This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/194873-7a93-45d0-9465-22a7d2e7453c/1/D11DDtRSfUPKIJoObwE0ulcCyHA.roa
File:                     D11DDtRSfUPKIJoObwE0ulcCyHA.roa (raw, json)
Hash identifier:          8G0oMjv0ep8YMr6bTxIdYNKBAAbfLyPFVH5h489dkok=
Subject key identifier:   0F:5D:43:0E:D4:52:7D:43:CA:20:9A:0E:6F:01:34:BA:57:02:C8:70
Certificate issuer:       /CN=04345b7638de9d2d2966527cb363e37c31d4a188
Certificate serial:       019B7E38CBD0A406C2B63DE6BC4F96BF6E25
Authority key identifier: 04:34:5B:76:38:DE:9D:2D:29:66:52:7C:B3:63:E3:7C:31:D4:A1:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BDRbdjjenS0pZlJ8s2PjfDHUoYg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/194873-7a93-45d0-9465-22a7d2e7453c/1/D11DDtRSfUPKIJoObwE0ulcCyHA.roa
Signing time:             Fri 02 Jan 2026 10:20:09 +0000
ROA not before:           Fri 02 Jan 2026 10:20:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48954
IP address blocks:        195.85.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/194873-7a93-45d0-9465-22a7d2e7453c/1/BDRbdjjenS0pZlJ8s2PjfDHUoYg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/194873-7a93-45d0-9465-22a7d2e7453c/1/BDRbdjjenS0pZlJ8s2PjfDHUoYg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BDRbdjjenS0pZlJ8s2PjfDHUoYg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:cb:d0:a4:06:c2:b6:3d:e6:bc:4f:96:bf:6e:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04345b7638de9d2d2966527cb363e37c31d4a188
        Validity
            Not Before: Jan  2 10:20:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0f5d430ed4527d43ca209a0e6f0134ba5702c870
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fc:0b:98:cc:2d:d6:d5:8a:f3:51:55:c9:2d:e5:
                    ad:09:58:21:46:8c:5b:5b:64:77:34:c2:94:ab:09:
                    77:95:73:35:02:ef:09:80:be:da:17:0f:ec:26:a6:
                    31:d8:56:ef:34:a1:66:89:42:14:26:c5:04:e4:23:
                    b5:c4:4c:57:53:48:bc:f8:5d:6c:5b:bc:1f:f5:68:
                    df:58:c9:f7:3e:b0:9e:54:9c:b2:3d:c7:f7:6b:25:
                    1a:ea:50:b2:1b:81:2b:8a:5d:5e:49:f8:6a:b4:f8:
                    84:ae:8e:8c:ee:e5:b5:a8:4a:87:87:f9:4a:4b:64:
                    03:15:2f:68:6a:c3:ad:c3:c6:67:d9:10:3e:14:1a:
                    12:31:d7:56:d3:0b:25:8a:7b:e7:1c:fd:a1:83:cb:
                    fc:7e:d7:5c:5b:0d:eb:d6:d6:f5:82:c2:b0:da:77:
                    30:cf:a2:59:f3:65:33:42:01:f6:2f:4b:d4:16:2a:
                    15:d4:fd:e0:ca:84:45:e5:97:d3:cd:41:9e:82:8b:
                    18:fc:e3:b1:95:f3:f8:ba:cf:6d:f0:94:39:37:29:
                    c0:03:f5:e6:06:08:d0:1c:48:6b:5b:04:ec:9b:ec:
                    30:f2:2f:82:49:ea:dc:30:0b:57:9f:f6:8e:bf:dd:
                    eb:4c:1f:06:ee:54:06:ec:ba:20:0d:12:91:52:c3:
                    d8:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:5D:43:0E:D4:52:7D:43:CA:20:9A:0E:6F:01:34:BA:57:02:C8:70
            X509v3 Authority Key Identifier:
                keyid:04:34:5B:76:38:DE:9D:2D:29:66:52:7C:B3:63:E3:7C:31:D4:A1:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BDRbdjjenS0pZlJ8s2PjfDHUoYg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/194873-7a93-45d0-9465-22a7d2e7453c/1/D11DDtRSfUPKIJoObwE0ulcCyHA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/194873-7a93-45d0-9465-22a7d2e7453c/1/BDRbdjjenS0pZlJ8s2PjfDHUoYg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.85.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:f7:ae:15:3e:53:86:88:f4:6c:6e:a5:1d:15:22:e1:74:7e:
         6c:9f:c1:1e:d3:90:ac:b3:72:b9:21:3d:83:d5:4e:4c:f7:1c:
         c0:49:3f:1e:4f:0e:ec:de:17:26:49:f1:cc:0c:3c:1c:7b:ee:
         b6:38:71:d2:53:5f:18:f1:c5:87:3d:24:33:0f:f2:a7:b9:cf:
         16:22:44:82:e2:76:ab:82:fc:47:e3:1d:db:0d:6a:f3:66:7c:
         30:9d:d6:35:c3:18:84:82:5b:96:5f:ab:bb:4e:77:61:3c:be:
         0f:83:22:8d:44:87:e8:c6:2c:24:a5:f6:50:bf:d9:92:00:d6:
         87:9a:35:4c:0d:f7:e8:87:28:5d:1e:4a:2f:0a:f9:4e:47:75:
         81:83:f6:ea:d8:13:82:4f:47:e9:a4:80:25:3f:37:b8:f4:9a:
         2f:0b:d3:34:23:9b:44:d4:a8:94:03:81:f8:34:f2:23:11:88:
         c5:0d:e5:a8:23:b3:24:3a:fc:22:19:ed:17:c2:63:bd:9f:c7:
         9f:48:c8:3e:be:05:ef:d6:89:ca:2b:a8:23:a8:8e:6d:e4:07:
         62:e0:fe:0e:63:09:bc:62:5c:3e:8e:69:2f:7d:1f:56:ca:d7:
         ae:97:57:5e:da:6c:9b:a8:0e:56:de:6a:3f:5a:4b:5f:1a:6a:
         bb:25:25:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OMvQpAbCtj3mvE+Wv24lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0MzQ1Yjc2MzhkZTlkMmQyOTY2NTI3Y2IzNjNlMzdjMzFk
NGExODgwHhcNMjYwMTAyMTAyMDA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjVkNDMwZWQ0NTI3ZDQzY2EyMDlhMGU2ZjAxMzRiYTU3MDJjODcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/AuYzC3W1YrzUVXJLeWtCVghRoxb
W2R3NMKUqwl3lXM1Au8JgL7aFw/sJqYx2FbvNKFmiUIUJsUE5CO1xExXU0i8+F1s
W7wf9WjfWMn3PrCeVJyyPcf3ayUa6lCyG4Eril1eSfhqtPiEro6M7uW1qEqHh/lK
S2QDFS9oasOtw8Zn2RA+FBoSMddW0wslinvnHP2hg8v8ftdcWw3r1tb1gsKw2ncw
z6JZ82UzQgH2L0vUFioV1P3gyoRF5ZfTzUGegosY/OOxlfP4us9t8JQ5NynAA/Xm
BgjQHEhrWwTsm+ww8i+CSercMAtXn/aOv93rTB8G7lQG7LogDRKRUsPYlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA9dQw7UUn1DyiCaDm8BNLpXAshwMB8GA1UdIwQY
MBaAFAQ0W3Y43p0tKWZSfLNj43wx1KGIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkRSYmRqamVuUzBwWmxKOHMyUGpmREhVb1lnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS8xOTQ4NzMtN2E5My00NWQwLTk0NjUt
MjJhN2QyZTc0NTNjLzEvRDExRER0UlNmVVBLSUpvT2J3RTB1bGNDeUhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS8xOTQ4NzMtN2E5My00NWQwLTk0NjUtMjJhN2QyZTc0NTNj
LzEvQkRSYmRqamVuUzBwWmxKOHMyUGpmREhVb1lnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1XAMA0G
CSqGSIb3DQEBCwUAA4IBAQAk964VPlOGiPRsbqUdFSLhdH5sn8Ee05Css3K5IT2D
1U5M9xzAST8eTw7s3hcmSfHMDDwce+62OHHSU18Y8cWHPSQzD/Knuc8WIkSC4nar
gvxH4x3bDWrzZnwwndY1wxiEgluWX6u7TndhPL4PgyKNRIfoxiwkpfZQv9mSANaH
mjVMDffohyhdHkovCvlOR3WBg/bq2BOCT0fppIAlPze49JovC9M0I5tE1KiUA4H4
NPIjEYjFDeWoI7MkOvwiGe0XwmO9n8efSMg+vgXv1onKK6gjqI5t5Adi4P4OYwm8
Ylw+jmkvfR9Wyteul1de2mybqA5W3mo/WktfGmq7JSUP
-----END CERTIFICATE-----