This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/53e496-0097-462a-a989-d67a61d5416d/1/_DgxgPBMn4GEtr1HFV4lxED-jk0.roa
File:                     _DgxgPBMn4GEtr1HFV4lxED-jk0.roa (raw, json)
Hash identifier:          7MO54lxduq+XFWhLRW9Dq64qSqZFXeJN+DNM88s/Oz4=
Subject key identifier:   FC:38:31:80:F0:4C:9F:81:84:B6:BD:47:15:5E:25:C4:40:FE:8E:4D
Certificate issuer:       /CN=f416539e74934d23a0572f6625dbfdb54e820873
Certificate serial:       019B76EBA50B7230A96005900AB1F11F6F0D
Authority key identifier: F4:16:53:9E:74:93:4D:23:A0:57:2F:66:25:DB:FD:B5:4E:82:08:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9BZTnnSTTSOgVy9mJdv9tU6CCHM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/53e496-0097-462a-a989-d67a61d5416d/1/_DgxgPBMn4GEtr1HFV4lxED-jk0.roa
Signing time:             Thu 01 Jan 2026 00:18:33 +0000
ROA not before:           Thu 01 Jan 2026 00:18:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56782
IP address blocks:        95.107.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/53e496-0097-462a-a989-d67a61d5416d/1/9BZTnnSTTSOgVy9mJdv9tU6CCHM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/53e496-0097-462a-a989-d67a61d5416d/1/9BZTnnSTTSOgVy9mJdv9tU6CCHM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9BZTnnSTTSOgVy9mJdv9tU6CCHM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:a5:0b:72:30:a9:60:05:90:0a:b1:f1:1f:6f:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f416539e74934d23a0572f6625dbfdb54e820873
        Validity
            Not Before: Jan  1 00:18:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fc383180f04c9f8184b6bd47155e25c440fe8e4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:0b:31:f3:5e:3f:8a:40:06:1b:40:cc:0d:e7:
                    e5:88:44:40:73:5d:9e:ba:59:75:28:23:34:a6:e6:
                    80:d6:6a:6d:e3:73:77:73:06:16:31:9c:18:76:59:
                    ad:d1:5a:d3:70:71:83:50:e5:7d:a4:97:16:98:41:
                    21:f7:c8:e2:97:c1:93:ee:24:df:e5:a0:f2:2b:f3:
                    f5:28:71:45:b2:6a:42:9d:ca:46:6d:d6:1f:90:ff:
                    28:72:0f:4b:b3:c9:df:8e:b7:75:6c:ad:b1:47:21:
                    46:45:e6:74:8b:ca:39:5b:75:0a:ed:71:d2:0e:22:
                    f2:07:3d:72:d3:64:2c:db:29:0e:33:19:a5:54:4b:
                    bb:63:6b:6d:88:80:c4:56:db:83:09:bc:f3:96:3f:
                    72:c1:12:1c:d1:04:16:1e:5e:34:1f:00:12:f1:ed:
                    d4:da:ef:00:0f:8b:66:87:30:37:fb:05:3a:52:6e:
                    1f:4d:9b:50:5b:ef:55:77:79:bc:5e:fc:53:9b:5a:
                    5e:1e:88:37:a3:9d:4f:cf:9f:0d:30:7a:f8:25:a7:
                    6d:c2:4f:fb:35:12:b2:1b:87:dc:a6:ba:54:61:56:
                    97:bd:43:d5:b2:05:7d:47:2f:2d:b8:67:82:25:15:
                    0d:a2:4b:d1:f7:e8:c4:74:bd:a9:7e:f5:86:51:f6:
                    f8:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:38:31:80:F0:4C:9F:81:84:B6:BD:47:15:5E:25:C4:40:FE:8E:4D
            X509v3 Authority Key Identifier:
                keyid:F4:16:53:9E:74:93:4D:23:A0:57:2F:66:25:DB:FD:B5:4E:82:08:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9BZTnnSTTSOgVy9mJdv9tU6CCHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/53e496-0097-462a-a989-d67a61d5416d/1/_DgxgPBMn4GEtr1HFV4lxED-jk0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/53e496-0097-462a-a989-d67a61d5416d/1/9BZTnnSTTSOgVy9mJdv9tU6CCHM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.107.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:36:3c:01:53:e0:59:23:d0:2e:ca:5e:8d:f9:b0:5d:8d:f7:
         7b:cf:36:34:34:5b:39:8f:4a:44:cd:48:1d:4e:8b:6b:d4:dc:
         e8:b5:1d:b7:94:25:5e:08:09:47:d8:fd:08:62:ab:32:b0:a8:
         4c:12:41:c9:cf:f4:01:22:74:69:fb:e6:bb:70:b4:30:57:f0:
         50:f1:15:05:0c:12:e1:1c:b6:bd:ab:10:d1:b1:ba:11:59:47:
         16:dc:7f:a6:8d:a0:64:bd:ec:63:66:33:fa:d6:dd:fe:c4:25:
         ab:5a:9d:fa:5c:b9:e2:e3:9e:79:42:22:9a:d6:78:be:fa:56:
         ae:0b:54:2b:5d:fe:26:d9:84:16:6a:6b:af:77:e5:c7:48:21:
         02:61:c8:c5:58:d0:32:f4:8d:e3:f7:74:f7:ec:1a:0e:af:a3:
         35:1a:f2:03:b5:c5:c9:62:c7:a2:08:d9:1a:c9:c4:d1:30:87:
         8b:11:65:80:f3:ad:bb:26:54:57:06:30:6d:8d:9a:f3:55:95:
         be:0f:84:c3:46:af:96:2e:20:cb:90:d1:4b:ee:e4:1c:77:33:
         96:c9:b1:df:ef:74:b3:b6:77:99:84:1d:47:51:b2:f0:0b:62:
         c2:36:64:5e:53:1c:50:dc:d2:31:a2:08:82:60:72:4b:d2:45:
         b8:8a:59:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt266ULcjCpYAWQCrHxH28NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0MTY1MzllNzQ5MzRkMjNhMDU3MmY2NjI1ZGJmZGI1NGU4
MjA4NzMwHhcNMjYwMTAxMDAxODMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzM4MzE4MGYwNGM5ZjgxODRiNmJkNDcxNTVlMjVjNDQwZmU4ZTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuAsx814/ikAGG0DMDefliERAc12e
ull1KCM0puaA1mpt43N3cwYWMZwYdlmt0VrTcHGDUOV9pJcWmEEh98jil8GT7iTf
5aDyK/P1KHFFsmpCncpGbdYfkP8ocg9Ls8nfjrd1bK2xRyFGReZ0i8o5W3UK7XHS
DiLyBz1y02Qs2ykOMxmlVEu7Y2ttiIDEVtuDCbzzlj9ywRIc0QQWHl40HwAS8e3U
2u8AD4tmhzA3+wU6Um4fTZtQW+9Vd3m8XvxTm1peHog3o51Pz58NMHr4Jadtwk/7
NRKyG4fcprpUYVaXvUPVsgV9Ry8tuGeCJRUNokvR9+jEdL2pfvWGUfb4jwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPw4MYDwTJ+BhLa9RxVeJcRA/o5NMB8GA1UdIwQY
MBaAFPQWU550k00joFcvZiXb/bVOgghzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUJaVG5uU1RUU09nVnk5bUpkdjl0VTZDQ0hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy81M2U0OTYtMDA5Ny00NjJhLWE5ODkt
ZDY3YTYxZDU0MTZkLzEvX0RneGdQQk1uNEdFdHIxSEZWNGx4RUQtamswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy81M2U0OTYtMDA5Ny00NjJhLWE5ODktZDY3YTYxZDU0MTZk
LzEvOUJaVG5uU1RUU09nVnk5bUpkdjl0VTZDQ0hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX2uvMA0G
CSqGSIb3DQEBCwUAA4IBAQBDNjwBU+BZI9Auyl6N+bBdjfd7zzY0NFs5j0pEzUgd
Totr1NzotR23lCVeCAlH2P0IYqsysKhMEkHJz/QBInRp++a7cLQwV/BQ8RUFDBLh
HLa9qxDRsboRWUcW3H+mjaBkvexjZjP61t3+xCWrWp36XLni4555QiKa1ni++lau
C1QrXf4m2YQWamuvd+XHSCECYcjFWNAy9I3j93T37BoOr6M1GvIDtcXJYseiCNka
ycTRMIeLEWWA8627JlRXBjBtjZrzVZW+D4TDRq+WLiDLkNFL7uQcdzOWybHf73Sz
tneZhB1HUbLwC2LCNmReUxxQ3NIxogiCYHJL0kW4iln5
-----END CERTIFICATE-----