This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/65FnmspDUVJ9_6QxvLd4l0NA4FE.roa
File:                     65FnmspDUVJ9_6QxvLd4l0NA4FE.roa (raw, json)
Hash identifier:          lgYYkTyMefTXhDS2aNN91oiVE93MHjvbMsoRpFVLAkk=
Subject key identifier:   EB:91:67:9A:CA:43:51:52:7D:FF:A4:31:BC:B7:78:97:43:40:E0:51
Certificate issuer:       /CN=74e3c336972094b1a8c13d41816857d197a3aae9
Certificate serial:       019B7FF219095668D5955E3804F2D97B8AF8
Authority key identifier: 74:E3:C3:36:97:20:94:B1:A8:C1:3D:41:81:68:57:D1:97:A3:AA:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dOPDNpcglLGowT1BgWhX0Zejquk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/65FnmspDUVJ9_6QxvLd4l0NA4FE.roa
Signing time:             Fri 02 Jan 2026 18:22:11 +0000
ROA not before:           Fri 02 Jan 2026 18:22:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210721
IP address blocks:        194.183.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/dOPDNpcglLGowT1BgWhX0Zejquk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/dOPDNpcglLGowT1BgWhX0Zejquk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dOPDNpcglLGowT1BgWhX0Zejquk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 06:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f2:19:09:56:68:d5:95:5e:38:04:f2:d9:7b:8a:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74e3c336972094b1a8c13d41816857d197a3aae9
        Validity
            Not Before: Jan  2 18:22:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=eb91679aca4351527dffa431bcb778974340e051
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:3a:f3:83:29:23:36:45:7f:05:04:b1:ee:d5:
                    60:38:cc:ef:bb:e5:8f:86:cd:db:54:d2:f0:bf:f8:
                    15:9e:ab:17:0b:8b:5e:e3:39:df:91:9d:8a:7e:a7:
                    38:56:ca:65:1a:73:85:49:55:80:5b:13:46:03:a4:
                    fa:42:f9:c0:b8:43:d9:ba:c3:dd:7b:d5:ea:3c:25:
                    3d:ca:83:b0:09:57:19:34:86:d1:44:36:9b:54:3d:
                    84:80:54:55:44:75:82:a1:48:cf:a1:c5:a6:a1:8b:
                    4f:ba:fa:62:70:ff:b8:54:71:7c:73:ad:d0:23:13:
                    43:b8:ff:03:83:ad:e5:0f:9c:d0:29:7c:a9:ff:de:
                    7d:44:49:7e:8f:e7:78:b2:0f:b3:21:ed:47:0a:ec:
                    51:3c:30:4b:8a:95:8d:f0:f2:57:83:de:0a:20:a2:
                    5c:ab:94:8e:ec:18:0d:7a:ee:1e:89:24:58:6b:66:
                    1b:d6:0f:e6:02:ad:eb:6b:82:eb:22:7e:79:80:2d:
                    1d:72:d5:ea:66:c2:ac:62:44:30:e1:d1:56:ae:c4:
                    b6:1c:67:33:55:0d:02:de:53:21:1f:1f:c9:f8:b7:
                    a3:2d:d1:05:2c:bb:de:73:33:0f:2b:f8:97:75:41:
                    9d:35:a5:98:04:f5:e1:76:46:df:69:1f:ff:89:ee:
                    5d:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:91:67:9A:CA:43:51:52:7D:FF:A4:31:BC:B7:78:97:43:40:E0:51
            X509v3 Authority Key Identifier:
                keyid:74:E3:C3:36:97:20:94:B1:A8:C1:3D:41:81:68:57:D1:97:A3:AA:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dOPDNpcglLGowT1BgWhX0Zejquk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/65FnmspDUVJ9_6QxvLd4l0NA4FE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/dOPDNpcglLGowT1BgWhX0Zejquk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.183.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:5a:24:72:4b:74:3b:d1:0f:74:ca:9d:ce:7c:00:a8:6a:1e:
         51:a3:8e:f5:42:22:97:85:e5:f4:12:8b:ae:0a:99:01:62:ac:
         b0:d7:60:84:8d:75:66:97:41:b5:52:69:ec:6c:16:35:a9:04:
         25:e6:5c:a7:27:58:c4:2c:8f:a0:0b:d7:d9:dc:55:40:9c:32:
         69:05:67:04:89:e7:0c:3c:fb:d0:70:98:99:55:30:93:d3:d6:
         86:b9:ab:f5:fa:a9:f6:60:76:53:ac:a8:ec:3f:2a:5f:c4:28:
         90:a1:96:5a:66:12:a8:29:dc:e7:be:90:c6:3c:b7:68:45:0c:
         39:73:f9:4a:ea:79:ff:d8:69:93:a9:88:e7:ba:2c:68:1e:a1:
         cc:07:40:28:0b:eb:18:72:29:49:62:6a:7f:cf:be:33:29:8f:
         12:0a:04:32:85:72:e6:09:ac:fe:f1:67:90:84:e0:14:91:35:
         25:8d:14:44:a8:49:bd:9c:a2:7a:64:59:b7:15:46:5c:13:24:
         f2:2f:72:a9:7d:1a:94:8d:ed:68:7f:97:28:4f:eb:c6:da:87:
         e8:e7:25:d0:32:7f:00:06:41:4e:91:7b:2d:45:3c:77:26:b8:
         dc:e9:21:e5:29:1c:a3:53:45:a0:3e:b6:35:9f:f6:31:b8:1e:
         a0:95:fb:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/8hkJVmjVlV44BPLZe4r4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0ZTNjMzM2OTcyMDk0YjFhOGMxM2Q0MTgxNjg1N2QxOTdh
M2FhZTkwHhcNMjYwMTAyMTgyMjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjkxNjc5YWNhNDM1MTUyN2RmZmE0MzFiY2I3Nzg5NzQzNDBlMDUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtDrzgykjNkV/BQSx7tVgOMzvu+WP
hs3bVNLwv/gVnqsXC4te4znfkZ2Kfqc4VsplGnOFSVWAWxNGA6T6QvnAuEPZusPd
e9XqPCU9yoOwCVcZNIbRRDabVD2EgFRVRHWCoUjPocWmoYtPuvpicP+4VHF8c63Q
IxNDuP8Dg63lD5zQKXyp/959REl+j+d4sg+zIe1HCuxRPDBLipWN8PJXg94KIKJc
q5SO7BgNeu4eiSRYa2Yb1g/mAq3ra4LrIn55gC0dctXqZsKsYkQw4dFWrsS2HGcz
VQ0C3lMhHx/J+LejLdEFLLveczMPK/iXdUGdNaWYBPXhdkbfaR//ie5doQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOuRZ5rKQ1FSff+kMby3eJdDQOBRMB8GA1UdIwQY
MBaAFHTjwzaXIJSxqME9QYFoV9GXo6rpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZE9QRE5wY2dsTEdvd1QxQmdXaFgwWmVqcXVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8xOGM0OTgtMjE3MS00ZTFjLThkODAt
YTZjNDllYjI4Mjg3LzEvNjVGbm1zcERVVko5XzZReHZMZDRsME5BNEZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8xOGM0OTgtMjE3MS00ZTFjLThkODAtYTZjNDllYjI4Mjg3
LzEvZE9QRE5wY2dsTEdvd1QxQmdXaFgwWmVqcXVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwrehMA0G
CSqGSIb3DQEBCwUAA4IBAQCHWiRyS3Q70Q90yp3OfACoah5Ro471QiKXheX0Eouu
CpkBYqyw12CEjXVml0G1UmnsbBY1qQQl5lynJ1jELI+gC9fZ3FVAnDJpBWcEiecM
PPvQcJiZVTCT09aGuav1+qn2YHZTrKjsPypfxCiQoZZaZhKoKdznvpDGPLdoRQw5
c/lK6nn/2GmTqYjnuixoHqHMB0AoC+sYcilJYmp/z74zKY8SCgQyhXLmCaz+8WeQ
hOAUkTUljRREqEm9nKJ6ZFm3FUZcEyTyL3KpfRqUje1of5coT+vG2ofo5yXQMn8A
BkFOkXstRTx3Jrjc6SHlKRyjU0WgPrY1n/YxuB6glfvE
-----END CERTIFICATE-----