This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/maBYfeX8FfgClsOFhy-Qdandr6Y.roa
File:                     maBYfeX8FfgClsOFhy-Qdandr6Y.roa (raw, json)
Hash identifier:          eJEH9q0BdM3rwm/N475lhdL/vo2eXtahTxJLiQctRow=
Subject key identifier:   99:A0:58:7D:E5:FC:15:F8:02:96:C3:85:87:2F:90:75:A9:DD:AF:A6
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       019B77C74AFC82354C845B66FF1AB7A77728
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/maBYfeX8FfgClsOFhy-Qdandr6Y.roa
Signing time:             Thu 01 Jan 2026 04:18:28 +0000
ROA not before:           Thu 01 Jan 2026 04:18:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205221
IP address blocks:        195.19.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:4a:fc:82:35:4c:84:5b:66:ff:1a:b7:a7:77:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  1 04:18:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=99a0587de5fc15f80296c385872f9075a9ddafa6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:dc:35:eb:3e:09:4a:75:cc:68:55:fd:d3:0d:
                    5c:b8:06:d3:b6:60:bd:55:be:4c:cf:ba:a5:6b:1b:
                    8d:9e:e6:3b:f9:5c:dc:50:c3:8e:c1:82:34:da:1e:
                    c8:59:99:88:b0:de:e9:be:d0:63:22:6f:6c:22:6d:
                    86:45:7b:e9:cf:57:6c:de:96:32:ac:f4:a9:a9:12:
                    fc:e5:62:69:90:11:98:36:d4:fb:a0:e6:51:27:a1:
                    37:21:b8:ba:c1:43:cf:e2:77:fb:a6:a4:9e:93:b9:
                    a3:ef:be:b8:e3:96:58:37:f8:1b:a0:74:9e:ae:38:
                    fa:d1:ca:db:44:9a:b8:e3:9c:3e:bb:7f:96:39:5f:
                    81:9a:26:6d:6c:8b:2d:54:f7:f3:b0:f4:a0:42:8b:
                    9b:6b:bc:9b:66:63:cb:6b:8a:8d:f9:2d:eb:bf:1e:
                    b7:12:e6:31:a7:95:1e:ae:ce:03:6f:c6:0c:52:3b:
                    7b:ef:35:99:b3:4f:0a:ab:f4:df:0f:22:46:77:fa:
                    27:26:d7:6b:0b:b3:b4:4d:6c:ff:e9:72:ed:34:c2:
                    53:79:39:0f:a6:54:e8:42:47:31:5f:38:dc:2d:0b:
                    2a:78:e0:00:dd:84:33:b4:be:86:b7:d4:dc:67:7e:
                    c9:58:e6:71:dd:08:ef:42:cb:31:6f:0c:f7:55:3f:
                    37:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:A0:58:7D:E5:FC:15:F8:02:96:C3:85:87:2F:90:75:A9:DD:AF:A6
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/maBYfeX8FfgClsOFhy-Qdandr6Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.19.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:79:aa:3d:43:fb:90:af:53:48:b9:e4:fd:85:b5:f6:9d:92:
         03:5f:ad:6e:51:0a:0b:f3:7b:cb:ec:1b:2f:1a:00:80:3a:3e:
         30:fd:e8:ea:ba:51:c2:67:99:e4:6d:08:9e:09:85:fd:a0:5d:
         65:21:0f:3f:aa:95:4d:62:e1:4d:c7:82:52:87:f8:cb:fb:11:
         0d:d4:00:91:66:04:54:ec:4c:c9:1d:7d:e8:88:92:87:8a:63:
         55:e2:af:19:7a:80:3d:d1:4c:8f:b2:28:b0:0a:40:dd:c9:e2:
         97:6f:17:75:10:51:1c:fa:47:55:5b:ef:6e:dc:4d:3e:8c:c8:
         28:f4:8e:d4:d6:6c:ac:4b:eb:6e:11:38:26:67:d0:ed:6b:ff:
         7f:76:79:9e:9d:5c:f7:20:ea:03:f7:fb:07:db:3f:c4:fa:ac:
         83:70:7d:13:94:0f:a7:7d:d6:66:e1:18:35:f9:bd:ec:c3:b7:
         8a:56:68:0c:81:bb:2e:cc:22:9f:d1:2e:4a:1e:32:3e:54:71:
         be:d3:d2:52:8c:92:80:4a:01:a0:1b:ed:ee:2c:2c:b0:fd:5f:
         41:f3:53:f1:93:9a:4f:c2:7c:c8:4a:e1:46:6e:b6:63:fe:3e:
         0a:9d:aa:78:d9:c5:6d:e1:d2:5e:f3:be:1a:a4:d8:56:e6:5d:
         16:40:57:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3x0r8gjVMhFtm/xq3p3coMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjYwMTAxMDQxODI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWEwNTg3ZGU1ZmMxNWY4MDI5NmMzODU4NzJmOTA3NWE5ZGRhZmE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9dw16z4JSnXMaFX90w1cuAbTtmC9
Vb5Mz7qlaxuNnuY7+VzcUMOOwYI02h7IWZmIsN7pvtBjIm9sIm2GRXvpz1ds3pYy
rPSpqRL85WJpkBGYNtT7oOZRJ6E3Ibi6wUPP4nf7pqSek7mj776445ZYN/gboHSe
rjj60crbRJq445w+u3+WOV+BmiZtbIstVPfzsPSgQouba7ybZmPLa4qN+S3rvx63
EuYxp5Uers4Db8YMUjt77zWZs08Kq/TfDyJGd/onJtdrC7O0TWz/6XLtNMJTeTkP
plToQkcxXzjcLQsqeOAA3YQztL6Gt9TcZ37JWOZx3QjvQssxbwz3VT83TwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJmgWH3l/BX4ApbDhYcvkHWp3a+mMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvbWFCWWZlWDhGZmdDbHNPRmh5LVFkYW5kcjZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwxPPMA0G
CSqGSIb3DQEBCwUAA4IBAQBFeao9Q/uQr1NIueT9hbX2nZIDX61uUQoL83vL7Bsv
GgCAOj4w/ejqulHCZ5nkbQieCYX9oF1lIQ8/qpVNYuFNx4JSh/jL+xEN1ACRZgRU
7EzJHX3oiJKHimNV4q8ZeoA90UyPsiiwCkDdyeKXbxd1EFEc+kdVW+9u3E0+jMgo
9I7U1mysS+tuETgmZ9Dta/9/dnmenVz3IOoD9/sH2z/E+qyDcH0TlA+nfdZm4Rg1
+b3sw7eKVmgMgbsuzCKf0S5KHjI+VHG+09JSjJKASgGgG+3uLCyw/V9B81Pxk5pP
wnzISuFGbrZj/j4Knap42cVt4dJe874apNhW5l0WQFdm
-----END CERTIFICATE-----