This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/FVXQwmYUOfA-cy8XiaHN8ohstLo.roa
File:                     FVXQwmYUOfA-cy8XiaHN8ohstLo.roa (raw, json)
Hash identifier:          KoIZnDM2RImr+Wy3ZdTY9y9ejiMX27DEBwUolXbHWds=
Subject key identifier:   15:55:D0:C2:66:14:39:F0:3E:73:2F:17:89:A1:CD:F2:88:6C:B4:BA
Certificate issuer:       /CN=ca6441d9d807e0d78ce75213a103400ee14a7cdc
Certificate serial:       019B7E39092F87819D954B6AC40A01C82763
Authority key identifier: CA:64:41:D9:D8:07:E0:D7:8C:E7:52:13:A1:03:40:0E:E1:4A:7C:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/FVXQwmYUOfA-cy8XiaHN8ohstLo.roa
Signing time:             Fri 02 Jan 2026 10:20:25 +0000
ROA not before:           Fri 02 Jan 2026 10:20:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215428
IP address blocks:        85.137.252.0/24 maxlen: 24
                          85.137.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 09:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:09:2f:87:81:9d:95:4b:6a:c4:0a:01:c8:27:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca6441d9d807e0d78ce75213a103400ee14a7cdc
        Validity
            Not Before: Jan  2 10:20:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1555d0c2661439f03e732f1789a1cdf2886cb4ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:a6:db:e2:ba:4e:61:ef:40:f0:fc:8a:51:eb:
                    82:2c:ed:19:30:08:de:b2:96:d6:c0:af:6d:c0:94:
                    88:90:23:2f:f4:03:f5:6e:ce:e8:45:2e:90:ec:a1:
                    eb:fd:f5:a6:3a:a8:f7:10:e7:05:03:5f:98:bb:ca:
                    5d:f1:f9:06:55:50:7b:25:db:24:43:9f:82:b8:5d:
                    e9:4a:ec:3b:d9:5c:d6:0b:94:57:08:9d:ce:d7:8b:
                    02:9a:5b:c1:62:9a:ac:32:74:7f:6b:e7:e4:b9:33:
                    e4:4a:5c:77:25:da:0b:43:36:05:a8:cd:b9:29:f5:
                    c7:fe:50:25:6f:56:87:38:92:79:ee:03:c6:5f:23:
                    8e:bd:e7:59:8f:ab:39:0a:fd:7a:22:b1:93:bd:2a:
                    49:59:4c:8a:db:67:68:65:f5:0e:12:0f:0d:fd:61:
                    d9:9f:a2:ee:eb:74:fa:4e:6a:ff:7e:71:25:c5:69:
                    3b:42:13:ee:89:a2:77:9b:33:e0:a7:12:f1:a6:09:
                    a6:31:16:ac:7c:90:97:0e:7f:21:a1:69:c5:f0:93:
                    06:7c:7d:ab:71:78:ca:b8:6c:2d:c9:7d:b9:12:f0:
                    b1:61:a5:f6:45:29:d2:f5:b1:f9:8b:de:65:65:79:
                    de:e6:4c:06:08:1b:f1:af:70:8a:4c:cc:49:39:c8:
                    35:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:55:D0:C2:66:14:39:F0:3E:73:2F:17:89:A1:CD:F2:88:6C:B4:BA
            X509v3 Authority Key Identifier:
                keyid:CA:64:41:D9:D8:07:E0:D7:8C:E7:52:13:A1:03:40:0E:E1:4A:7C:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/FVXQwmYUOfA-cy8XiaHN8ohstLo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.137.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         79:61:94:03:b6:e1:56:b8:92:11:bc:7e:e9:28:65:84:da:d4:
         2a:d1:b3:22:f7:7b:86:2e:fe:ce:0e:75:e9:d8:e4:b2:e6:cc:
         9f:5e:2c:00:70:21:08:70:c7:68:bf:75:a3:eb:51:28:7f:77:
         e1:91:21:f7:f5:dd:58:fb:37:66:7a:fc:a5:f3:36:44:89:8f:
         92:54:3d:d7:38:9e:90:8b:bc:7d:fe:70:37:e4:e6:f4:28:54:
         9a:54:63:93:97:79:cd:d5:6e:45:28:e6:11:2d:f9:eb:fd:78:
         50:93:15:e9:7b:bc:85:2c:8b:60:4f:9b:32:b0:20:3b:ab:25:
         87:4e:11:72:e9:ee:c8:37:26:a0:87:a2:5a:fa:73:09:28:0c:
         5a:f3:af:97:a9:c4:fe:de:4b:1a:08:e3:07:08:c5:b8:28:a3:
         d0:e8:e9:08:c0:2a:b5:c6:84:2f:ec:7a:58:34:3f:92:5c:22:
         7c:ff:72:51:38:38:4b:f8:45:94:e3:3b:87:c5:96:35:8d:53:
         fa:2c:cc:87:5e:13:6d:4e:78:30:ce:6d:8f:d8:f9:12:ad:f6:
         8d:3d:fe:d1:03:88:80:05:e8:52:02:1c:1a:95:05:37:75:29:
         63:83:a3:ed:86:63:33:7c:1a:91:34:d8:e1:08:f5:ca:de:b9:
         7f:d5:41:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OQkvh4GdlUtqxAoByCdjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNjQ0MWQ5ZDgwN2UwZDc4Y2U3NTIxM2ExMDM0MDBlZTE0
YTdjZGMwHhcNMjYwMTAyMTAyMDI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTU1ZDBjMjY2MTQzOWYwM2U3MzJmMTc4OWExY2RmMjg4NmNiNGJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtKbb4rpOYe9A8PyKUeuCLO0ZMAje
spbWwK9twJSIkCMv9AP1bs7oRS6Q7KHr/fWmOqj3EOcFA1+Yu8pd8fkGVVB7Jdsk
Q5+CuF3pSuw72VzWC5RXCJ3O14sCmlvBYpqsMnR/a+fkuTPkSlx3JdoLQzYFqM25
KfXH/lAlb1aHOJJ57gPGXyOOvedZj6s5Cv16IrGTvSpJWUyK22doZfUOEg8N/WHZ
n6Lu63T6Tmr/fnElxWk7QhPuiaJ3mzPgpxLxpgmmMRasfJCXDn8hoWnF8JMGfH2r
cXjKuGwtyX25EvCxYaX2RSnS9bH5i95lZXne5kwGCBvxr3CKTMxJOcg14wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBVV0MJmFDnwPnMvF4mhzfKIbLS6MB8GA1UdIwQY
MBaAFMpkQdnYB+DXjOdSE6EDQA7hSnzcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveW1SQjJkZ0g0TmVNNTFJVG9RTkFEdUZLZk53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC85OTQ3YjYtMzRiYy00NzdlLTg4MTYt
MmUyOGI5NjQ5OGE5LzEvRlZYUXdtWVVPZkEtY3k4WGlhSE44b2hzdExvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC85OTQ3YjYtMzRiYy00NzdlLTg4MTYtMmUyOGI5NjQ5OGE5
LzEveW1SQjJkZ0g0TmVNNTFJVG9RTkFEdUZLZk53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVYn8MA0G
CSqGSIb3DQEBCwUAA4IBAQB5YZQDtuFWuJIRvH7pKGWE2tQq0bMi93uGLv7ODnXp
2OSy5syfXiwAcCEIcMdov3Wj61Eof3fhkSH39d1Y+zdmevyl8zZEiY+SVD3XOJ6Q
i7x9/nA35Ob0KFSaVGOTl3nN1W5FKOYRLfnr/XhQkxXpe7yFLItgT5sysCA7qyWH
ThFy6e7INyagh6Ja+nMJKAxa86+XqcT+3ksaCOMHCMW4KKPQ6OkIwCq1xoQv7HpY
ND+SXCJ8/3JRODhL+EWU4zuHxZY1jVP6LMyHXhNtTngwzm2P2PkSrfaNPf7RA4iA
BehSAhwalQU3dSljg6PthmMzfBqRNNjhCPXK3rl/1UET
-----END CERTIFICATE-----