This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/b31392-2d1c-4934-a59e-ed433aac7828/1/95mfR-kPi6F-VSV1WGBH1SxOzBs.roa
File:                     95mfR-kPi6F-VSV1WGBH1SxOzBs.roa (raw, json)
Hash identifier:          ljihoTtKsYT2OJrjhM4mdxIcg0inNE/KPMT8FAxX4/Q=
Subject key identifier:   F7:99:9F:47:E9:0F:8B:A1:7E:55:25:75:58:60:47:D5:2C:4E:CC:1B
Certificate issuer:       /CN=29390ec0adca5f0743d181145c7899f991fb65e0
Certificate serial:       019B7EA65BC1D875A956D5C157C2F16EB1ED
Authority key identifier: 29:39:0E:C0:AD:CA:5F:07:43:D1:81:14:5C:78:99:F9:91:FB:65:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KTkOwK3KXwdD0YEUXHiZ-ZH7ZeA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/b31392-2d1c-4934-a59e-ed433aac7828/1/95mfR-kPi6F-VSV1WGBH1SxOzBs.roa
Signing time:             Fri 02 Jan 2026 12:19:50 +0000
ROA not before:           Fri 02 Jan 2026 12:19:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51213
IP address blocks:        194.84.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/b31392-2d1c-4934-a59e-ed433aac7828/1/KTkOwK3KXwdD0YEUXHiZ-ZH7ZeA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/b31392-2d1c-4934-a59e-ed433aac7828/1/KTkOwK3KXwdD0YEUXHiZ-ZH7ZeA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KTkOwK3KXwdD0YEUXHiZ-ZH7ZeA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:5b:c1:d8:75:a9:56:d5:c1:57:c2:f1:6e:b1:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29390ec0adca5f0743d181145c7899f991fb65e0
        Validity
            Not Before: Jan  2 12:19:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f7999f47e90f8ba17e552575586047d52c4ecc1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:54:fb:06:71:82:7a:25:7a:bf:52:30:12:15:
                    9a:81:66:87:b3:25:23:39:39:53:6b:e1:5f:56:9c:
                    df:b1:9d:7b:ea:c1:f1:9a:4c:ef:45:b8:27:9d:de:
                    41:23:7f:9b:56:21:4b:7a:b4:1e:0f:8e:5c:06:6b:
                    3f:c3:0d:21:5b:e2:5b:0b:f8:59:a9:d4:b8:4c:72:
                    2a:30:2d:d0:02:fe:ee:6d:b4:ae:c9:9b:51:75:d4:
                    7f:c6:91:e8:25:c7:71:b3:0f:1d:99:f6:ea:aa:40:
                    72:90:2f:c6:91:e1:27:2f:26:8e:19:6d:61:0c:33:
                    6a:27:49:de:3c:27:e2:04:7e:2d:b2:27:00:88:0c:
                    d4:da:c1:83:50:32:6f:76:4a:dc:70:03:83:d0:32:
                    19:0b:94:bb:a3:f2:ce:95:6a:b7:e2:ff:dc:71:ca:
                    b8:e3:35:99:07:49:5b:3e:aa:1a:e2:ef:a1:69:6c:
                    33:90:c9:6c:61:3b:ad:2f:07:96:49:ec:2d:93:fb:
                    fd:0d:0c:14:61:03:4f:cd:0d:4b:71:b7:d3:2b:ac:
                    3f:ed:a2:3b:1a:4a:05:97:61:ec:67:c3:21:8d:fa:
                    b3:8a:ae:cf:3c:b9:3b:41:af:db:5b:27:eb:44:95:
                    f8:73:e1:fe:9f:e9:d9:5c:c3:d3:22:b7:ab:b1:c8:
                    52:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:99:9F:47:E9:0F:8B:A1:7E:55:25:75:58:60:47:D5:2C:4E:CC:1B
            X509v3 Authority Key Identifier:
                keyid:29:39:0E:C0:AD:CA:5F:07:43:D1:81:14:5C:78:99:F9:91:FB:65:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KTkOwK3KXwdD0YEUXHiZ-ZH7ZeA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/b31392-2d1c-4934-a59e-ed433aac7828/1/95mfR-kPi6F-VSV1WGBH1SxOzBs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/b31392-2d1c-4934-a59e-ed433aac7828/1/KTkOwK3KXwdD0YEUXHiZ-ZH7ZeA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.84.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:fc:03:44:53:83:f8:97:71:58:61:bb:ad:d1:04:39:de:6e:
         fd:50:88:d0:6b:d0:de:a0:74:d6:57:f5:cc:a2:98:00:0c:52:
         25:02:29:53:1d:45:ee:30:a7:73:03:2a:37:fa:8c:5d:56:2d:
         8e:e7:c8:fc:fa:5b:5b:6d:d8:c0:05:26:ed:4c:de:dd:75:1b:
         dc:4e:20:80:e8:c0:b5:03:bc:7e:54:49:f2:79:ec:50:c6:3b:
         12:f7:89:f9:83:ae:ab:1d:a5:e2:e2:89:5b:2b:e6:4b:77:df:
         0a:ed:83:69:88:59:c2:b8:a8:f6:93:67:2c:6a:c1:cd:a1:ac:
         9f:d5:86:21:1a:bf:cc:fa:12:73:56:12:f9:83:34:40:dc:da:
         bd:19:db:16:ba:5f:b5:04:92:e8:36:11:f4:f2:ee:ab:ec:0a:
         0b:fb:6a:6a:0c:c5:0d:4a:79:ed:13:e0:99:44:56:23:a4:10:
         86:cd:16:5d:88:61:72:55:b9:04:33:88:67:18:91:4f:84:90:
         40:18:be:a5:4e:75:b8:4b:99:6b:96:a5:9a:0a:60:15:6c:42:
         e3:d9:41:8e:ca:ce:aa:06:0a:60:bd:a1:1c:36:fa:1b:98:57:
         39:68:43:d5:38:49:f0:b5:34:d6:ad:6b:e5:28:5a:7a:96:f3:
         2a:01:f9:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+plvB2HWpVtXBV8LxbrHtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MzkwZWMwYWRjYTVmMDc0M2QxODExNDVjNzg5OWY5OTFm
YjY1ZTAwHhcNMjYwMTAyMTIxOTUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzk5OWY0N2U5MGY4YmExN2U1NTI1NzU1ODYwNDdkNTJjNGVjYzFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnVT7BnGCeiV6v1IwEhWagWaHsyUj
OTlTa+FfVpzfsZ176sHxmkzvRbgnnd5BI3+bViFLerQeD45cBms/ww0hW+JbC/hZ
qdS4THIqMC3QAv7ubbSuyZtRddR/xpHoJcdxsw8dmfbqqkBykC/GkeEnLyaOGW1h
DDNqJ0nePCfiBH4tsicAiAzU2sGDUDJvdkrccAOD0DIZC5S7o/LOlWq34v/cccq4
4zWZB0lbPqoa4u+haWwzkMlsYTutLweWSewtk/v9DQwUYQNPzQ1LcbfTK6w/7aI7
GkoFl2HsZ8Mhjfqziq7PPLk7Qa/bWyfrRJX4c+H+n+nZXMPTIrerschSfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPeZn0fpD4uhflUldVhgR9UsTswbMB8GA1UdIwQY
MBaAFCk5DsCtyl8HQ9GBFFx4mfmR+2XgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1RrT3dLM0tYd2REMFlFVVhIaVotWkg3WmVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS9iMzEzOTItMmQxYy00OTM0LWE1OWUt
ZWQ0MzNhYWM3ODI4LzEvOTVtZlIta1BpNkYtVlNWMVdHQkgxU3hPekJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS9iMzEzOTItMmQxYy00OTM0LWE1OWUtZWQ0MzNhYWM3ODI4
LzEvS1RrT3dLM0tYd2REMFlFVVhIaVotWkg3WmVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwlRoMA0G
CSqGSIb3DQEBCwUAA4IBAQCm/ANEU4P4l3FYYbut0QQ53m79UIjQa9DeoHTWV/XM
opgADFIlAilTHUXuMKdzAyo3+oxdVi2O58j8+ltbbdjABSbtTN7ddRvcTiCA6MC1
A7x+VEnyeexQxjsS94n5g66rHaXi4olbK+ZLd98K7YNpiFnCuKj2k2csasHNoayf
1YYhGr/M+hJzVhL5gzRA3Nq9GdsWul+1BJLoNhH08u6r7AoL+2pqDMUNSnntE+CZ
RFYjpBCGzRZdiGFyVbkEM4hnGJFPhJBAGL6lTnW4S5lrlqWaCmAVbELj2UGOys6q
BgpgvaEcNvobmFc5aEPVOEnwtTTWrWvlKFp6lvMqAfnf
-----END CERTIFICATE-----