This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/8bVGqU-tjWPnIG8sBYrZvrrahKI.roa
File:                     8bVGqU-tjWPnIG8sBYrZvrrahKI.roa (raw, json)
Hash identifier:          IFFyNQvZAT+Bna1YbPC14TW6c3lxt7eZvL1L0yVl4NA=
Subject key identifier:   F1:B5:46:A9:4F:AD:8D:63:E7:20:6F:2C:05:8A:D9:BE:BA:DA:84:A2
Certificate issuer:       /CN=3a0b05f40a6916394782302d1b5660737257a48b
Certificate serial:       019B7CEE510997BED3D419CFE59D3CD9C7C8
Authority key identifier: 3A:0B:05:F4:0A:69:16:39:47:82:30:2D:1B:56:60:73:72:57:A4:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/8bVGqU-tjWPnIG8sBYrZvrrahKI.roa
Signing time:             Fri 02 Jan 2026 04:19:11 +0000
ROA not before:           Fri 02 Jan 2026 04:19:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34388
IP address blocks:        185.1.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 10:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ee:51:09:97:be:d3:d4:19:cf:e5:9d:3c:d9:c7:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a0b05f40a6916394782302d1b5660737257a48b
        Validity
            Not Before: Jan  2 04:19:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f1b546a94fad8d63e7206f2c058ad9bebada84a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:bf:bb:3d:7f:56:43:90:ba:ea:cb:f1:7b:8e:
                    27:02:19:0d:29:d6:cd:69:b3:21:77:df:ed:83:54:
                    d8:e6:37:70:a9:a6:91:a8:40:1e:7f:c5:3a:cd:7b:
                    a1:77:d1:f4:33:8b:a7:b0:25:1c:ba:f1:3a:81:e1:
                    c7:f5:77:c7:ba:8b:f9:13:9c:10:c8:07:32:e4:25:
                    15:c9:4a:3a:bd:f5:b2:d9:04:23:99:db:6e:4b:ad:
                    0d:dd:43:a2:1a:69:3d:c1:ba:a8:b3:e3:a9:bd:85:
                    db:07:0f:ee:d0:0f:55:84:17:a0:27:51:95:e1:c1:
                    ab:fd:5c:ec:0c:7f:84:e0:c6:25:f7:c4:7b:1f:44:
                    f0:59:95:c0:24:b5:80:3d:18:77:8b:0c:f6:7e:d1:
                    15:7a:e7:aa:58:e1:f7:71:23:6f:56:b0:a6:d3:a2:
                    e2:57:13:20:cb:da:c3:06:cf:31:3a:4b:1b:51:29:
                    c4:41:bd:ab:00:96:a3:63:f9:b6:d3:e9:8e:19:06:
                    57:0a:76:a1:9c:71:54:90:67:ee:8c:b7:86:6b:55:
                    16:10:16:97:49:25:07:c3:01:29:a8:53:c8:07:f0:
                    37:3f:02:47:00:88:05:d1:0a:d8:49:bc:33:46:c5:
                    4f:77:73:32:dd:80:76:ed:39:a2:9a:9e:7e:bf:f9:
                    cc:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:B5:46:A9:4F:AD:8D:63:E7:20:6F:2C:05:8A:D9:BE:BA:DA:84:A2
            X509v3 Authority Key Identifier:
                keyid:3A:0B:05:F4:0A:69:16:39:47:82:30:2D:1B:56:60:73:72:57:A4:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/8bVGqU-tjWPnIG8sBYrZvrrahKI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:47:e0:51:7b:98:a7:cf:eb:6e:7c:78:98:71:82:39:6b:c5:
         a6:b4:e9:94:bd:e9:b7:a1:0e:0b:7b:8c:04:4a:04:51:a8:9f:
         8b:a6:10:80:bd:5a:85:a1:61:59:65:f0:69:db:e3:5a:ba:fa:
         be:aa:8e:20:49:7a:d1:bc:4b:59:77:ef:ad:ef:b0:af:ef:ea:
         ad:96:5c:f2:d2:84:a8:de:4b:6a:15:f8:5b:87:06:d0:a5:fa:
         67:87:c2:6c:8e:d4:e7:53:cc:e4:d6:fa:88:bc:69:87:32:a4:
         d6:57:11:7c:0f:29:18:4c:18:24:3b:ce:a2:84:53:a5:0d:39:
         68:3e:72:e3:ff:fe:f9:5b:86:02:ce:3e:1e:4a:90:4a:07:d4:
         52:79:46:a4:47:6a:f6:e4:46:ca:f2:44:99:96:8b:c4:2d:43:
         e8:56:b1:b7:7a:8e:4d:c0:93:11:75:26:44:a8:4c:e5:95:92:
         63:9f:a8:e0:72:ed:f8:3f:3a:a5:02:81:d7:8c:91:a5:d0:2a:
         d9:39:f3:1c:ea:d9:96:dd:87:14:3c:de:b6:bc:10:a9:54:18:
         1f:46:d6:16:77:45:ed:46:f9:aa:40:a9:e6:d2:1b:da:e5:a3:
         1f:23:29:a8:41:4a:f7:72:75:ff:8a:fe:98:f8:6b:cf:56:13:
         74:b2:f7:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87lEJl77T1BnP5Z082cfIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMGIwNWY0MGE2OTE2Mzk0NzgyMzAyZDFiNTY2MDczNzI1
N2E0OGIwHhcNMjYwMTAyMDQxOTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWI1NDZhOTRmYWQ4ZDYzZTcyMDZmMmMwNThhZDliZWJhZGE4NGEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj7+7PX9WQ5C66svxe44nAhkNKdbN
abMhd9/tg1TY5jdwqaaRqEAef8U6zXuhd9H0M4unsCUcuvE6geHH9XfHuov5E5wQ
yAcy5CUVyUo6vfWy2QQjmdtuS60N3UOiGmk9wbqos+OpvYXbBw/u0A9VhBegJ1GV
4cGr/VzsDH+E4MYl98R7H0TwWZXAJLWAPRh3iwz2ftEVeueqWOH3cSNvVrCm06Li
VxMgy9rDBs8xOksbUSnEQb2rAJajY/m20+mOGQZXCnahnHFUkGfujLeGa1UWEBaX
SSUHwwEpqFPIB/A3PwJHAIgF0QrYSbwzRsVPd3My3YB27Tmimp5+v/nMtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPG1RqlPrY1j5yBvLAWK2b662oSiMB8GA1UdIwQY
MBaAFDoLBfQKaRY5R4IwLRtWYHNyV6SLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2dzRjlBcHBGamxIZ2pBdEcxWmdjM0pYcElzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC83NTgzY2ItZDMxZS00ZTAzLWIxNGIt
YjIwZTI4ZjUxODhmLzEvOGJWR3FVLXRqV1BuSUc4c0JZclp2cnJhaEtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC83NTgzY2ItZDMxZS00ZTAzLWIxNGItYjIwZTI4ZjUxODhm
LzEvT2dzRjlBcHBGamxIZ2pBdEcxWmdjM0pYcElzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQGeMA0G
CSqGSIb3DQEBCwUAA4IBAQBfR+BRe5inz+tufHiYcYI5a8WmtOmUvem3oQ4Le4wE
SgRRqJ+LphCAvVqFoWFZZfBp2+Nauvq+qo4gSXrRvEtZd++t77Cv7+qtllzy0oSo
3ktqFfhbhwbQpfpnh8JsjtTnU8zk1vqIvGmHMqTWVxF8DykYTBgkO86ihFOlDTlo
PnLj//75W4YCzj4eSpBKB9RSeUakR2r25EbK8kSZlovELUPoVrG3eo5NwJMRdSZE
qEzllZJjn6jgcu34PzqlAoHXjJGl0CrZOfMc6tmW3YcUPN62vBCpVBgfRtYWd0Xt
RvmqQKnm0hva5aMfIymoQUr3cnX/iv6Y+GvPVhN0svdb
-----END CERTIFICATE-----