This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/56f2a3-7eb7-4513-9f55-677871a03355/1/24WxHxaeAmm5E1Q3Id3rg_qvvPY.roa
File:                     24WxHxaeAmm5E1Q3Id3rg_qvvPY.roa (raw, json)
Hash identifier:          cVrKb1vSqi82yPVZCgvu5xU3xXbeXHexmU9eyiwbU3E=
Subject key identifier:   DB:85:B1:1F:16:9E:02:69:B9:13:54:37:21:DD:EB:83:FA:AF:BC:F6
Certificate issuer:       /CN=ac08815e8c6503601f254cab371bec471bd7eaa6
Certificate serial:       019B7DCB57A7FDC528A439C5A5243AE46E18
Authority key identifier: AC:08:81:5E:8C:65:03:60:1F:25:4C:AB:37:1B:EC:47:1B:D7:EA:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rAiBXoxlA2AfJUyrNxvsRxvX6qY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/56f2a3-7eb7-4513-9f55-677871a03355/1/24WxHxaeAmm5E1Q3Id3rg_qvvPY.roa
Signing time:             Fri 02 Jan 2026 08:20:36 +0000
ROA not before:           Fri 02 Jan 2026 08:20:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42356
IP address blocks:        195.200.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/56f2a3-7eb7-4513-9f55-677871a03355/1/rAiBXoxlA2AfJUyrNxvsRxvX6qY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/56f2a3-7eb7-4513-9f55-677871a03355/1/rAiBXoxlA2AfJUyrNxvsRxvX6qY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rAiBXoxlA2AfJUyrNxvsRxvX6qY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 21:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:cb:57:a7:fd:c5:28:a4:39:c5:a5:24:3a:e4:6e:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac08815e8c6503601f254cab371bec471bd7eaa6
        Validity
            Not Before: Jan  2 08:20:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=db85b11f169e0269b913543721ddeb83faafbcf6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:f1:ce:12:23:af:c7:3e:18:3e:6d:36:21:51:
                    6e:8f:13:50:f8:90:2d:df:97:5c:8d:8b:8f:7e:0d:
                    06:70:c1:af:f9:7b:e7:02:6c:bc:7f:3f:e0:50:38:
                    6b:33:70:a8:97:aa:1c:72:06:07:6e:05:ef:b9:05:
                    13:18:c5:1f:e8:48:be:3d:20:86:00:22:b8:f5:b1:
                    f9:32:00:e4:5f:bc:47:83:5e:bb:b5:b3:14:88:6c:
                    bf:6b:bc:ba:06:73:2e:f9:12:b8:78:64:6e:71:89:
                    35:f5:bd:19:1b:7d:e7:54:3f:36:30:c0:45:31:6d:
                    16:04:d2:dd:bc:95:21:26:dc:5a:d3:1a:dc:94:41:
                    3b:9b:77:57:df:6a:69:88:6d:98:76:1a:8d:36:9f:
                    4a:65:4c:23:cf:b5:00:08:7c:cd:b3:5c:3f:50:20:
                    84:90:7c:99:86:38:8b:5a:cf:ce:71:31:81:b1:17:
                    6b:9f:9f:6a:b3:6e:c5:0c:bf:c4:b6:37:49:f2:5a:
                    20:0a:d4:a8:43:20:59:12:c3:65:4e:fa:e4:85:3f:
                    3b:24:b1:43:10:f5:12:53:61:74:00:3b:16:52:05:
                    c4:40:cf:03:04:09:10:34:af:55:fe:b9:84:59:84:
                    30:a9:05:ee:f3:5a:0a:88:b9:fc:2a:79:bb:93:4b:
                    5c:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:85:B1:1F:16:9E:02:69:B9:13:54:37:21:DD:EB:83:FA:AF:BC:F6
            X509v3 Authority Key Identifier:
                keyid:AC:08:81:5E:8C:65:03:60:1F:25:4C:AB:37:1B:EC:47:1B:D7:EA:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rAiBXoxlA2AfJUyrNxvsRxvX6qY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/56f2a3-7eb7-4513-9f55-677871a03355/1/24WxHxaeAmm5E1Q3Id3rg_qvvPY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/56f2a3-7eb7-4513-9f55-677871a03355/1/rAiBXoxlA2AfJUyrNxvsRxvX6qY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.200.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:ec:38:36:f4:e0:80:07:7f:bc:d7:e3:02:f1:22:c0:1e:f0:
         01:4f:d4:56:5b:70:f7:73:df:ad:e2:6f:84:0b:09:77:7b:c4:
         e2:d6:b3:d9:d7:fc:4f:d2:d3:76:c5:ec:9d:6a:a5:03:10:ee:
         8b:b7:77:4c:ef:49:60:3f:df:b6:ac:66:f0:4d:46:75:24:46:
         40:c0:e5:e5:d5:bc:34:a6:f9:6f:02:d6:7e:e1:9d:8c:e7:7a:
         88:98:92:a0:57:90:36:87:c3:dc:d6:7f:fd:e6:44:0e:b9:96:
         b2:17:f0:de:5b:a4:6d:dd:85:6a:d7:26:6b:48:55:f9:63:07:
         a9:3f:81:93:ec:07:a8:bf:1b:c2:77:13:2f:ec:5f:1c:88:4a:
         a6:39:03:45:09:ad:c4:d8:ee:7a:db:59:c3:2d:38:96:3c:2a:
         28:6d:80:d4:32:27:1a:b5:e7:08:27:dc:3b:ad:00:b7:82:f1:
         37:cc:83:ed:40:8d:0a:5e:18:1e:52:4c:04:37:45:c3:c9:27:
         cc:c2:a8:29:e1:36:86:ae:df:27:e2:83:f2:6b:55:5d:e1:60:
         1c:4c:1e:d6:d7:31:df:9b:d3:7c:19:34:17:45:6f:f4:7f:1d:
         3c:6f:b5:18:c7:bc:d9:b6:01:dd:86:bc:69:f8:fa:3e:34:61:
         9c:c1:69:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9y1en/cUopDnFpSQ65G4YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjMDg4MTVlOGM2NTAzNjAxZjI1NGNhYjM3MWJlYzQ3MWJk
N2VhYTYwHhcNMjYwMTAyMDgyMDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjg1YjExZjE2OWUwMjY5YjkxMzU0MzcyMWRkZWI4M2ZhYWZiY2Y2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsvHOEiOvxz4YPm02IVFujxNQ+JAt
35dcjYuPfg0GcMGv+XvnAmy8fz/gUDhrM3Col6occgYHbgXvuQUTGMUf6Ei+PSCG
ACK49bH5MgDkX7xHg167tbMUiGy/a7y6BnMu+RK4eGRucYk19b0ZG33nVD82MMBF
MW0WBNLdvJUhJtxa0xrclEE7m3dX32ppiG2YdhqNNp9KZUwjz7UACHzNs1w/UCCE
kHyZhjiLWs/OcTGBsRdrn59qs27FDL/EtjdJ8logCtSoQyBZEsNlTvrkhT87JLFD
EPUSU2F0ADsWUgXEQM8DBAkQNK9V/rmEWYQwqQXu81oKiLn8Knm7k0tcaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNuFsR8WngJpuRNUNyHd64P6r7z2MB8GA1UdIwQY
MBaAFKwIgV6MZQNgHyVMqzcb7Ecb1+qmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckFpQlhveGxBMkFmSlV5ck54dnNSeHZYNnFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC81NmYyYTMtN2ViNy00NTEzLTlmNTUt
Njc3ODcxYTAzMzU1LzEvMjRXeEh4YWVBbW01RTFRM0lkM3JnX3F2dlBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC81NmYyYTMtN2ViNy00NTEzLTlmNTUtNjc3ODcxYTAzMzU1
LzEvckFpQlhveGxBMkFmSlV5ck54dnNSeHZYNnFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw8jQMA0G
CSqGSIb3DQEBCwUAA4IBAQAL7Dg29OCAB3+81+MC8SLAHvABT9RWW3D3c9+t4m+E
Cwl3e8Ti1rPZ1/xP0tN2xeydaqUDEO6Lt3dM70lgP9+2rGbwTUZ1JEZAwOXl1bw0
pvlvAtZ+4Z2M53qImJKgV5A2h8Pc1n/95kQOuZayF/DeW6Rt3YVq1yZrSFX5Ywep
P4GT7AeovxvCdxMv7F8ciEqmOQNFCa3E2O5621nDLTiWPCoobYDUMicatecIJ9w7
rQC3gvE3zIPtQI0KXhgeUkwEN0XDySfMwqgp4TaGrt8n4oPya1Vd4WAcTB7W1zHf
m9N8GTQXRW/0fx08b7UYx7zZtgHdhrxp+Po+NGGcwWmc
-----END CERTIFICATE-----