This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/c73BgDM1bEAQXiUwkaWYmAL9N9g.roa
File:                     c73BgDM1bEAQXiUwkaWYmAL9N9g.roa (raw, json)
Hash identifier:          4D1mtMjJjFA0Prh5QLGXl1oGFh3VLUk8Yl8/NLNOW9A=
Subject key identifier:   73:BD:C1:80:33:35:6C:40:10:5E:25:30:91:A5:98:98:02:FD:37:D8
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       019B77C78BEFD2BF3A8513E79DA98909EE83
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/c73BgDM1bEAQXiUwkaWYmAL9N9g.roa
Signing time:             Thu 01 Jan 2026 04:18:44 +0000
ROA not before:           Thu 01 Jan 2026 04:18:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204412
IP address blocks:        195.136.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:8b:ef:d2:bf:3a:85:13:e7:9d:a9:89:09:ee:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 04:18:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=73bdc18033356c40105e253091a5989802fd37d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:13:77:ef:40:0b:47:26:56:88:b4:3e:86:e3:
                    64:7c:99:cd:a2:67:d1:62:50:c6:66:a7:49:d5:ea:
                    6a:dd:ea:32:a8:fa:ff:7b:ce:89:44:dc:6c:3e:a7:
                    51:fe:d3:2a:2b:e5:ab:0c:ab:6c:8c:f8:61:e9:a8:
                    24:2f:8f:59:51:84:f3:f6:97:2b:06:ce:5a:d8:3c:
                    ba:aa:a4:45:29:84:5d:b7:76:37:7a:52:aa:00:ec:
                    ac:e4:61:44:9f:b0:ea:32:d0:a5:10:bc:4a:44:b8:
                    7f:83:6f:2c:9d:25:9a:0a:55:e0:21:0e:49:27:91:
                    b0:cb:32:e4:93:28:60:2c:9b:32:7a:74:ba:6a:66:
                    99:9a:4b:9c:88:ce:aa:e9:85:83:97:f8:92:ce:54:
                    c0:83:04:0f:45:45:c6:f4:2a:37:5f:25:6e:2d:c4:
                    31:22:1e:ea:77:4e:1d:75:18:25:24:44:4a:f8:68:
                    d2:86:14:bd:2f:77:eb:36:7b:4e:8c:11:5a:e4:39:
                    68:52:af:fa:bf:7c:83:fb:4e:7c:65:5f:2c:81:de:
                    8b:43:3f:78:df:94:6b:60:6b:da:b5:eb:c9:b0:53:
                    4b:da:0f:d6:78:9d:89:d7:ef:75:7b:63:b7:0e:32:
                    05:27:49:20:7a:dd:00:b6:10:20:15:85:7c:77:49:
                    67:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:BD:C1:80:33:35:6C:40:10:5E:25:30:91:A5:98:98:02:FD:37:D8
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/c73BgDM1bEAQXiUwkaWYmAL9N9g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.136.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:40:a3:ad:a9:1c:eb:c2:8d:a5:db:35:84:a6:f9:74:4e:96:
         8e:d9:cf:1f:4a:f4:77:67:64:a0:f1:31:27:cf:79:56:92:1d:
         1b:d8:c5:58:7f:61:e8:6e:08:97:c2:e9:14:4a:8a:3d:44:6a:
         79:b6:dd:cc:7a:32:b3:3c:6c:2f:87:b3:c0:bf:bd:f7:f0:74:
         c4:52:75:e1:f2:aa:45:17:8f:94:89:f1:80:98:ba:b9:19:4c:
         59:02:b7:94:55:b6:10:ca:e9:24:65:96:f8:e1:5d:df:d7:6c:
         2b:70:53:cb:c1:2a:eb:e1:a8:78:3c:a5:35:6d:51:dd:67:e7:
         78:2a:bf:97:1d:06:1c:d0:ca:58:97:af:31:13:21:d8:56:8c:
         09:b0:ac:31:2d:40:aa:c2:b7:51:e3:95:73:e7:a2:09:fd:7e:
         8e:f7:0a:b7:59:02:c0:66:b9:90:dd:56:6d:c1:e1:fe:df:7e:
         9a:5f:50:e3:d4:dc:f5:f4:0e:9c:82:00:78:26:b1:f0:13:28:
         9e:00:27:28:a4:28:0b:03:7c:3d:6d:b5:e8:ba:c2:d5:8b:59:
         2c:6c:37:8d:65:39:18:5b:6d:17:fe:70:d0:83:83:b4:7c:59:
         77:a9:63:e0:e5:b3:03:8a:42:7d:dc:59:29:80:45:67:7d:4b:
         81:4d:5f:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3x4vv0r86hRPnnamJCe6DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjYwMTAxMDQxODQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2JkYzE4MDMzMzU2YzQwMTA1ZTI1MzA5MWE1OTg5ODAyZmQzN2Q4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAshN370ALRyZWiLQ+huNkfJnNomfR
YlDGZqdJ1epq3eoyqPr/e86JRNxsPqdR/tMqK+WrDKtsjPhh6agkL49ZUYTz9pcr
Bs5a2Dy6qqRFKYRdt3Y3elKqAOys5GFEn7DqMtClELxKRLh/g28snSWaClXgIQ5J
J5GwyzLkkyhgLJsyenS6amaZmkuciM6q6YWDl/iSzlTAgwQPRUXG9Co3XyVuLcQx
Ih7qd04ddRglJERK+GjShhS9L3frNntOjBFa5DloUq/6v3yD+058ZV8sgd6LQz94
35RrYGvatevJsFNL2g/WeJ2J1+91e2O3DjIFJ0kget0AthAgFYV8d0ln4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHO9wYAzNWxAEF4lMJGlmJgC/TfYMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvYzczQmdETTFiRUFRWGlVd2thV1ltQUw5TjlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4h5MA0G
CSqGSIb3DQEBCwUAA4IBAQB7QKOtqRzrwo2l2zWEpvl0TpaO2c8fSvR3Z2Sg8TEn
z3lWkh0b2MVYf2HobgiXwukUSoo9RGp5tt3MejKzPGwvh7PAv7338HTEUnXh8qpF
F4+UifGAmLq5GUxZAreUVbYQyukkZZb44V3f12wrcFPLwSrr4ah4PKU1bVHdZ+d4
Kr+XHQYc0MpYl68xEyHYVowJsKwxLUCqwrdR45Vz56IJ/X6O9wq3WQLAZrmQ3VZt
weH+336aX1Dj1Nz19A6cggB4JrHwEyieACcopCgLA3w9bbXousLVi1ksbDeNZTkY
W20X/nDQg4O0fFl3qWPg5bMDikJ93FkpgEVnfUuBTV+/
-----END CERTIFICATE-----