This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/19c09a-d79a-4de4-8a86-4a685962f3e8/1/zhduJ-swFr0LmCkicbzPBV2VmQI.roa
File:                     zhduJ-swFr0LmCkicbzPBV2VmQI.roa (raw, json)
Hash identifier:          E4NsemPM+y5KCKmOA9mHsx4EyDl+oDm0fe+lJBg6OOU=
Subject key identifier:   CE:17:6E:27:EB:30:16:BD:0B:98:29:22:71:BC:CF:05:5D:95:99:02
Certificate issuer:       /CN=eb500c9002321f03964583710b7baa4597341213
Certificate serial:       019B7EA6FA393D47E8F39347752AD61E8C8B
Authority key identifier: EB:50:0C:90:02:32:1F:03:96:45:83:71:0B:7B:AA:45:97:34:12:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/61AMkAIyHwOWRYNxC3uqRZc0EhM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/19c09a-d79a-4de4-8a86-4a685962f3e8/1/zhduJ-swFr0LmCkicbzPBV2VmQI.roa
Signing time:             Fri 02 Jan 2026 12:20:30 +0000
ROA not before:           Fri 02 Jan 2026 12:20:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216154
IP address blocks:        95.81.96.0/22 maxlen: 22
                          95.81.100.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/19c09a-d79a-4de4-8a86-4a685962f3e8/1/61AMkAIyHwOWRYNxC3uqRZc0EhM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/19c09a-d79a-4de4-8a86-4a685962f3e8/1/61AMkAIyHwOWRYNxC3uqRZc0EhM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/61AMkAIyHwOWRYNxC3uqRZc0EhM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 10:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:fa:39:3d:47:e8:f3:93:47:75:2a:d6:1e:8c:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb500c9002321f03964583710b7baa4597341213
        Validity
            Not Before: Jan  2 12:20:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ce176e27eb3016bd0b98292271bccf055d959902
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:d5:83:01:70:a7:c9:c6:24:11:c3:b6:b9:5e:
                    96:5e:68:0b:14:ec:e2:c1:bc:fb:fc:5c:92:f8:ab:
                    14:32:90:ec:10:a8:49:9d:91:44:69:21:28:1a:7f:
                    56:ec:68:fe:c0:7a:82:13:c7:d2:9a:35:cd:55:50:
                    3f:2b:b1:b8:34:75:ab:ed:ae:02:80:4a:14:68:c5:
                    3f:e7:47:ba:88:0f:73:3e:ae:57:45:5e:7b:81:30:
                    a6:22:4c:99:84:48:34:6a:88:04:ec:60:54:37:01:
                    27:23:6e:7d:67:6d:db:f6:75:8d:c4:38:f2:6a:ec:
                    38:42:e0:46:2a:30:dc:7a:67:75:14:ed:e4:b8:1d:
                    7e:29:95:cc:f0:1d:a9:0d:ec:5a:6f:5e:e7:13:57:
                    94:93:46:7a:a5:1f:8c:c7:e4:0d:15:8b:3e:c4:73:
                    f0:d7:a8:b9:b4:df:bf:c3:c7:dd:12:e4:0c:4d:d0:
                    dc:95:26:6c:bb:3b:44:c2:45:58:60:06:ec:65:c3:
                    c4:d3:e4:1c:00:82:9d:60:17:aa:c9:95:24:b9:1c:
                    1f:db:d4:63:ad:13:b0:c5:a6:0e:8e:ff:61:ce:14:
                    64:27:4c:94:29:6e:eb:15:9c:9d:9a:c5:01:44:c5:
                    02:85:88:07:d0:2d:f8:0e:fb:77:39:c5:d9:cb:26:
                    be:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:17:6E:27:EB:30:16:BD:0B:98:29:22:71:BC:CF:05:5D:95:99:02
            X509v3 Authority Key Identifier:
                keyid:EB:50:0C:90:02:32:1F:03:96:45:83:71:0B:7B:AA:45:97:34:12:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/61AMkAIyHwOWRYNxC3uqRZc0EhM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/19c09a-d79a-4de4-8a86-4a685962f3e8/1/zhduJ-swFr0LmCkicbzPBV2VmQI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/19c09a-d79a-4de4-8a86-4a685962f3e8/1/61AMkAIyHwOWRYNxC3uqRZc0EhM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.81.96.0/21

    Signature Algorithm: sha256WithRSAEncryption
         69:a9:63:73:30:ae:a2:f3:8d:9a:38:46:ee:15:8c:e7:ff:c0:
         54:4e:b8:37:4b:ff:a9:38:78:6e:dc:29:37:8a:54:46:c8:f9:
         0b:c7:0a:d4:aa:11:a4:5e:d9:a0:49:b6:f7:d0:07:cc:44:af:
         3f:36:88:30:f8:5e:ac:47:4b:5d:dd:04:4a:82:7f:af:60:41:
         b7:3f:9b:f8:a9:26:cd:d0:65:cd:93:9d:56:dd:76:91:86:e3:
         50:86:b6:5a:36:6b:cb:bc:75:98:4d:e4:27:0a:8e:4e:e1:79:
         90:4a:3b:94:9c:10:09:9d:34:1f:6b:fd:53:a3:c9:2a:31:22:
         a9:c9:01:44:62:ab:59:04:a0:9b:20:be:b8:ca:9d:47:fe:60:
         27:f0:e2:ac:c5:4a:7e:74:4f:dc:27:49:98:92:79:7f:95:b1:
         8a:8a:9b:24:03:61:79:c3:48:a3:b7:31:b2:e3:1c:63:2a:13:
         29:0b:65:12:76:3f:3f:17:0b:04:51:13:d9:f2:ba:36:e8:b0:
         ec:5b:3f:75:c6:f8:8d:28:49:a5:b7:0c:6d:e8:67:99:2f:96:
         b4:17:fa:55:12:46:88:77:1b:f9:7d:e3:d8:f4:d3:5b:f8:76:
         72:57:4f:f5:66:89:01:ba:86:b0:aa:4e:95:0e:6a:54:1e:e5:
         92:a2:84:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pvo5PUfo85NHdSrWHoyLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViNTAwYzkwMDIzMjFmMDM5NjQ1ODM3MTBiN2JhYTQ1OTcz
NDEyMTMwHhcNMjYwMTAyMTIyMDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTE3NmUyN2ViMzAxNmJkMGI5ODI5MjI3MWJjY2YwNTVkOTU5OTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAidWDAXCnycYkEcO2uV6WXmgLFOzi
wbz7/FyS+KsUMpDsEKhJnZFEaSEoGn9W7Gj+wHqCE8fSmjXNVVA/K7G4NHWr7a4C
gEoUaMU/50e6iA9zPq5XRV57gTCmIkyZhEg0aogE7GBUNwEnI259Z23b9nWNxDjy
auw4QuBGKjDcemd1FO3kuB1+KZXM8B2pDexab17nE1eUk0Z6pR+Mx+QNFYs+xHPw
16i5tN+/w8fdEuQMTdDclSZsuztEwkVYYAbsZcPE0+QcAIKdYBeqyZUkuRwf29Rj
rROwxaYOjv9hzhRkJ0yUKW7rFZydmsUBRMUChYgH0C34Dvt3OcXZyya+1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM4XbifrMBa9C5gpInG8zwVdlZkCMB8GA1UdIwQY
MBaAFOtQDJACMh8DlkWDcQt7qkWXNBITMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjFBTWtBSXlId09XUllOeEMzdXFSWmMwRWhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS8xOWMwOWEtZDc5YS00ZGU0LThhODYt
NGE2ODU5NjJmM2U4LzEvemhkdUotc3dGcjBMbUNraWNielBCVjJWbVFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS8xOWMwOWEtZDc5YS00ZGU0LThhODYtNGE2ODU5NjJmM2U4
LzEvNjFBTWtBSXlId09XUllOeEMzdXFSWmMwRWhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDX1FgMA0G
CSqGSIb3DQEBCwUAA4IBAQBpqWNzMK6i842aOEbuFYzn/8BUTrg3S/+pOHhu3Ck3
ilRGyPkLxwrUqhGkXtmgSbb30AfMRK8/Nogw+F6sR0td3QRKgn+vYEG3P5v4qSbN
0GXNk51W3XaRhuNQhrZaNmvLvHWYTeQnCo5O4XmQSjuUnBAJnTQfa/1To8kqMSKp
yQFEYqtZBKCbIL64yp1H/mAn8OKsxUp+dE/cJ0mYknl/lbGKipskA2F5w0ijtzGy
4xxjKhMpC2USdj8/FwsEURPZ8ro26LDsWz91xviNKEmltwxt6GeZL5a0F/pVEkaI
dxv5fePY9NNb+HZyV0/1ZokBuoawqk6VDmpUHuWSooSB
-----END CERTIFICATE-----