This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/b6468d-10ed-4d48-803c-ea97665c13df/1/uTD6khWcd31ZzRZAtfj7o4AtIHw.roa
File:                     uTD6khWcd31ZzRZAtfj7o4AtIHw.roa (raw, json)
Hash identifier:          69oOJR8ncC7sjtYVQ8SZHCT4Cq2KZtCn6uWehRleXPg=
Subject key identifier:   B9:30:FA:92:15:9C:77:7D:59:CD:16:40:B5:F8:FB:A3:80:2D:20:7C
Certificate issuer:       /CN=e2834429775e6555e5742492286254b1da9f1903
Certificate serial:       019B7DCACBC68661A8187D285B2922DC4671
Authority key identifier: E2:83:44:29:77:5E:65:55:E5:74:24:92:28:62:54:B1:DA:9F:19:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4oNEKXdeZVXldCSSKGJUsdqfGQM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/b6468d-10ed-4d48-803c-ea97665c13df/1/uTD6khWcd31ZzRZAtfj7o4AtIHw.roa
Signing time:             Fri 02 Jan 2026 08:20:01 +0000
ROA not before:           Fri 02 Jan 2026 08:20:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200023
IP address blocks:        146.19.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/b6468d-10ed-4d48-803c-ea97665c13df/1/4oNEKXdeZVXldCSSKGJUsdqfGQM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/b6468d-10ed-4d48-803c-ea97665c13df/1/4oNEKXdeZVXldCSSKGJUsdqfGQM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4oNEKXdeZVXldCSSKGJUsdqfGQM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:cb:c6:86:61:a8:18:7d:28:5b:29:22:dc:46:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2834429775e6555e5742492286254b1da9f1903
        Validity
            Not Before: Jan  2 08:20:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b930fa92159c777d59cd1640b5f8fba3802d207c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:aa:be:40:da:96:9c:e1:f6:7e:9b:f0:57:f7:
                    09:83:c4:aa:68:69:b4:5a:3a:3b:a3:6f:90:cc:ae:
                    d8:e1:90:dd:03:42:94:5b:8a:50:9a:1d:4f:9b:1f:
                    42:33:05:e8:dc:59:3c:0f:19:41:f9:56:2c:c0:c6:
                    96:9e:8f:af:ea:35:6d:94:09:0d:18:15:24:02:23:
                    0a:f9:4e:d2:36:03:87:bc:22:6f:02:72:e4:07:8c:
                    fc:21:eb:1f:7a:89:b9:39:de:3a:99:b7:73:d7:9a:
                    6e:4d:47:cd:9b:bb:a6:84:08:de:60:de:8e:3a:0d:
                    59:a5:9b:8d:dd:d2:23:cd:9e:36:dd:b7:62:63:bc:
                    95:e1:7e:d0:71:00:43:4e:fc:93:56:7d:e7:a3:b3:
                    b9:23:87:2b:ca:7e:71:5b:c1:05:14:da:dd:fd:df:
                    4d:c6:b6:3f:08:29:78:25:f4:d2:53:03:d6:96:07:
                    68:d1:93:c5:9f:a5:9d:23:99:f7:ed:25:8a:0d:95:
                    c8:fa:b0:6d:4f:64:23:da:be:6d:e3:2e:ea:8e:d8:
                    94:a9:d8:b6:4b:ab:97:8c:46:b7:50:21:e6:94:f1:
                    64:9d:1f:34:24:d0:e4:ab:5e:b3:a5:9a:07:37:2b:
                    4b:0e:85:a6:9d:76:d5:b5:bf:a5:b9:06:c1:cd:ad:
                    ef:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:30:FA:92:15:9C:77:7D:59:CD:16:40:B5:F8:FB:A3:80:2D:20:7C
            X509v3 Authority Key Identifier:
                keyid:E2:83:44:29:77:5E:65:55:E5:74:24:92:28:62:54:B1:DA:9F:19:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4oNEKXdeZVXldCSSKGJUsdqfGQM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/b6468d-10ed-4d48-803c-ea97665c13df/1/uTD6khWcd31ZzRZAtfj7o4AtIHw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/b6468d-10ed-4d48-803c-ea97665c13df/1/4oNEKXdeZVXldCSSKGJUsdqfGQM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:9b:a0:46:84:91:68:d5:e9:dc:2a:1e:eb:24:43:8a:d4:1c:
         0d:19:41:11:05:58:95:e6:56:d8:60:0b:e0:1a:26:2d:8d:96:
         83:da:d3:98:cb:88:3e:5b:d8:a3:45:8e:f8:6b:9c:53:7b:fe:
         81:56:14:26:87:9a:45:2f:f4:9a:f9:9b:e5:77:40:90:12:b3:
         9b:a6:7d:ff:e4:07:0d:85:3d:01:a3:d0:54:ba:53:6a:85:41:
         24:5e:b4:48:65:4a:e9:1b:75:6d:ed:43:bf:c2:04:6e:f1:20:
         0c:a8:1b:ba:c5:da:9f:f6:63:93:8b:e2:ef:f0:b0:27:52:3c:
         3a:a1:60:8e:cd:09:36:cf:9f:c4:bf:11:ef:a2:68:cf:b1:91:
         fb:a0:7d:7c:31:b8:f6:75:70:7c:61:d8:8d:f6:4d:e0:f6:c6:
         e2:b0:53:a2:38:24:fb:c3:39:0c:6e:b0:34:90:8f:b1:81:5c:
         b5:a1:e9:5e:d1:58:06:3a:5b:46:cb:39:ce:c7:a4:b4:ae:bc:
         b9:a2:77:06:58:30:75:29:4a:53:1f:5c:f8:42:41:b9:8a:6c:
         03:8b:99:41:a5:9e:db:bc:e3:35:a4:56:e3:96:7d:11:6e:63:
         93:e5:18:c8:3b:93:ab:d0:b8:bd:c4:49:2f:15:ae:66:72:c7:
         b5:e2:19:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9ysvGhmGoGH0oWyki3EZxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyODM0NDI5Nzc1ZTY1NTVlNTc0MjQ5MjI4NjI1NGIxZGE5
ZjE5MDMwHhcNMjYwMTAyMDgyMDAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTMwZmE5MjE1OWM3NzdkNTljZDE2NDBiNWY4ZmJhMzgwMmQyMDdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Kq+QNqWnOH2fpvwV/cJg8SqaGm0
Wjo7o2+QzK7Y4ZDdA0KUW4pQmh1Pmx9CMwXo3Fk8DxlB+VYswMaWno+v6jVtlAkN
GBUkAiMK+U7SNgOHvCJvAnLkB4z8Iesfeom5Od46mbdz15puTUfNm7umhAjeYN6O
Og1ZpZuN3dIjzZ423bdiY7yV4X7QcQBDTvyTVn3no7O5I4cryn5xW8EFFNrd/d9N
xrY/CCl4JfTSUwPWlgdo0ZPFn6WdI5n37SWKDZXI+rBtT2Qj2r5t4y7qjtiUqdi2
S6uXjEa3UCHmlPFknR80JNDkq16zpZoHNytLDoWmnXbVtb+luQbBza3vvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLkw+pIVnHd9Wc0WQLX4+6OALSB8MB8GA1UdIwQY
MBaAFOKDRCl3XmVV5XQkkihiVLHanxkDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNG9ORUtYZGVaVlhsZENTU0tHSlVzZHFmR1FNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9iNjQ2OGQtMTBlZC00ZDQ4LTgwM2Mt
ZWE5NzY2NWMxM2RmLzEvdVRENmtoV2NkMzFaelJaQXRmajdvNEF0SUh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9iNjQ2OGQtMTBlZC00ZDQ4LTgwM2MtZWE5NzY2NWMxM2Rm
LzEvNG9ORUtYZGVaVlhsZENTU0tHSlVzZHFmR1FNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhP6MA0G
CSqGSIb3DQEBCwUAA4IBAQAbm6BGhJFo1encKh7rJEOK1BwNGUERBViV5lbYYAvg
GiYtjZaD2tOYy4g+W9ijRY74a5xTe/6BVhQmh5pFL/Sa+Zvld0CQErObpn3/5AcN
hT0Bo9BUulNqhUEkXrRIZUrpG3Vt7UO/wgRu8SAMqBu6xdqf9mOTi+Lv8LAnUjw6
oWCOzQk2z5/EvxHvomjPsZH7oH18Mbj2dXB8YdiN9k3g9sbisFOiOCT7wzkMbrA0
kI+xgVy1oele0VgGOltGyznOx6S0rry5oncGWDB1KUpTH1z4QkG5imwDi5lBpZ7b
vOM1pFbjln0RbmOT5RjIO5Or0Li9xEkvFa5mcse14hmO
-----END CERTIFICATE-----