This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/0r4BvsnJAN2Pz40prPoUEy6WvzU.roa
File:                     0r4BvsnJAN2Pz40prPoUEy6WvzU.roa (raw, json)
Hash identifier:          AamdQ0j/vjkbuVtweF8p9JDSZ2i84cCde/Gwvcvf218=
Subject key identifier:   D2:BE:01:BE:C9:C9:00:DD:8F:CF:8D:29:AC:FA:14:13:2E:96:BF:35
Certificate issuer:       /CN=d0aa4a1a7a3ad23faae2aeae9fa6194f02128129
Certificate serial:       019B7C80A08CA0BB979BC193223F6FD804D8
Authority key identifier: D0:AA:4A:1A:7A:3A:D2:3F:AA:E2:AE:AE:9F:A6:19:4F:02:12:81:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0KpKGno60j-q4q6un6YZTwISgSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/0r4BvsnJAN2Pz40prPoUEy6WvzU.roa
Signing time:             Fri 02 Jan 2026 02:19:23 +0000
ROA not before:           Fri 02 Jan 2026 02:19:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12888
IP address blocks:        195.27.162.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/0KpKGno60j-q4q6un6YZTwISgSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/0KpKGno60j-q4q6un6YZTwISgSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0KpKGno60j-q4q6un6YZTwISgSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:a0:8c:a0:bb:97:9b:c1:93:22:3f:6f:d8:04:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0aa4a1a7a3ad23faae2aeae9fa6194f02128129
        Validity
            Not Before: Jan  2 02:19:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d2be01bec9c900dd8fcf8d29acfa14132e96bf35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:32:40:6d:7f:08:35:c4:80:f9:db:f2:b2:79:
                    0b:42:7d:8c:ed:91:b5:1a:2b:06:83:19:77:66:91:
                    97:ea:6d:1c:c6:8b:c1:5b:54:b5:dc:28:82:ad:cd:
                    f9:7b:aa:c3:0e:f3:7a:e9:49:97:97:b7:6b:bb:16:
                    b0:d9:d9:c9:2e:c7:f4:12:f0:3a:0d:dd:8a:5b:a9:
                    a4:0e:5c:18:b5:31:de:e6:cd:05:4b:98:ea:8c:49:
                    92:e9:f9:fa:35:40:92:42:e6:a7:a8:f8:29:fa:3a:
                    95:98:7b:5a:c4:63:0c:c0:4f:54:19:79:00:67:2a:
                    ad:07:e6:d4:68:47:ec:89:32:ab:52:34:6c:cb:0e:
                    cc:3a:05:f7:31:35:8b:ba:92:9b:d3:b3:8d:3f:b2:
                    24:49:c0:a4:39:26:f3:22:18:40:20:92:4a:d4:92:
                    ed:76:c7:b2:d2:73:af:22:88:2b:08:bf:e6:88:69:
                    eb:2e:15:fd:9b:bb:56:05:58:fc:87:9c:dd:49:d9:
                    6c:59:53:6f:dd:fd:51:b7:65:8c:98:7e:02:3b:14:
                    21:01:8f:90:f5:da:65:f2:ea:29:fb:9c:a1:f5:02:
                    a5:b3:e9:b4:e9:b8:4d:3c:be:ff:ec:ba:94:2e:39:
                    c0:69:9c:42:8d:b1:79:09:dd:b8:6f:0f:20:44:69:
                    4b:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:BE:01:BE:C9:C9:00:DD:8F:CF:8D:29:AC:FA:14:13:2E:96:BF:35
            X509v3 Authority Key Identifier:
                keyid:D0:AA:4A:1A:7A:3A:D2:3F:AA:E2:AE:AE:9F:A6:19:4F:02:12:81:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0KpKGno60j-q4q6un6YZTwISgSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/0r4BvsnJAN2Pz40prPoUEy6WvzU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/0KpKGno60j-q4q6un6YZTwISgSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.27.162.0/23

    Signature Algorithm: sha256WithRSAEncryption
         19:4f:e9:01:cb:9e:83:6a:db:01:eb:f2:58:6d:fa:33:09:3d:
         4e:3c:47:6e:88:20:6d:21:a0:50:30:0d:9f:72:f5:60:f7:41:
         fc:56:c3:01:4d:5b:f4:7e:12:62:e1:2e:48:9f:54:0b:27:74:
         f9:d0:a6:69:e3:4b:72:11:77:61:cb:82:8b:69:00:41:e3:a5:
         ef:6c:12:b0:c7:02:3a:1c:4b:49:df:a7:44:77:90:27:cf:fe:
         d7:b7:a0:19:85:3a:aa:a5:85:c5:da:56:9a:c5:e8:3d:27:11:
         ea:67:11:b5:ef:9b:97:f2:72:34:70:a3:e1:0b:de:f3:4f:05:
         77:56:13:61:2f:1a:b7:7b:3c:84:1b:eb:d3:11:24:15:cb:83:
         d6:00:73:17:c5:e1:54:9e:28:8f:7f:d2:a8:0a:b9:a9:9b:64:
         4b:6d:f3:14:ba:25:ec:07:7b:e1:55:7e:3b:af:31:21:b8:ab:
         93:19:5a:b2:a9:51:d1:8b:ed:41:26:99:b3:35:7f:4f:f0:ca:
         66:f8:ad:10:6d:f5:1b:be:8c:1f:3d:da:b0:b4:b8:82:fb:5a:
         1a:1b:93:45:c9:d3:63:0e:d5:e1:18:8b:83:f1:c7:11:ee:23:
         32:5e:b5:43:a3:ec:f3:f0:d8:2c:9a:90:15:25:6f:54:bd:e1:
         38:91:dc:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gKCMoLuXm8GTIj9v2ATYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwYWE0YTFhN2EzYWQyM2ZhYWUyYWVhZTlmYTYxOTRmMDIx
MjgxMjkwHhcNMjYwMTAyMDIxOTIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmJlMDFiZWM5YzkwMGRkOGZjZjhkMjlhY2ZhMTQxMzJlOTZiZjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlzJAbX8INcSA+dvysnkLQn2M7ZG1
GisGgxl3ZpGX6m0cxovBW1S13CiCrc35e6rDDvN66UmXl7druxaw2dnJLsf0EvA6
Dd2KW6mkDlwYtTHe5s0FS5jqjEmS6fn6NUCSQuanqPgp+jqVmHtaxGMMwE9UGXkA
ZyqtB+bUaEfsiTKrUjRsyw7MOgX3MTWLupKb07ONP7IkScCkOSbzIhhAIJJK1JLt
dsey0nOvIogrCL/miGnrLhX9m7tWBVj8h5zdSdlsWVNv3f1Rt2WMmH4COxQhAY+Q
9dpl8uop+5yh9QKls+m06bhNPL7/7LqULjnAaZxCjbF5Cd24bw8gRGlLxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNK+Ab7JyQDdj8+NKaz6FBMulr81MB8GA1UdIwQY
MBaAFNCqShp6OtI/quKurp+mGU8CEoEpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEtwS0dubzYwai1xNHE2dW42WVpUd0lTZ1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS83NjU1NmUtYTFkOC00ZTBhLTg0Njgt
MjIxNGYxOGViMzI5LzEvMHI0QnZzbkpBTjJQejQwcHJQb1VFeTZXdnpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS83NjU1NmUtYTFkOC00ZTBhLTg0NjgtMjIxNGYxOGViMzI5
LzEvMEtwS0dubzYwai1xNHE2dW42WVpUd0lTZ1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwxuiMA0G
CSqGSIb3DQEBCwUAA4IBAQAZT+kBy56DatsB6/JYbfozCT1OPEduiCBtIaBQMA2f
cvVg90H8VsMBTVv0fhJi4S5In1QLJ3T50KZp40tyEXdhy4KLaQBB46XvbBKwxwI6
HEtJ36dEd5Anz/7Xt6AZhTqqpYXF2laaxeg9JxHqZxG175uX8nI0cKPhC97zTwV3
VhNhLxq3ezyEG+vTESQVy4PWAHMXxeFUniiPf9KoCrmpm2RLbfMUuiXsB3vhVX47
rzEhuKuTGVqyqVHRi+1BJpmzNX9P8Mpm+K0QbfUbvowfPdqwtLiC+1oaG5NFydNj
DtXhGIuD8ccR7iMyXrVDo+zz8NgsmpAVJW9UveE4kdyH
-----END CERTIFICATE-----