This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/beb29d-f0ee-407a-9702-6e13ccbf4906/1/XBuxFynVvxh8UiT_tJkPmhYk_oA.roa
File:                     XBuxFynVvxh8UiT_tJkPmhYk_oA.roa (raw, json)
Hash identifier:          +W6/Wvk2I7PSxm+f/mLqDUSHpVa25RlpWluuWkH/7C8=
Subject key identifier:   5C:1B:B1:17:29:D5:BF:18:7C:52:24:FF:B4:99:0F:9A:16:24:FE:80
Certificate issuer:       /CN=87e64170f9d82c51670b9a44f329b20613a8082d
Certificate serial:       019B7EA74D635452BB0DD7DFE4C21C182F5A
Authority key identifier: 87:E6:41:70:F9:D8:2C:51:67:0B:9A:44:F3:29:B2:06:13:A8:08:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h-ZBcPnYLFFnC5pE8ymyBhOoCC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/beb29d-f0ee-407a-9702-6e13ccbf4906/1/XBuxFynVvxh8UiT_tJkPmhYk_oA.roa
Signing time:             Fri 02 Jan 2026 12:20:52 +0000
ROA not before:           Fri 02 Jan 2026 12:20:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34766
IP address blocks:        195.72.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/beb29d-f0ee-407a-9702-6e13ccbf4906/1/h-ZBcPnYLFFnC5pE8ymyBhOoCC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/beb29d-f0ee-407a-9702-6e13ccbf4906/1/h-ZBcPnYLFFnC5pE8ymyBhOoCC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h-ZBcPnYLFFnC5pE8ymyBhOoCC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a7:4d:63:54:52:bb:0d:d7:df:e4:c2:1c:18:2f:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=87e64170f9d82c51670b9a44f329b20613a8082d
        Validity
            Not Before: Jan  2 12:20:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5c1bb11729d5bf187c5224ffb4990f9a1624fe80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:e6:56:e4:23:1f:6a:8f:40:0c:ff:57:61:4b:
                    b9:88:60:2f:a3:37:43:b8:01:85:11:ed:99:ba:01:
                    f1:a4:bb:61:4f:20:94:50:3d:6f:c6:de:6f:da:7a:
                    86:03:74:de:ed:d7:43:cb:a4:bc:5f:58:0d:e5:56:
                    9f:2c:f6:83:a2:ab:64:be:79:47:ff:6f:eb:60:29:
                    4f:28:91:f6:48:ec:a4:2f:62:60:fa:2e:05:a8:cb:
                    97:fa:40:18:03:d8:d9:85:ed:08:75:2b:01:b8:60:
                    f6:18:8a:0b:10:d4:d4:2c:88:d8:d2:85:fd:60:79:
                    19:ae:62:73:f9:4f:7f:e5:5f:6b:19:d8:a1:fc:c5:
                    14:77:e4:a7:15:37:f7:ed:57:ae:45:1f:fe:8a:e2:
                    81:cf:e6:6e:b8:48:29:48:b8:33:70:91:e9:b8:0a:
                    21:7b:7e:5d:fa:20:c6:3d:75:06:7f:cf:8c:a1:00:
                    68:f8:17:e0:d9:89:43:d8:e3:02:1a:af:b0:46:41:
                    2a:b0:ad:87:56:cb:53:71:e0:cf:0c:08:35:15:59:
                    b2:74:06:49:a0:c5:ae:9d:42:88:7b:2e:05:cb:42:
                    d0:b4:da:3a:99:a3:59:c6:fc:1e:7b:e6:13:72:98:
                    5b:b4:2e:86:8d:8c:47:a6:f0:b9:38:a1:16:d3:1f:
                    54:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:1B:B1:17:29:D5:BF:18:7C:52:24:FF:B4:99:0F:9A:16:24:FE:80
            X509v3 Authority Key Identifier:
                keyid:87:E6:41:70:F9:D8:2C:51:67:0B:9A:44:F3:29:B2:06:13:A8:08:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h-ZBcPnYLFFnC5pE8ymyBhOoCC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/beb29d-f0ee-407a-9702-6e13ccbf4906/1/XBuxFynVvxh8UiT_tJkPmhYk_oA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/beb29d-f0ee-407a-9702-6e13ccbf4906/1/h-ZBcPnYLFFnC5pE8ymyBhOoCC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.72.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:cf:42:b3:09:89:d3:26:e2:df:d3:c2:aa:29:7a:27:d0:8d:
         4b:ce:db:62:14:88:66:58:12:3c:f4:12:3e:a2:17:7e:02:45:
         c2:4e:c8:e1:c6:ef:20:54:f9:dd:8d:0c:3e:41:a6:f5:66:39:
         9a:b3:cf:35:ee:be:bd:ee:1a:f8:ae:4a:89:b0:75:fe:c7:1e:
         9b:2d:dd:e1:1e:d6:d8:47:74:f9:02:f8:cf:dd:97:37:83:c7:
         46:b1:53:94:e4:29:2b:c7:71:f4:49:95:7a:ac:23:f6:94:04:
         2d:e7:78:a4:e3:7b:16:b7:3d:ec:99:16:78:11:6d:34:48:b2:
         79:d0:71:bc:ba:66:15:ca:29:9e:19:9e:dc:ce:dd:91:07:86:
         9a:e4:8c:fc:41:83:25:c9:09:f0:81:e7:e0:26:a7:2a:c5:39:
         c2:c9:ce:34:cc:fc:61:49:a8:9e:8d:96:b2:a2:22:4d:67:00:
         2f:73:12:67:18:bb:61:27:33:8d:3e:63:78:d0:94:5f:dc:ee:
         c3:79:d7:0a:59:f7:0f:38:54:79:3f:72:88:87:8f:49:f7:ae:
         65:8e:28:98:5e:cd:4d:51:a5:62:0d:84:8d:8f:c7:fb:e9:81:
         35:fb:2b:49:3d:7e:6d:92:f7:2e:ab:73:73:3a:00:d4:31:6c:
         0c:cd:4b:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+p01jVFK7Ddff5MIcGC9aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3ZTY0MTcwZjlkODJjNTE2NzBiOWE0NGYzMjliMjA2MTNh
ODA4MmQwHhcNMjYwMTAyMTIyMDUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzFiYjExNzI5ZDViZjE4N2M1MjI0ZmZiNDk5MGY5YTE2MjRmZTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjOZW5CMfao9ADP9XYUu5iGAvozdD
uAGFEe2ZugHxpLthTyCUUD1vxt5v2nqGA3Te7ddDy6S8X1gN5VafLPaDoqtkvnlH
/2/rYClPKJH2SOykL2Jg+i4FqMuX+kAYA9jZhe0IdSsBuGD2GIoLENTULIjY0oX9
YHkZrmJz+U9/5V9rGdih/MUUd+SnFTf37VeuRR/+iuKBz+ZuuEgpSLgzcJHpuAoh
e35d+iDGPXUGf8+MoQBo+Bfg2YlD2OMCGq+wRkEqsK2HVstTceDPDAg1FVmydAZJ
oMWunUKIey4Fy0LQtNo6maNZxvwee+YTcphbtC6GjYxHpvC5OKEW0x9UEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFwbsRcp1b8YfFIk/7SZD5oWJP6AMB8GA1UdIwQY
MBaAFIfmQXD52CxRZwuaRPMpsgYTqAgtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaC1aQmNQbllMRkZuQzVwRTh5bXlCaE9vQ0MwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy9iZWIyOWQtZjBlZS00MDdhLTk3MDIt
NmUxM2NjYmY0OTA2LzEvWEJ1eEZ5blZ2eGg4VWlUX3RKa1BtaFlrX29BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy9iZWIyOWQtZjBlZS00MDdhLTk3MDItNmUxM2NjYmY0OTA2
LzEvaC1aQmNQbllMRkZuQzVwRTh5bXlCaE9vQ0MwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0h5MA0G
CSqGSIb3DQEBCwUAA4IBAQCCz0KzCYnTJuLf08KqKXon0I1LzttiFIhmWBI89BI+
ohd+AkXCTsjhxu8gVPndjQw+Qab1Zjmas8817r697hr4rkqJsHX+xx6bLd3hHtbY
R3T5AvjP3Zc3g8dGsVOU5Ckrx3H0SZV6rCP2lAQt53ik43sWtz3smRZ4EW00SLJ5
0HG8umYVyimeGZ7czt2RB4aa5Iz8QYMlyQnwgefgJqcqxTnCyc40zPxhSaiejZay
oiJNZwAvcxJnGLthJzONPmN40JRf3O7DedcKWfcPOFR5P3KIh49J965ljiiYXs1N
UaViDYSNj8f76YE1+ytJPX5tkvcuq3NzOgDUMWwMzUsh
-----END CERTIFICATE-----