This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/oy53UV29ZxGHyA7mlLseXZBnge8.roa
File:                     oy53UV29ZxGHyA7mlLseXZBnge8.roa (raw, json)
Hash identifier:          zmREFQtkqLZ8wJLGEuvGnLyo+ZygeKXKKyJIbyBcMM4=
Subject key identifier:   A3:2E:77:51:5D:BD:67:11:87:C8:0E:E6:94:BB:1E:5D:90:67:81:EF
Certificate issuer:       /CN=ba9d30e6035be8b8386061f271481c707e04ce2b
Certificate serial:       019B76EB88A6DFDD01A079A50191BF87245A
Authority key identifier: BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/oy53UV29ZxGHyA7mlLseXZBnge8.roa
Signing time:             Thu 01 Jan 2026 00:18:25 +0000
ROA not before:           Thu 01 Jan 2026 00:18:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60027
IP address blocks:        195.214.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 18:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:88:a6:df:dd:01:a0:79:a5:01:91:bf:87:24:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba9d30e6035be8b8386061f271481c707e04ce2b
        Validity
            Not Before: Jan  1 00:18:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a32e77515dbd671187c80ee694bb1e5d906781ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:6c:94:4a:13:95:e3:f5:90:96:09:52:51:3a:
                    2e:d9:ed:5b:97:22:03:6e:1a:93:d8:a6:4d:8e:00:
                    7a:44:b3:72:a2:7b:6b:0e:94:84:2b:95:9f:ab:c5:
                    c5:da:52:2c:10:97:f8:e6:20:d0:38:5e:7f:27:34:
                    28:bc:9a:ee:99:e3:ed:e1:f0:b2:84:2d:72:bc:36:
                    e3:02:71:e0:b4:d5:57:f2:66:5c:30:d0:79:b4:fc:
                    be:de:7d:c0:af:5c:34:89:cf:31:63:10:f9:28:a9:
                    93:5d:42:08:57:83:af:79:5c:72:ca:3f:82:91:50:
                    9e:91:d8:82:40:66:4d:a7:a0:8b:b6:a1:d1:0b:97:
                    f6:06:ec:5b:fb:88:47:4a:e1:10:08:9f:ec:e6:8e:
                    64:b7:2f:ce:6f:09:53:03:75:e2:19:83:50:47:11:
                    c8:52:2f:19:87:a3:f2:85:0a:ab:d8:d1:1e:c4:3a:
                    f8:a1:6d:d8:d2:f1:04:83:c6:57:fd:f0:02:7e:e7:
                    e5:7d:02:ea:b9:19:48:ae:03:d1:5e:18:a0:3d:8a:
                    df:82:30:02:ba:b4:f5:8e:63:2a:ff:08:3a:76:2f:
                    2e:7c:e1:c7:29:f2:e2:28:5d:d5:a8:06:3c:c5:20:
                    c2:f7:f8:af:f0:e7:cb:ee:9c:fd:73:b3:11:12:68:
                    a4:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:2E:77:51:5D:BD:67:11:87:C8:0E:E6:94:BB:1E:5D:90:67:81:EF
            X509v3 Authority Key Identifier:
                keyid:BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/oy53UV29ZxGHyA7mlLseXZBnge8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.214.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:78:3c:2a:d1:0c:d7:97:be:f3:d9:86:42:ad:51:e2:c6:75:
         98:fe:52:d4:e9:62:ec:f6:cd:66:e6:45:4d:36:c9:4d:21:80:
         93:bc:5d:44:78:3e:d9:13:9f:a6:f9:c9:5f:49:0b:4c:68:e4:
         b6:a2:5d:eb:ce:5c:31:93:7e:9b:dc:b6:44:ac:5d:e1:a2:03:
         68:73:40:b7:a2:7d:92:34:cd:c8:fe:02:21:2c:95:cb:e6:4b:
         7c:4d:84:04:7b:6c:e2:36:e2:17:7c:e1:5d:fa:eb:22:08:5d:
         6f:19:79:03:76:06:94:22:c4:93:8c:ad:8e:a3:ea:f3:c2:c2:
         3f:27:9e:35:4e:57:fc:0a:3b:b7:c3:91:6d:07:9a:95:a2:66:
         5f:c8:28:a5:80:c9:54:52:7b:86:68:98:10:f6:22:87:e5:e2:
         85:e9:5d:a2:e9:34:41:2f:ac:ec:60:a7:69:82:50:e6:f5:aa:
         04:03:2a:72:e2:3d:c8:c6:9e:84:2a:db:3d:2e:31:19:96:5a:
         13:4b:de:c6:38:b3:db:54:96:2f:ae:f2:97:71:ed:1d:84:6a:
         2e:20:30:f1:c4:0a:88:89:28:d2:6a:d5:d7:c8:e6:b9:ae:5d:
         57:68:f0:8f:cb:5b:0e:03:f5:ef:2d:e3:88:5f:7d:0f:bd:fa:
         f2:45:6f:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt264im390BoHmlAZG/hyRaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhOWQzMGU2MDM1YmU4YjgzODYwNjFmMjcxNDgxYzcwN2Uw
NGNlMmIwHhcNMjYwMTAxMDAxODI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzJlNzc1MTVkYmQ2NzExODdjODBlZTY5NGJiMWU1ZDkwNjc4MWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxGyUShOV4/WQlglSUTou2e1blyID
bhqT2KZNjgB6RLNyontrDpSEK5Wfq8XF2lIsEJf45iDQOF5/JzQovJrumePt4fCy
hC1yvDbjAnHgtNVX8mZcMNB5tPy+3n3Ar1w0ic8xYxD5KKmTXUIIV4OveVxyyj+C
kVCekdiCQGZNp6CLtqHRC5f2Buxb+4hHSuEQCJ/s5o5kty/ObwlTA3XiGYNQRxHI
Ui8Zh6PyhQqr2NEexDr4oW3Y0vEEg8ZX/fACfuflfQLquRlIrgPRXhigPYrfgjAC
urT1jmMq/wg6di8ufOHHKfLiKF3VqAY8xSDC9/iv8OfL7pz9c7MREmikkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKMud1FdvWcRh8gO5pS7Hl2QZ4HvMB8GA1UdIwQY
MBaAFLqdMOYDW+i4OGBh8nFIHHB+BM4rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgt
NWQ1ODRmYmM1ZDI3LzEvb3k1M1VWMjlaeEdIeUE3bWxMc2VYWkJuZ2U4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgtNWQ1ODRmYmM1ZDI3
LzEvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9aaMA0G
CSqGSIb3DQEBCwUAA4IBAQB/eDwq0QzXl77z2YZCrVHixnWY/lLU6WLs9s1m5kVN
NslNIYCTvF1EeD7ZE5+m+clfSQtMaOS2ol3rzlwxk36b3LZErF3hogNoc0C3on2S
NM3I/gIhLJXL5kt8TYQEe2ziNuIXfOFd+usiCF1vGXkDdgaUIsSTjK2Oo+rzwsI/
J541Tlf8Cju3w5FtB5qVomZfyCilgMlUUnuGaJgQ9iKH5eKF6V2i6TRBL6zsYKdp
glDm9aoEAypy4j3Ixp6EKts9LjEZlloTS97GOLPbVJYvrvKXce0dhGouIDDxxAqI
iSjSatXXyOa5rl1XaPCPy1sOA/XvLeOIX30PvfryRW9y
-----END CERTIFICATE-----