This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/0_HKpMCptIs50PHTG6iNAKHiwZk.roa
File:                     0_HKpMCptIs50PHTG6iNAKHiwZk.roa (raw, json)
Hash identifier:          H/mksg/EtDkRBoKiClCM2v1YrFRdlAWKmNcMP1+tmJQ=
Subject key identifier:   D3:F1:CA:A4:C0:A9:B4:8B:39:D0:F1:D3:1B:A8:8D:00:A1:E2:C1:99
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019AE8BA18308D86BA4D3BE461A22B2CFE4D
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/0_HKpMCptIs50PHTG6iNAKHiwZk.roa
Signing time:             Thu 04 Dec 2025 09:38:21 +0000
ROA not before:           Thu 04 Dec 2025 09:38:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57043
IP address blocks:        188.255.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 05:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:e8:ba:18:30:8d:86:ba:4d:3b:e4:61:a2:2b:2c:fe:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Dec  4 09:38:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d3f1caa4c0a9b48b39d0f1d31ba88d00a1e2c199
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:4a:50:d4:f0:f4:fc:02:3d:a6:4c:8e:6d:21:
                    3b:46:17:22:54:dd:74:21:b8:4f:64:39:ee:cf:d8:
                    9d:ae:2c:44:2f:94:81:15:b5:05:f3:b1:43:c7:e1:
                    c1:fc:f4:3b:4b:07:55:53:97:5e:c9:13:6b:c4:4f:
                    54:26:5f:de:be:fd:e3:9e:ed:e2:51:1b:20:fe:ce:
                    94:0f:86:ae:56:17:e3:a7:89:dc:42:8b:39:2d:18:
                    8e:0a:6d:14:de:48:54:6c:25:24:d0:1a:85:af:e9:
                    5b:61:33:53:5a:2f:d8:fb:fd:82:7e:c6:e5:a3:65:
                    d0:ce:3b:0f:db:ae:d3:ee:b9:51:de:15:ca:4b:fe:
                    0c:3c:b3:fa:ee:bc:54:05:cf:91:7a:f4:1e:56:3e:
                    4f:4e:df:11:d1:ad:29:d6:ab:4c:f0:a5:fe:65:bc:
                    dc:20:e0:ae:48:1c:63:ea:34:c4:84:c9:b4:33:d8:
                    cd:d7:9f:af:db:90:37:cc:7e:be:a3:4c:d0:bd:0d:
                    8f:8b:17:2e:65:3e:78:bf:33:07:2c:cc:62:7d:2d:
                    a8:55:82:cb:82:15:8c:e4:4a:67:71:c0:96:30:7d:
                    72:f1:40:02:8e:43:c1:d0:35:50:5b:b0:6c:6f:6f:
                    af:e9:e9:be:74:53:f2:1d:68:d0:31:90:a9:6d:b2:
                    6e:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:F1:CA:A4:C0:A9:B4:8B:39:D0:F1:D3:1B:A8:8D:00:A1:E2:C1:99
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/0_HKpMCptIs50PHTG6iNAKHiwZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.255.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:cb:a4:3d:ce:3d:5b:17:29:d9:4d:f8:9c:08:e6:52:c9:74:
         6e:5c:d1:60:f3:ec:39:63:78:9b:3a:37:d4:c7:57:fd:40:9e:
         8e:00:28:3f:63:93:3e:8d:10:e5:06:b7:d4:19:ae:2c:20:e6:
         bd:8e:bd:ee:19:9b:2c:d3:9f:a8:5e:a3:dc:32:c5:3b:0b:4c:
         e0:6f:2c:b5:83:94:6f:52:06:9b:19:f0:20:aa:0b:95:ca:ca:
         c5:5a:f4:14:22:16:58:d3:f5:b8:4b:12:f6:46:c0:d5:c2:d6:
         f9:ea:a5:5e:38:d1:d9:3d:9d:ee:d4:05:da:91:91:de:4f:d7:
         e4:00:06:b6:b7:0b:b4:e4:05:52:52:ca:28:b4:bb:1d:b3:0e:
         33:fe:ff:e2:0a:7f:7a:80:b1:59:eb:01:f6:f4:87:14:22:7c:
         1a:dd:a9:cf:ea:98:0f:1c:5b:a8:f1:08:33:b9:6d:ac:a5:e1:
         c8:2d:3b:56:c4:11:73:e6:76:b8:72:ce:05:45:b8:59:27:09:
         a4:a7:e8:2a:1c:01:25:f2:f2:2b:3e:d7:df:c5:2f:9a:e6:71:
         51:aa:fb:36:2d:72:99:86:44:75:bf:45:d0:b5:d9:ce:77:67:
         dd:2c:50:b6:2b:57:29:fe:3a:1b:51:fb:7a:c2:a5:e7:c7:d0:
         90:78:e7:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZrouhgwjYa6TTvkYaIrLP5NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjUxMjA0MDkzODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2YxY2FhNGMwYTliNDhiMzlkMGYxZDMxYmE4OGQwMGExZTJjMTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAukpQ1PD0/AI9pkyObSE7RhciVN10
IbhPZDnuz9idrixEL5SBFbUF87FDx+HB/PQ7SwdVU5deyRNrxE9UJl/evv3jnu3i
URsg/s6UD4auVhfjp4ncQos5LRiOCm0U3khUbCUk0BqFr+lbYTNTWi/Y+/2Cfsbl
o2XQzjsP267T7rlR3hXKS/4MPLP67rxUBc+RevQeVj5PTt8R0a0p1qtM8KX+Zbzc
IOCuSBxj6jTEhMm0M9jN15+v25A3zH6+o0zQvQ2PixcuZT54vzMHLMxifS2oVYLL
ghWM5EpnccCWMH1y8UACjkPB0DVQW7Bsb2+v6em+dFPyHWjQMZCpbbJuVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNPxyqTAqbSLOdDx0xuojQCh4sGZMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvMF9IS3BNQ3B0SXM1MFBIVEc2aU5BS0hpd1prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvP+UMA0G
CSqGSIb3DQEBCwUAA4IBAQAoy6Q9zj1bFynZTficCOZSyXRuXNFg8+w5Y3ibOjfU
x1f9QJ6OACg/Y5M+jRDlBrfUGa4sIOa9jr3uGZss05+oXqPcMsU7C0zgbyy1g5Rv
UgabGfAgqguVysrFWvQUIhZY0/W4SxL2RsDVwtb56qVeONHZPZ3u1AXakZHeT9fk
AAa2twu05AVSUsootLsdsw4z/v/iCn96gLFZ6wH29IcUInwa3anP6pgPHFuo8Qgz
uW2speHILTtWxBFz5na4cs4FRbhZJwmkp+gqHAEl8vIrPtffxS+a5nFRqvs2LXKZ
hkR1v0XQtdnOd2fdLFC2K1cp/jobUft6wqXnx9CQeOex
-----END CERTIFICATE-----