This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/tbUhg7rUfXFYYfYb_lSW_GU4nIM.roa
File:                     tbUhg7rUfXFYYfYb_lSW_GU4nIM.roa (raw, json)
Hash identifier:          iEf9/3LdpD/pQVMxYUZBzp5gwic0pOcGWaOr9ht0nlk=
Subject key identifier:   B5:B5:21:83:BA:D4:7D:71:58:61:F6:1B:FE:54:96:FC:65:38:9C:83
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       019BF442166FDE226740E1D0406B991BF245
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/tbUhg7rUfXFYYfYb_lSW_GU4nIM.roa
Signing time:             Sun 25 Jan 2026 08:25:30 +0000
ROA not before:           Sun 25 Jan 2026 08:25:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61248
IP address blocks:        185.239.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:f4:42:16:6f:de:22:67:40:e1:d0:40:6b:99:1b:f2:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Jan 25 08:25:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b5b52183bad47d715861f61bfe5496fc65389c83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:f5:e8:57:df:2f:c8:e8:68:28:b2:53:55:51:
                    a0:df:74:1e:81:02:2d:dc:de:c0:3d:d8:45:64:68:
                    d2:e5:4a:e6:8f:7a:57:ab:54:3a:85:4b:ad:d0:2b:
                    87:1b:b8:1f:6b:b2:af:03:4d:a2:29:e2:6c:26:58:
                    9c:b9:5b:d6:55:f1:ec:cb:d2:3d:1f:2c:2b:59:f2:
                    5f:e8:71:94:80:ca:06:65:81:f7:b2:9f:31:e9:3a:
                    2c:75:16:68:b3:2e:94:33:7b:b9:a9:96:38:8a:84:
                    d7:01:77:2b:95:80:93:8d:bc:03:e7:36:46:d9:77:
                    0c:9d:cc:9d:ed:79:96:d2:b3:b4:ea:5a:4d:f1:c0:
                    77:a3:87:f8:de:b9:43:10:14:82:a7:54:6f:fd:a2:
                    e0:b8:00:03:b4:77:da:d2:90:59:e1:9a:b8:b7:5e:
                    6a:49:7e:10:26:fd:fb:b2:96:a1:2e:43:b5:3b:0a:
                    74:2b:45:52:9e:f5:df:2d:ab:60:cd:d9:38:95:b9:
                    41:c9:72:fd:f8:6f:ed:43:22:be:ce:f4:7b:34:db:
                    7e:a6:9a:7a:54:93:e0:3b:03:91:fe:79:33:b7:39:
                    d7:a5:1d:a8:f0:91:55:45:06:3f:aa:4f:e0:7b:17:
                    5e:4f:1c:12:a9:df:83:66:14:bc:26:78:47:6e:e1:
                    e2:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:B5:21:83:BA:D4:7D:71:58:61:F6:1B:FE:54:96:FC:65:38:9C:83
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/tbUhg7rUfXFYYfYb_lSW_GU4nIM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.239.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:d9:33:34:d8:bd:b5:59:8f:98:a3:91:0d:5b:fa:1c:7c:51:
         c0:f1:9d:fa:ae:c7:c9:eb:c9:1d:df:09:ff:e4:cc:60:52:74:
         8e:da:01:95:3a:45:93:7b:53:6a:10:19:d6:62:34:3f:a4:50:
         e9:d0:41:1e:ec:43:27:db:3d:fa:47:3c:84:8b:01:12:ca:bc:
         82:13:df:11:88:da:fa:fd:24:8b:62:d2:5c:e6:42:c2:eb:e0:
         21:b8:94:a1:b9:6e:91:da:33:e8:34:33:6b:09:2f:42:b0:e8:
         db:a7:fb:81:6a:fa:a4:48:35:ab:34:8b:a3:af:35:56:c3:a1:
         8a:a9:db:bf:ba:4f:42:7a:d2:03:bf:73:06:08:1a:fd:83:94:
         d6:30:ec:14:a7:60:a2:96:51:f4:60:10:b1:65:8c:9e:b0:eb:
         76:34:c9:24:01:51:83:ba:da:9a:85:bd:32:80:ce:02:b9:8b:
         0f:25:13:65:86:de:fb:08:7d:e3:d9:2e:f6:ff:55:3e:62:51:
         68:79:8c:77:02:f0:c8:46:9b:e9:65:26:14:ba:c9:51:7e:8b:
         e7:a0:49:60:4e:7f:93:60:84:41:19:f5:72:de:d5:4b:dc:7c:
         a4:c3:fb:c9:50:ab:08:fe:99:6e:a8:f0:99:89:fa:ba:1b:1e:
         0e:3b:45:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZv0QhZv3iJnQOHQQGuZG/JFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjYwMTI1MDgyNTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWI1MjE4M2JhZDQ3ZDcxNTg2MWY2MWJmZTU0OTZmYzY1Mzg5YzgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwfXoV98vyOhoKLJTVVGg33QegQIt
3N7APdhFZGjS5Urmj3pXq1Q6hUut0CuHG7gfa7KvA02iKeJsJlicuVvWVfHsy9I9
HywrWfJf6HGUgMoGZYH3sp8x6TosdRZosy6UM3u5qZY4ioTXAXcrlYCTjbwD5zZG
2XcMncyd7XmW0rO06lpN8cB3o4f43rlDEBSCp1Rv/aLguAADtHfa0pBZ4Zq4t15q
SX4QJv37spahLkO1Owp0K0VSnvXfLatgzdk4lblByXL9+G/tQyK+zvR7NNt+ppp6
VJPgOwOR/nkztznXpR2o8JFVRQY/qk/gexdeTxwSqd+DZhS8JnhHbuHinwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLW1IYO61H1xWGH2G/5UlvxlOJyDMB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvdGJVaGc3clVmWEZZWWZZYl9sU1dfR1U0bklNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue8CMA0G
CSqGSIb3DQEBCwUAA4IBAQCn2TM02L21WY+Yo5ENW/ocfFHA8Z36rsfJ68kd3wn/
5MxgUnSO2gGVOkWTe1NqEBnWYjQ/pFDp0EEe7EMn2z36RzyEiwESyryCE98RiNr6
/SSLYtJc5kLC6+AhuJShuW6R2jPoNDNrCS9CsOjbp/uBavqkSDWrNIujrzVWw6GK
qdu/uk9CetIDv3MGCBr9g5TWMOwUp2CillH0YBCxZYyesOt2NMkkAVGDutqahb0y
gM4CuYsPJRNlht77CH3j2S72/1U+YlFoeYx3AvDIRpvpZSYUuslRfovnoElgTn+T
YIRBGfVy3tVL3Hykw/vJUKsI/pluqPCZifq6Gx4OO0VG
-----END CERTIFICATE-----