This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/0fgHNVCctmMI1V-BS5_kF5EsiOU.roa
File:                     0fgHNVCctmMI1V-BS5_kF5EsiOU.roa (raw, json)
Hash identifier:          eNuhCbiq7TJi88XjDE039hLZRz8ipxup9WRLp8sp1DI=
Subject key identifier:   D1:F8:07:35:50:9C:B6:63:08:D5:5F:81:4B:9F:E4:17:91:2C:88:E5
Certificate issuer:       /CN=abc8dbe52083ad335c9f1fde6016ec8b49293140
Certificate serial:       019B7CEDC0B16AB34AF0E634AC971B389827
Authority key identifier: AB:C8:DB:E5:20:83:AD:33:5C:9F:1F:DE:60:16:EC:8B:49:29:31:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q8jb5SCDrTNcnx_eYBbsi0kpMUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/0fgHNVCctmMI1V-BS5_kF5EsiOU.roa
Signing time:             Fri 02 Jan 2026 04:18:34 +0000
ROA not before:           Fri 02 Jan 2026 04:18:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210353
IP address blocks:        195.114.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/q8jb5SCDrTNcnx_eYBbsi0kpMUA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/q8jb5SCDrTNcnx_eYBbsi0kpMUA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q8jb5SCDrTNcnx_eYBbsi0kpMUA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 10:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:c0:b1:6a:b3:4a:f0:e6:34:ac:97:1b:38:98:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=abc8dbe52083ad335c9f1fde6016ec8b49293140
        Validity
            Not Before: Jan  2 04:18:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d1f80735509cb66308d55f814b9fe417912c88e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fa:a3:08:62:ab:43:21:7e:29:58:c0:63:a4:95:
                    f8:f4:cd:ff:fa:43:42:7c:3c:8a:da:eb:e9:ac:cb:
                    ed:b5:0f:86:d1:a1:c9:47:59:53:29:e6:3f:5f:e1:
                    37:b6:66:a2:06:52:e7:46:ab:5e:4c:87:68:f8:2f:
                    7e:b8:44:83:fb:31:ce:ee:0d:3b:5b:dc:57:6f:18:
                    2e:8a:d0:12:65:a7:be:1a:17:14:f0:9a:0e:a9:6e:
                    e5:54:02:75:c2:d5:82:9d:0b:58:9a:ee:11:b6:cd:
                    b3:76:2b:4d:cd:39:d5:ee:5e:eb:67:96:f1:7b:6f:
                    fc:20:54:e4:d2:92:46:6b:29:26:96:d5:b9:91:e0:
                    9a:ac:ff:7e:0e:7f:27:6d:ca:46:4a:99:f6:a5:36:
                    d6:17:9d:24:54:1d:81:31:08:e7:a0:8b:67:52:8f:
                    49:bf:0c:ea:ce:f8:a3:28:fe:2e:d1:d8:c1:f3:f7:
                    a6:ec:30:26:c3:c0:8c:8e:37:1b:01:5a:b0:7d:78:
                    ad:b5:4f:78:39:68:25:2c:0d:91:d1:f9:37:c4:95:
                    e1:e7:bb:b4:c8:da:aa:a6:5a:b0:c4:ec:7b:5e:bc:
                    4a:33:f7:a7:c3:5e:b6:a7:5a:e8:c8:15:30:fe:8d:
                    38:2a:5b:f0:91:5a:33:8d:0f:f3:6d:26:d5:52:1c:
                    ac:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:F8:07:35:50:9C:B6:63:08:D5:5F:81:4B:9F:E4:17:91:2C:88:E5
            X509v3 Authority Key Identifier:
                keyid:AB:C8:DB:E5:20:83:AD:33:5C:9F:1F:DE:60:16:EC:8B:49:29:31:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q8jb5SCDrTNcnx_eYBbsi0kpMUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/0fgHNVCctmMI1V-BS5_kF5EsiOU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/q8jb5SCDrTNcnx_eYBbsi0kpMUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.114.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:e0:e2:b4:d6:06:47:95:e4:f4:0a:68:db:11:f5:24:5a:06:
         03:31:33:34:ce:65:39:2c:5e:0e:70:6f:a8:47:10:11:50:79:
         be:b0:6d:e3:2d:77:c6:2b:2e:4f:a6:ca:a3:9c:b9:f6:b1:c9:
         ea:74:88:9e:d4:9a:ce:a3:4e:24:40:87:4a:eb:ea:fd:5c:35:
         ac:bd:ea:32:a0:3f:b6:46:b8:a5:e1:73:ef:a1:01:88:02:52:
         f1:0d:9b:3c:3a:06:de:db:a5:10:dd:59:66:04:6c:3c:6c:2f:
         86:ed:62:08:84:65:b2:d4:ef:5f:80:8f:a6:5c:a2:91:c8:77:
         bb:b3:d7:55:3c:9f:b5:73:9e:0f:aa:62:f4:71:7f:66:f5:39:
         94:c5:7b:54:bc:dd:ed:8b:0e:c8:60:2d:12:28:b3:e3:b0:4e:
         dd:0c:35:06:56:6e:27:c9:92:68:7c:28:c2:8e:64:95:17:cd:
         56:8c:e6:bf:81:93:4c:31:03:ea:19:e0:80:b7:59:f2:39:7e:
         18:17:d7:62:15:ae:18:68:23:d7:b7:0d:e5:5e:4d:00:15:bc:
         34:85:ba:51:59:70:82:07:81:a4:66:91:87:76:6e:42:69:2e:
         ff:eb:b9:b5:17:c2:da:da:f5:01:0c:a3:bd:2b:00:20:0a:ad:
         b7:3c:67:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87cCxarNK8OY0rJcbOJgnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiYzhkYmU1MjA4M2FkMzM1YzlmMWZkZTYwMTZlYzhiNDky
OTMxNDAwHhcNMjYwMTAyMDQxODM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWY4MDczNTUwOWNiNjYzMDhkNTVmODE0YjlmZTQxNzkxMmM4OGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+qMIYqtDIX4pWMBjpJX49M3/+kNC
fDyK2uvprMvttQ+G0aHJR1lTKeY/X+E3tmaiBlLnRqteTIdo+C9+uESD+zHO7g07
W9xXbxguitASZae+GhcU8JoOqW7lVAJ1wtWCnQtYmu4Rts2zditNzTnV7l7rZ5bx
e2/8IFTk0pJGaykmltW5keCarP9+Dn8nbcpGSpn2pTbWF50kVB2BMQjnoItnUo9J
vwzqzvijKP4u0djB8/em7DAmw8CMjjcbAVqwfXittU94OWglLA2R0fk3xJXh57u0
yNqqplqwxOx7XrxKM/enw162p1royBUw/o04KlvwkVozjQ/zbSbVUhysywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNH4BzVQnLZjCNVfgUuf5BeRLIjlMB8GA1UdIwQY
MBaAFKvI2+Ugg60zXJ8f3mAW7ItJKTFAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcThqYjVTQ0RyVE5jbnhfZVlCYnNpMGtwTVVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9jZTZjY2ItMjVjZi00OTE3LWIzY2Qt
MzA1NmFmOWEzMzVlLzEvMGZnSE5WQ2N0bU1JMVYtQlM1X2tGNUVzaU9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9jZTZjY2ItMjVjZi00OTE3LWIzY2QtMzA1NmFmOWEzMzVl
LzEvcThqYjVTQ0RyVE5jbnhfZVlCYnNpMGtwTVVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw3KCMA0G
CSqGSIb3DQEBCwUAA4IBAQA74OK01gZHleT0CmjbEfUkWgYDMTM0zmU5LF4OcG+o
RxARUHm+sG3jLXfGKy5PpsqjnLn2scnqdIie1JrOo04kQIdK6+r9XDWsveoyoD+2
Rril4XPvoQGIAlLxDZs8Ogbe26UQ3VlmBGw8bC+G7WIIhGWy1O9fgI+mXKKRyHe7
s9dVPJ+1c54PqmL0cX9m9TmUxXtUvN3tiw7IYC0SKLPjsE7dDDUGVm4nyZJofCjC
jmSVF81WjOa/gZNMMQPqGeCAt1nyOX4YF9diFa4YaCPXtw3lXk0AFbw0hbpRWXCC
B4GkZpGHdm5CaS7/67m1F8La2vUBDKO9KwAgCq23PGci
-----END CERTIFICATE-----