This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/68cd10-e5cc-4f47-84a9-15a0207d4609/1/9fFw95Cybth4GETJe2yAAXzh3Lg.roa
File:                     9fFw95Cybth4GETJe2yAAXzh3Lg.roa (raw, json)
Hash identifier:          RFaVbBJ4uRdaLpkejPLIR6g3AGGwcr9EgyJxlcIstBY=
Subject key identifier:   F5:F1:70:F7:90:B2:6E:D8:78:18:44:C9:7B:6C:80:01:7C:E1:DC:B8
Certificate issuer:       /CN=88a5ab669fabe72dec2e8378476a7e915c24edcf
Certificate serial:       019B7D5C9F108873AF8B08F275FB7B827ACA
Authority key identifier: 88:A5:AB:66:9F:AB:E7:2D:EC:2E:83:78:47:6A:7E:91:5C:24:ED:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iKWrZp-r5y3sLoN4R2p-kVwk7c8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/68cd10-e5cc-4f47-84a9-15a0207d4609/1/9fFw95Cybth4GETJe2yAAXzh3Lg.roa
Signing time:             Fri 02 Jan 2026 06:19:40 +0000
ROA not before:           Fri 02 Jan 2026 06:19:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12310
IP address blocks:        195.245.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/68cd10-e5cc-4f47-84a9-15a0207d4609/1/iKWrZp-r5y3sLoN4R2p-kVwk7c8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/68cd10-e5cc-4f47-84a9-15a0207d4609/1/iKWrZp-r5y3sLoN4R2p-kVwk7c8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iKWrZp-r5y3sLoN4R2p-kVwk7c8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5c:9f:10:88:73:af:8b:08:f2:75:fb:7b:82:7a:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88a5ab669fabe72dec2e8378476a7e915c24edcf
        Validity
            Not Before: Jan  2 06:19:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f5f170f790b26ed8781844c97b6c80017ce1dcb8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:b5:28:c1:03:2b:24:6e:4d:c8:f9:98:8a:1c:
                    ed:5e:85:27:3d:0c:ac:66:f7:0e:46:01:90:df:0b:
                    01:be:6e:ba:79:6a:c6:36:8d:f8:e4:57:c7:91:4f:
                    a6:4a:9d:9f:fd:32:d3:52:2c:3b:1c:1c:9c:8f:b3:
                    15:15:46:24:6b:9e:6e:67:97:2a:ad:2b:9a:23:a7:
                    fb:b3:71:eb:25:ee:22:23:66:67:d2:48:0c:cc:79:
                    06:e8:a6:66:46:d9:28:c1:09:a9:b2:93:e2:28:ee:
                    5b:fe:9c:ed:aa:09:a3:15:80:a3:a3:f6:9e:f3:18:
                    cb:d2:03:c9:01:d8:e9:90:0d:db:81:41:7b:cc:2f:
                    63:f9:96:2c:e4:c0:9f:c0:17:a1:05:dd:f1:26:3d:
                    55:fa:52:ef:e3:94:9e:fd:42:a6:4a:4d:bc:26:45:
                    be:9c:04:b6:af:99:18:dd:ea:19:c9:ab:00:ff:5a:
                    cc:f7:68:3c:a9:39:25:c0:82:d0:5b:58:b4:e0:9b:
                    01:14:1a:52:70:6f:b5:25:8d:f1:73:cc:92:a0:f5:
                    f2:ba:8f:11:e5:84:24:a6:22:cb:9b:44:81:cc:8c:
                    af:b4:fb:99:8e:96:e1:d9:64:e6:19:3d:64:ae:e0:
                    bb:43:33:b3:0c:a2:82:27:3e:aa:ac:ee:b4:9d:68:
                    2c:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:F1:70:F7:90:B2:6E:D8:78:18:44:C9:7B:6C:80:01:7C:E1:DC:B8
            X509v3 Authority Key Identifier:
                keyid:88:A5:AB:66:9F:AB:E7:2D:EC:2E:83:78:47:6A:7E:91:5C:24:ED:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iKWrZp-r5y3sLoN4R2p-kVwk7c8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/68cd10-e5cc-4f47-84a9-15a0207d4609/1/9fFw95Cybth4GETJe2yAAXzh3Lg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/68cd10-e5cc-4f47-84a9-15a0207d4609/1/iKWrZp-r5y3sLoN4R2p-kVwk7c8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.245.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:08:74:b5:8e:b0:98:4c:20:1d:a6:54:b1:16:d7:34:f7:2e:
         19:c5:60:5e:6c:71:c1:0f:d0:f6:4e:34:5f:13:11:af:94:7c:
         63:fb:1f:1b:0e:4a:ce:aa:f5:88:d8:15:30:78:84:71:fa:59:
         56:3e:fc:46:b7:0b:b2:e7:1e:dc:ae:5f:5b:69:56:5d:15:bd:
         d0:ea:15:4d:e9:d0:6f:c4:63:6c:9f:07:d0:f6:d8:6a:80:5a:
         b4:9f:9c:16:4e:2f:a7:4c:0e:7e:c3:ec:ef:c4:4c:4c:28:74:
         b6:3f:f6:67:22:4b:13:b6:23:47:ea:18:5b:3d:df:e7:b6:60:
         4b:39:41:ec:de:d8:96:2b:ad:c2:6e:b8:99:a7:dd:94:41:62:
         a4:dd:08:21:0f:45:cf:98:81:7d:7c:c8:06:74:b4:b0:7e:18:
         3c:f9:7b:ad:aa:7b:6e:15:5f:87:8f:eb:7c:f4:fe:34:12:c3:
         21:7b:20:9d:29:d4:52:e3:78:f8:e2:54:45:fa:96:96:39:00:
         1e:69:29:48:c6:33:6c:8d:3c:0d:8d:9d:27:c8:ee:4e:30:b1:
         00:9e:18:01:38:96:f5:2f:fa:7b:da:ed:8f:ba:47:b5:c5:b7:
         c1:a8:13:13:09:19:07:10:ea:6c:18:73:92:5f:8e:89:dc:e8:
         50:1d:da:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XJ8QiHOviwjydft7gnrKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YTVhYjY2OWZhYmU3MmRlYzJlODM3ODQ3NmE3ZTkxNWMy
NGVkY2YwHhcNMjYwMTAyMDYxOTQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWYxNzBmNzkwYjI2ZWQ4NzgxODQ0Yzk3YjZjODAwMTdjZTFkY2I4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArbUowQMrJG5NyPmYihztXoUnPQys
ZvcORgGQ3wsBvm66eWrGNo345FfHkU+mSp2f/TLTUiw7HBycj7MVFUYka55uZ5cq
rSuaI6f7s3HrJe4iI2Zn0kgMzHkG6KZmRtkowQmpspPiKO5b/pztqgmjFYCjo/ae
8xjL0gPJAdjpkA3bgUF7zC9j+ZYs5MCfwBehBd3xJj1V+lLv45Se/UKmSk28JkW+
nAS2r5kY3eoZyasA/1rM92g8qTklwILQW1i04JsBFBpScG+1JY3xc8ySoPXyuo8R
5YQkpiLLm0SBzIyvtPuZjpbh2WTmGT1kruC7QzOzDKKCJz6qrO60nWgszwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPXxcPeQsm7YeBhEyXtsgAF84dy4MB8GA1UdIwQY
MBaAFIilq2afq+ct7C6DeEdqfpFcJO3PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUtXclpwLXI1eTNzTG9ONFIycC1rVndrN2M4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy82OGNkMTAtZTVjYy00ZjQ3LTg0YTkt
MTVhMDIwN2Q0NjA5LzEvOWZGdzk1Q3lidGg0R0VUSmUyeUFBWHpoM0xnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy82OGNkMTAtZTVjYy00ZjQ3LTg0YTktMTVhMDIwN2Q0NjA5
LzEvaUtXclpwLXI1eTNzTG9ONFIycC1rVndrN2M4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/XcMA0G
CSqGSIb3DQEBCwUAA4IBAQACCHS1jrCYTCAdplSxFtc09y4ZxWBebHHBD9D2TjRf
ExGvlHxj+x8bDkrOqvWI2BUweIRx+llWPvxGtwuy5x7crl9baVZdFb3Q6hVN6dBv
xGNsnwfQ9thqgFq0n5wWTi+nTA5+w+zvxExMKHS2P/ZnIksTtiNH6hhbPd/ntmBL
OUHs3tiWK63CbriZp92UQWKk3QghD0XPmIF9fMgGdLSwfhg8+XutqntuFV+Hj+t8
9P40EsMheyCdKdRS43j44lRF+paWOQAeaSlIxjNsjTwNjZ0nyO5OMLEAnhgBOJb1
L/p72u2Puke1xbfBqBMTCRkHEOpsGHOSX46J3OhQHdqN
-----END CERTIFICATE-----