This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/b54ca3-73d5-4984-8782-9e0aed2fb8ec/1/lUtDTycr7tmHl8som-NIOGSL4hQ.roa
File:                     lUtDTycr7tmHl8som-NIOGSL4hQ.roa (raw, json)
Hash identifier:          bob91L00C+zBJmnNvfIjHOpV1SfQVQs/iVPuHdwEzf0=
Subject key identifier:   95:4B:43:4F:27:2B:EE:D9:87:97:CB:28:9B:E3:48:38:64:8B:E2:14
Certificate issuer:       /CN=c8d5e37178d8524c72660a1d796165999e586622
Certificate serial:       019B7D5CD3062CD8B53F83BCCA4903021DE0
Authority key identifier: C8:D5:E3:71:78:D8:52:4C:72:66:0A:1D:79:61:65:99:9E:58:66:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yNXjcXjYUkxyZgodeWFlmZ5YZiI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/b54ca3-73d5-4984-8782-9e0aed2fb8ec/1/lUtDTycr7tmHl8som-NIOGSL4hQ.roa
Signing time:             Fri 02 Jan 2026 06:19:53 +0000
ROA not before:           Fri 02 Jan 2026 06:19:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61438
IP address blocks:        195.64.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/b54ca3-73d5-4984-8782-9e0aed2fb8ec/1/yNXjcXjYUkxyZgodeWFlmZ5YZiI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/b54ca3-73d5-4984-8782-9e0aed2fb8ec/1/yNXjcXjYUkxyZgodeWFlmZ5YZiI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yNXjcXjYUkxyZgodeWFlmZ5YZiI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5c:d3:06:2c:d8:b5:3f:83:bc:ca:49:03:02:1d:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8d5e37178d8524c72660a1d796165999e586622
        Validity
            Not Before: Jan  2 06:19:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=954b434f272beed98797cb289be34838648be214
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:72:87:da:09:c9:19:90:e8:56:c4:2c:b1:f1:
                    0c:a1:16:61:b3:8e:3f:1a:ac:fc:df:2a:62:37:eb:
                    f6:6f:77:81:cb:6c:c8:09:d1:39:4f:42:f9:33:90:
                    59:a5:ea:5d:a1:1f:ba:ba:35:f1:84:f5:55:c4:65:
                    73:6a:41:e0:b7:dc:2a:74:df:f2:51:ef:af:3a:26:
                    77:f9:5b:3e:14:9e:4d:5a:06:78:2b:3d:87:75:00:
                    93:05:af:0c:3e:06:3c:4e:b4:a6:7e:0d:78:84:44:
                    06:59:31:d2:7f:12:2a:a4:7a:0f:29:54:e7:fb:ed:
                    de:02:c5:79:fc:f5:69:a2:ee:04:3f:ca:a3:d5:77:
                    2f:b7:fc:a8:f3:be:f4:d6:0e:2a:09:5b:3d:4d:31:
                    c6:18:0a:43:df:42:31:58:06:be:cb:96:90:d8:d1:
                    93:ea:4b:4a:e7:b5:1b:e0:24:d5:ba:76:55:94:bd:
                    1f:88:6d:71:07:b2:fd:47:e5:d1:45:7b:3d:bc:0d:
                    a1:26:41:3a:ab:fb:e1:6b:93:3d:8f:0e:e6:fe:34:
                    7a:c1:66:fb:e5:bc:d2:c6:be:2b:60:ba:2f:6c:55:
                    9b:0e:6e:e0:cb:fa:d4:5e:46:68:63:12:28:6e:11:
                    a2:f6:27:65:f2:40:5a:f6:ed:d0:ae:1c:e4:15:83:
                    b8:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:4B:43:4F:27:2B:EE:D9:87:97:CB:28:9B:E3:48:38:64:8B:E2:14
            X509v3 Authority Key Identifier:
                keyid:C8:D5:E3:71:78:D8:52:4C:72:66:0A:1D:79:61:65:99:9E:58:66:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yNXjcXjYUkxyZgodeWFlmZ5YZiI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/b54ca3-73d5-4984-8782-9e0aed2fb8ec/1/lUtDTycr7tmHl8som-NIOGSL4hQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/b54ca3-73d5-4984-8782-9e0aed2fb8ec/1/yNXjcXjYUkxyZgodeWFlmZ5YZiI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.64.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:0d:31:65:5e:cd:e1:ce:2f:6b:04:4f:49:f5:ad:42:94:18:
         e8:dc:f0:68:31:49:53:dc:46:34:0e:d4:58:02:75:fa:1d:31:
         ab:26:ce:7e:b5:b1:a9:87:1e:2a:e7:65:3b:71:91:34:94:00:
         51:a8:b6:12:76:38:4c:ce:1a:49:62:7f:f9:e8:2e:64:e3:c6:
         32:14:ab:2f:2a:c7:32:d6:0b:7d:3f:de:9f:4e:d4:a9:4c:d2:
         06:31:53:29:99:a2:fb:a6:70:92:70:b8:79:79:74:5f:1e:b5:
         36:5d:43:03:a8:d5:bc:d5:d0:7c:99:79:34:64:d5:a3:30:d5:
         52:8c:5b:5c:b2:3d:a3:16:d5:52:82:51:e1:a5:df:c9:ea:40:
         07:5c:00:3a:7e:43:6e:6a:00:a9:39:6c:ec:be:6a:19:66:d2:
         ef:d8:f5:13:32:3c:01:ff:94:dc:2c:23:79:ba:db:01:a6:f2:
         67:fa:51:ab:1e:48:cf:69:66:84:42:39:45:40:04:05:34:78:
         67:8c:6f:1c:cc:66:1b:de:0e:bd:a2:e3:8b:da:83:7d:e0:87:
         a8:b0:c4:3b:93:ee:32:04:c5:10:d7:1e:0a:c0:ec:ff:50:13:
         69:86:84:cf:56:0f:a1:07:53:65:69:6f:f6:df:53:bf:c6:f5:
         bb:5d:dd:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XNMGLNi1P4O8ykkDAh3gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4ZDVlMzcxNzhkODUyNGM3MjY2MGExZDc5NjE2NTk5OWU1
ODY2MjIwHhcNMjYwMTAyMDYxOTUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTRiNDM0ZjI3MmJlZWQ5ODc5N2NiMjg5YmUzNDgzODY0OGJlMjE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5XKH2gnJGZDoVsQssfEMoRZhs44/
Gqz83ypiN+v2b3eBy2zICdE5T0L5M5BZpepdoR+6ujXxhPVVxGVzakHgt9wqdN/y
Ue+vOiZ3+Vs+FJ5NWgZ4Kz2HdQCTBa8MPgY8TrSmfg14hEQGWTHSfxIqpHoPKVTn
++3eAsV5/PVpou4EP8qj1Xcvt/yo87701g4qCVs9TTHGGApD30IxWAa+y5aQ2NGT
6ktK57Ub4CTVunZVlL0fiG1xB7L9R+XRRXs9vA2hJkE6q/vha5M9jw7m/jR6wWb7
5bzSxr4rYLovbFWbDm7gy/rUXkZoYxIobhGi9idl8kBa9u3QrhzkFYO4SwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJVLQ08nK+7Zh5fLKJvjSDhki+IUMB8GA1UdIwQY
MBaAFMjV43F42FJMcmYKHXlhZZmeWGYiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveU5YamNYallVa3h5WmdvZGVXRmxtWjVZWmlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9iNTRjYTMtNzNkNS00OTg0LTg3ODIt
OWUwYWVkMmZiOGVjLzEvbFV0RFR5Y3I3dG1IbDhzb20tTklPR1NMNGhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9iNTRjYTMtNzNkNS00OTg0LTg3ODItOWUwYWVkMmZiOGVj
LzEveU5YamNYallVa3h5WmdvZGVXRmxtWjVZWmlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0BgMA0G
CSqGSIb3DQEBCwUAA4IBAQApDTFlXs3hzi9rBE9J9a1ClBjo3PBoMUlT3EY0DtRY
AnX6HTGrJs5+tbGphx4q52U7cZE0lABRqLYSdjhMzhpJYn/56C5k48YyFKsvKscy
1gt9P96fTtSpTNIGMVMpmaL7pnCScLh5eXRfHrU2XUMDqNW81dB8mXk0ZNWjMNVS
jFtcsj2jFtVSglHhpd/J6kAHXAA6fkNuagCpOWzsvmoZZtLv2PUTMjwB/5TcLCN5
utsBpvJn+lGrHkjPaWaEQjlFQAQFNHhnjG8czGYb3g69ouOL2oN94IeosMQ7k+4y
BMUQ1x4KwOz/UBNphoTPVg+hB1NlaW/231O/xvW7Xd2V
-----END CERTIFICATE-----