This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/92ff2a-a16a-4a78-99b2-a95105f16e66/1/Fnxy3WJWYvuek9Fr0KYOmQUUsw4.roa
File:                     Fnxy3WJWYvuek9Fr0KYOmQUUsw4.roa (raw, json)
Hash identifier:          Ch+0FQEjljg05e4GEw4ZsydId/PhinfJoSdNkBFbTQc=
Subject key identifier:   16:7C:72:DD:62:56:62:FB:9E:93:D1:6B:D0:A6:0E:99:05:14:B3:0E
Certificate issuer:       /CN=f5882f33f7480dcc7b87637aea76368289d75c2d
Certificate serial:       019B77587F313E1F35B226A0C99B70592631
Authority key identifier: F5:88:2F:33:F7:48:0D:CC:7B:87:63:7A:EA:76:36:82:89:D7:5C:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9YgvM_dIDcx7h2N66nY2gonXXC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/92ff2a-a16a-4a78-99b2-a95105f16e66/1/Fnxy3WJWYvuek9Fr0KYOmQUUsw4.roa
Signing time:             Thu 01 Jan 2026 02:17:26 +0000
ROA not before:           Thu 01 Jan 2026 02:17:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31027
IP address blocks:        195.10.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/92ff2a-a16a-4a78-99b2-a95105f16e66/1/9YgvM_dIDcx7h2N66nY2gonXXC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/92ff2a-a16a-4a78-99b2-a95105f16e66/1/9YgvM_dIDcx7h2N66nY2gonXXC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9YgvM_dIDcx7h2N66nY2gonXXC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:7f:31:3e:1f:35:b2:26:a0:c9:9b:70:59:26:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5882f33f7480dcc7b87637aea76368289d75c2d
        Validity
            Not Before: Jan  1 02:17:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=167c72dd625662fb9e93d16bd0a60e990514b30e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:16:a2:1d:ff:f2:f8:b2:6a:25:2c:30:f6:e6:
                    bf:d4:68:59:38:c8:55:a7:89:85:1b:25:a2:0d:c5:
                    a5:4d:65:9b:e6:88:17:d4:ab:ec:88:20:c2:3a:fe:
                    67:dc:95:f9:dd:e3:53:68:9b:d3:49:26:3e:1f:2c:
                    82:82:b6:fe:dc:38:ac:5f:8a:dc:4d:39:4e:e0:79:
                    74:61:65:de:92:57:17:6a:74:bd:b4:b3:0f:8e:2b:
                    c5:0c:fd:72:06:50:ef:14:ce:78:1a:95:de:70:24:
                    e0:3d:de:b5:a9:ce:82:0f:74:27:49:67:5d:c6:eb:
                    69:31:4f:20:ea:05:71:2b:9a:9b:02:9c:51:de:d8:
                    5c:f0:52:8e:84:30:0e:69:60:56:e5:99:d5:a0:e9:
                    71:19:2c:8a:04:c9:e1:82:9f:6e:c5:d0:b5:e5:87:
                    6a:52:0a:4d:2b:a0:ac:0a:e6:0c:09:d4:6f:7a:93:
                    ed:a1:01:9a:a4:3f:ec:22:1b:c7:9d:b2:09:bf:a8:
                    2a:ea:27:e9:0f:94:ec:41:b0:6a:1a:5b:75:5d:09:
                    08:1d:9e:44:02:36:9a:19:e8:e5:c4:c3:4c:a1:22:
                    44:06:40:15:e6:18:e1:4f:f7:9d:b0:84:5f:83:06:
                    01:b9:4f:3f:47:eb:e5:eb:f1:d8:dd:be:67:64:bd:
                    de:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:7C:72:DD:62:56:62:FB:9E:93:D1:6B:D0:A6:0E:99:05:14:B3:0E
            X509v3 Authority Key Identifier:
                keyid:F5:88:2F:33:F7:48:0D:CC:7B:87:63:7A:EA:76:36:82:89:D7:5C:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9YgvM_dIDcx7h2N66nY2gonXXC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/92ff2a-a16a-4a78-99b2-a95105f16e66/1/Fnxy3WJWYvuek9Fr0KYOmQUUsw4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/92ff2a-a16a-4a78-99b2-a95105f16e66/1/9YgvM_dIDcx7h2N66nY2gonXXC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.10.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:1b:c3:71:a3:72:e9:b1:14:8a:93:ca:48:c9:02:88:d2:2a:
         61:0b:46:7e:4d:af:81:a3:d0:c1:4e:aa:dd:02:d0:c7:08:c2:
         f6:d7:c1:4a:99:0b:4f:46:ea:41:b5:e6:29:b2:7b:7a:cc:88:
         c7:69:12:26:2f:f3:d6:86:35:1f:7c:13:38:62:f6:57:7a:7f:
         12:0e:56:b4:75:ba:79:4e:8d:14:e7:74:4c:39:1d:ad:f9:d9:
         70:d9:42:4f:cc:a9:24:e9:f3:65:84:8a:4b:4d:b4:0d:5e:0a:
         20:07:59:1d:c3:df:74:ab:f0:40:0c:60:23:ac:54:bc:87:e7:
         90:06:19:01:10:5e:83:7a:8b:90:49:a8:5a:97:6e:2d:cc:70:
         03:ef:a7:fa:6b:6f:00:ee:6c:fd:b1:a9:c9:c9:63:96:f8:3a:
         dc:75:fa:68:bb:cc:a8:ae:6f:71:4c:19:91:29:de:6c:d8:9c:
         ee:6b:2a:da:4a:fe:3c:4f:01:ad:a1:78:27:ed:f9:40:04:23:
         f6:00:ae:f2:6d:95:a0:ac:db:57:2d:3c:54:d5:2b:7d:e9:7b:
         2f:7b:74:b2:67:a5:c1:4f:f4:73:82:c8:22:c0:01:6c:8b:79:
         87:11:39:16:46:c2:de:10:45:1f:84:ce:1d:65:bb:d7:70:cf:
         77:a3:04:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WH8xPh81siagyZtwWSYxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1ODgyZjMzZjc0ODBkY2M3Yjg3NjM3YWVhNzYzNjgyODlk
NzVjMmQwHhcNMjYwMTAxMDIxNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjdjNzJkZDYyNTY2MmZiOWU5M2QxNmJkMGE2MGU5OTA1MTRiMzBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjBaiHf/y+LJqJSww9ua/1GhZOMhV
p4mFGyWiDcWlTWWb5ogX1KvsiCDCOv5n3JX53eNTaJvTSSY+HyyCgrb+3DisX4rc
TTlO4Hl0YWXeklcXanS9tLMPjivFDP1yBlDvFM54GpXecCTgPd61qc6CD3QnSWdd
xutpMU8g6gVxK5qbApxR3thc8FKOhDAOaWBW5ZnVoOlxGSyKBMnhgp9uxdC15Ydq
UgpNK6CsCuYMCdRvepPtoQGapD/sIhvHnbIJv6gq6ifpD5TsQbBqGlt1XQkIHZ5E
AjaaGejlxMNMoSJEBkAV5hjhT/edsIRfgwYBuU8/R+vl6/HY3b5nZL3eKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBZ8ct1iVmL7npPRa9CmDpkFFLMOMB8GA1UdIwQY
MBaAFPWILzP3SA3Me4djeup2NoKJ11wtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVlndk1fZElEY3g3aDJONjZuWTJnb25YWEMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC85MmZmMmEtYTE2YS00YTc4LTk5YjIt
YTk1MTA1ZjE2ZTY2LzEvRm54eTNXSldZdnVlazlGcjBLWU9tUVVVc3c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC85MmZmMmEtYTE2YS00YTc4LTk5YjItYTk1MTA1ZjE2ZTY2
LzEvOVlndk1fZElEY3g3aDJONjZuWTJnb25YWEMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwrPMA0G
CSqGSIb3DQEBCwUAA4IBAQBNG8Nxo3LpsRSKk8pIyQKI0iphC0Z+Ta+Bo9DBTqrd
AtDHCML218FKmQtPRupBteYpsnt6zIjHaRImL/PWhjUffBM4YvZXen8SDla0dbp5
To0U53RMOR2t+dlw2UJPzKkk6fNlhIpLTbQNXgogB1kdw990q/BADGAjrFS8h+eQ
BhkBEF6DeouQSahal24tzHAD76f6a28A7mz9sanJyWOW+Drcdfpou8yorm9xTBmR
Kd5s2JzuayraSv48TwGtoXgn7flABCP2AK7ybZWgrNtXLTxU1St96Xsve3SyZ6XB
T/RzgsgiwAFsi3mHETkWRsLeEEUfhM4dZbvXcM93owRy
-----END CERTIFICATE-----