This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/EpKBCp5jcVtOueR_I_q03UwJDEI.roa
File:                     EpKBCp5jcVtOueR_I_q03UwJDEI.roa (raw, json)
Hash identifier:          bhJhhKm0fSHzE+TLj+fOid4R4xMGar8M8DF2CrFUoIM=
Subject key identifier:   12:92:81:0A:9E:63:71:5B:4E:B9:E4:7F:23:FA:B4:DD:4C:09:0C:42
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       019B7F84ADB40A8A9291E13B937A04E8BCEC
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/EpKBCp5jcVtOueR_I_q03UwJDEI.roa
Signing time:             Fri 02 Jan 2026 16:22:40 +0000
ROA not before:           Fri 02 Jan 2026 16:22:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47231
IP address blocks:        146.120.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:ad:b4:0a:8a:92:91:e1:3b:93:7a:04:e8:bc:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 16:22:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1292810a9e63715b4eb9e47f23fab4dd4c090c42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:35:49:de:ea:62:cb:4f:c4:d5:fd:27:fe:dc:
                    bf:3c:97:b3:9a:62:3d:8f:1f:dd:68:ed:e9:26:7a:
                    10:65:85:94:a4:48:1f:6c:82:d6:b6:a9:4e:f6:4d:
                    91:e8:13:00:ad:60:52:8d:6a:ff:fc:7f:8c:4b:55:
                    fd:43:e6:d5:31:fd:b5:3f:34:a2:7a:14:c0:d0:d5:
                    a5:d6:a2:a4:ed:1e:ff:8a:31:88:91:be:2f:6f:ea:
                    82:db:e6:aa:b5:22:4c:61:00:d1:2d:a1:9c:41:c2:
                    6b:13:5c:43:ac:56:60:ab:9b:b3:f3:a2:74:fd:0a:
                    96:f9:0f:5f:f0:31:8a:b3:84:4d:37:68:94:fa:b0:
                    b8:81:37:87:dd:9a:74:64:2f:37:ba:f0:8c:ae:33:
                    15:71:b1:bf:98:23:87:52:a6:00:e3:f0:36:f0:4d:
                    f8:91:f3:69:09:e4:05:ac:f0:01:74:b4:82:76:8a:
                    f8:26:d4:c2:d6:dd:33:79:b5:41:23:fc:77:3f:46:
                    8a:4c:0f:b7:96:2a:f0:bd:ae:52:f4:d8:0e:1d:90:
                    45:6e:d9:84:18:c9:1b:01:02:45:ce:a6:d6:a4:84:
                    a6:d0:4b:c3:84:ba:53:8e:fa:94:9f:1f:1f:53:69:
                    d5:94:fe:88:9a:1b:2c:40:7a:a0:0f:fa:e0:52:7f:
                    c0:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:92:81:0A:9E:63:71:5B:4E:B9:E4:7F:23:FA:B4:DD:4C:09:0C:42
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/EpKBCp5jcVtOueR_I_q03UwJDEI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.120.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:c5:3b:ea:2e:fa:f4:cd:3c:d8:38:c8:f6:92:f5:7c:a2:1f:
         e9:94:b6:17:12:90:14:e6:1c:95:48:9a:d2:9d:15:14:69:f2:
         52:80:c6:57:0e:1b:3a:00:22:31:44:57:ed:bd:71:a8:3d:2c:
         ca:0e:2c:0d:c6:eb:3e:7c:bb:55:50:19:5c:88:d2:9d:44:b1:
         41:c3:43:43:aa:2f:bc:23:ab:b7:63:bc:4a:6b:bd:44:ff:b8:
         fd:90:3e:ac:44:bb:61:78:1e:58:fe:0f:3a:70:9b:f8:9b:aa:
         07:59:8e:11:b1:e2:f0:07:f7:f0:15:aa:0e:e5:a2:67:cd:40:
         a2:65:58:f7:cf:96:4f:15:67:0e:df:73:a2:57:30:9e:bf:19:
         0a:a4:86:fa:6c:c0:0c:7c:a8:57:74:dc:62:2c:03:34:25:1d:
         bd:c0:43:08:ea:16:7b:e5:a4:4c:9d:48:1d:2e:9f:e4:bc:97:
         93:8f:e5:87:03:21:a8:80:f4:ce:c1:10:b0:2e:6b:f9:c4:53:
         d8:c9:a0:7d:3f:da:37:a3:20:1a:4d:a6:4f:8e:7a:25:4a:aa:
         4d:19:3b:91:d1:fe:8d:f4:c2:3a:fc:ee:3b:61:06:01:36:86:
         2a:ff:97:05:bc:a5:25:90:4d:0b:2f:96:0c:4f:c6:ff:6b:7d:
         81:0f:61:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hK20CoqSkeE7k3oE6LzsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjYwMTAyMTYyMjQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjkyODEwYTllNjM3MTViNGViOWU0N2YyM2ZhYjRkZDRjMDkwYzQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxTVJ3upiy0/E1f0n/ty/PJezmmI9
jx/daO3pJnoQZYWUpEgfbILWtqlO9k2R6BMArWBSjWr//H+MS1X9Q+bVMf21PzSi
ehTA0NWl1qKk7R7/ijGIkb4vb+qC2+aqtSJMYQDRLaGcQcJrE1xDrFZgq5uz86J0
/QqW+Q9f8DGKs4RNN2iU+rC4gTeH3Zp0ZC83uvCMrjMVcbG/mCOHUqYA4/A28E34
kfNpCeQFrPABdLSCdor4JtTC1t0zebVBI/x3P0aKTA+3lirwva5S9NgOHZBFbtmE
GMkbAQJFzqbWpISm0EvDhLpTjvqUnx8fU2nVlP6ImhssQHqgD/rgUn/AfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBKSgQqeY3FbTrnkfyP6tN1MCQxCMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvRXBLQkNwNWpjVnRPdWVSX0lfcTAzVXdKREVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAknjdMA0G
CSqGSIb3DQEBCwUAA4IBAQAqxTvqLvr0zTzYOMj2kvV8oh/plLYXEpAU5hyVSJrS
nRUUafJSgMZXDhs6ACIxRFftvXGoPSzKDiwNxus+fLtVUBlciNKdRLFBw0NDqi+8
I6u3Y7xKa71E/7j9kD6sRLtheB5Y/g86cJv4m6oHWY4RseLwB/fwFaoO5aJnzUCi
ZVj3z5ZPFWcO33OiVzCevxkKpIb6bMAMfKhXdNxiLAM0JR29wEMI6hZ75aRMnUgd
Lp/kvJeTj+WHAyGogPTOwRCwLmv5xFPYyaB9P9o3oyAaTaZPjnolSqpNGTuR0f6N
9MI6/O47YQYBNoYq/5cFvKUlkE0LL5YMT8b/a32BD2E1
-----END CERTIFICATE-----