This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/xONZTPQjTNAnpv3LpXFk-hZHq58.roa
File:                     xONZTPQjTNAnpv3LpXFk-hZHq58.roa (raw, json)
Hash identifier:          fMb3Xyl3Jh1WZeQDP8MvYVbT2cKVoCMH4bX5aAbt1YQ=
Subject key identifier:   C4:E3:59:4C:F4:23:4C:D0:27:A6:FD:CB:A5:71:64:FA:16:47:AB:9F
Certificate issuer:       /CN=4c7844abef711c232c84f83c807a420af3804728
Certificate serial:       019B76EB7B966CBE74F5487883750B519375
Authority key identifier: 4C:78:44:AB:EF:71:1C:23:2C:84:F8:3C:80:7A:42:0A:F3:80:47:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/THhEq-9xHCMshPg8gHpCCvOARyg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/xONZTPQjTNAnpv3LpXFk-hZHq58.roa
Signing time:             Thu 01 Jan 2026 00:18:22 +0000
ROA not before:           Thu 01 Jan 2026 00:18:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203191
IP address blocks:        185.143.12.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/THhEq-9xHCMshPg8gHpCCvOARyg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/THhEq-9xHCMshPg8gHpCCvOARyg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/THhEq-9xHCMshPg8gHpCCvOARyg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:7b:96:6c:be:74:f5:48:78:83:75:0b:51:93:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c7844abef711c232c84f83c807a420af3804728
        Validity
            Not Before: Jan  1 00:18:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c4e3594cf4234cd027a6fdcba57164fa1647ab9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:3b:80:9c:0c:f8:bf:e5:6b:fb:34:9f:dd:14:
                    fa:df:62:e2:e4:3b:a4:7e:72:f0:ea:c5:00:ea:0c:
                    ed:ab:56:fe:d8:e6:a2:db:7a:5b:11:6d:05:42:c0:
                    48:75:27:a1:ae:e8:dc:30:c5:14:7c:3f:29:ca:cc:
                    a8:f8:c8:df:f5:e0:e3:7d:73:cf:58:40:8d:65:e5:
                    48:ef:40:5a:d1:55:22:b7:8d:7d:d2:d3:8d:21:c1:
                    b1:61:f7:40:93:7e:47:11:01:c5:ee:7a:80:aa:4c:
                    3a:79:f6:b3:e5:98:b3:7e:5e:12:9e:4a:06:2c:a2:
                    db:c4:65:0e:af:91:66:d3:b6:f6:24:a2:66:46:83:
                    1a:5a:19:d8:4a:be:9d:b8:c3:97:fc:30:e8:e3:dc:
                    48:59:c1:4f:38:a1:58:fe:96:41:26:a1:92:86:0d:
                    bc:5c:76:79:1b:b0:ae:05:be:80:9e:cd:70:e1:84:
                    47:db:d0:9c:c7:9d:30:ee:9e:f8:ed:8a:a4:9e:e1:
                    2e:9b:3c:e9:bc:8c:19:e2:16:6f:7c:04:77:73:96:
                    15:38:97:6f:a7:82:91:a7:7f:84:69:49:be:5a:ec:
                    4c:02:a4:1c:c4:ba:47:fb:80:52:18:3c:9a:27:90:
                    30:08:83:c3:b9:c4:a7:9a:dc:e1:e5:73:4d:4d:e4:
                    c0:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:E3:59:4C:F4:23:4C:D0:27:A6:FD:CB:A5:71:64:FA:16:47:AB:9F
            X509v3 Authority Key Identifier:
                keyid:4C:78:44:AB:EF:71:1C:23:2C:84:F8:3C:80:7A:42:0A:F3:80:47:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/THhEq-9xHCMshPg8gHpCCvOARyg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/xONZTPQjTNAnpv3LpXFk-hZHq58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/THhEq-9xHCMshPg8gHpCCvOARyg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.143.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         01:40:69:9b:6c:df:10:e2:5a:c8:03:f2:dd:56:99:df:57:8d:
         76:ff:59:2e:c2:83:f2:12:3b:f0:72:da:c1:a9:47:c8:81:0b:
         4b:cc:63:04:dc:e6:a3:d4:f6:a3:ff:9c:d1:ff:db:41:08:12:
         9a:f6:25:e7:37:c2:e4:64:05:3e:ed:dc:8d:b5:e0:08:32:1c:
         79:56:d5:e5:90:d8:07:d7:4a:36:46:9f:04:c8:09:49:3d:75:
         85:7e:55:78:6a:12:7c:99:cc:ec:0b:03:7b:0b:16:e5:bb:68:
         f2:f1:9d:e2:bc:5f:4f:21:4a:d7:ca:2e:77:26:c5:1c:1c:a8:
         a1:17:db:a5:8d:15:5a:b3:12:da:b7:6d:17:fa:50:a0:60:0a:
         1a:88:66:52:f9:b7:d3:07:28:7d:18:21:68:8b:fe:e1:4a:2f:
         97:bf:4c:3f:36:b5:45:c2:0c:58:5c:37:e4:69:a8:c5:5e:86:
         8e:0c:e6:0f:6c:32:aa:d3:56:67:2f:2b:ff:61:7c:4c:24:25:
         8c:e9:5b:31:0e:ca:3c:85:e0:28:77:b5:6f:8b:f9:33:96:78:
         76:c6:34:49:a4:82:5e:e8:8c:6e:67:82:e9:06:1e:4b:1e:49:
         b9:59:87:f5:2f:d5:77:5d:a8:5e:a3:b9:97:35:9b:b6:a3:ee:
         1a:5e:44:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt263uWbL509Uh4g3ULUZN1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjNzg0NGFiZWY3MTFjMjMyYzg0ZjgzYzgwN2E0MjBhZjM4
MDQ3MjgwHhcNMjYwMTAxMDAxODIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGUzNTk0Y2Y0MjM0Y2QwMjdhNmZkY2JhNTcxNjRmYTE2NDdhYjlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzDuAnAz4v+Vr+zSf3RT632Li5Duk
fnLw6sUA6gztq1b+2Oai23pbEW0FQsBIdSehrujcMMUUfD8pysyo+Mjf9eDjfXPP
WECNZeVI70Ba0VUit4190tONIcGxYfdAk35HEQHF7nqAqkw6efaz5Zizfl4SnkoG
LKLbxGUOr5Fm07b2JKJmRoMaWhnYSr6duMOX/DDo49xIWcFPOKFY/pZBJqGShg28
XHZ5G7CuBb6Ans1w4YRH29Ccx50w7p747YqknuEumzzpvIwZ4hZvfAR3c5YVOJdv
p4KRp3+EaUm+WuxMAqQcxLpH+4BSGDyaJ5AwCIPDucSnmtzh5XNNTeTANwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMTjWUz0I0zQJ6b9y6VxZPoWR6ufMB8GA1UdIwQY
MBaAFEx4RKvvcRwjLIT4PIB6QgrzgEcoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEhoRXEtOXhIQ01zaFBnOGdIcENDdk9BUnlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi84ZDU1YzAtOWFhMC00YmU3LTgyYTgt
ZGFiNmI4M2NmN2VjLzEveE9OWlRQUWpUTkFucHYzTHBYRmstaFpIcTU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi84ZDU1YzAtOWFhMC00YmU3LTgyYTgtZGFiNmI4M2NmN2Vj
LzEvVEhoRXEtOXhIQ01zaFBnOGdIcENDdk9BUnlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuY8MMA0G
CSqGSIb3DQEBCwUAA4IBAQABQGmbbN8Q4lrIA/LdVpnfV412/1kuwoPyEjvwctrB
qUfIgQtLzGME3Oaj1Paj/5zR/9tBCBKa9iXnN8LkZAU+7dyNteAIMhx5VtXlkNgH
10o2Rp8EyAlJPXWFflV4ahJ8mczsCwN7Cxblu2jy8Z3ivF9PIUrXyi53JsUcHKih
F9uljRVasxLat20X+lCgYAoaiGZS+bfTByh9GCFoi/7hSi+Xv0w/NrVFwgxYXDfk
aajFXoaODOYPbDKq01ZnLyv/YXxMJCWM6VsxDso8heAod7Vvi/kzlnh2xjRJpIJe
6IxuZ4LpBh5LHkm5WYf1L9V3Xaheo7mXNZu2o+4aXkRs
-----END CERTIFICATE-----