This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/b5d5bb-23c6-4b3d-94c8-42bbf1a6a65b/1/XyAp-ULJDGqQnYw4x0VOKO9WL4A.roa
File:                     XyAp-ULJDGqQnYw4x0VOKO9WL4A.roa (raw, json)
Hash identifier:          p7Y5UggA9XaPiUt8v09KTFjc/O7q3EmBodfSudOJ2G0=
Subject key identifier:   5F:20:29:F9:42:C9:0C:6A:90:9D:8C:38:C7:45:4E:28:EF:56:2F:80
Certificate issuer:       /CN=bd60edf96266b7c0d43836c854ab472cb74db034
Certificate serial:       019B7834EA465C7015AE29A68EAF78BACD3E
Authority key identifier: BD:60:ED:F9:62:66:B7:C0:D4:38:36:C8:54:AB:47:2C:B7:4D:B0:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vWDt-WJmt8DUODbIVKtHLLdNsDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/b5d5bb-23c6-4b3d-94c8-42bbf1a6a65b/1/XyAp-ULJDGqQnYw4x0VOKO9WL4A.roa
Signing time:             Thu 01 Jan 2026 06:18:12 +0000
ROA not before:           Thu 01 Jan 2026 06:18:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39249
IP address blocks:        195.214.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/b5d5bb-23c6-4b3d-94c8-42bbf1a6a65b/1/vWDt-WJmt8DUODbIVKtHLLdNsDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/b5d5bb-23c6-4b3d-94c8-42bbf1a6a65b/1/vWDt-WJmt8DUODbIVKtHLLdNsDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vWDt-WJmt8DUODbIVKtHLLdNsDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 15:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:ea:46:5c:70:15:ae:29:a6:8e:af:78:ba:cd:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd60edf96266b7c0d43836c854ab472cb74db034
        Validity
            Not Before: Jan  1 06:18:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5f2029f942c90c6a909d8c38c7454e28ef562f80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:ea:d7:eb:7b:3c:fc:6f:7d:36:44:d0:3a:04:
                    90:77:b2:19:a0:f5:cf:aa:47:77:a9:44:58:da:a1:
                    90:0f:f8:18:fe:3a:97:5e:c8:19:c1:c6:5a:c4:b0:
                    0e:e3:ec:fa:28:88:47:2e:78:e0:c0:41:b0:af:df:
                    b0:5b:44:58:3c:e7:ad:c8:ab:68:3a:c2:95:c0:e6:
                    46:35:bd:cd:4a:14:5f:dd:64:23:98:c8:d6:ab:69:
                    f5:1b:3c:8e:ae:12:49:9c:b6:2d:89:40:d4:97:00:
                    f9:f2:95:db:36:b5:7f:c6:72:fe:44:32:e3:b6:0a:
                    9f:f1:48:5d:13:c2:d7:5a:2d:14:78:cc:22:47:ac:
                    a8:5d:dd:f9:41:db:c0:e1:a9:8f:a6:98:6b:a8:42:
                    c9:f2:b9:95:0d:7a:20:7b:92:a4:71:c6:2c:e6:fb:
                    bc:2e:c5:a2:37:b2:10:de:b8:3c:e6:3d:2d:df:2f:
                    c9:c4:f1:ef:8a:a2:c2:2c:ff:81:c9:d7:3f:37:45:
                    64:a0:c7:56:37:9d:a8:44:a4:8c:d2:69:c2:44:68:
                    c0:9a:ec:70:cc:54:ed:ee:15:10:c2:fd:ac:21:c7:
                    66:74:8e:dd:73:b8:2c:dd:09:5c:70:b4:37:c2:ee:
                    5c:85:a2:a6:c6:70:61:37:4a:c2:a3:d5:64:65:b9:
                    23:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:20:29:F9:42:C9:0C:6A:90:9D:8C:38:C7:45:4E:28:EF:56:2F:80
            X509v3 Authority Key Identifier:
                keyid:BD:60:ED:F9:62:66:B7:C0:D4:38:36:C8:54:AB:47:2C:B7:4D:B0:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vWDt-WJmt8DUODbIVKtHLLdNsDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/b5d5bb-23c6-4b3d-94c8-42bbf1a6a65b/1/XyAp-ULJDGqQnYw4x0VOKO9WL4A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/b5d5bb-23c6-4b3d-94c8-42bbf1a6a65b/1/vWDt-WJmt8DUODbIVKtHLLdNsDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.214.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:e9:d1:8d:5f:d8:5c:0b:c2:da:70:f3:f5:0c:5e:7c:96:4d:
         24:79:91:10:66:ba:28:56:b2:00:f8:14:87:d3:5b:53:6a:b4:
         23:09:8b:48:d3:dc:34:82:46:51:f5:96:30:98:e2:c4:81:00:
         0b:4e:8c:3b:c2:33:26:60:20:a0:94:a4:fb:d5:23:14:3b:6e:
         62:80:bf:15:2a:f2:17:4b:83:8c:28:5e:43:7f:9f:7c:15:6c:
         55:43:e6:f9:de:77:be:00:6b:26:31:ff:77:84:8c:fe:d4:2d:
         da:b1:3e:3a:2f:21:fb:5a:c0:9a:e4:22:5f:f9:1e:c4:75:87:
         76:22:2e:0a:ff:f4:37:d4:1f:35:b1:fe:c0:c6:0f:7c:c3:e6:
         41:1a:56:df:bd:14:3d:0b:93:9e:f5:2b:e8:94:7c:7a:26:64:
         df:bb:4c:8c:0c:92:2a:a8:69:19:c9:37:dc:fd:b0:11:8c:47:
         b9:ac:56:05:97:5a:1f:13:28:68:8e:14:4e:b0:4f:86:39:10:
         6e:a0:67:ca:f5:a1:59:ed:d9:9d:cc:bd:58:90:b0:0b:0f:28:
         e7:06:7e:c1:a9:b6:76:de:95:6c:57:0e:4d:df:82:82:26:04:
         32:63:f4:3b:aa:f3:5f:c0:5f:0c:be:c0:31:0d:c9:6c:35:ee:
         c9:01:8f:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NOpGXHAVrimmjq94us0+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkNjBlZGY5NjI2NmI3YzBkNDM4MzZjODU0YWI0NzJjYjc0
ZGIwMzQwHhcNMjYwMTAxMDYxODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjIwMjlmOTQyYzkwYzZhOTA5ZDhjMzhjNzQ1NGUyOGVmNTYyZjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzOrX63s8/G99NkTQOgSQd7IZoPXP
qkd3qURY2qGQD/gY/jqXXsgZwcZaxLAO4+z6KIhHLnjgwEGwr9+wW0RYPOetyKto
OsKVwOZGNb3NShRf3WQjmMjWq2n1GzyOrhJJnLYtiUDUlwD58pXbNrV/xnL+RDLj
tgqf8UhdE8LXWi0UeMwiR6yoXd35QdvA4amPpphrqELJ8rmVDXoge5KkccYs5vu8
LsWiN7IQ3rg85j0t3y/JxPHviqLCLP+Bydc/N0VkoMdWN52oRKSM0mnCRGjAmuxw
zFTt7hUQwv2sIcdmdI7dc7gs3QlccLQ3wu5chaKmxnBhN0rCo9VkZbkjWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF8gKflCyQxqkJ2MOMdFTijvVi+AMB8GA1UdIwQY
MBaAFL1g7fliZrfA1Dg2yFSrRyy3TbA0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdldEdC1XSm10OERVT0RiSVZLdEhMTGROc0RRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9iNWQ1YmItMjNjNi00YjNkLTk0Yzgt
NDJiYmYxYTZhNjViLzEvWHlBcC1VTEpER3FRbll3NHgwVk9LTzlXTDRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9iNWQ1YmItMjNjNi00YjNkLTk0YzgtNDJiYmYxYTZhNjVi
LzEvdldEdC1XSm10OERVT0RiSVZLdEhMTGROc0RRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9bUMA0G
CSqGSIb3DQEBCwUAA4IBAQAO6dGNX9hcC8LacPP1DF58lk0keZEQZrooVrIA+BSH
01tTarQjCYtI09w0gkZR9ZYwmOLEgQALTow7wjMmYCCglKT71SMUO25igL8VKvIX
S4OMKF5Df598FWxVQ+b53ne+AGsmMf93hIz+1C3asT46LyH7WsCa5CJf+R7EdYd2
Ii4K//Q31B81sf7Axg98w+ZBGlbfvRQ9C5Oe9SvolHx6JmTfu0yMDJIqqGkZyTfc
/bARjEe5rFYFl1ofEyhojhROsE+GORBuoGfK9aFZ7dmdzL1YkLALDyjnBn7BqbZ2
3pVsVw5N34KCJgQyY/Q7qvNfwF8MvsAxDclsNe7JAY/s
-----END CERTIFICATE-----