This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/cceaf2-7561-42a7-8d12-8e060ca96fac/1/WNVQM3rF0upB772-caKrCDXCoWg.roa
File:                     WNVQM3rF0upB772-caKrCDXCoWg.roa (raw, json)
Hash identifier:          LRTmq6WPI/+2g0t0k7Z57A9ICoogy4YmPQH2aun+PO8=
Subject key identifier:   58:D5:50:33:7A:C5:D2:EA:41:EF:BD:BE:71:A2:AB:08:35:C2:A1:68
Certificate issuer:       /CN=1d861782973c382cc1ce670f5ad50df8fb53c82e
Certificate serial:       019B797F0CD479223F9FDB739FAFFEED542D
Authority key identifier: 1D:86:17:82:97:3C:38:2C:C1:CE:67:0F:5A:D5:0D:F8:FB:53:C8:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HYYXgpc8OCzBzmcPWtUN-PtTyC4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/cceaf2-7561-42a7-8d12-8e060ca96fac/1/WNVQM3rF0upB772-caKrCDXCoWg.roa
Signing time:             Thu 01 Jan 2026 12:18:48 +0000
ROA not before:           Thu 01 Jan 2026 12:18:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44704
IP address blocks:        195.42.96.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/cceaf2-7561-42a7-8d12-8e060ca96fac/1/HYYXgpc8OCzBzmcPWtUN-PtTyC4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/cceaf2-7561-42a7-8d12-8e060ca96fac/1/HYYXgpc8OCzBzmcPWtUN-PtTyC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HYYXgpc8OCzBzmcPWtUN-PtTyC4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 21:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7f:0c:d4:79:22:3f:9f:db:73:9f:af:fe:ed:54:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d861782973c382cc1ce670f5ad50df8fb53c82e
        Validity
            Not Before: Jan  1 12:18:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=58d550337ac5d2ea41efbdbe71a2ab0835c2a168
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:b2:6c:8a:0b:d2:8f:7e:ea:02:24:45:26:7c:
                    21:23:b4:bc:40:01:86:b9:d5:62:b9:ac:8f:65:58:
                    ce:64:44:f8:99:e2:c5:6a:1a:4a:48:d5:86:94:9c:
                    1a:db:2b:f1:e6:dc:a3:a7:6f:bb:60:32:29:8c:39:
                    a8:e5:0f:fa:1f:d1:92:84:e6:74:1e:bd:fe:56:19:
                    22:0e:39:7f:6a:b3:d1:9e:66:e7:86:7f:b6:16:2b:
                    a7:d8:53:a2:13:d4:0d:a9:2d:bb:8f:95:cf:08:df:
                    74:0d:2c:10:2b:40:b5:41:ce:ec:79:01:69:aa:6b:
                    d8:07:98:3c:d3:37:d2:bf:b7:ab:04:cd:95:e3:c9:
                    38:a6:8d:4d:26:64:15:04:f8:31:32:66:33:49:bf:
                    6b:ff:a7:6f:81:5c:f9:58:30:8d:15:39:84:29:db:
                    07:da:96:bb:64:33:4a:46:55:a2:b1:fa:f8:d3:07:
                    4c:ea:20:71:66:e5:91:69:06:9a:65:21:0d:20:8e:
                    57:49:af:e1:ce:26:a1:57:cb:ba:da:78:3e:64:4b:
                    12:55:0f:6d:64:00:ea:84:b2:91:88:7f:50:9d:60:
                    b5:83:c7:28:34:87:2c:79:79:ea:a6:1f:64:b4:53:
                    fd:32:1c:12:bc:8c:60:53:5f:6c:25:30:db:97:60:
                    c4:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:D5:50:33:7A:C5:D2:EA:41:EF:BD:BE:71:A2:AB:08:35:C2:A1:68
            X509v3 Authority Key Identifier:
                keyid:1D:86:17:82:97:3C:38:2C:C1:CE:67:0F:5A:D5:0D:F8:FB:53:C8:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HYYXgpc8OCzBzmcPWtUN-PtTyC4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/cceaf2-7561-42a7-8d12-8e060ca96fac/1/WNVQM3rF0upB772-caKrCDXCoWg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/cceaf2-7561-42a7-8d12-8e060ca96fac/1/HYYXgpc8OCzBzmcPWtUN-PtTyC4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.42.96.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6a:4a:e3:25:32:c8:44:a1:d9:ea:56:da:e2:85:83:ba:c2:41:
         4a:e2:3b:2d:7f:59:b4:40:49:ea:20:ab:b1:38:55:40:26:f6:
         35:9b:1e:91:17:2d:ff:32:e2:ff:5a:e5:c8:7a:06:39:5d:0b:
         25:53:15:f6:dc:38:04:00:30:ba:f6:e7:8a:d9:57:3c:26:80:
         e9:6a:32:33:93:c5:ac:0e:5c:6f:47:9e:65:f8:22:93:b6:e1:
         e4:b1:1e:1c:b4:f1:9d:cf:63:27:53:49:fc:99:1a:98:2f:00:
         f6:7d:fc:8d:69:2e:ce:89:66:d0:12:47:6c:4c:15:60:9e:0c:
         73:20:30:34:73:f6:b6:53:55:1a:ac:2d:fe:c2:f2:a9:1b:8a:
         9e:9a:4b:49:4d:df:4d:48:86:9e:59:5b:b0:cc:2b:c5:75:55:
         a2:e6:a7:5a:61:76:f5:54:a1:79:db:ce:e8:04:88:82:21:77:
         ce:8f:39:54:a9:7d:41:68:2f:e2:3d:b6:36:2f:12:ee:1c:31:
         14:d7:b0:07:42:72:0b:06:af:88:99:c7:82:f2:b7:0f:31:47:
         ef:7e:36:c5:e1:d4:66:cf:57:48:13:65:12:d8:83:d6:e0:da:
         dd:22:d5:c0:58:a7:f8:c9:e1:7f:74:19:7a:22:3b:b7:32:7e:
         5a:e5:d0:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fwzUeSI/n9tzn6/+7VQtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkODYxNzgyOTczYzM4MmNjMWNlNjcwZjVhZDUwZGY4ZmI1
M2M4MmUwHhcNMjYwMTAxMTIxODQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGQ1NTAzMzdhYzVkMmVhNDFlZmJkYmU3MWEyYWIwODM1YzJhMTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbJsigvSj37qAiRFJnwhI7S8QAGG
udViuayPZVjOZET4meLFahpKSNWGlJwa2yvx5tyjp2+7YDIpjDmo5Q/6H9GShOZ0
Hr3+VhkiDjl/arPRnmbnhn+2Fiun2FOiE9QNqS27j5XPCN90DSwQK0C1Qc7seQFp
qmvYB5g80zfSv7erBM2V48k4po1NJmQVBPgxMmYzSb9r/6dvgVz5WDCNFTmEKdsH
2pa7ZDNKRlWisfr40wdM6iBxZuWRaQaaZSENII5XSa/hziahV8u62ng+ZEsSVQ9t
ZADqhLKRiH9QnWC1g8coNIcseXnqph9ktFP9MhwSvIxgU19sJTDbl2DElQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFjVUDN6xdLqQe+9vnGiqwg1wqFoMB8GA1UdIwQY
MBaAFB2GF4KXPDgswc5nD1rVDfj7U8guMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFlZWGdwYzhPQ3pCem1jUFd0VU4tUHRUeUM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9jY2VhZjItNzU2MS00MmE3LThkMTIt
OGUwNjBjYTk2ZmFjLzEvV05WUU0zckYwdXBCNzcyLWNhS3JDRFhDb1dnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9jY2VhZjItNzU2MS00MmE3LThkMTItOGUwNjBjYTk2ZmFj
LzEvSFlZWGdwYzhPQ3pCem1jUFd0VU4tUHRUeUM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwypgMA0G
CSqGSIb3DQEBCwUAA4IBAQBqSuMlMshEodnqVtrihYO6wkFK4jstf1m0QEnqIKux
OFVAJvY1mx6RFy3/MuL/WuXIegY5XQslUxX23DgEADC69ueK2Vc8JoDpajIzk8Ws
DlxvR55l+CKTtuHksR4ctPGdz2MnU0n8mRqYLwD2ffyNaS7OiWbQEkdsTBVgngxz
IDA0c/a2U1UarC3+wvKpG4qemktJTd9NSIaeWVuwzCvFdVWi5qdaYXb1VKF5287o
BIiCIXfOjzlUqX1BaC/iPbY2LxLuHDEU17AHQnILBq+ImceC8rcPMUfvfjbF4dRm
z1dIE2US2IPW4NrdItXAWKf4yeF/dBl6Iju3Mn5a5dDQ
-----END CERTIFICATE-----