This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/48aeaf-9545-4d4b-9cda-9d0743370495/1/lJb5lAFohzfMydj804z3JPUVnyc.roa
File:                     lJb5lAFohzfMydj804z3JPUVnyc.roa (raw, json)
Hash identifier:          PyjYKIx7mQvs4uA+2fO0dKGHiZ5xO9frfNP8obB2rXI=
Subject key identifier:   94:96:F9:94:01:68:87:37:CC:C9:D8:FC:D3:8C:F7:24:F5:15:9F:27
Certificate issuer:       /CN=f7a8b70aa10069b5515a9cb3c149b885b7a12834
Certificate serial:       019B7A5ACAAB3EB56C27B9CB755B16376445
Authority key identifier: F7:A8:B7:0A:A1:00:69:B5:51:5A:9C:B3:C1:49:B8:85:B7:A1:28:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/96i3CqEAabVRWpyzwUm4hbehKDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/48aeaf-9545-4d4b-9cda-9d0743370495/1/lJb5lAFohzfMydj804z3JPUVnyc.roa
Signing time:             Thu 01 Jan 2026 16:18:49 +0000
ROA not before:           Thu 01 Jan 2026 16:18:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25180
IP address blocks:        195.149.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/48aeaf-9545-4d4b-9cda-9d0743370495/1/96i3CqEAabVRWpyzwUm4hbehKDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/48aeaf-9545-4d4b-9cda-9d0743370495/1/96i3CqEAabVRWpyzwUm4hbehKDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/96i3CqEAabVRWpyzwUm4hbehKDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 Jan 2026 09:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:ca:ab:3e:b5:6c:27:b9:cb:75:5b:16:37:64:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7a8b70aa10069b5515a9cb3c149b885b7a12834
        Validity
            Not Before: Jan  1 16:18:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9496f99401688737ccc9d8fcd38cf724f5159f27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:60:8f:01:6c:84:c5:d5:7b:4e:13:10:d2:76:
                    7f:7c:81:79:ad:19:e5:0b:ee:07:9a:8c:89:07:4b:
                    d8:44:0a:6c:50:db:79:65:78:49:53:2e:05:fd:c5:
                    68:70:fe:6f:4a:d3:bf:e2:62:9b:b0:0e:ba:8b:64:
                    1d:27:35:df:51:75:50:d0:a6:62:25:18:aa:42:d7:
                    f1:b3:ee:c8:5f:93:87:b7:6d:ca:08:11:ff:c9:b7:
                    19:c8:8b:49:ee:fb:b4:42:f6:01:db:b7:2a:cf:e9:
                    53:e8:46:0b:29:20:90:98:ad:e6:46:6c:20:bb:5b:
                    89:42:29:2a:9b:75:6c:fd:cb:4c:7a:14:35:42:31:
                    57:e6:05:ab:5d:f0:fe:82:29:29:71:f5:54:4f:b0:
                    a4:07:06:c1:ef:9f:1e:18:ed:39:f9:ad:ad:27:c5:
                    45:38:43:12:e3:d4:86:15:56:c1:4b:c5:ca:b6:50:
                    94:54:19:0d:ad:79:3d:e6:33:db:c7:54:04:42:3e:
                    3e:09:a0:71:bf:43:ea:13:1c:fb:af:97:14:f5:60:
                    c3:ac:6a:fe:7e:f8:b4:99:be:c6:22:0e:26:dc:79:
                    69:01:94:a4:58:59:9c:65:88:5f:3d:17:b1:58:af:
                    37:3c:7a:c4:23:f1:5a:15:36:8e:25:57:20:fb:77:
                    c4:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:96:F9:94:01:68:87:37:CC:C9:D8:FC:D3:8C:F7:24:F5:15:9F:27
            X509v3 Authority Key Identifier:
                keyid:F7:A8:B7:0A:A1:00:69:B5:51:5A:9C:B3:C1:49:B8:85:B7:A1:28:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/96i3CqEAabVRWpyzwUm4hbehKDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/48aeaf-9545-4d4b-9cda-9d0743370495/1/lJb5lAFohzfMydj804z3JPUVnyc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/48aeaf-9545-4d4b-9cda-9d0743370495/1/96i3CqEAabVRWpyzwUm4hbehKDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.149.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:fa:c0:29:89:dc:a2:92:27:e4:33:bd:91:e0:b5:ec:5d:01:
         e1:fc:50:e5:ac:17:f1:63:ce:d6:9e:9e:22:5a:a2:db:6e:37:
         c1:ff:8f:bb:46:ef:82:c1:85:ee:9d:6e:17:44:e3:c7:f0:91:
         58:41:7f:cf:53:c5:f6:ee:4c:3a:4a:97:3d:d5:6b:7c:97:20:
         d7:62:43:13:30:b4:b3:10:0f:d1:b8:51:7d:66:01:d8:ea:61:
         20:93:16:0d:43:1f:37:1c:07:2b:b1:d2:d0:64:03:7d:47:78:
         ce:e8:cf:e4:6f:9b:65:54:c0:7a:98:e1:40:4c:cc:b9:3f:c9:
         4b:f0:a4:f2:bf:61:bf:f2:85:d6:92:a2:53:0f:62:66:70:9b:
         ee:da:0b:2b:b8:47:aa:94:6d:ed:c0:cc:42:31:6e:e0:65:b1:
         eb:d3:9d:1f:38:5e:16:87:2a:6b:29:ad:84:38:1f:5e:c7:3e:
         51:29:87:e0:18:9b:82:80:14:52:49:8d:91:73:90:27:10:0a:
         49:c6:c6:d1:46:03:e7:84:eb:ad:32:40:49:b8:fb:0b:29:99:
         20:0d:f4:17:9f:86:6d:de:51:2f:09:b4:18:11:69:99:1c:3c:
         19:ad:06:f7:ca:27:32:a4:58:3e:c5:7d:65:b5:be:25:8c:9c:
         ac:1a:83:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WsqrPrVsJ7nLdVsWN2RFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3YThiNzBhYTEwMDY5YjU1MTVhOWNiM2MxNDliODg1Yjdh
MTI4MzQwHhcNMjYwMTAxMTYxODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDk2Zjk5NDAxNjg4NzM3Y2NjOWQ4ZmNkMzhjZjcyNGY1MTU5ZjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3WCPAWyExdV7ThMQ0nZ/fIF5rRnl
C+4HmoyJB0vYRApsUNt5ZXhJUy4F/cVocP5vStO/4mKbsA66i2QdJzXfUXVQ0KZi
JRiqQtfxs+7IX5OHt23KCBH/ybcZyItJ7vu0QvYB27cqz+lT6EYLKSCQmK3mRmwg
u1uJQikqm3Vs/ctMehQ1QjFX5gWrXfD+gikpcfVUT7CkBwbB758eGO05+a2tJ8VF
OEMS49SGFVbBS8XKtlCUVBkNrXk95jPbx1QEQj4+CaBxv0PqExz7r5cU9WDDrGr+
fvi0mb7GIg4m3HlpAZSkWFmcZYhfPRexWK83PHrEI/FaFTaOJVcg+3fEYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJSW+ZQBaIc3zMnY/NOM9yT1FZ8nMB8GA1UdIwQY
MBaAFPeotwqhAGm1UVqcs8FJuIW3oSg0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTZpM0NxRUFhYlZSV3B5endVbTRoYmVoS0RRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS80OGFlYWYtOTU0NS00ZDRiLTljZGEt
OWQwNzQzMzcwNDk1LzEvbEpiNWxBRm9oemZNeWRqODA0ejNKUFVWbnljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS80OGFlYWYtOTU0NS00ZDRiLTljZGEtOWQwNzQzMzcwNDk1
LzEvOTZpM0NxRUFhYlZSV3B5endVbTRoYmVoS0RRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw5V5MA0G
CSqGSIb3DQEBCwUAA4IBAQBA+sApidyikifkM72R4LXsXQHh/FDlrBfxY87Wnp4i
WqLbbjfB/4+7Ru+CwYXunW4XROPH8JFYQX/PU8X27kw6Spc91Wt8lyDXYkMTMLSz
EA/RuFF9ZgHY6mEgkxYNQx83HAcrsdLQZAN9R3jO6M/kb5tlVMB6mOFATMy5P8lL
8KTyv2G/8oXWkqJTD2JmcJvu2gsruEeqlG3twMxCMW7gZbHr050fOF4WhyprKa2E
OB9exz5RKYfgGJuCgBRSSY2Rc5AnEApJxsbRRgPnhOutMkBJuPsLKZkgDfQXn4Zt
3lEvCbQYEWmZHDwZrQb3yicypFg+xX1ltb4ljJysGoMu
-----END CERTIFICATE-----