This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/6PHN4EINg95zsWmwMqR_LCCbpc0.roa
File:                     6PHN4EINg95zsWmwMqR_LCCbpc0.roa (raw, json)
Hash identifier:          Qlikbs7ZBI8ctlfaw3/jTu/l9GkQAhjSgxybaaSAR64=
Subject key identifier:   E8:F1:CD:E0:42:0D:83:DE:73:B1:69:B0:32:A4:7F:2C:20:9B:A5:CD
Certificate issuer:       /CN=8b47aa09f2c610f6f44b4e75c1cd9dcd3884e55d
Certificate serial:       019B78A22607B630145C9854BE717750A39B
Authority key identifier: 8B:47:AA:09:F2:C6:10:F6:F4:4B:4E:75:C1:CD:9D:CD:38:84:E5:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i0eqCfLGEPb0S051wc2dzTiE5V0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/6PHN4EINg95zsWmwMqR_LCCbpc0.roa
Signing time:             Thu 01 Jan 2026 08:17:31 +0000
ROA not before:           Thu 01 Jan 2026 08:17:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213682
IP address blocks:        157.119.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/i0eqCfLGEPb0S051wc2dzTiE5V0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/i0eqCfLGEPb0S051wc2dzTiE5V0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i0eqCfLGEPb0S051wc2dzTiE5V0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:26:07:b6:30:14:5c:98:54:be:71:77:50:a3:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b47aa09f2c610f6f44b4e75c1cd9dcd3884e55d
        Validity
            Not Before: Jan  1 08:17:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e8f1cde0420d83de73b169b032a47f2c209ba5cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:13:10:09:bf:e0:2e:8a:95:b7:4f:86:79:cf:
                    69:e9:f0:55:2b:f7:21:0b:ea:18:aa:b3:c4:f6:01:
                    9a:ab:90:ba:eb:83:07:7b:7a:64:06:a5:06:6d:7b:
                    14:a5:f8:18:40:ee:c3:a5:65:21:e2:2b:84:4a:89:
                    41:0f:13:14:9d:37:5d:06:f9:37:06:64:69:c6:cb:
                    ac:60:12:f5:f9:bf:ef:0c:c0:73:85:84:a2:54:8c:
                    39:bb:ee:eb:50:cb:d8:7d:87:1b:96:9a:bd:58:3b:
                    e2:65:d3:43:11:e8:8c:c2:56:b7:98:58:24:c7:0b:
                    87:4d:f0:2c:60:51:5b:f6:f6:af:1e:c6:70:c8:3c:
                    bf:11:b2:0f:0d:dd:9f:c6:1d:fd:3c:55:ce:2e:31:
                    c0:df:39:70:2d:22:32:b9:18:ed:1e:b8:5a:29:48:
                    d9:35:57:76:e9:5e:d3:5a:d8:83:46:47:e7:3f:c3:
                    b6:2a:dd:e7:52:b0:0a:93:50:78:7c:28:a4:f8:da:
                    68:d6:7f:36:77:dd:d3:3e:8a:91:5c:5e:03:e0:7f:
                    01:be:e1:e4:4e:c1:ce:41:02:5f:d0:ad:81:0e:c3:
                    e9:c5:f0:11:09:c5:cf:e0:37:a6:57:46:75:72:c6:
                    b3:d7:4c:df:00:4c:91:4a:99:1f:cf:9d:c8:58:ed:
                    d9:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:F1:CD:E0:42:0D:83:DE:73:B1:69:B0:32:A4:7F:2C:20:9B:A5:CD
            X509v3 Authority Key Identifier:
                keyid:8B:47:AA:09:F2:C6:10:F6:F4:4B:4E:75:C1:CD:9D:CD:38:84:E5:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i0eqCfLGEPb0S051wc2dzTiE5V0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/6PHN4EINg95zsWmwMqR_LCCbpc0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/i0eqCfLGEPb0S051wc2dzTiE5V0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.119.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:6b:2f:77:61:60:3d:9f:ff:1b:ca:eb:12:e2:c8:de:99:02:
         c3:5a:17:10:02:00:3f:80:3d:f0:52:b2:65:01:99:09:4c:ce:
         60:0b:e0:b5:fb:13:c4:20:72:e8:9e:a9:54:87:86:71:60:0e:
         f2:e1:dc:fc:e4:94:cb:81:91:24:19:25:49:37:08:f9:08:86:
         34:d9:f3:26:24:53:e5:e6:72:26:71:6e:35:92:07:83:6a:3d:
         1b:d0:f1:09:6e:c5:98:96:28:6a:83:ff:32:38:b3:9a:28:c9:
         53:67:6a:0a:69:9f:f4:4a:2f:1d:f6:30:bc:d8:af:07:02:8e:
         af:29:6f:40:ca:cb:f2:84:72:07:64:fd:7e:29:85:97:0e:e9:
         8d:09:c1:4e:17:75:12:6f:36:d5:59:88:a6:c1:75:65:c3:46:
         3a:20:2c:19:0f:16:e2:61:23:43:07:2d:3c:9e:5f:fc:14:ed:
         54:ed:a9:4f:72:25:9d:1a:c8:42:60:da:fd:32:e2:30:8f:98:
         b7:f5:98:6d:a0:4e:b6:84:47:2b:b6:2a:06:20:f4:7c:3f:61:
         ca:f3:9c:a2:0d:6c:4b:ee:fd:9d:ae:a6:12:bc:10:77:8e:87:
         ee:35:66:3a:fb:cc:a1:ab:56:ea:45:1b:16:6b:45:53:9f:8c:
         fa:86:ce:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4oiYHtjAUXJhUvnF3UKObMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiNDdhYTA5ZjJjNjEwZjZmNDRiNGU3NWMxY2Q5ZGNkMzg4
NGU1NWQwHhcNMjYwMTAxMDgxNzMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGYxY2RlMDQyMGQ4M2RlNzNiMTY5YjAzMmE0N2YyYzIwOWJhNWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvhMQCb/gLoqVt0+Gec9p6fBVK/ch
C+oYqrPE9gGaq5C664MHe3pkBqUGbXsUpfgYQO7DpWUh4iuESolBDxMUnTddBvk3
BmRpxsusYBL1+b/vDMBzhYSiVIw5u+7rUMvYfYcblpq9WDviZdNDEeiMwla3mFgk
xwuHTfAsYFFb9vavHsZwyDy/EbIPDd2fxh39PFXOLjHA3zlwLSIyuRjtHrhaKUjZ
NVd26V7TWtiDRkfnP8O2Kt3nUrAKk1B4fCik+Npo1n82d93TPoqRXF4D4H8BvuHk
TsHOQQJf0K2BDsPpxfARCcXP4DemV0Z1csaz10zfAEyRSpkfz53IWO3Z3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOjxzeBCDYPec7FpsDKkfywgm6XNMB8GA1UdIwQY
MBaAFItHqgnyxhD29EtOdcHNnc04hOVdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTBlcUNmTEdFUGIwUzA1MXdjMmR6VGlFNVYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9mNTYwZTEtNzg0MC00OTUxLWFiNzgt
NTAwMTUzOWQ3MTg1LzEvNlBITjRFSU5nOTV6c1dtd01xUl9MQ0NicGMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9mNTYwZTEtNzg0MC00OTUxLWFiNzgtNTAwMTUzOWQ3MTg1
LzEvaTBlcUNmTEdFUGIwUzA1MXdjMmR6VGlFNVYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnXe9MA0G
CSqGSIb3DQEBCwUAA4IBAQApay93YWA9n/8byusS4sjemQLDWhcQAgA/gD3wUrJl
AZkJTM5gC+C1+xPEIHLonqlUh4ZxYA7y4dz85JTLgZEkGSVJNwj5CIY02fMmJFPl
5nImcW41kgeDaj0b0PEJbsWYlihqg/8yOLOaKMlTZ2oKaZ/0Si8d9jC82K8HAo6v
KW9AysvyhHIHZP1+KYWXDumNCcFOF3USbzbVWYimwXVlw0Y6ICwZDxbiYSNDBy08
nl/8FO1U7alPciWdGshCYNr9MuIwj5i39ZhtoE62hEcrtioGIPR8P2HK85yiDWxL
7v2drqYSvBB3jofuNWY6+8yhq1bqRRsWa0VTn4z6hs4p
-----END CERTIFICATE-----