This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/4fa2d8-d71d-49b1-8eb0-a3589da16c85/1/0fMGliU2DY90o-COL7gfsd6xbVw.roa
File:                     0fMGliU2DY90o-COL7gfsd6xbVw.roa (raw, json)
Hash identifier:          pyD2slLDpEMFdPN9pfMsq689iSsZ/8LJ4vMycIuRMpg=
Subject key identifier:   D1:F3:06:96:25:36:0D:8F:74:A3:E0:8E:2F:B8:1F:B1:DE:B1:6D:5C
Certificate issuer:       /CN=ce1f59ae34548132892fcc89b1595f9b0360198d
Certificate serial:       019B76EB87C1506AA343BD6C5648963DCEE4
Authority key identifier: CE:1F:59:AE:34:54:81:32:89:2F:CC:89:B1:59:5F:9B:03:60:19:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zh9ZrjRUgTKJL8yJsVlfmwNgGY0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/4fa2d8-d71d-49b1-8eb0-a3589da16c85/1/0fMGliU2DY90o-COL7gfsd6xbVw.roa
Signing time:             Thu 01 Jan 2026 00:18:25 +0000
ROA not before:           Thu 01 Jan 2026 00:18:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41104
IP address blocks:        195.95.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/4fa2d8-d71d-49b1-8eb0-a3589da16c85/1/zh9ZrjRUgTKJL8yJsVlfmwNgGY0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/4fa2d8-d71d-49b1-8eb0-a3589da16c85/1/zh9ZrjRUgTKJL8yJsVlfmwNgGY0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zh9ZrjRUgTKJL8yJsVlfmwNgGY0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 21:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:87:c1:50:6a:a3:43:bd:6c:56:48:96:3d:ce:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce1f59ae34548132892fcc89b1595f9b0360198d
        Validity
            Not Before: Jan  1 00:18:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d1f3069625360d8f74a3e08e2fb81fb1deb16d5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:e2:17:75:70:72:f8:d1:ce:63:ed:64:b6:97:
                    3a:d8:70:86:51:4f:9d:39:74:7d:41:bf:0b:d1:df:
                    c5:61:4c:eb:0b:2a:8c:ac:83:2d:36:8c:8e:41:92:
                    5f:af:1d:91:23:fa:4e:2b:a4:8b:f6:f7:3e:54:3b:
                    50:b3:9d:cb:c8:10:3d:28:db:b3:d6:e4:1e:61:dd:
                    d6:d2:b8:83:75:ee:fd:b0:cc:59:ee:0e:4e:4a:13:
                    d0:08:66:be:01:73:13:11:3f:6c:e3:01:3c:93:02:
                    ba:fe:d1:9d:6a:d8:9f:b2:b1:ef:48:bd:f1:b9:9f:
                    34:57:1a:41:fe:78:7d:83:20:a1:8b:3a:be:a0:51:
                    ca:77:f2:67:a9:a7:2e:04:08:e5:04:0a:2b:d0:90:
                    95:71:0d:33:ea:24:08:7d:54:fc:ad:61:3b:3f:de:
                    37:44:79:20:18:63:6a:47:39:78:fb:80:e6:dd:7a:
                    1d:8e:81:1a:89:fa:f9:03:bd:ef:cf:e2:3a:a8:7d:
                    31:1e:55:b7:6c:e7:95:08:cf:1c:6a:3a:fb:43:1f:
                    b8:25:28:b7:a2:cc:b5:f5:15:da:46:b1:a1:6c:de:
                    51:3f:8f:78:36:c3:f2:ca:cc:9f:19:a3:a9:21:78:
                    a0:1b:d6:ab:df:69:f2:57:2d:cc:27:3d:8a:a6:4a:
                    e7:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:F3:06:96:25:36:0D:8F:74:A3:E0:8E:2F:B8:1F:B1:DE:B1:6D:5C
            X509v3 Authority Key Identifier:
                keyid:CE:1F:59:AE:34:54:81:32:89:2F:CC:89:B1:59:5F:9B:03:60:19:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zh9ZrjRUgTKJL8yJsVlfmwNgGY0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/4fa2d8-d71d-49b1-8eb0-a3589da16c85/1/0fMGliU2DY90o-COL7gfsd6xbVw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/4fa2d8-d71d-49b1-8eb0-a3589da16c85/1/zh9ZrjRUgTKJL8yJsVlfmwNgGY0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.95.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:4f:fe:cb:20:ff:a7:02:21:cc:42:c8:46:45:ff:37:8b:07:
         ef:bd:65:7c:11:b5:fa:30:09:b5:fe:8b:cc:af:c5:1e:2f:0d:
         2f:d2:81:9a:81:8c:07:96:c4:3c:ce:fd:4c:07:5a:5e:08:7d:
         d8:3f:ef:5e:f6:9e:aa:e6:ac:98:2d:47:80:db:3b:87:1a:26:
         ec:83:3d:d6:42:27:f2:a6:8e:6c:f3:ff:cb:c1:b0:54:87:cf:
         32:d4:d7:0b:9d:3f:fb:c2:a2:72:92:60:90:a8:2d:5a:32:ff:
         51:a5:70:db:d8:74:7c:54:26:29:9e:b0:f0:92:6e:36:47:24:
         cc:52:5b:04:24:89:49:9b:16:7c:c8:e3:c8:39:47:21:dd:c8:
         09:68:5a:0c:75:ed:7d:9b:7a:05:32:81:a9:f0:20:75:e7:4e:
         48:3b:67:fe:14:fc:c6:54:ad:7b:4b:f8:0a:99:8f:bf:8c:84:
         78:db:99:bc:e2:0b:63:7c:b5:4f:07:75:d5:a1:d5:e7:f4:e0:
         3d:ec:44:15:e5:e3:ee:b4:85:c1:cb:e6:ff:72:fa:2b:96:f7:
         3f:21:75:06:ac:bb:96:96:02:8a:2d:f6:53:8b:75:f4:75:02:
         a7:fa:19:68:fe:94:4d:ad:12:a9:88:cf:98:6a:1e:9f:20:da:
         40:d1:67:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt264fBUGqjQ71sVkiWPc7kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlMWY1OWFlMzQ1NDgxMzI4OTJmY2M4OWIxNTk1ZjliMDM2
MDE5OGQwHhcNMjYwMTAxMDAxODI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWYzMDY5NjI1MzYwZDhmNzRhM2UwOGUyZmI4MWZiMWRlYjE2ZDVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqOIXdXBy+NHOY+1ktpc62HCGUU+d
OXR9Qb8L0d/FYUzrCyqMrIMtNoyOQZJfrx2RI/pOK6SL9vc+VDtQs53LyBA9KNuz
1uQeYd3W0riDde79sMxZ7g5OShPQCGa+AXMTET9s4wE8kwK6/tGdatifsrHvSL3x
uZ80VxpB/nh9gyChizq+oFHKd/JnqacuBAjlBAor0JCVcQ0z6iQIfVT8rWE7P943
RHkgGGNqRzl4+4Dm3XodjoEaifr5A73vz+I6qH0xHlW3bOeVCM8cajr7Qx+4JSi3
osy19RXaRrGhbN5RP494NsPyysyfGaOpIXigG9ar32nyVy3MJz2KpkrnPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNHzBpYlNg2PdKPgji+4H7HesW1cMB8GA1UdIwQY
MBaAFM4fWa40VIEyiS/MibFZX5sDYBmNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemg5WnJqUlVnVEtKTDh5SnNWbGZtd05nR1kwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni80ZmEyZDgtZDcxZC00OWIxLThlYjAt
YTM1ODlkYTE2Yzg1LzEvMGZNR2xpVTJEWTkwby1DT0w3Z2ZzZDZ4YlZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni80ZmEyZDgtZDcxZC00OWIxLThlYjAtYTM1ODlkYTE2Yzg1
LzEvemg5WnJqUlVnVEtKTDh5SnNWbGZtd05nR1kwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1+tMA0G
CSqGSIb3DQEBCwUAA4IBAQAMT/7LIP+nAiHMQshGRf83iwfvvWV8EbX6MAm1/ovM
r8UeLw0v0oGagYwHlsQ8zv1MB1peCH3YP+9e9p6q5qyYLUeA2zuHGibsgz3WQify
po5s8//LwbBUh88y1NcLnT/7wqJykmCQqC1aMv9RpXDb2HR8VCYpnrDwkm42RyTM
UlsEJIlJmxZ8yOPIOUch3cgJaFoMde19m3oFMoGp8CB1505IO2f+FPzGVK17S/gK
mY+/jIR425m84gtjfLVPB3XVodXn9OA97EQV5ePutIXBy+b/cvorlvc/IXUGrLuW
lgKKLfZTi3X0dQKn+hlo/pRNrRKpiM+Yah6fINpA0WcO
-----END CERTIFICATE-----