This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/5c65af-b3f9-4bb3-a702-2bc90794d38d/1/X2nbl9YTm7FxIB6Rb3FUGGo7Nik.roa
File:                     X2nbl9YTm7FxIB6Rb3FUGGo7Nik.roa (raw, json)
Hash identifier:          kl4ZxjvBckT5S60Wg8CYwH2W75wDsDdQoiDGr/t5yxQ=
Subject key identifier:   5F:69:DB:97:D6:13:9B:B1:71:20:1E:91:6F:71:54:18:6A:3B:36:29
Certificate issuer:       /CN=46ebddae6a7acee83a322a0e743a6759d85365f2
Certificate serial:       019B7834901F6A459B4B5944741883D3972D
Authority key identifier: 46:EB:DD:AE:6A:7A:CE:E8:3A:32:2A:0E:74:3A:67:59:D8:53:65:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ruvdrmp6zug6MioOdDpnWdhTZfI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/5c65af-b3f9-4bb3-a702-2bc90794d38d/1/X2nbl9YTm7FxIB6Rb3FUGGo7Nik.roa
Signing time:             Thu 01 Jan 2026 06:17:49 +0000
ROA not before:           Thu 01 Jan 2026 06:17:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212346
IP address blocks:        185.217.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/5c65af-b3f9-4bb3-a702-2bc90794d38d/1/Ruvdrmp6zug6MioOdDpnWdhTZfI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/5c65af-b3f9-4bb3-a702-2bc90794d38d/1/Ruvdrmp6zug6MioOdDpnWdhTZfI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ruvdrmp6zug6MioOdDpnWdhTZfI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:90:1f:6a:45:9b:4b:59:44:74:18:83:d3:97:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=46ebddae6a7acee83a322a0e743a6759d85365f2
        Validity
            Not Before: Jan  1 06:17:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5f69db97d6139bb171201e916f7154186a3b3629
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:c0:25:cb:33:91:b7:e5:3d:e3:43:e2:e3:2a:
                    92:ed:83:aa:a6:01:ef:f0:55:65:f5:8d:2d:62:c0:
                    6b:95:1e:27:2b:53:df:1f:4f:3c:f4:f0:ba:04:ec:
                    9f:4f:86:56:80:3a:47:87:0c:47:42:3e:a0:8d:ed:
                    d2:a3:72:87:9c:81:f6:8a:5f:48:45:75:5d:bd:5f:
                    65:99:02:fc:0c:f1:42:43:b7:8e:f1:70:91:20:c1:
                    23:d7:3e:64:d4:da:9f:65:d3:57:60:27:cc:d2:fd:
                    9f:7e:8c:62:10:3e:59:ca:91:75:ac:7e:61:47:54:
                    0a:c1:bb:9d:f3:7f:7c:88:43:7a:68:d0:58:92:a5:
                    5e:0c:05:70:40:8d:2f:86:c2:8c:1a:7d:bf:80:2d:
                    72:ce:84:a5:fb:16:ef:11:ba:01:b3:de:65:74:ae:
                    4d:31:3a:f4:1b:98:df:c0:ae:32:08:ad:54:e7:4f:
                    59:5e:c0:47:e5:da:99:5c:8a:a2:99:3f:f3:ea:2f:
                    8b:bd:c7:56:3a:a3:d2:7d:8a:9a:67:d9:a7:ca:1f:
                    5a:9c:5a:85:fb:b2:65:0c:e1:43:d3:e3:e5:d5:be:
                    f6:99:13:b1:90:ae:fd:7c:51:90:7e:53:09:20:26:
                    21:0e:3e:f3:dc:c4:93:7b:35:5d:3b:85:8f:0a:c8:
                    5b:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:69:DB:97:D6:13:9B:B1:71:20:1E:91:6F:71:54:18:6A:3B:36:29
            X509v3 Authority Key Identifier:
                keyid:46:EB:DD:AE:6A:7A:CE:E8:3A:32:2A:0E:74:3A:67:59:D8:53:65:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ruvdrmp6zug6MioOdDpnWdhTZfI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/5c65af-b3f9-4bb3-a702-2bc90794d38d/1/X2nbl9YTm7FxIB6Rb3FUGGo7Nik.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/5c65af-b3f9-4bb3-a702-2bc90794d38d/1/Ruvdrmp6zug6MioOdDpnWdhTZfI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:95:66:a7:28:0a:7b:35:a3:ba:5e:ab:79:6f:fb:fd:69:ec:
         bd:86:26:9d:72:b1:c2:3f:38:db:52:d4:18:b7:dd:25:0d:eb:
         03:37:d8:f0:f0:68:2a:05:15:15:ef:53:56:1e:f0:b5:3a:c6:
         98:f2:7d:d6:a4:84:6b:ac:13:2f:ac:11:99:f9:76:ba:53:82:
         71:0e:a4:55:9c:61:94:4d:81:3d:52:2e:e6:70:c7:00:83:82:
         45:c6:41:a6:4a:90:3f:3c:c6:e7:82:b2:8e:19:12:14:48:ce:
         d6:2e:99:17:ac:fa:40:ee:7a:04:c7:d0:ad:e4:21:4e:76:40:
         14:71:a5:9f:29:f9:7d:21:a4:65:de:64:04:05:a5:dc:f0:b4:
         65:5a:98:ae:15:79:68:72:15:6c:9c:3a:08:cc:99:54:a6:88:
         02:82:c3:11:e1:e7:a4:f8:8b:c6:17:ca:6d:f1:92:d7:56:bc:
         ed:d6:97:2e:fe:73:8e:3b:ca:ba:8f:a2:7e:cd:f9:31:34:62:
         22:d9:a6:fd:c5:fa:b8:98:ca:e0:83:79:81:71:74:61:fd:c6:
         5e:9c:20:38:5e:41:31:a2:4f:26:71:d0:da:d2:65:a5:f4:7c:
         40:80:84:c5:27:c6:f7:07:3c:86:11:32:1a:e6:34:3c:f7:bb:
         30:37:6e:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NJAfakWbS1lEdBiD05ctMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2ZWJkZGFlNmE3YWNlZTgzYTMyMmEwZTc0M2E2NzU5ZDg1
MzY1ZjIwHhcNMjYwMTAxMDYxNzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjY5ZGI5N2Q2MTM5YmIxNzEyMDFlOTE2ZjcxNTQxODZhM2IzNjI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0cAlyzORt+U940Pi4yqS7YOqpgHv
8FVl9Y0tYsBrlR4nK1PfH0889PC6BOyfT4ZWgDpHhwxHQj6gje3So3KHnIH2il9I
RXVdvV9lmQL8DPFCQ7eO8XCRIMEj1z5k1NqfZdNXYCfM0v2ffoxiED5ZypF1rH5h
R1QKwbud8398iEN6aNBYkqVeDAVwQI0vhsKMGn2/gC1yzoSl+xbvEboBs95ldK5N
MTr0G5jfwK4yCK1U509ZXsBH5dqZXIqimT/z6i+LvcdWOqPSfYqaZ9mnyh9anFqF
+7JlDOFD0+Pl1b72mROxkK79fFGQflMJICYhDj7z3MSTezVdO4WPCshb5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF9p25fWE5uxcSAekW9xVBhqOzYpMB8GA1UdIwQY
MBaAFEbr3a5qes7oOjIqDnQ6Z1nYU2XyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnV2ZHJtcDZ6dWc2TWlvT2REcG5XZGhUWmZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC81YzY1YWYtYjNmOS00YmIzLWE3MDIt
MmJjOTA3OTRkMzhkLzEvWDJuYmw5WVRtN0Z4SUI2UmIzRlVHR283TmlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC81YzY1YWYtYjNmOS00YmIzLWE3MDItMmJjOTA3OTRkMzhk
LzEvUnV2ZHJtcDZ6dWc2TWlvT2REcG5XZGhUWmZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudkkMA0G
CSqGSIb3DQEBCwUAA4IBAQAulWanKAp7NaO6Xqt5b/v9aey9hiadcrHCPzjbUtQY
t90lDesDN9jw8GgqBRUV71NWHvC1OsaY8n3WpIRrrBMvrBGZ+Xa6U4JxDqRVnGGU
TYE9Ui7mcMcAg4JFxkGmSpA/PMbngrKOGRIUSM7WLpkXrPpA7noEx9Ct5CFOdkAU
caWfKfl9IaRl3mQEBaXc8LRlWpiuFXlochVsnDoIzJlUpogCgsMR4eek+IvGF8pt
8ZLXVrzt1pcu/nOOO8q6j6J+zfkxNGIi2ab9xfq4mMrgg3mBcXRh/cZenCA4XkEx
ok8mcdDa0mWl9HxAgITFJ8b3BzyGETIa5jQ897swN24v
-----END CERTIFICATE-----