This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/0Gl4yNzK0PZSVtuCjhBqlKGdT34.roa
File:                     0Gl4yNzK0PZSVtuCjhBqlKGdT34.roa (raw, json)
Hash identifier:          QZhes2FVdZWaftmyUpFB1W1PDLf4c/YWvVPjR37DXS0=
Subject key identifier:   D0:69:78:C8:DC:CA:D0:F6:52:56:DB:82:8E:10:6A:94:A1:9D:4F:7E
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       019B77C789D95DEAE83C3D86E9BBE4F3E631
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/0Gl4yNzK0PZSVtuCjhBqlKGdT34.roa
Signing time:             Thu 01 Jan 2026 04:18:44 +0000
ROA not before:           Thu 01 Jan 2026 04:18:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202403
IP address blocks:        195.136.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:89:d9:5d:ea:e8:3c:3d:86:e9:bb:e4:f3:e6:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 04:18:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d06978c8dccad0f65256db828e106a94a19d4f7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:1f:f6:14:d6:a3:5d:4e:1f:b5:47:cb:7d:33:
                    0e:c4:ca:ab:85:50:2d:9c:a4:b8:75:88:03:de:9b:
                    c7:48:bb:4f:23:44:1e:8e:c7:c1:f3:30:39:6e:b2:
                    b6:10:1f:f3:19:69:89:7f:b4:c0:58:86:42:17:d5:
                    c4:94:57:07:cf:ba:ce:5d:b2:c2:c6:71:92:fe:55:
                    7c:e2:76:16:29:a6:ad:40:b2:1e:66:8c:ab:d6:4b:
                    dc:de:c6:fe:31:0e:07:c9:6c:6f:53:b7:70:ea:fe:
                    02:60:4e:dd:c0:53:ef:c9:2c:f7:4b:72:a7:9e:a3:
                    8f:55:12:d0:b3:dc:35:a3:d6:c4:ca:22:7a:90:5a:
                    8c:8c:3f:59:ba:b2:63:19:da:0f:6f:9d:c2:bf:b4:
                    73:ae:2d:b5:cd:98:e8:0f:2e:18:2f:a2:cc:c6:89:
                    3d:e4:c9:80:66:19:ae:b5:8d:86:69:dd:b6:b8:9f:
                    4f:3e:15:df:f4:ae:6b:96:5b:c2:ea:fd:21:8a:34:
                    bc:13:f9:ba:a9:fa:5b:a6:43:48:6c:41:a8:4c:85:
                    8f:92:c5:f4:c7:c1:39:21:59:ec:da:5f:ff:56:b7:
                    43:71:5f:b3:d0:ea:25:20:27:3b:73:cf:52:4d:1e:
                    a2:58:8b:e5:7e:80:0b:65:88:b9:e2:da:1a:01:1f:
                    7f:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:69:78:C8:DC:CA:D0:F6:52:56:DB:82:8E:10:6A:94:A1:9D:4F:7E
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/0Gl4yNzK0PZSVtuCjhBqlKGdT34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.136.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:35:c3:77:a9:0c:2b:ca:7f:c5:df:7d:62:3b:e8:3f:73:7a:
         4c:58:4d:0c:b9:a5:2e:d9:b2:a9:3b:59:f8:cf:a9:46:cf:c2:
         16:10:24:69:a3:48:f6:30:72:c1:97:61:e1:60:bc:6a:0e:87:
         e9:38:15:32:9c:63:6a:88:8c:06:9b:f9:61:91:37:2f:a5:88:
         29:d1:46:d2:b4:23:36:d1:a7:18:62:c3:d3:9e:e8:a5:69:5a:
         3f:f6:92:c2:7e:e7:27:e9:89:5d:7d:97:f9:a3:4b:be:b3:91:
         2f:95:d6:dc:c0:18:5e:56:22:8b:73:f7:a2:bf:9b:24:b8:47:
         80:17:f5:26:d2:95:47:df:51:2d:71:7e:a4:5b:a2:33:ed:d0:
         5a:42:90:d0:b7:27:22:cd:2b:e5:8c:ee:7c:1c:6b:e9:99:51:
         3a:58:fe:61:a6:58:f6:23:21:89:2f:eb:12:31:0e:c0:6a:6f:
         43:da:23:6c:de:a4:6d:31:4f:6f:f8:e7:e1:f5:a2:15:5b:45:
         64:ed:83:37:53:8b:15:7b:c6:f3:18:45:18:4d:d8:1d:db:7c:
         7e:7c:1b:c3:d4:4a:90:9f:18:86:19:66:2b:dc:fd:8f:a9:e5:
         14:af:ce:4e:08:a1:98:e5:1f:07:b3:a8:99:16:d3:a3:25:1f:
         db:fa:8a:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3x4nZXeroPD2G6bvk8+YxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjYwMTAxMDQxODQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDY5NzhjOGRjY2FkMGY2NTI1NmRiODI4ZTEwNmE5NGExOWQ0ZjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzB/2FNajXU4ftUfLfTMOxMqrhVAt
nKS4dYgD3pvHSLtPI0QejsfB8zA5brK2EB/zGWmJf7TAWIZCF9XElFcHz7rOXbLC
xnGS/lV84nYWKaatQLIeZoyr1kvc3sb+MQ4HyWxvU7dw6v4CYE7dwFPvySz3S3Kn
nqOPVRLQs9w1o9bEyiJ6kFqMjD9ZurJjGdoPb53Cv7Rzri21zZjoDy4YL6LMxok9
5MmAZhmutY2Gad22uJ9PPhXf9K5rllvC6v0hijS8E/m6qfpbpkNIbEGoTIWPksX0
x8E5IVns2l//VrdDcV+z0OolICc7c89STR6iWIvlfoALZYi54toaAR9/OwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNBpeMjcytD2Ulbbgo4QapShnU9+MB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvMEdsNHlOekswUFpTVnR1Q2poQnFsS0dkVDM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4hMMA0G
CSqGSIb3DQEBCwUAA4IBAQAONcN3qQwryn/F331iO+g/c3pMWE0MuaUu2bKpO1n4
z6lGz8IWECRpo0j2MHLBl2HhYLxqDofpOBUynGNqiIwGm/lhkTcvpYgp0UbStCM2
0acYYsPTnuilaVo/9pLCfucn6YldfZf5o0u+s5EvldbcwBheViKLc/eiv5skuEeA
F/Um0pVH31EtcX6kW6Iz7dBaQpDQtycizSvljO58HGvpmVE6WP5hplj2IyGJL+sS
MQ7Aam9D2iNs3qRtMU9v+Ofh9aIVW0Vk7YM3U4sVe8bzGEUYTdgd23x+fBvD1EqQ
nxiGGWYr3P2PqeUUr85OCKGY5R8Hs6iZFtOjJR/b+oqr
-----END CERTIFICATE-----