This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/47df00-8468-4c39-be95-e10a60596c26/1/LdfV37MlwkUrVSWNHNR8yVa3UeQ.roa
File:                     LdfV37MlwkUrVSWNHNR8yVa3UeQ.roa (raw, json)
Hash identifier:          KsfGJkK20VqHa4HyShHlWqRj8wawsws1Akuhtl9QLC4=
Subject key identifier:   2D:D7:D5:DF:B3:25:C2:45:2B:55:25:8D:1C:D4:7C:C9:56:B7:51:E4
Certificate issuer:       /CN=9891c4488699e6d024e39cc4d61eeeabd38010fa
Certificate serial:       019B78347ACCA6E54F642CBF57BBD79545F3
Authority key identifier: 98:91:C4:48:86:99:E6:D0:24:E3:9C:C4:D6:1E:EE:AB:D3:80:10:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mJHESIaZ5tAk45zE1h7uq9OAEPo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/47df00-8468-4c39-be95-e10a60596c26/1/LdfV37MlwkUrVSWNHNR8yVa3UeQ.roa
Signing time:             Thu 01 Jan 2026 06:17:43 +0000
ROA not before:           Thu 01 Jan 2026 06:17:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212490
IP address blocks:        185.41.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/47df00-8468-4c39-be95-e10a60596c26/1/mJHESIaZ5tAk45zE1h7uq9OAEPo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/47df00-8468-4c39-be95-e10a60596c26/1/mJHESIaZ5tAk45zE1h7uq9OAEPo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mJHESIaZ5tAk45zE1h7uq9OAEPo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:7a:cc:a6:e5:4f:64:2c:bf:57:bb:d7:95:45:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9891c4488699e6d024e39cc4d61eeeabd38010fa
        Validity
            Not Before: Jan  1 06:17:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2dd7d5dfb325c2452b55258d1cd47cc956b751e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:c1:1a:ed:1f:8d:2f:18:b3:18:b0:f3:a2:32:
                    5c:a3:5f:91:39:ce:43:ca:3c:0a:de:6a:4b:ac:24:
                    ac:02:06:24:b5:aa:77:fe:2a:21:48:58:54:c2:ed:
                    c7:c7:ef:d3:bd:46:13:57:25:ce:f3:7d:56:01:95:
                    cf:a6:63:e3:85:58:f3:9f:0e:cd:8b:62:30:c6:12:
                    2b:1f:ff:67:79:a9:b4:55:16:99:ab:5e:ed:9c:c9:
                    73:a0:4b:b8:9e:c3:3c:5d:02:3c:2f:45:88:b9:96:
                    81:6b:3c:1f:a5:95:8c:84:12:cc:56:30:ae:70:a8:
                    d8:cc:e2:36:20:a7:0a:1b:72:45:54:75:bf:d5:ce:
                    36:a9:f7:07:08:00:3b:40:a8:fd:73:47:0b:15:45:
                    30:90:c2:ba:07:c5:f1:01:34:bc:10:a2:a8:cf:22:
                    3d:7c:a3:62:4c:24:19:f9:b3:11:1b:d4:28:c6:39:
                    f8:45:b5:c0:0d:44:d7:d8:63:aa:9b:51:42:3e:8c:
                    f3:20:b5:09:eb:63:2f:4e:dd:f7:dd:45:47:d2:20:
                    13:6a:53:18:69:79:3f:f9:aa:c4:bd:e7:79:81:ab:
                    0a:29:46:1a:7c:be:0e:bc:c7:42:45:40:f4:ec:cc:
                    36:8c:1d:8c:c6:46:48:12:bb:ef:c1:45:f1:ad:36:
                    65:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:D7:D5:DF:B3:25:C2:45:2B:55:25:8D:1C:D4:7C:C9:56:B7:51:E4
            X509v3 Authority Key Identifier:
                keyid:98:91:C4:48:86:99:E6:D0:24:E3:9C:C4:D6:1E:EE:AB:D3:80:10:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mJHESIaZ5tAk45zE1h7uq9OAEPo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/47df00-8468-4c39-be95-e10a60596c26/1/LdfV37MlwkUrVSWNHNR8yVa3UeQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/47df00-8468-4c39-be95-e10a60596c26/1/mJHESIaZ5tAk45zE1h7uq9OAEPo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.41.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:d7:37:b6:64:67:7a:d2:83:1c:c3:1b:be:06:b5:36:60:f2:
         50:3e:3c:fe:35:cd:ac:d3:5b:4e:5f:ed:b3:85:9c:7c:ff:3c:
         fe:e4:ee:5f:8d:70:df:5d:4e:65:ea:af:36:90:bf:d9:92:36:
         dd:ce:72:ff:c7:af:f2:13:2d:9c:d8:d5:f3:a9:1b:7a:32:8b:
         e3:51:63:64:70:b6:0b:a0:32:2d:28:1d:92:c4:cc:c9:54:97:
         52:3b:e6:3f:48:dc:f3:ae:0b:c2:b3:0f:70:32:c0:5a:cd:fd:
         75:e6:f9:e4:cb:28:d0:11:e2:c7:bf:e4:57:57:dc:10:f3:49:
         3f:84:00:88:8f:c5:05:70:f7:59:b3:53:79:06:e8:40:82:2f:
         56:71:38:c6:d0:96:a6:ef:e5:15:ae:73:40:d6:4d:0d:ce:81:
         c3:57:21:a6:61:c4:3f:e8:f6:49:1c:f2:2f:d6:af:cc:8e:85:
         f8:72:0a:9f:0e:d8:3c:49:86:29:3b:3b:af:62:88:2f:7e:8d:
         81:77:a2:de:12:05:2b:86:bb:a1:a2:68:25:7f:cb:f5:8b:ea:
         6f:09:f0:1b:00:41:16:7c:38:a4:f1:e0:af:8b:bd:38:12:88:
         51:80:c8:61:a2:89:de:cf:cb:54:72:1a:2d:3e:48:dd:14:bd:
         6f:ed:cc:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NHrMpuVPZCy/V7vXlUXzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4OTFjNDQ4ODY5OWU2ZDAyNGUzOWNjNGQ2MWVlZWFiZDM4
MDEwZmEwHhcNMjYwMTAxMDYxNzQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGQ3ZDVkZmIzMjVjMjQ1MmI1NTI1OGQxY2Q0N2NjOTU2Yjc1MWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMEa7R+NLxizGLDzojJco1+ROc5D
yjwK3mpLrCSsAgYktap3/iohSFhUwu3Hx+/TvUYTVyXO831WAZXPpmPjhVjznw7N
i2IwxhIrH/9neam0VRaZq17tnMlzoEu4nsM8XQI8L0WIuZaBazwfpZWMhBLMVjCu
cKjYzOI2IKcKG3JFVHW/1c42qfcHCAA7QKj9c0cLFUUwkMK6B8XxATS8EKKozyI9
fKNiTCQZ+bMRG9Qoxjn4RbXADUTX2GOqm1FCPozzILUJ62MvTt333UVH0iATalMY
aXk/+arEved5gasKKUYafL4OvMdCRUD07Mw2jB2MxkZIErvvwUXxrTZlfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC3X1d+zJcJFK1UljRzUfMlWt1HkMB8GA1UdIwQY
MBaAFJiRxEiGmebQJOOcxNYe7qvTgBD6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUpIRVNJYVo1dEFrNDV6RTFoN3VxOU9BRVBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80N2RmMDAtODQ2OC00YzM5LWJlOTUt
ZTEwYTYwNTk2YzI2LzEvTGRmVjM3TWx3a1VyVlNXTkhOUjh5VmEzVWVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80N2RmMDAtODQ2OC00YzM5LWJlOTUtZTEwYTYwNTk2YzI2
LzEvbUpIRVNJYVo1dEFrNDV6RTFoN3VxOU9BRVBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSm4MA0G
CSqGSIb3DQEBCwUAA4IBAQBS1ze2ZGd60oMcwxu+BrU2YPJQPjz+Nc2s01tOX+2z
hZx8/zz+5O5fjXDfXU5l6q82kL/ZkjbdznL/x6/yEy2c2NXzqRt6MovjUWNkcLYL
oDItKB2SxMzJVJdSO+Y/SNzzrgvCsw9wMsBazf115vnkyyjQEeLHv+RXV9wQ80k/
hACIj8UFcPdZs1N5BuhAgi9WcTjG0Jam7+UVrnNA1k0NzoHDVyGmYcQ/6PZJHPIv
1q/MjoX4cgqfDtg8SYYpOzuvYogvfo2Bd6LeEgUrhruhomglf8v1i+pvCfAbAEEW
fDik8eCvi704EohRgMhhoonez8tUchotPkjdFL1v7cyj
-----END CERTIFICATE-----