This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/b9e2f7-21dc-42c0-94b0-13c0a633e9f4/1/CiBYmXE-RogiK1Rw18kHHSv6Lc0.roa
File:                     CiBYmXE-RogiK1Rw18kHHSv6Lc0.roa (raw, json)
Hash identifier:          tKtvxHVgjyX0+ghMhYs0J9woVAdgsT0NzRRsOsmIW4c=
Subject key identifier:   0A:20:58:99:71:3E:46:88:22:2B:54:70:D7:C9:07:1D:2B:FA:2D:CD
Certificate issuer:       /CN=90694a622866ae158ed287d2533d40baabea6d7d
Certificate serial:       019B7DCAF11DA8FC07A9207CA1340D0BF889
Authority key identifier: 90:69:4A:62:28:66:AE:15:8E:D2:87:D2:53:3D:40:BA:AB:EA:6D:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kGlKYihmrhWO0ofSUz1AuqvqbX0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/b9e2f7-21dc-42c0-94b0-13c0a633e9f4/1/CiBYmXE-RogiK1Rw18kHHSv6Lc0.roa
Signing time:             Fri 02 Jan 2026 08:20:10 +0000
ROA not before:           Fri 02 Jan 2026 08:20:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214589
IP address blocks:        195.189.36.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/b9e2f7-21dc-42c0-94b0-13c0a633e9f4/1/kGlKYihmrhWO0ofSUz1AuqvqbX0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/b9e2f7-21dc-42c0-94b0-13c0a633e9f4/1/kGlKYihmrhWO0ofSUz1AuqvqbX0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kGlKYihmrhWO0ofSUz1AuqvqbX0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:f1:1d:a8:fc:07:a9:20:7c:a1:34:0d:0b:f8:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=90694a622866ae158ed287d2533d40baabea6d7d
        Validity
            Not Before: Jan  2 08:20:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0a205899713e4688222b5470d7c9071d2bfa2dcd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:82:5c:41:50:e2:86:67:72:88:ce:e7:b6:67:
                    ad:43:14:22:f5:1a:6e:47:ab:5b:f4:3a:20:d3:83:
                    ce:7e:ed:dd:3f:5b:9c:c0:40:89:1f:b1:d2:b4:89:
                    e6:5e:81:92:a2:ef:b2:95:e2:14:53:15:44:bb:20:
                    3c:35:b3:61:f4:09:6a:47:ca:25:45:d4:26:3e:30:
                    d4:7f:47:c5:01:c2:17:83:31:92:85:60:e3:ce:e9:
                    1d:77:70:04:c2:05:83:d1:3c:f9:1f:9e:df:7e:3a:
                    21:be:46:a5:9a:45:f4:5f:16:58:95:71:bf:d1:4f:
                    9f:4f:a9:9b:61:67:e8:a8:8a:bf:eb:dc:ab:fb:c4:
                    29:6e:b7:72:cf:b8:4e:52:62:94:0d:ee:c9:c0:94:
                    b5:58:0e:36:f1:2d:ae:c7:61:35:44:9f:3c:f3:b9:
                    51:a5:bd:a7:5f:f1:12:25:51:50:5e:51:10:5a:e5:
                    07:c2:18:44:19:b8:d5:41:d7:42:1f:28:f9:a3:47:
                    d8:ab:39:a3:52:35:87:9f:cf:24:10:b6:18:81:ed:
                    3c:1f:c5:06:30:ad:4f:13:3b:bf:79:b6:d8:1a:b2:
                    5a:96:89:5b:21:fe:84:d4:3d:02:5b:69:fa:f3:45:
                    14:74:7e:dd:59:32:f3:c4:c0:bb:11:d9:ef:e1:f7:
                    12:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:20:58:99:71:3E:46:88:22:2B:54:70:D7:C9:07:1D:2B:FA:2D:CD
            X509v3 Authority Key Identifier:
                keyid:90:69:4A:62:28:66:AE:15:8E:D2:87:D2:53:3D:40:BA:AB:EA:6D:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kGlKYihmrhWO0ofSUz1AuqvqbX0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/b9e2f7-21dc-42c0-94b0-13c0a633e9f4/1/CiBYmXE-RogiK1Rw18kHHSv6Lc0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/b9e2f7-21dc-42c0-94b0-13c0a633e9f4/1/kGlKYihmrhWO0ofSUz1AuqvqbX0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.189.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         40:5d:cb:fe:dd:0c:8d:c7:79:56:f9:6b:59:4b:e0:20:5b:c6:
         82:0b:58:09:b4:8c:90:37:22:e7:af:ce:82:3c:a7:75:a6:61:
         c8:94:c9:a0:b4:66:62:cf:9d:dd:7e:47:cf:4e:35:a8:b0:7f:
         7b:69:90:1d:25:33:03:42:8e:02:ee:97:f6:30:c6:31:8e:a3:
         7e:4a:da:23:e9:d8:1c:57:ea:ff:e2:6c:8e:99:f2:b4:5b:6d:
         9e:af:ad:98:60:62:f9:2a:0b:a8:5f:83:78:92:96:38:ea:11:
         d3:f6:80:d0:68:02:c0:98:c7:a8:59:bf:e3:6e:58:7d:aa:bc:
         a3:73:38:82:40:59:e2:2f:ca:c0:59:4f:75:66:02:20:78:b0:
         8a:1f:74:07:e8:b3:d7:66:b4:7c:75:56:74:c6:7d:fa:dc:ff:
         dc:e6:be:f0:e9:8a:6c:04:7e:e8:62:14:22:99:33:34:35:5d:
         c1:d1:46:9e:a6:d3:e2:67:aa:81:81:21:c2:56:8c:47:bd:5c:
         b5:0d:da:a1:67:7b:50:1e:da:0f:86:9f:6f:34:0b:11:fa:53:
         a7:6e:51:eb:f1:de:d0:2a:c7:76:71:d7:06:08:0e:0c:fc:18:
         0a:98:dc:23:92:ea:8c:bf:59:24:f2:21:7d:2e:83:f6:84:ea:
         49:1d:d9:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yvEdqPwHqSB8oTQNC/iJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwNjk0YTYyMjg2NmFlMTU4ZWQyODdkMjUzM2Q0MGJhYWJl
YTZkN2QwHhcNMjYwMTAyMDgyMDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTIwNTg5OTcxM2U0Njg4MjIyYjU0NzBkN2M5MDcxZDJiZmEyZGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArYJcQVDihmdyiM7ntmetQxQi9Rpu
R6tb9Dog04POfu3dP1ucwECJH7HStInmXoGSou+yleIUUxVEuyA8NbNh9AlqR8ol
RdQmPjDUf0fFAcIXgzGShWDjzukdd3AEwgWD0Tz5H57ffjohvkalmkX0XxZYlXG/
0U+fT6mbYWfoqIq/69yr+8Qpbrdyz7hOUmKUDe7JwJS1WA428S2ux2E1RJ8887lR
pb2nX/ESJVFQXlEQWuUHwhhEGbjVQddCHyj5o0fYqzmjUjWHn88kELYYge08H8UG
MK1PEzu/ebbYGrJalolbIf6E1D0CW2n680UUdH7dWTLzxMC7Ednv4fcSqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAogWJlxPkaIIitUcNfJBx0r+i3NMB8GA1UdIwQY
MBaAFJBpSmIoZq4VjtKH0lM9QLqr6m19MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0dsS1lpaG1yaFdPMG9mU1V6MUF1cXZxYlgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni9iOWUyZjctMjFkYy00MmMwLTk0YjAt
MTNjMGE2MzNlOWY0LzEvQ2lCWW1YRS1Sb2dpSzFSdzE4a0hIU3Y2TGMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni9iOWUyZjctMjFkYy00MmMwLTk0YjAtMTNjMGE2MzNlOWY0
LzEva0dsS1lpaG1yaFdPMG9mU1V6MUF1cXZxYlgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw70kMA0G
CSqGSIb3DQEBCwUAA4IBAQBAXcv+3QyNx3lW+WtZS+AgW8aCC1gJtIyQNyLnr86C
PKd1pmHIlMmgtGZiz53dfkfPTjWosH97aZAdJTMDQo4C7pf2MMYxjqN+Stoj6dgc
V+r/4myOmfK0W22er62YYGL5KguoX4N4kpY46hHT9oDQaALAmMeoWb/jblh9qryj
cziCQFniL8rAWU91ZgIgeLCKH3QH6LPXZrR8dVZ0xn363P/c5r7w6YpsBH7oYhQi
mTM0NV3B0UaeptPiZ6qBgSHCVoxHvVy1DdqhZ3tQHtoPhp9vNAsR+lOnblHr8d7Q
Ksd2cdcGCA4M/BgKmNwjkuqMv1kk8iF9LoP2hOpJHdnl
-----END CERTIFICATE-----