This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/c5f9d5-7f4a-4e2f-ba4e-738886fd4edd/1/H2qjaqkpwL5u41T0q_WKY3L5TkY.roa
File:                     H2qjaqkpwL5u41T0q_WKY3L5TkY.roa (raw, json)
Hash identifier:          p+2kMb78SWk8CqMJN3/d8JhczlAwZKrwDn4bucPWqNw=
Subject key identifier:   1F:6A:A3:6A:A9:29:C0:BE:6E:E3:54:F4:AB:F5:8A:63:72:F9:4E:46
Certificate issuer:       /CN=feeb528ca48b1f447582c54ccf6ed780751b51d5
Certificate serial:       019B7A5A072880BB13F383F4442E71FFFB3A
Authority key identifier: FE:EB:52:8C:A4:8B:1F:44:75:82:C5:4C:CF:6E:D7:80:75:1B:51:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_utSjKSLH0R1gsVMz27XgHUbUdU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/c5f9d5-7f4a-4e2f-ba4e-738886fd4edd/1/H2qjaqkpwL5u41T0q_WKY3L5TkY.roa
Signing time:             Thu 01 Jan 2026 16:17:59 +0000
ROA not before:           Thu 01 Jan 2026 16:17:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204544
IP address blocks:        95.128.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/c5f9d5-7f4a-4e2f-ba4e-738886fd4edd/1/_utSjKSLH0R1gsVMz27XgHUbUdU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/c5f9d5-7f4a-4e2f-ba4e-738886fd4edd/1/_utSjKSLH0R1gsVMz27XgHUbUdU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_utSjKSLH0R1gsVMz27XgHUbUdU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:07:28:80:bb:13:f3:83:f4:44:2e:71:ff:fb:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=feeb528ca48b1f447582c54ccf6ed780751b51d5
        Validity
            Not Before: Jan  1 16:17:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1f6aa36aa929c0be6ee354f4abf58a6372f94e46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:e6:44:4a:44:55:3e:0f:ff:39:24:f3:ac:b2:
                    c0:c9:25:4f:62:c2:2b:9f:ab:86:52:a0:88:3d:b3:
                    4d:70:1d:6b:ec:b7:b4:22:0c:f3:12:64:8b:9e:99:
                    c0:00:68:e2:89:8d:99:f4:36:d8:61:6c:44:d8:9f:
                    b8:6f:ec:03:7b:77:5f:40:27:60:38:34:d1:d9:9e:
                    e5:fc:45:38:13:65:40:76:0e:f0:e1:3b:30:a0:1c:
                    54:13:77:d2:67:2d:ea:22:5f:67:9f:c5:f4:e6:cc:
                    e0:cf:64:bb:52:17:1c:56:5c:f9:7e:44:5c:bd:5e:
                    cb:59:fb:54:8f:8d:d6:8f:71:21:a1:11:b8:4e:98:
                    74:53:2f:4e:a2:72:81:27:8b:ba:47:80:e2:ba:55:
                    12:af:96:42:91:f3:c8:74:05:51:84:26:c5:59:48:
                    f7:eb:16:71:5b:af:83:08:84:f4:51:58:96:f8:57:
                    7e:3e:ab:b3:97:28:5d:d0:1d:f5:de:6d:c6:81:94:
                    5a:9b:2a:f3:0a:ed:b8:66:2d:7f:00:53:fc:d0:c3:
                    ea:ab:4f:5a:00:ea:58:c5:18:6a:c9:ec:27:7e:94:
                    f6:45:b4:b0:8a:e2:80:e5:25:04:c1:8b:ac:f7:d1:
                    c8:21:19:5f:16:de:59:51:d1:65:53:2c:6c:cc:4f:
                    a9:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:6A:A3:6A:A9:29:C0:BE:6E:E3:54:F4:AB:F5:8A:63:72:F9:4E:46
            X509v3 Authority Key Identifier:
                keyid:FE:EB:52:8C:A4:8B:1F:44:75:82:C5:4C:CF:6E:D7:80:75:1B:51:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_utSjKSLH0R1gsVMz27XgHUbUdU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/c5f9d5-7f4a-4e2f-ba4e-738886fd4edd/1/H2qjaqkpwL5u41T0q_WKY3L5TkY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/c5f9d5-7f4a-4e2f-ba4e-738886fd4edd/1/_utSjKSLH0R1gsVMz27XgHUbUdU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.128.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:31:36:08:0f:b1:9e:6d:3a:71:dd:c5:78:1a:1c:d0:41:28:
         e1:eb:91:c6:04:75:e9:d2:f4:d1:4c:bb:62:08:e9:f3:e0:1e:
         4d:59:9c:3c:e0:2b:e8:8a:31:51:10:df:be:d5:d6:8a:35:61:
         05:0c:53:54:6c:b9:25:12:16:01:76:95:72:af:de:5d:15:25:
         2b:1e:84:ad:65:e2:21:31:ba:76:bf:d0:51:29:bb:ac:51:05:
         68:37:4e:5a:e1:2d:bc:6b:af:43:b0:3e:a6:84:95:90:ef:bc:
         89:ba:ef:80:cd:e4:af:2d:93:3a:d5:3d:a5:92:96:cd:e6:85:
         83:2c:2e:27:ea:14:1c:d0:09:e7:b1:89:66:c0:b9:86:30:e9:
         a0:da:fb:97:ba:68:84:77:9b:cd:ec:0b:92:a8:9f:68:92:59:
         84:00:d8:55:ee:75:36:62:58:c7:f6:d4:e7:d3:8d:a2:2e:1d:
         91:ab:b8:a3:1d:82:c0:32:d3:2e:80:0e:fe:e8:b3:9c:bb:ab:
         da:c9:db:4e:38:2b:46:45:ab:a4:c9:ef:ee:76:a5:37:44:42:
         92:66:ec:7d:89:af:7d:a0:54:58:bc:92:3a:ed:46:14:c2:a7:
         9b:24:21:59:b6:18:ca:15:59:f2:77:36:c1:33:5b:d3:27:b7:
         45:bc:f2:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WgcogLsT84P0RC5x//s6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlZWI1MjhjYTQ4YjFmNDQ3NTgyYzU0Y2NmNmVkNzgwNzUx
YjUxZDUwHhcNMjYwMTAxMTYxNzU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjZhYTM2YWE5MjljMGJlNmVlMzU0ZjRhYmY1OGE2MzcyZjk0ZTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+ZESkRVPg//OSTzrLLAySVPYsIr
n6uGUqCIPbNNcB1r7Le0IgzzEmSLnpnAAGjiiY2Z9DbYYWxE2J+4b+wDe3dfQCdg
ODTR2Z7l/EU4E2VAdg7w4TswoBxUE3fSZy3qIl9nn8X05szgz2S7UhccVlz5fkRc
vV7LWftUj43Wj3EhoRG4Tph0Uy9OonKBJ4u6R4DiulUSr5ZCkfPIdAVRhCbFWUj3
6xZxW6+DCIT0UViW+Fd+Pquzlyhd0B313m3GgZRamyrzCu24Zi1/AFP80MPqq09a
AOpYxRhqyewnfpT2RbSwiuKA5SUEwYus99HIIRlfFt5ZUdFlUyxszE+p0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB9qo2qpKcC+buNU9Kv1imNy+U5GMB8GA1UdIwQY
MBaAFP7rUoykix9EdYLFTM9u14B1G1HVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3V0U2pLU0xIMFIxZ3NWTXoyN1hnSFViVWRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9jNWY5ZDUtN2Y0YS00ZTJmLWJhNGUt
NzM4ODg2ZmQ0ZWRkLzEvSDJxamFxa3B3TDV1NDFUMHFfV0tZM0w1VGtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9jNWY5ZDUtN2Y0YS00ZTJmLWJhNGUtNzM4ODg2ZmQ0ZWRk
LzEvX3V0U2pLU0xIMFIxZ3NWTXoyN1hnSFViVWRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4DCMA0G
CSqGSIb3DQEBCwUAA4IBAQBhMTYID7GebTpx3cV4GhzQQSjh65HGBHXp0vTRTLti
COnz4B5NWZw84CvoijFREN++1daKNWEFDFNUbLklEhYBdpVyr95dFSUrHoStZeIh
Mbp2v9BRKbusUQVoN05a4S28a69DsD6mhJWQ77yJuu+AzeSvLZM61T2lkpbN5oWD
LC4n6hQc0AnnsYlmwLmGMOmg2vuXumiEd5vN7AuSqJ9oklmEANhV7nU2YljH9tTn
042iLh2Rq7ijHYLAMtMugA7+6LOcu6vaydtOOCtGRaukye/udqU3REKSZux9ia99
oFRYvJI67UYUwqebJCFZthjKFVnydzbBM1vTJ7dFvPJn
-----END CERTIFICATE-----