This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/Pxu28lCYQ61TMNCPkw6L5Zxb0Bg.roa
File:                     Pxu28lCYQ61TMNCPkw6L5Zxb0Bg.roa (raw, json)
Hash identifier:          9BwTT594KYhK6NxppVEB0Pd6gpbgpCUPdDD7O5VwHzI=
Subject key identifier:   3F:1B:B6:F2:50:98:43:AD:53:30:D0:8F:93:0E:8B:E5:9C:5B:D0:18
Certificate issuer:       /CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Certificate serial:       019A9E2A2E155E0FFF88D88558A9255251FF
Authority key identifier: 44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/Pxu28lCYQ61TMNCPkw6L5Zxb0Bg.roa
Signing time:             Wed 19 Nov 2025 22:09:15 +0000
ROA not before:           Wed 19 Nov 2025 22:09:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61308
IP address blocks:        95.215.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:9e:2a:2e:15:5e:0f:ff:88:d8:85:58:a9:25:52:51:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
        Validity
            Not Before: Nov 19 22:09:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3f1bb6f2509843ad5330d08f930e8be59c5bd018
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:d8:27:cc:50:9e:51:f7:89:78:e0:c9:59:d7:
                    3b:43:24:69:a2:a5:94:3f:d8:0e:6b:19:e0:1c:0c:
                    f4:13:29:98:9a:b8:80:24:19:7d:d2:fc:32:ab:57:
                    77:34:e9:6c:e8:06:cf:d8:d4:43:6e:78:5b:97:de:
                    6e:6b:e9:f6:c1:96:3c:ce:92:d1:51:50:66:c6:3f:
                    b1:d1:a0:81:77:bf:3b:43:16:74:c9:b2:22:ed:e9:
                    f7:6a:50:d0:b6:ad:17:98:9f:02:76:23:12:34:fa:
                    3d:30:16:f1:02:40:fd:ca:6f:dd:b5:4f:ba:98:dd:
                    dc:83:70:3b:46:55:de:4d:f6:0a:63:93:05:06:77:
                    42:28:b1:ab:bc:45:79:23:f6:5b:cd:2c:a1:1a:1a:
                    6a:5b:46:c4:e9:90:bc:1e:d6:1a:28:6d:af:0e:f9:
                    8b:4a:74:ff:88:48:f8:aa:05:72:97:7b:af:7e:55:
                    2d:5b:87:28:72:bd:cc:22:5a:75:96:5d:f2:a7:c8:
                    33:83:85:1b:64:30:9c:00:fa:0c:80:db:f8:d5:ec:
                    66:a2:76:37:41:ba:5a:4a:bb:b0:1a:29:8e:ee:b0:
                    9d:0e:8d:fa:30:01:55:c9:2f:5c:1e:26:f8:9f:db:
                    7f:6a:cf:fc:bc:bc:c2:58:05:0e:83:3f:34:02:4c:
                    bf:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:1B:B6:F2:50:98:43:AD:53:30:D0:8F:93:0E:8B:E5:9C:5B:D0:18
            X509v3 Authority Key Identifier:
                keyid:44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/Pxu28lCYQ61TMNCPkw6L5Zxb0Bg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.215.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:84:4d:a2:17:5b:a5:82:f0:df:a1:c2:21:68:02:b6:67:54:
         b8:1e:c4:f8:89:59:a1:f9:7b:72:77:92:af:a1:7c:67:1c:c7:
         c3:78:11:9b:06:5f:ec:cb:cd:4c:14:bd:da:6c:0e:a0:b0:78:
         9f:aa:f2:f9:78:ff:41:ce:54:87:8a:24:59:6f:09:ee:ce:fb:
         ff:27:a3:d7:f4:9c:60:eb:e1:a0:32:bd:e3:fd:97:cf:03:82:
         7e:ab:ba:28:69:9f:d7:21:72:96:48:eb:b0:12:e2:15:c9:0e:
         f1:89:32:2d:59:24:8a:52:98:04:79:c5:1c:c1:77:86:b5:82:
         f2:ea:d4:02:b5:60:67:d6:19:a4:b4:e9:c6:16:10:be:04:2e:
         d5:c5:21:ba:3d:a5:e0:d4:20:18:a0:78:46:aa:7c:2a:ba:f1:
         5b:62:04:b0:17:8f:8a:cc:96:78:b8:96:12:66:31:1c:76:99:
         25:c9:50:4b:e1:a1:c1:b1:19:5f:71:97:ef:5c:67:7c:c2:97:
         c6:ea:2e:9a:a6:75:3a:25:d2:ed:cd:67:c2:9c:1c:3a:41:fb:
         03:e4:6f:93:5e:45:78:be:35:0d:fd:93:9a:65:75:f9:13:53:
         4d:d1:2f:86:56:b5:37:72:55:85:c3:1c:23:0e:9d:ce:9a:dc:
         01:5c:aa:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZqeKi4VXg//iNiFWKklUlH/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTllYzJhNWZkNTM5MDljNTIzOWY0Y2M4ZDZkMzI5YTI3
NzliYjEwHhcNMjUxMTE5MjIwOTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjFiYjZmMjUwOTg0M2FkNTMzMGQwOGY5MzBlOGJlNTljNWJkMDE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtdgnzFCeUfeJeODJWdc7QyRpoqWU
P9gOaxngHAz0EymYmriAJBl90vwyq1d3NOls6AbP2NRDbnhbl95ua+n2wZY8zpLR
UVBmxj+x0aCBd787QxZ0ybIi7en3alDQtq0XmJ8CdiMSNPo9MBbxAkD9ym/dtU+6
mN3cg3A7RlXeTfYKY5MFBndCKLGrvEV5I/ZbzSyhGhpqW0bE6ZC8HtYaKG2vDvmL
SnT/iEj4qgVyl3uvflUtW4cocr3MIlp1ll3yp8gzg4UbZDCcAPoMgNv41exmonY3
QbpaSruwGimO7rCdDo36MAFVyS9cHib4n9t/as/8vLzCWAUOgz80Aky/7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD8btvJQmEOtUzDQj5MOi+WcW9AYMB8GA1UdIwQY
MBaAFERZ7Cpf1TkJxSOfTMjW0ymid5uxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTkt
NmI0MzcyNjAyMDk2LzEvUHh1MjhsQ1lRNjFUTU5DUGt3Nkw1WnhiMEJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTktNmI0MzcyNjAyMDk2
LzEvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX9dtMA0G
CSqGSIb3DQEBCwUAA4IBAQCvhE2iF1ulgvDfocIhaAK2Z1S4HsT4iVmh+Xtyd5Kv
oXxnHMfDeBGbBl/sy81MFL3abA6gsHifqvL5eP9BzlSHiiRZbwnuzvv/J6PX9Jxg
6+GgMr3j/ZfPA4J+q7ooaZ/XIXKWSOuwEuIVyQ7xiTItWSSKUpgEecUcwXeGtYLy
6tQCtWBn1hmktOnGFhC+BC7VxSG6PaXg1CAYoHhGqnwquvFbYgSwF4+KzJZ4uJYS
ZjEcdpklyVBL4aHBsRlfcZfvXGd8wpfG6i6apnU6JdLtzWfCnBw6QfsD5G+TXkV4
vjUN/ZOaZXX5E1NN0S+GVrU3clWFwxwjDp3OmtwBXKqS
-----END CERTIFICATE-----