This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/d0Se-Q1hirJpXCWc1a3yM36OdkM.roa
File:                     d0Se-Q1hirJpXCWc1a3yM36OdkM.roa (raw, json)
Hash identifier:          WUitFtPR3eqhcQYIVu73IqaLIgnHpMyqoNV1i8MCbTQ=
Subject key identifier:   77:44:9E:F9:0D:61:8A:B2:69:5C:25:9C:D5:AD:F2:33:7E:8E:76:43
Certificate issuer:       /CN=8f3818554a51808eefb829ec7465a3222f270123
Certificate serial:       019B78A3324BEB4005458E66D11C4339075D
Authority key identifier: 8F:38:18:55:4A:51:80:8E:EF:B8:29:EC:74:65:A3:22:2F:27:01:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jzgYVUpRgI7vuCnsdGWjIi8nASM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/d0Se-Q1hirJpXCWc1a3yM36OdkM.roa
Signing time:             Thu 01 Jan 2026 08:18:39 +0000
ROA not before:           Thu 01 Jan 2026 08:18:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212260
IP address blocks:        213.135.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/jzgYVUpRgI7vuCnsdGWjIi8nASM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/jzgYVUpRgI7vuCnsdGWjIi8nASM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jzgYVUpRgI7vuCnsdGWjIi8nASM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:32:4b:eb:40:05:45:8e:66:d1:1c:43:39:07:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f3818554a51808eefb829ec7465a3222f270123
        Validity
            Not Before: Jan  1 08:18:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=77449ef90d618ab2695c259cd5adf2337e8e7643
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:78:79:66:89:2e:eb:4f:6a:92:21:17:68:61:
                    a4:95:3c:73:23:91:91:b2:8a:0f:e5:ee:29:fd:a2:
                    8c:78:4a:c5:d3:09:b7:ff:33:bc:8e:d0:ef:6e:98:
                    0a:c5:16:63:97:d5:8b:58:c0:e5:07:bc:1d:6c:ce:
                    49:97:c6:e5:8d:4c:06:b6:59:fa:a4:87:69:b4:b3:
                    cf:5a:b1:e5:b0:71:8c:69:a5:55:ac:9e:0c:14:d1:
                    91:2a:ef:e9:7d:2d:cb:9a:1d:fc:c5:d5:12:9c:40:
                    7f:c9:a5:92:9b:6c:e6:c7:d5:7a:32:ce:28:89:30:
                    cb:e2:ec:0f:12:3c:d6:de:2b:20:c3:00:27:95:31:
                    f8:af:d1:78:42:a3:1e:17:e7:57:73:58:43:1f:8d:
                    b2:3c:d7:02:27:e7:ee:48:fb:4f:3e:30:7c:33:94:
                    48:53:45:a9:2e:25:90:12:dd:23:f2:c6:fa:be:a6:
                    78:ce:e8:8d:96:1a:45:65:9e:fe:e3:d7:2c:8e:c2:
                    c4:71:e4:17:26:7e:0c:14:1d:16:dc:e6:03:99:1e:
                    b7:5c:b8:09:46:29:8e:b9:16:f5:7e:57:89:51:c8:
                    5d:17:0d:8d:ca:44:bf:64:fc:48:30:0b:58:c1:94:
                    a4:32:52:a3:3d:f5:13:0c:e3:00:83:63:b2:66:87:
                    55:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:44:9E:F9:0D:61:8A:B2:69:5C:25:9C:D5:AD:F2:33:7E:8E:76:43
            X509v3 Authority Key Identifier:
                keyid:8F:38:18:55:4A:51:80:8E:EF:B8:29:EC:74:65:A3:22:2F:27:01:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jzgYVUpRgI7vuCnsdGWjIi8nASM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/d0Se-Q1hirJpXCWc1a3yM36OdkM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/jzgYVUpRgI7vuCnsdGWjIi8nASM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.135.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:dd:aa:d7:2a:7d:af:6a:88:93:a2:e5:e5:4e:90:0a:f2:e7:
         a6:a1:ea:da:81:6e:e1:89:b8:e2:de:e5:a1:71:22:3c:46:4f:
         14:95:ef:c1:ee:66:1d:81:25:38:2b:f6:4c:1b:61:63:2f:b1:
         59:0a:9b:35:bd:b2:d8:2e:3a:a0:65:ab:0c:43:1b:48:26:3c:
         71:68:d0:b1:39:72:a6:f8:03:26:bf:ac:71:28:bb:c2:f3:c9:
         75:dc:1b:7c:16:ea:01:ba:ea:bc:2c:3b:6e:2a:7c:6f:18:93:
         a3:6b:35:f9:55:25:96:d6:96:d7:cf:50:1a:8f:b1:e2:e1:01:
         13:07:9a:d5:b6:49:ab:7a:30:08:cf:4c:56:b7:3f:92:80:90:
         35:d3:81:ff:91:e8:d1:7e:7f:54:fc:c3:3b:81:48:80:ef:81:
         e3:be:3c:30:b8:94:9b:06:cb:f8:c1:c2:a6:e0:2b:20:51:cd:
         55:75:9d:94:ca:09:10:7a:4f:64:58:db:b3:c7:2d:c8:4f:a6:
         f2:57:33:e4:cc:77:4b:b1:86:97:21:f4:d6:5d:4e:4d:ab:00:
         af:d8:c5:8e:d7:26:dd:83:f9:7d:94:00:13:47:14:26:e9:0f:
         74:8d:85:b6:78:59:b1:9a:45:33:45:5b:2d:e1:04:28:ee:58:
         58:ca:61:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4ozJL60AFRY5m0RxDOQddMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmMzgxODU1NGE1MTgwOGVlZmI4MjllYzc0NjVhMzIyMmYy
NzAxMjMwHhcNMjYwMTAxMDgxODM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzQ0OWVmOTBkNjE4YWIyNjk1YzI1OWNkNWFkZjIzMzdlOGU3NjQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlXh5Zoku609qkiEXaGGklTxzI5GR
sooP5e4p/aKMeErF0wm3/zO8jtDvbpgKxRZjl9WLWMDlB7wdbM5Jl8bljUwGtln6
pIdptLPPWrHlsHGMaaVVrJ4MFNGRKu/pfS3Lmh38xdUSnEB/yaWSm2zmx9V6Ms4o
iTDL4uwPEjzW3isgwwAnlTH4r9F4QqMeF+dXc1hDH42yPNcCJ+fuSPtPPjB8M5RI
U0WpLiWQEt0j8sb6vqZ4zuiNlhpFZZ7+49csjsLEceQXJn4MFB0W3OYDmR63XLgJ
RimOuRb1fleJUchdFw2NykS/ZPxIMAtYwZSkMlKjPfUTDOMAg2OyZodVPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHdEnvkNYYqyaVwlnNWt8jN+jnZDMB8GA1UdIwQY
MBaAFI84GFVKUYCO77gp7HRloyIvJwEjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanpnWVZVcFJnSTd2dUNuc2RHV2pJaThuQVNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni8wOWRiYTQtMWM5My00OWQ2LTg4ODgt
YmZiNGJhMzBlNDVhLzEvZDBTZS1RMWhpckpwWENXYzFhM3lNMzZPZGtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni8wOWRiYTQtMWM5My00OWQ2LTg4ODgtYmZiNGJhMzBlNDVh
LzEvanpnWVZVcFJnSTd2dUNuc2RHV2pJaThuQVNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1YdCMA0G
CSqGSIb3DQEBCwUAA4IBAQBr3arXKn2vaoiTouXlTpAK8uemoeragW7hibji3uWh
cSI8Rk8Ule/B7mYdgSU4K/ZMG2FjL7FZCps1vbLYLjqgZasMQxtIJjxxaNCxOXKm
+AMmv6xxKLvC88l13Bt8FuoBuuq8LDtuKnxvGJOjazX5VSWW1pbXz1Aaj7Hi4QET
B5rVtkmrejAIz0xWtz+SgJA104H/kejRfn9U/MM7gUiA74HjvjwwuJSbBsv4wcKm
4CsgUc1VdZ2UygkQek9kWNuzxy3IT6byVzPkzHdLsYaXIfTWXU5NqwCv2MWO1ybd
g/l9lAATRxQm6Q90jYW2eFmxmkUzRVst4QQo7lhYymFF
-----END CERTIFICATE-----