This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/341068-28f6-4f81-993f-279203b1d92c/1/CSfQE_8068-e8A2lLxmK3WQdfJo.roa
File:                     CSfQE_8068-e8A2lLxmK3WQdfJo.roa (raw, json)
Hash identifier:          wgfumD82vaibDAgLHiKl5UfesSI7XCgpM8upb3rLfg8=
Subject key identifier:   09:27:D0:13:FF:34:EB:CF:9E:F0:0D:A5:2F:19:8A:DD:64:1D:7C:9A
Certificate issuer:       /CN=7247ba43e270c98bdc642a9e3c218ca524eb0f53
Certificate serial:       019B7E392DC8BBEFDAC9E30A0F8B05EC867D
Authority key identifier: 72:47:BA:43:E2:70:C9:8B:DC:64:2A:9E:3C:21:8C:A5:24:EB:0F:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cke6Q-JwyYvcZCqePCGMpSTrD1M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/341068-28f6-4f81-993f-279203b1d92c/1/CSfQE_8068-e8A2lLxmK3WQdfJo.roa
Signing time:             Fri 02 Jan 2026 10:20:34 +0000
ROA not before:           Fri 02 Jan 2026 10:20:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34913
IP address blocks:        185.227.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/341068-28f6-4f81-993f-279203b1d92c/1/cke6Q-JwyYvcZCqePCGMpSTrD1M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/341068-28f6-4f81-993f-279203b1d92c/1/cke6Q-JwyYvcZCqePCGMpSTrD1M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cke6Q-JwyYvcZCqePCGMpSTrD1M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:2d:c8:bb:ef:da:c9:e3:0a:0f:8b:05:ec:86:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7247ba43e270c98bdc642a9e3c218ca524eb0f53
        Validity
            Not Before: Jan  2 10:20:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0927d013ff34ebcf9ef00da52f198add641d7c9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:19:10:2a:33:b9:b2:ee:2c:d5:03:35:7d:74:
                    6e:75:3a:b0:d1:56:d7:5e:5f:26:84:79:5d:70:ce:
                    e2:e1:fa:87:39:f8:b4:9f:5b:64:a1:c2:c2:87:6f:
                    6a:0f:10:26:d8:b8:9c:00:fa:d0:35:0e:0c:dd:63:
                    1f:42:6c:a1:8d:1d:bf:8e:60:98:1d:97:86:31:60:
                    74:86:36:de:9d:df:a0:a8:69:58:de:e8:c5:92:99:
                    0b:67:c0:f7:10:42:80:1c:60:96:7d:53:15:35:a6:
                    24:b6:79:3f:59:55:99:1f:90:6f:58:9b:62:d2:29:
                    b7:72:a9:1f:a1:44:55:37:f1:91:b5:e4:bd:6c:81:
                    67:bb:ec:8d:2c:c3:9f:10:55:eb:9d:b3:9a:81:5c:
                    09:92:1a:c6:07:e5:86:07:8f:8b:f3:48:b8:c8:2e:
                    a1:cb:01:fe:b3:db:da:30:56:61:3c:31:2c:8e:50:
                    6e:12:7e:d0:0e:01:53:3f:70:81:a0:3d:66:ea:1b:
                    d6:6b:fc:2e:e8:6e:63:84:8c:0d:69:bf:d3:86:76:
                    92:20:de:95:39:71:c3:c2:07:41:5c:26:c6:89:d3:
                    0c:a9:81:ac:11:bb:3c:b2:92:a2:d5:79:a1:52:c4:
                    f6:d7:fc:8d:1c:00:3b:40:bf:67:f4:b5:05:4c:8e:
                    b6:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:27:D0:13:FF:34:EB:CF:9E:F0:0D:A5:2F:19:8A:DD:64:1D:7C:9A
            X509v3 Authority Key Identifier:
                keyid:72:47:BA:43:E2:70:C9:8B:DC:64:2A:9E:3C:21:8C:A5:24:EB:0F:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cke6Q-JwyYvcZCqePCGMpSTrD1M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/341068-28f6-4f81-993f-279203b1d92c/1/CSfQE_8068-e8A2lLxmK3WQdfJo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/341068-28f6-4f81-993f-279203b1d92c/1/cke6Q-JwyYvcZCqePCGMpSTrD1M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.227.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:c1:96:91:6d:6b:32:8c:6a:1c:d5:78:1c:e9:c2:e7:5f:4d:
         99:86:00:77:eb:7d:90:a5:2e:5f:68:94:09:c0:bf:a3:ec:46:
         c7:38:2f:ea:96:a9:e3:f2:de:03:34:b8:db:43:64:7d:da:bd:
         66:3b:d1:57:1f:52:99:09:69:ec:2e:7b:22:16:81:83:ee:b4:
         4e:12:e6:51:40:24:a2:c9:3a:45:de:62:16:e8:41:ae:73:6f:
         f9:7f:f6:50:ec:cd:c0:b8:7f:40:66:06:71:47:6e:f5:42:03:
         84:9d:6e:a0:52:e2:6c:7e:0e:84:fd:37:c3:f0:92:76:d1:52:
         0d:9c:ce:d9:5c:08:e0:fb:69:c5:94:2e:6e:95:92:dc:0a:5d:
         c5:74:94:3c:2b:3a:69:54:7c:a7:02:f8:e9:d6:ba:2d:39:33:
         f4:ce:4b:28:b3:7d:8e:13:bd:56:83:9c:d3:84:98:52:42:b0:
         ee:0a:aa:4c:67:13:ff:cc:ee:be:09:ee:e6:79:20:2b:ff:9c:
         c1:d9:b2:a8:09:e7:f4:08:a6:d1:74:c3:3a:2e:03:13:ce:5f:
         29:96:1f:e6:96:85:bc:b9:8d:44:8f:fa:8e:f5:a4:7c:2e:0e:
         58:e8:b9:f8:87:d3:e7:c8:a2:59:25:b1:13:f3:4a:dc:c9:a3:
         4c:cd:2b:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OS3Iu+/ayeMKD4sF7IZ9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyNDdiYTQzZTI3MGM5OGJkYzY0MmE5ZTNjMjE4Y2E1MjRl
YjBmNTMwHhcNMjYwMTAyMTAyMDM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTI3ZDAxM2ZmMzRlYmNmOWVmMDBkYTUyZjE5OGFkZDY0MWQ3YzlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2hkQKjO5su4s1QM1fXRudTqw0VbX
Xl8mhHldcM7i4fqHOfi0n1tkocLCh29qDxAm2LicAPrQNQ4M3WMfQmyhjR2/jmCY
HZeGMWB0hjbend+gqGlY3ujFkpkLZ8D3EEKAHGCWfVMVNaYktnk/WVWZH5BvWJti
0im3cqkfoURVN/GRteS9bIFnu+yNLMOfEFXrnbOagVwJkhrGB+WGB4+L80i4yC6h
ywH+s9vaMFZhPDEsjlBuEn7QDgFTP3CBoD1m6hvWa/wu6G5jhIwNab/ThnaSIN6V
OXHDwgdBXCbGidMMqYGsEbs8spKi1XmhUsT21/yNHAA7QL9n9LUFTI62PQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAkn0BP/NOvPnvANpS8Zit1kHXyaMB8GA1UdIwQY
MBaAFHJHukPicMmL3GQqnjwhjKUk6w9TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2tlNlEtSnd5WXZjWkNxZVBDR01wU1RyRDFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni8zNDEwNjgtMjhmNi00ZjgxLTk5M2Yt
Mjc5MjAzYjFkOTJjLzEvQ1NmUUVfODA2OC1lOEEybEx4bUszV1FkZkpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni8zNDEwNjgtMjhmNi00ZjgxLTk5M2YtMjc5MjAzYjFkOTJj
LzEvY2tlNlEtSnd5WXZjWkNxZVBDR01wU1RyRDFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuePpMA0G
CSqGSIb3DQEBCwUAA4IBAQA+wZaRbWsyjGoc1Xgc6cLnX02ZhgB3632QpS5faJQJ
wL+j7EbHOC/qlqnj8t4DNLjbQ2R92r1mO9FXH1KZCWnsLnsiFoGD7rROEuZRQCSi
yTpF3mIW6EGuc2/5f/ZQ7M3AuH9AZgZxR271QgOEnW6gUuJsfg6E/TfD8JJ20VIN
nM7ZXAjg+2nFlC5ulZLcCl3FdJQ8KzppVHynAvjp1rotOTP0zksos32OE71Wg5zT
hJhSQrDuCqpMZxP/zO6+Ce7meSAr/5zB2bKoCef0CKbRdMM6LgMTzl8plh/mloW8
uY1Ej/qO9aR8Lg5Y6Ln4h9PnyKJZJbET80rcyaNMzSuf
-----END CERTIFICATE-----