmMxYTc3MzBiZDI1
LzEvRXhud1VyeWVjb1NJZ0hRNURKMEx3U2RnWnBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwxdiMA0G
CSqGSIb3DQEBCwUAA4IBAQCA+nl2X2gWJYYynKMmD3jk19o8epnmy9GBgjq3nUgP
tGnfu2t5rkskLZl89WjL6FZU0ZLRfxikhx2cVZZhQKbfceFIoDvh4Md4IFAFxYVD
WDrxR9LXxcI6POu9YvsYlJmwewZphgi+q2VXlA4PT1pgbHRpunI9WwOHZfYiDjOV
GBavL/F4pPojDTfek+pkjSZZ1VuWl+qHofRcMHlMbMPUUYHgaY+l410fGZR2WfEl
vfuWgbtZh26yo1vq1cGlCLbVaTOsA65M2w4xEA4Rc5O38y5idJBRPy4PIvZ9WUDX
FpGsT9ClbJFuz7HEk+MT7peaaeDdKMW5BqTCV5Y9HL7l
-----END CERTIFICATE-----