This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/b5JaXMr4GIBvT4KCIP7BI-wUSZI.roa
File:                     b5JaXMr4GIBvT4KCIP7BI-wUSZI.roa (raw, json)
Hash identifier:          vRg65JmrVs2QhtYFXLwraN6iw4o7UcfzdNjLDeVLhok=
Subject key identifier:   6F:92:5A:5C:CA:F8:18:80:6F:4F:82:82:20:FE:C1:23:EC:14:49:92
Certificate issuer:       /CN=60325c21d2fafe743398dc1e5574433280110469
Certificate serial:       019B7A5AC23EEDD4ED1FC4DAF4401B3EC2ED
Authority key identifier: 60:32:5C:21:D2:FA:FE:74:33:98:DC:1E:55:74:43:32:80:11:04:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YDJcIdL6_nQzmNweVXRDMoARBGk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/b5JaXMr4GIBvT4KCIP7BI-wUSZI.roa
Signing time:             Thu 01 Jan 2026 16:18:46 +0000
ROA not before:           Thu 01 Jan 2026 16:18:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     59268
IP address blocks:        195.10.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/YDJcIdL6_nQzmNweVXRDMoARBGk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/YDJcIdL6_nQzmNweVXRDMoARBGk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YDJcIdL6_nQzmNweVXRDMoARBGk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:c2:3e:ed:d4:ed:1f:c4:da:f4:40:1b:3e:c2:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60325c21d2fafe743398dc1e5574433280110469
        Validity
            Not Before: Jan  1 16:18:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6f925a5ccaf818806f4f828220fec123ec144992
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:ce:e2:95:2e:d6:79:40:ba:bb:2c:33:45:2c:
                    ac:98:4b:1e:34:b0:68:c0:69:8c:ff:32:64:6e:1b:
                    48:c5:65:c7:f7:70:e2:72:53:98:aa:0b:7c:d0:2f:
                    fc:03:45:66:7a:94:ca:03:02:bd:6e:f8:77:04:f4:
                    c4:62:1b:1d:17:8f:aa:9d:6e:37:07:89:6a:51:fa:
                    41:13:d8:f8:1c:e7:b4:d3:d2:bb:9e:f3:61:48:ae:
                    ab:77:84:c4:ce:31:2b:a4:99:17:d6:74:ff:d6:c8:
                    8e:b9:8c:d8:72:55:29:90:e3:0b:19:ad:8c:76:89:
                    e2:d3:9a:f7:61:bb:28:d4:90:68:ce:82:5f:7b:27:
                    4c:8a:6a:d2:85:2b:32:a1:3f:27:de:4c:54:af:b6:
                    c0:80:a6:6d:a9:c0:e9:6e:6b:83:db:b1:c3:3d:90:
                    be:27:08:99:0d:17:d3:7b:4c:db:15:8e:bd:28:f1:
                    83:86:59:ca:72:db:dc:6f:69:0a:4d:76:88:bb:1d:
                    73:b1:f4:18:6c:86:e8:5f:b8:e2:6b:8c:f4:4c:86:
                    94:61:d0:fc:7d:79:7f:11:50:dc:0c:46:b1:56:38:
                    92:e8:76:92:3d:1e:08:be:b9:a3:2f:d5:24:04:f4:
                    27:51:49:b6:bc:21:03:30:9b:6e:fe:93:9e:c6:01:
                    f2:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:92:5A:5C:CA:F8:18:80:6F:4F:82:82:20:FE:C1:23:EC:14:49:92
            X509v3 Authority Key Identifier:
                keyid:60:32:5C:21:D2:FA:FE:74:33:98:DC:1E:55:74:43:32:80:11:04:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YDJcIdL6_nQzmNweVXRDMoARBGk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/b5JaXMr4GIBvT4KCIP7BI-wUSZI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/YDJcIdL6_nQzmNweVXRDMoARBGk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.10.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:61:4e:98:ef:31:a4:1b:18:5c:eb:a4:e9:e4:59:51:76:16:
         24:14:e0:d1:06:9d:29:4f:fd:f5:5c:ca:da:04:91:59:06:93:
         2e:71:2e:54:f4:3e:2e:3e:5c:30:38:f2:3f:dd:b0:7a:0c:9c:
         98:a6:60:f2:c8:ca:02:f1:94:8f:3f:29:12:63:f6:c5:64:21:
         39:c8:fb:28:4d:e5:03:07:6d:f4:91:43:d6:56:e2:1f:a0:e2:
         55:d0:ec:61:85:c2:38:f4:65:77:98:91:69:5a:21:28:da:d3:
         aa:d6:e4:25:f3:ad:cd:51:f5:47:02:69:7e:f8:41:60:34:7a:
         f4:09:60:fe:88:cf:a3:94:3b:a8:e7:25:3e:50:45:68:0a:88:
         fe:c8:e5:d0:a5:4c:e8:ba:4a:f9:2b:7b:df:48:b3:c8:88:f9:
         a5:56:4f:3e:e4:d7:bf:23:58:27:75:c7:fe:d3:46:6e:80:27:
         5a:a7:67:33:35:f4:a7:2e:48:b5:ee:b0:7c:46:4f:12:f8:42:
         9f:be:b8:65:3a:e8:b9:63:c3:d9:cb:ac:ed:36:5c:b3:89:70:
         71:c3:31:72:4a:4d:e3:e6:e8:73:c1:17:9b:1b:54:96:05:f3:
         c5:25:25:31:ca:df:a5:70:38:8e:b7:a4:5a:1e:44:51:28:d7:
         7d:88:69:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WsI+7dTtH8Ta9EAbPsLtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwMzI1YzIxZDJmYWZlNzQzMzk4ZGMxZTU1NzQ0MzMyODAx
MTA0NjkwHhcNMjYwMTAxMTYxODQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjkyNWE1Y2NhZjgxODgwNmY0ZjgyODIyMGZlYzEyM2VjMTQ0OTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA187ilS7WeUC6uywzRSysmEseNLBo
wGmM/zJkbhtIxWXH93DiclOYqgt80C/8A0VmepTKAwK9bvh3BPTEYhsdF4+qnW43
B4lqUfpBE9j4HOe009K7nvNhSK6rd4TEzjErpJkX1nT/1siOuYzYclUpkOMLGa2M
doni05r3Ybso1JBozoJfeydMimrShSsyoT8n3kxUr7bAgKZtqcDpbmuD27HDPZC+
JwiZDRfTe0zbFY69KPGDhlnKctvcb2kKTXaIux1zsfQYbIboX7jia4z0TIaUYdD8
fXl/EVDcDEaxVjiS6HaSPR4IvrmjL9UkBPQnUUm2vCEDMJtu/pOexgHy1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG+SWlzK+BiAb0+CgiD+wSPsFEmSMB8GA1UdIwQY
MBaAFGAyXCHS+v50M5jcHlV0QzKAEQRpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWURKY0lkTDZfblF6bU53ZVZYUkRNb0FSQkdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9mMjc3MGItZGExOS00NzkwLWE0OTQt
YzU4ZTk1Y2Q0Mjc3LzEvYjVKYVhNcjRHSUJ2VDRLQ0lQN0JJLXdVU1pJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9mMjc3MGItZGExOS00NzkwLWE0OTQtYzU4ZTk1Y2Q0Mjc3
LzEvWURKY0lkTDZfblF6bU53ZVZYUkRNb0FSQkdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwrZMA0G
CSqGSIb3DQEBCwUAA4IBAQAHYU6Y7zGkGxhc66Tp5FlRdhYkFODRBp0pT/31XMra
BJFZBpMucS5U9D4uPlwwOPI/3bB6DJyYpmDyyMoC8ZSPPykSY/bFZCE5yPsoTeUD
B230kUPWVuIfoOJV0OxhhcI49GV3mJFpWiEo2tOq1uQl863NUfVHAml++EFgNHr0
CWD+iM+jlDuo5yU+UEVoCoj+yOXQpUzoukr5K3vfSLPIiPmlVk8+5Ne/I1gndcf+
00ZugCdap2czNfSnLki17rB8Rk8S+EKfvrhlOui5Y8PZy6ztNlyziXBxwzFySk3j
5uhzwRebG1SWBfPFJSUxyt+lcDiOt6RaHkRRKNd9iGnn
-----END CERTIFICATE-----