This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/497otZddeNozXBoDa4RW_3BJUUA.roa
File:                     497otZddeNozXBoDa4RW_3BJUUA.roa (raw, json)
Hash identifier:          RrfBGeLjLrahf5Fq8xtl0pH9MkRki42Oz1D2w2x2gcg=
Subject key identifier:   E3:DE:E8:B5:97:5D:78:DA:33:5C:1A:03:6B:84:56:FF:70:49:51:40
Certificate issuer:       /CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
Certificate serial:       019B7D5D1DCC87801E81FA768B88449DA3BA
Authority key identifier: F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/497otZddeNozXBoDa4RW_3BJUUA.roa
Signing time:             Fri 02 Jan 2026 06:20:13 +0000
ROA not before:           Fri 02 Jan 2026 06:20:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44277
IP address blocks:        195.228.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 11:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5d:1d:cc:87:80:1e:81:fa:76:8b:88:44:9d:a3:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
        Validity
            Not Before: Jan  2 06:20:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e3dee8b5975d78da335c1a036b8456ff70495140
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:55:9c:db:b1:01:05:e6:e0:8f:4b:21:72:aa:
                    1d:da:94:3d:6f:c4:7f:86:bd:2e:70:1c:10:d0:9d:
                    c7:92:8f:41:1a:0d:8f:09:88:78:ae:9d:9c:7d:3f:
                    63:07:d8:17:d0:e4:74:15:85:6d:56:5b:f7:c5:cb:
                    d1:10:6f:b7:55:b3:e5:93:3e:23:9f:22:d2:36:cd:
                    8d:09:c0:fb:22:5c:94:9d:96:42:79:00:52:79:67:
                    32:7f:62:18:eb:64:3d:f1:64:87:72:b2:5b:5b:dd:
                    a3:bf:f1:74:f8:8b:d2:fd:53:29:d0:e9:09:ce:61:
                    c5:99:8e:4a:f3:08:12:26:1a:eb:1e:57:00:14:e6:
                    37:97:ee:43:56:6c:5f:8b:3c:ad:2f:11:9c:5e:62:
                    3d:72:2c:1b:8f:c5:f5:07:2e:11:4f:2e:bd:be:df:
                    a2:a7:c9:9d:fa:a7:c1:02:b9:ca:39:ec:40:cf:fb:
                    fb:af:be:45:44:f8:80:be:80:71:9c:92:dd:8c:e3:
                    83:a8:9e:07:50:5a:15:7d:8e:ea:9b:c1:51:aa:ae:
                    ea:17:3e:37:a3:55:84:db:d5:51:4f:a3:34:8f:c7:
                    da:53:7a:42:4c:5c:47:2f:c4:35:10:83:61:6a:ae:
                    92:86:8e:b1:34:86:65:b6:11:44:17:d9:f6:0b:6d:
                    e7:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:DE:E8:B5:97:5D:78:DA:33:5C:1A:03:6B:84:56:FF:70:49:51:40
            X509v3 Authority Key Identifier:
                keyid:F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/497otZddeNozXBoDa4RW_3BJUUA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.228.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:7f:ba:3c:57:68:36:94:0d:41:cb:66:84:ea:aa:20:20:d7:
         c2:2a:cb:76:46:c0:cc:27:de:37:cd:3a:27:86:2f:69:13:a5:
         f7:9a:54:f1:f0:63:39:4b:cd:dd:61:cf:33:23:f7:5b:57:20:
         87:00:32:60:ba:2c:4c:52:26:98:b4:67:1a:7a:d9:90:9e:f1:
         70:86:ef:77:df:ea:07:cd:bc:d9:85:43:11:c5:02:17:43:b2:
         e7:00:3a:81:a5:e5:20:79:ae:d5:b0:ae:2f:82:55:a7:39:6c:
         cd:85:d7:3b:22:29:db:87:3d:d4:0c:7c:2f:13:05:d9:74:19:
         0b:6a:70:08:bf:de:3d:17:bf:55:7a:08:8d:52:7f:b5:4e:6a:
         d0:e2:c1:88:08:61:7d:83:3f:1a:35:bf:6b:62:d7:28:4e:45:
         85:3a:14:72:bd:43:67:8e:bf:b5:f7:5c:66:50:dd:84:2e:d3:
         79:4c:9e:ab:bf:dd:04:55:39:4d:71:d6:cc:6f:2a:0a:a4:56:
         08:40:76:e9:12:21:ad:6b:20:e1:04:a9:2d:af:c4:64:ce:9e:
         a8:c1:b6:ba:64:6b:5b:e3:56:a0:6b:ff:3c:bc:d0:75:4e:86:
         c3:2e:7d:71:e2:b2:98:f7:61:36:58:9c:09:1e:34:bb:54:90:
         85:34:5b:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XR3Mh4Aegfp2i4hEnaO6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMmRhYzYwNWY0NjU5NzE4YzBhMTVlMWY3MzJjYmQ0ZjQ4
YWFlN2IwHhcNMjYwMTAyMDYyMDEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2RlZThiNTk3NWQ3OGRhMzM1YzFhMDM2Yjg0NTZmZjcwNDk1MTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiFWc27EBBebgj0shcqod2pQ9b8R/
hr0ucBwQ0J3Hko9BGg2PCYh4rp2cfT9jB9gX0OR0FYVtVlv3xcvREG+3VbPlkz4j
nyLSNs2NCcD7IlyUnZZCeQBSeWcyf2IY62Q98WSHcrJbW92jv/F0+IvS/VMp0OkJ
zmHFmY5K8wgSJhrrHlcAFOY3l+5DVmxfizytLxGcXmI9ciwbj8X1By4RTy69vt+i
p8md+qfBArnKOexAz/v7r75FRPiAvoBxnJLdjOODqJ4HUFoVfY7qm8FRqq7qFz43
o1WE29VRT6M0j8faU3pCTFxHL8Q1EINhaq6Sho6xNIZlthFEF9n2C23nxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOPe6LWXXXjaM1waA2uEVv9wSVFAMB8GA1UdIwQY
MBaAFPAtrGBfRllxjAoV4fcyy9T0iq57MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYt
MjkyYWU0NmU2MzAyLzEvNDk3b3RaZGRlTm96WEJvRGE0UldfM0JKVVVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYtMjkyYWU0NmU2MzAy
LzEvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+Q7MA0G
CSqGSIb3DQEBCwUAA4IBAQAMf7o8V2g2lA1By2aE6qogINfCKst2RsDMJ943zTon
hi9pE6X3mlTx8GM5S83dYc8zI/dbVyCHADJguixMUiaYtGcaetmQnvFwhu933+oH
zbzZhUMRxQIXQ7LnADqBpeUgea7VsK4vglWnOWzNhdc7Iinbhz3UDHwvEwXZdBkL
anAIv949F79VegiNUn+1TmrQ4sGICGF9gz8aNb9rYtcoTkWFOhRyvUNnjr+191xm
UN2ELtN5TJ6rv90EVTlNcdbMbyoKpFYIQHbpEiGtayDhBKktr8Rkzp6owba6ZGtb
41aga/88vNB1TobDLn1x4rKY92E2WJwJHjS7VJCFNFux
-----END CERTIFICATE-----