This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/cXInX8MThhr-Q2P_0TCbxEVEnFM.roa
File:                     cXInX8MThhr-Q2P_0TCbxEVEnFM.roa (raw, json)
Hash identifier:          58A2aZSuymaJoOD/zxSFuC/w3QnUk8DmmWAzRDbCkH8=
Subject key identifier:   71:72:27:5F:C3:13:86:1A:FE:43:63:FF:D1:30:9B:C4:45:44:9C:53
Certificate issuer:       /CN=20e425a32b62d39818c4cbb0081075686fc4c8e8
Certificate serial:       019B7B35F88BF490A8E190E1C037015B64CA
Authority key identifier: 20:E4:25:A3:2B:62:D3:98:18:C4:CB:B0:08:10:75:68:6F:C4:C8:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/cXInX8MThhr-Q2P_0TCbxEVEnFM.roa
Signing time:             Thu 01 Jan 2026 20:18:13 +0000
ROA not before:           Thu 01 Jan 2026 20:18:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211333
IP address blocks:        95.170.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 02:01:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:f8:8b:f4:90:a8:e1:90:e1:c0:37:01:5b:64:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20e425a32b62d39818c4cbb0081075686fc4c8e8
        Validity
            Not Before: Jan  1 20:18:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7172275fc313861afe4363ffd1309bc445449c53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:38:25:61:09:1b:84:11:57:5e:7f:57:fa:25:
                    ae:a4:65:1c:e5:71:98:11:58:e9:ec:4f:6c:4d:48:
                    22:97:f1:01:42:61:0b:76:b3:30:fa:c9:f8:2a:86:
                    be:ae:ff:da:bb:eb:54:e8:bc:1a:6c:7c:4a:d2:23:
                    25:40:ec:1e:9f:ec:43:c3:06:c5:b7:0a:68:71:0c:
                    a3:ed:11:53:8e:42:d7:0b:5b:21:65:2f:b4:df:0f:
                    78:da:2f:e6:1d:ea:d7:23:a4:f2:8f:27:97:ae:e7:
                    d2:6b:57:cc:95:06:d8:4d:6e:53:0a:f1:55:22:dd:
                    23:36:79:48:e3:07:f2:a6:c9:4f:0d:7c:44:2e:84:
                    66:f6:f4:95:91:c8:ae:a2:60:a6:47:11:0f:cd:e4:
                    6d:ef:34:ac:07:94:13:1c:6b:40:f6:51:c9:43:04:
                    bf:e1:da:39:06:4c:39:14:29:71:0b:4a:89:9f:c3:
                    75:c1:73:80:9d:6f:85:a0:41:32:33:f7:8e:01:d3:
                    07:d7:d9:ed:97:10:40:42:cd:82:64:bd:1a:86:b8:
                    0d:fd:a4:48:a3:bc:da:14:fe:25:52:6a:22:53:ff:
                    26:3f:d9:54:3c:d3:c8:12:b1:ab:31:a9:ff:38:92:
                    00:ba:bf:a5:00:d7:62:b2:df:fc:a4:0e:f7:42:94:
                    4f:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:72:27:5F:C3:13:86:1A:FE:43:63:FF:D1:30:9B:C4:45:44:9C:53
            X509v3 Authority Key Identifier:
                keyid:20:E4:25:A3:2B:62:D3:98:18:C4:CB:B0:08:10:75:68:6F:C4:C8:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/cXInX8MThhr-Q2P_0TCbxEVEnFM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.170.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:18:f8:31:28:18:90:d8:1d:18:36:15:b4:cc:3c:1f:ea:b0:
         6e:c6:8c:0b:de:c0:e3:4d:fb:86:ea:2e:ba:c7:8b:01:0f:d3:
         78:5a:d0:0d:b4:07:05:3c:59:97:6e:37:ca:f3:0f:5b:60:5c:
         37:2e:9e:68:e2:db:56:23:5f:f6:ce:b2:36:8e:04:5b:6f:15:
         78:3d:d6:88:85:db:23:c6:e0:3e:54:d4:58:ea:b4:65:2c:c0:
         78:a1:e8:b3:b2:de:0c:a9:72:04:50:29:38:f0:a9:ff:79:58:
         db:ca:f0:9e:07:c7:de:a0:d1:39:06:fb:53:15:2d:9a:fb:11:
         33:cf:16:23:45:81:02:15:6a:43:e6:5f:2e:52:70:32:88:b8:
         a7:c1:20:7f:78:72:0a:29:2d:1a:36:d3:4f:e4:ae:ec:b9:27:
         e1:c2:02:3b:0b:b9:56:c6:18:72:4d:da:e0:88:c8:12:87:67:
         d2:6a:41:da:cc:c7:6c:6d:6e:84:5e:84:f3:07:86:32:96:36:
         5c:ac:d9:8e:88:d4:04:71:ec:b6:bf:78:3f:04:7b:cb:94:82:
         91:90:70:6c:11:00:c7:46:c4:b4:00:ab:01:ac:b6:4e:e9:39:
         ef:93:d1:55:ae:ad:89:0d:1d:43:f6:7d:d6:df:e1:f4:5c:0a:
         48:a3:12:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NfiL9JCo4ZDhwDcBW2TKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZTQyNWEzMmI2MmQzOTgxOGM0Y2JiMDA4MTA3NTY4NmZj
NGM4ZTgwHhcNMjYwMTAxMjAxODEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTcyMjc1ZmMzMTM4NjFhZmU0MzYzZmZkMTMwOWJjNDQ1NDQ5YzUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqjglYQkbhBFXXn9X+iWupGUc5XGY
EVjp7E9sTUgil/EBQmELdrMw+sn4Koa+rv/au+tU6LwabHxK0iMlQOwen+xDwwbF
twpocQyj7RFTjkLXC1shZS+03w942i/mHerXI6TyjyeXrufSa1fMlQbYTW5TCvFV
It0jNnlI4wfypslPDXxELoRm9vSVkciuomCmRxEPzeRt7zSsB5QTHGtA9lHJQwS/
4do5Bkw5FClxC0qJn8N1wXOAnW+FoEEyM/eOAdMH19ntlxBAQs2CZL0ahrgN/aRI
o7zaFP4lUmoiU/8mP9lUPNPIErGrMan/OJIAur+lANdist/8pA73QpRPHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHFyJ1/DE4Ya/kNj/9Ewm8RFRJxTMB8GA1UdIwQY
MBaAFCDkJaMrYtOYGMTLsAgQdWhvxMjoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSU9RbG95dGkwNWdZeE11d0NCQjFhR19FeU9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9mZDhjMDEtN2I3MS00NDJjLTlhZGIt
ZWNkMjk2NWNiN2U3LzEvY1hJblg4TVRoaHItUTJQXzBUQ2J4RVZFbkZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9mZDhjMDEtN2I3MS00NDJjLTlhZGItZWNkMjk2NWNiN2U3
LzEvSU9RbG95dGkwNWdZeE11d0NCQjFhR19FeU9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX6oaMA0G
CSqGSIb3DQEBCwUAA4IBAQB7GPgxKBiQ2B0YNhW0zDwf6rBuxowL3sDjTfuG6i66
x4sBD9N4WtANtAcFPFmXbjfK8w9bYFw3Lp5o4ttWI1/2zrI2jgRbbxV4PdaIhdsj
xuA+VNRY6rRlLMB4oeizst4MqXIEUCk48Kn/eVjbyvCeB8feoNE5BvtTFS2a+xEz
zxYjRYECFWpD5l8uUnAyiLinwSB/eHIKKS0aNtNP5K7suSfhwgI7C7lWxhhyTdrg
iMgSh2fSakHazMdsbW6EXoTzB4YyljZcrNmOiNQEcey2v3g/BHvLlIKRkHBsEQDH
RsS0AKsBrLZO6Tnvk9FVrq2JDR1D9n3W3+H0XApIoxIh
-----END CERTIFICATE-----