This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/52ce54-e49c-411c-8527-0fb4823f5b87/1/fLae4aR9HsO6ApeohQnbJHEsvgg.roa
File:                     fLae4aR9HsO6ApeohQnbJHEsvgg.roa (raw, json)
Hash identifier:          /b3Xi59hV2RbWadggK4I0wXvCWO8lTHkzV3V9hJ6K0Y=
Subject key identifier:   7C:B6:9E:E1:A4:7D:1E:C3:BA:02:97:A8:85:09:DB:24:71:2C:BE:08
Certificate issuer:       /CN=3d8a553e05f0319bf452fa206c14ccda87304654
Certificate serial:       019B77C7204B5E585C0AC118AB8B4A0DD638
Authority key identifier: 3D:8A:55:3E:05:F0:31:9B:F4:52:FA:20:6C:14:CC:DA:87:30:46:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PYpVPgXwMZv0UvogbBTM2ocwRlQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/52ce54-e49c-411c-8527-0fb4823f5b87/1/fLae4aR9HsO6ApeohQnbJHEsvgg.roa
Signing time:             Thu 01 Jan 2026 04:18:17 +0000
ROA not before:           Thu 01 Jan 2026 04:18:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50675
IP address blocks:        195.200.24.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/52ce54-e49c-411c-8527-0fb4823f5b87/1/PYpVPgXwMZv0UvogbBTM2ocwRlQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/52ce54-e49c-411c-8527-0fb4823f5b87/1/PYpVPgXwMZv0UvogbBTM2ocwRlQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PYpVPgXwMZv0UvogbBTM2ocwRlQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:20:4b:5e:58:5c:0a:c1:18:ab:8b:4a:0d:d6:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d8a553e05f0319bf452fa206c14ccda87304654
        Validity
            Not Before: Jan  1 04:18:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7cb69ee1a47d1ec3ba0297a88509db24712cbe08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:20:ea:cd:77:dc:9a:76:21:7d:34:1b:10:1a:
                    b2:75:cb:a5:65:8f:c9:e7:1a:05:a5:5d:1c:00:60:
                    7f:04:fd:59:26:01:0f:fb:62:4c:18:fc:e4:4c:ec:
                    f6:36:7a:86:a4:37:7f:cc:1b:ca:b9:6a:32:74:f8:
                    12:7d:72:9f:6f:a6:f2:8a:f5:ab:5c:da:7b:51:dd:
                    e7:ce:92:52:e9:ae:0b:8e:5f:6d:8e:9b:62:1f:d5:
                    0d:a7:c9:db:d6:c3:23:87:b1:e2:0a:3d:c6:57:f3:
                    f4:c2:7a:1e:bf:7d:31:d5:8c:13:73:10:a6:bd:43:
                    c1:c1:13:f4:ae:3f:2f:db:33:b3:95:f3:47:a9:74:
                    85:88:f2:75:b4:eb:60:17:0b:88:59:2f:40:d5:b0:
                    1e:02:e3:eb:68:4a:67:84:01:8e:e6:ee:2c:a6:e0:
                    23:14:cc:1f:73:e9:17:09:36:7c:81:e6:1d:d9:c8:
                    e3:65:b9:f9:06:64:31:22:a0:60:17:6e:59:e1:51:
                    79:1c:63:14:e4:4e:c8:97:f1:06:bb:1a:7f:27:e4:
                    ce:ae:0f:fa:1a:92:70:57:64:3b:1b:a3:11:c5:70:
                    52:f1:48:9f:44:2b:13:6d:fa:80:96:f0:dc:be:37:
                    b1:48:78:a6:8e:22:3a:33:f6:21:3d:d2:16:c8:f0:
                    a4:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:B6:9E:E1:A4:7D:1E:C3:BA:02:97:A8:85:09:DB:24:71:2C:BE:08
            X509v3 Authority Key Identifier:
                keyid:3D:8A:55:3E:05:F0:31:9B:F4:52:FA:20:6C:14:CC:DA:87:30:46:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PYpVPgXwMZv0UvogbBTM2ocwRlQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/52ce54-e49c-411c-8527-0fb4823f5b87/1/fLae4aR9HsO6ApeohQnbJHEsvgg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/52ce54-e49c-411c-8527-0fb4823f5b87/1/PYpVPgXwMZv0UvogbBTM2ocwRlQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.200.24.0/23

    Signature Algorithm: sha256WithRSAEncryption
         54:f2:f9:f3:47:1d:1f:e5:aa:4e:62:77:56:2a:82:66:96:80:
         38:37:67:65:4f:c5:5c:85:05:fe:58:b6:c1:1a:ec:06:4b:52:
         36:96:08:a3:43:cc:7a:48:80:f4:aa:fe:27:01:ac:2b:27:76:
         fe:e6:1c:74:f3:7b:da:4a:93:c7:d6:6f:7f:ad:fc:dd:92:94:
         ca:f7:39:93:a2:ff:a3:d5:8b:4a:7b:6a:89:91:b3:9d:57:74:
         4e:71:72:3d:a8:bf:8f:7b:f2:a9:8d:c4:4a:00:2b:44:8e:32:
         07:ec:1d:46:61:16:c8:9e:60:18:a9:f6:c9:93:86:ac:04:a2:
         b9:ed:2d:62:21:bc:66:15:2a:bb:40:23:b6:ce:ca:d8:09:fc:
         fc:b7:f7:11:a5:15:e3:a0:48:f0:4b:52:98:b2:21:13:30:1f:
         2f:8d:41:49:8a:b2:ec:4e:ca:60:9e:97:57:a3:be:9c:0c:ad:
         54:aa:ec:01:71:32:10:74:c4:f2:a3:52:6b:da:1e:55:a6:70:
         34:fb:4a:ea:8a:77:33:57:81:82:81:cf:ce:18:15:99:65:c4:
         62:63:ce:58:f2:c6:9b:29:c4:33:be:9b:86:32:0e:ee:16:b5:
         f7:d2:95:d7:dd:f6:e5:45:bd:dd:03:b0:b3:34:90:a9:ab:c9:
         42:36:86:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xyBLXlhcCsEYq4tKDdY4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkOGE1NTNlMDVmMDMxOWJmNDUyZmEyMDZjMTRjY2RhODcz
MDQ2NTQwHhcNMjYwMTAxMDQxODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2I2OWVlMWE0N2QxZWMzYmEwMjk3YTg4NTA5ZGIyNDcxMmNiZTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9SDqzXfcmnYhfTQbEBqydculZY/J
5xoFpV0cAGB/BP1ZJgEP+2JMGPzkTOz2NnqGpDd/zBvKuWoydPgSfXKfb6byivWr
XNp7Ud3nzpJS6a4Ljl9tjptiH9UNp8nb1sMjh7HiCj3GV/P0wnoev30x1YwTcxCm
vUPBwRP0rj8v2zOzlfNHqXSFiPJ1tOtgFwuIWS9A1bAeAuPraEpnhAGO5u4spuAj
FMwfc+kXCTZ8geYd2cjjZbn5BmQxIqBgF25Z4VF5HGMU5E7Il/EGuxp/J+TOrg/6
GpJwV2Q7G6MRxXBS8UifRCsTbfqAlvDcvjexSHimjiI6M/YhPdIWyPCkowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHy2nuGkfR7DugKXqIUJ2yRxLL4IMB8GA1UdIwQY
MBaAFD2KVT4F8DGb9FL6IGwUzNqHMEZUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFlwVlBnWHdNWnYwVXZvZ2JCVE0yb2N3UmxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy81MmNlNTQtZTQ5Yy00MTFjLTg1Mjct
MGZiNDgyM2Y1Yjg3LzEvZkxhZTRhUjlIc082QXBlb2hRbmJKSEVzdmdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy81MmNlNTQtZTQ5Yy00MTFjLTg1MjctMGZiNDgyM2Y1Yjg3
LzEvUFlwVlBnWHdNWnYwVXZvZ2JCVE0yb2N3UmxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw8gYMA0G
CSqGSIb3DQEBCwUAA4IBAQBU8vnzRx0f5apOYndWKoJmloA4N2dlT8VchQX+WLbB
GuwGS1I2lgijQ8x6SID0qv4nAawrJ3b+5hx083vaSpPH1m9/rfzdkpTK9zmTov+j
1YtKe2qJkbOdV3ROcXI9qL+Pe/KpjcRKACtEjjIH7B1GYRbInmAYqfbJk4asBKK5
7S1iIbxmFSq7QCO2zsrYCfz8t/cRpRXjoEjwS1KYsiETMB8vjUFJirLsTspgnpdX
o76cDK1UquwBcTIQdMTyo1Jr2h5VpnA0+0rqinczV4GCgc/OGBWZZcRiY85Y8sab
KcQzvpuGMg7uFrX30pXX3fblRb3dA7CzNJCpq8lCNoaU
-----END CERTIFICATE-----