This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/74cf3b-9f5c-4f5e-96c4-2926d281b514/1/0GL7DdIdoFqMUjvFhCRfHpKPMbA.roa
File:                     0GL7DdIdoFqMUjvFhCRfHpKPMbA.roa (raw, json)
Hash identifier:          pZia0ALckAxbVwXjSvk9ZitHob5JnbAYRMcyTh/GAHw=
Subject key identifier:   D0:62:FB:0D:D2:1D:A0:5A:8C:52:3B:C5:84:24:5F:1E:92:8F:31:B0
Certificate issuer:       /CN=653f55629121b60fb19c97f99c75dd6f015dd6e8
Certificate serial:       019B797E09CC42D9ED3EB1AF09336F2245D0
Authority key identifier: 65:3F:55:62:91:21:B6:0F:B1:9C:97:F9:9C:75:DD:6F:01:5D:D6:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZT9VYpEhtg-xnJf5nHXdbwFd1ug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/74cf3b-9f5c-4f5e-96c4-2926d281b514/1/0GL7DdIdoFqMUjvFhCRfHpKPMbA.roa
Signing time:             Thu 01 Jan 2026 12:17:41 +0000
ROA not before:           Thu 01 Jan 2026 12:17:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31742
IP address blocks:        195.153.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/74cf3b-9f5c-4f5e-96c4-2926d281b514/1/ZT9VYpEhtg-xnJf5nHXdbwFd1ug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/74cf3b-9f5c-4f5e-96c4-2926d281b514/1/ZT9VYpEhtg-xnJf5nHXdbwFd1ug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZT9VYpEhtg-xnJf5nHXdbwFd1ug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 12:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:09:cc:42:d9:ed:3e:b1:af:09:33:6f:22:45:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=653f55629121b60fb19c97f99c75dd6f015dd6e8
        Validity
            Not Before: Jan  1 12:17:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d062fb0dd21da05a8c523bc584245f1e928f31b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:45:ae:0f:f5:14:70:bd:3a:48:52:70:63:f1:
                    7c:c9:26:3e:33:1c:49:23:94:c2:2e:95:4d:6e:69:
                    1d:b7:fb:19:76:bb:5c:b5:d2:6a:94:93:50:07:fe:
                    b4:59:58:47:2b:1f:1d:75:59:f8:26:92:02:4d:d3:
                    ba:5c:0b:a9:aa:6e:e9:07:d7:ed:ab:9d:9a:98:b9:
                    4a:c5:09:65:a0:22:d5:87:98:c1:a3:36:aa:9f:a4:
                    7e:ed:ba:e4:d5:b1:f3:7d:9e:73:5f:f5:bd:9c:f6:
                    3f:5b:0c:eb:0c:dc:1b:26:99:6e:e8:6b:d0:c8:8d:
                    3c:f6:6d:06:d5:da:ed:9d:e7:3c:c1:3b:47:a7:9d:
                    4e:57:1e:9c:13:3f:b4:eb:80:7e:46:df:bd:e1:36:
                    03:78:f9:8d:0c:9d:89:6a:79:ec:8f:65:7c:1b:74:
                    c2:47:34:f9:08:33:b8:11:dd:3d:d3:6c:f6:3b:40:
                    93:6c:aa:1a:69:16:4b:83:0c:7a:7c:f0:be:52:1e:
                    7e:03:9e:a4:6d:20:3c:95:1b:70:45:7e:19:f7:26:
                    17:e6:37:37:ec:41:86:07:06:6d:0f:79:16:4e:c0:
                    d0:dd:2a:36:60:df:b5:f8:2e:d0:b7:fe:4d:36:ed:
                    9a:4c:f6:aa:ad:98:75:4b:07:05:f4:08:94:28:94:
                    9a:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:62:FB:0D:D2:1D:A0:5A:8C:52:3B:C5:84:24:5F:1E:92:8F:31:B0
            X509v3 Authority Key Identifier:
                keyid:65:3F:55:62:91:21:B6:0F:B1:9C:97:F9:9C:75:DD:6F:01:5D:D6:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZT9VYpEhtg-xnJf5nHXdbwFd1ug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/74cf3b-9f5c-4f5e-96c4-2926d281b514/1/0GL7DdIdoFqMUjvFhCRfHpKPMbA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/74cf3b-9f5c-4f5e-96c4-2926d281b514/1/ZT9VYpEhtg-xnJf5nHXdbwFd1ug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.153.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:2f:a2:8c:45:f2:48:96:2f:8c:e2:d7:b5:c6:eb:a0:25:bd:
         14:95:80:44:6b:76:b6:fd:a2:c4:55:84:84:a6:68:1e:e2:65:
         60:96:09:61:36:c8:e9:92:fd:1c:ad:c9:54:d5:02:93:90:c5:
         44:7e:b4:e5:50:5f:b8:9e:ad:c1:22:d7:aa:46:34:ee:4b:1c:
         8c:29:97:b0:13:86:71:d7:cf:f5:3f:68:b6:85:4b:66:00:e1:
         57:4c:45:92:35:ff:b4:bb:6b:38:1b:c5:da:82:b4:ff:8d:2b:
         7a:a5:15:f3:82:3d:7a:09:b4:1a:a0:9e:84:7a:2b:29:c3:e7:
         7e:c2:c6:43:55:56:32:72:d2:76:4f:b3:2c:95:b7:77:f7:0b:
         c2:f9:55:1f:bd:85:b0:8e:e6:96:b0:8a:8c:2d:be:48:c7:70:
         7f:a4:09:8f:24:8e:c1:02:b2:8e:35:67:a2:b1:5a:5f:79:0c:
         5d:e9:cf:2b:1f:45:28:c1:f0:35:4f:6e:96:9d:75:39:5e:0d:
         64:90:0d:8e:7d:4e:70:bd:da:29:da:d4:87:09:5e:ed:4f:13:
         53:b0:ad:59:9b:46:01:80:c0:8b:74:1a:44:5b:d8:ef:6e:13:
         fe:64:11:85:29:65:90:6c:7b:cf:93:42:4b:97:77:9f:30:0b:
         72:0e:4e:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fgnMQtntPrGvCTNvIkXQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1M2Y1NTYyOTEyMWI2MGZiMTljOTdmOTljNzVkZDZmMDE1
ZGQ2ZTgwHhcNMjYwMTAxMTIxNzQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDYyZmIwZGQyMWRhMDVhOGM1MjNiYzU4NDI0NWYxZTkyOGYzMWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyUWuD/UUcL06SFJwY/F8ySY+MxxJ
I5TCLpVNbmkdt/sZdrtctdJqlJNQB/60WVhHKx8ddVn4JpICTdO6XAupqm7pB9ft
q52amLlKxQlloCLVh5jBozaqn6R+7brk1bHzfZ5zX/W9nPY/WwzrDNwbJplu6GvQ
yI089m0G1drtnec8wTtHp51OVx6cEz+064B+Rt+94TYDePmNDJ2Jannsj2V8G3TC
RzT5CDO4Ed0902z2O0CTbKoaaRZLgwx6fPC+Uh5+A56kbSA8lRtwRX4Z9yYX5jc3
7EGGBwZtD3kWTsDQ3So2YN+1+C7Qt/5NNu2aTPaqrZh1SwcF9AiUKJSaPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNBi+w3SHaBajFI7xYQkXx6SjzGwMB8GA1UdIwQY
MBaAFGU/VWKRIbYPsZyX+Zx13W8BXdboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlQ5VllwRWh0Zy14bkpmNW5IWGRid0ZkMXVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS83NGNmM2ItOWY1Yy00ZjVlLTk2YzQt
MjkyNmQyODFiNTE0LzEvMEdMN0RkSWRvRnFNVWp2RmhDUmZIcEtQTWJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS83NGNmM2ItOWY1Yy00ZjVlLTk2YzQtMjkyNmQyODFiNTE0
LzEvWlQ5VllwRWh0Zy14bkpmNW5IWGRid0ZkMXVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw5l8MA0G
CSqGSIb3DQEBCwUAA4IBAQCiL6KMRfJIli+M4te1xuugJb0UlYBEa3a2/aLEVYSE
pmge4mVglglhNsjpkv0crclU1QKTkMVEfrTlUF+4nq3BIteqRjTuSxyMKZewE4Zx
18/1P2i2hUtmAOFXTEWSNf+0u2s4G8XagrT/jSt6pRXzgj16CbQaoJ6Eeispw+d+
wsZDVVYyctJ2T7Mslbd39wvC+VUfvYWwjuaWsIqMLb5Ix3B/pAmPJI7BArKONWei
sVpfeQxd6c8rH0UowfA1T26WnXU5Xg1kkA2OfU5wvdop2tSHCV7tTxNTsK1Zm0YB
gMCLdBpEW9jvbhP+ZBGFKWWQbHvPk0JLl3efMAtyDk71
-----END CERTIFICATE-----