This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/228efe-ff30-4328-a915-0f3b6f96990b/1/geUvZA4ewTlG88hTMf-uSmrWhDQ.roa
File:                     geUvZA4ewTlG88hTMf-uSmrWhDQ.roa (raw, json)
Hash identifier:          2pWVSfUZrGtWyoII6+WIJ6jWbQPbI427Ph6KkMpwer0=
Subject key identifier:   81:E5:2F:64:0E:1E:C1:39:46:F3:C8:53:31:FF:AE:4A:6A:D6:84:34
Certificate issuer:       /CN=e8159b68ce41368a99fe1079ec54c36c9bb1bf94
Certificate serial:       019B76EAE11CD7089384FE893EEF420EE7C9
Authority key identifier: E8:15:9B:68:CE:41:36:8A:99:FE:10:79:EC:54:C3:6C:9B:B1:BF:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6BWbaM5BNoqZ_hB57FTDbJuxv5Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/228efe-ff30-4328-a915-0f3b6f96990b/1/geUvZA4ewTlG88hTMf-uSmrWhDQ.roa
Signing time:             Thu 01 Jan 2026 00:17:43 +0000
ROA not before:           Thu 01 Jan 2026 00:17:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56786
IP address blocks:        185.250.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/228efe-ff30-4328-a915-0f3b6f96990b/1/6BWbaM5BNoqZ_hB57FTDbJuxv5Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/228efe-ff30-4328-a915-0f3b6f96990b/1/6BWbaM5BNoqZ_hB57FTDbJuxv5Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6BWbaM5BNoqZ_hB57FTDbJuxv5Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:e1:1c:d7:08:93:84:fe:89:3e:ef:42:0e:e7:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8159b68ce41368a99fe1079ec54c36c9bb1bf94
        Validity
            Not Before: Jan  1 00:17:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=81e52f640e1ec13946f3c85331ffae4a6ad68434
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:4e:71:4a:93:a2:2e:0b:46:7b:04:52:18:71:
                    ba:a8:8b:92:81:13:4a:bd:eb:75:d9:16:fa:83:8b:
                    b9:02:fa:f7:f6:71:5f:97:9f:26:4b:49:40:33:6e:
                    d8:69:ac:a9:6e:34:2e:c3:be:a8:92:b2:93:f2:41:
                    c5:34:c2:81:4e:4e:30:88:7d:95:2f:e8:80:af:03:
                    28:1d:55:da:da:55:76:62:2e:8f:9f:f3:df:3f:62:
                    e0:7d:38:15:56:01:a8:65:b8:28:64:33:3e:ac:1b:
                    7a:ca:d3:83:58:16:fe:ba:1f:13:69:28:7b:e2:af:
                    b4:ee:f5:1d:20:a9:b6:29:92:5b:39:ec:71:0a:3e:
                    a2:39:cf:14:61:62:51:9e:30:20:46:85:17:ca:bc:
                    5c:53:c3:a6:50:32:b1:af:eb:d2:d2:d1:88:4a:8c:
                    27:21:5e:40:5c:77:93:0f:93:b5:ce:09:8b:52:26:
                    31:c9:67:e8:0b:5d:23:7c:41:94:8c:4b:59:2f:f3:
                    95:3a:8b:2c:e1:ef:47:bd:28:dc:2c:04:7c:a6:e7:
                    db:a3:dd:12:0e:da:4f:78:96:a5:44:3c:dd:27:22:
                    c1:82:f0:e9:8b:e0:c5:43:b5:25:b9:66:f8:9b:7c:
                    6f:81:b5:7f:31:ec:16:a8:66:5d:1f:ae:27:8a:71:
                    aa:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:E5:2F:64:0E:1E:C1:39:46:F3:C8:53:31:FF:AE:4A:6A:D6:84:34
            X509v3 Authority Key Identifier:
                keyid:E8:15:9B:68:CE:41:36:8A:99:FE:10:79:EC:54:C3:6C:9B:B1:BF:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6BWbaM5BNoqZ_hB57FTDbJuxv5Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/228efe-ff30-4328-a915-0f3b6f96990b/1/geUvZA4ewTlG88hTMf-uSmrWhDQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/228efe-ff30-4328-a915-0f3b6f96990b/1/6BWbaM5BNoqZ_hB57FTDbJuxv5Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.250.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:60:8b:f8:59:36:02:ac:11:60:77:5e:1d:db:8c:27:f2:24:
         5c:d1:53:03:1a:7a:c8:17:0c:33:0c:f9:35:c0:d1:9f:7b:83:
         62:74:d9:c0:10:50:d6:bf:70:c3:ba:f6:ab:8c:f5:6d:28:c7:
         07:1a:6c:58:30:f6:61:61:16:8d:4a:2c:16:3e:8b:06:cb:6c:
         e4:c1:05:6b:e7:31:7a:98:bc:34:81:f7:a5:f9:59:9b:42:65:
         f2:34:76:44:67:9a:ef:a4:de:88:f0:b0:a1:b7:33:3f:60:b2:
         e0:87:41:1f:c8:74:c7:9e:f6:b9:65:80:a5:e5:b0:ed:92:b1:
         ff:b2:71:15:34:c1:92:77:aa:8a:f2:c5:68:ca:79:24:3e:2d:
         ce:71:48:dd:95:4c:5e:05:3f:2f:10:5c:18:e8:e3:97:b1:38:
         68:30:b3:31:0d:37:26:98:21:f2:10:de:3f:ef:64:84:47:36:
         75:a2:73:4a:98:27:7d:ac:c9:3d:c6:92:17:c8:ae:fa:57:cf:
         0c:2d:36:fc:cd:ea:05:4e:c5:b3:62:f7:32:b4:58:b1:69:83:
         47:24:64:bd:9e:32:0f:19:ea:c6:69:b2:9a:c6:0e:00:73:f5:
         83:9c:75:1c:12:41:35:c0:25:41:d5:dd:d9:36:c4:4a:32:92:
         0b:3e:17:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26uEc1wiThP6JPu9CDufJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4MTU5YjY4Y2U0MTM2OGE5OWZlMTA3OWVjNTRjMzZjOWJi
MWJmOTQwHhcNMjYwMTAxMDAxNzQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWU1MmY2NDBlMWVjMTM5NDZmM2M4NTMzMWZmYWU0YTZhZDY4NDM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnE5xSpOiLgtGewRSGHG6qIuSgRNK
vet12Rb6g4u5Avr39nFfl58mS0lAM27YaaypbjQuw76okrKT8kHFNMKBTk4wiH2V
L+iArwMoHVXa2lV2Yi6Pn/PfP2LgfTgVVgGoZbgoZDM+rBt6ytODWBb+uh8TaSh7
4q+07vUdIKm2KZJbOexxCj6iOc8UYWJRnjAgRoUXyrxcU8OmUDKxr+vS0tGISown
IV5AXHeTD5O1zgmLUiYxyWfoC10jfEGUjEtZL/OVOoss4e9HvSjcLAR8pufbo90S
DtpPeJalRDzdJyLBgvDpi+DFQ7UluWb4m3xvgbV/MewWqGZdH64ninGqDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIHlL2QOHsE5RvPIUzH/rkpq1oQ0MB8GA1UdIwQY
MBaAFOgVm2jOQTaKmf4QeexUw2ybsb+UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkJXYmFNNUJOb3FaX2hCNTdGVERiSnV4djVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8yMjhlZmUtZmYzMC00MzI4LWE5MTUt
MGYzYjZmOTY5OTBiLzEvZ2VVdlpBNGV3VGxHODhoVE1mLXVTbXJXaERRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8yMjhlZmUtZmYzMC00MzI4LWE5MTUtMGYzYjZmOTY5OTBi
LzEvNkJXYmFNNUJOb3FaX2hCNTdGVERiSnV4djVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufpAMA0G
CSqGSIb3DQEBCwUAA4IBAQAIYIv4WTYCrBFgd14d24wn8iRc0VMDGnrIFwwzDPk1
wNGfe4NidNnAEFDWv3DDuvarjPVtKMcHGmxYMPZhYRaNSiwWPosGy2zkwQVr5zF6
mLw0gfel+VmbQmXyNHZEZ5rvpN6I8LChtzM/YLLgh0EfyHTHnva5ZYCl5bDtkrH/
snEVNMGSd6qK8sVoynkkPi3OcUjdlUxeBT8vEFwY6OOXsThoMLMxDTcmmCHyEN4/
72SERzZ1onNKmCd9rMk9xpIXyK76V88MLTb8zeoFTsWzYvcytFixaYNHJGS9njIP
GerGabKaxg4Ac/WDnHUcEkE1wCVB1d3ZNsRKMpILPhdJ
-----END CERTIFICATE-----