This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/ab7f0d-dd30-48df-bb0c-85b26b3ed983/1/652lcuzT9PIhaSeP2avGOH6beOk.roa
File:                     652lcuzT9PIhaSeP2avGOH6beOk.roa (raw, json)
Hash identifier:          9cjGs1jIWWRzFnAzuxAkpsphISqK1RUqJmC7SPZmiso=
Subject key identifier:   EB:9D:A5:72:EC:D3:F4:F2:21:69:27:8F:D9:AB:C6:38:7E:9B:78:E9
Certificate issuer:       /CN=6b4137c95719de3b0651e44ad0683501ae67eb88
Certificate serial:       019B78A344A10201047915F508423E78F77B
Authority key identifier: 6B:41:37:C9:57:19:DE:3B:06:51:E4:4A:D0:68:35:01:AE:67:EB:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a0E3yVcZ3jsGUeRK0Gg1Aa5n64g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/ab7f0d-dd30-48df-bb0c-85b26b3ed983/1/652lcuzT9PIhaSeP2avGOH6beOk.roa
Signing time:             Thu 01 Jan 2026 08:18:44 +0000
ROA not before:           Thu 01 Jan 2026 08:18:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     273171
IP address blocks:        185.240.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/ab7f0d-dd30-48df-bb0c-85b26b3ed983/1/a0E3yVcZ3jsGUeRK0Gg1Aa5n64g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/ab7f0d-dd30-48df-bb0c-85b26b3ed983/1/a0E3yVcZ3jsGUeRK0Gg1Aa5n64g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a0E3yVcZ3jsGUeRK0Gg1Aa5n64g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:44:a1:02:01:04:79:15:f5:08:42:3e:78:f7:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b4137c95719de3b0651e44ad0683501ae67eb88
        Validity
            Not Before: Jan  1 08:18:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=eb9da572ecd3f4f22169278fd9abc6387e9b78e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:6a:3c:f6:10:e6:22:14:f7:7a:43:d9:cb:3c:
                    d1:f2:dd:bc:91:4b:41:10:d9:9e:8a:f3:54:19:73:
                    e4:ad:95:f9:a2:f7:a7:47:f3:51:85:21:04:1f:1d:
                    61:d3:79:66:b3:9e:16:f8:63:c5:b9:8d:a6:3f:28:
                    c2:4d:a6:34:33:3c:c2:20:ca:48:be:87:63:b9:4f:
                    31:7b:c0:4a:ca:cf:0f:38:7c:4b:d9:86:29:51:1e:
                    97:66:81:0e:f5:f4:1b:1d:d3:76:be:5d:05:48:16:
                    d7:f9:a9:e5:69:83:37:b8:78:28:bc:8d:ec:42:de:
                    49:e5:1d:da:19:ac:53:f9:87:c9:34:26:f2:3b:22:
                    10:a1:77:35:2f:a9:d8:d7:ed:d1:27:4e:2c:63:e4:
                    2a:27:9f:1d:05:5e:42:ec:8e:64:fc:98:3c:33:89:
                    a1:53:ee:3c:3c:79:64:5e:d4:e4:5a:eb:62:87:22:
                    3c:d2:69:23:26:f8:ae:64:b6:80:57:3e:a0:f9:ef:
                    31:cf:44:32:48:6f:5c:42:ad:76:b6:0d:ba:b4:b3:
                    8c:c5:ec:81:88:30:ef:17:7e:57:05:a4:14:d9:7b:
                    ce:5e:1d:f9:74:bd:ce:24:b9:2e:e4:b8:2f:f7:8d:
                    17:76:17:0f:94:f9:14:71:6b:d9:56:e6:bf:dd:02:
                    a4:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:9D:A5:72:EC:D3:F4:F2:21:69:27:8F:D9:AB:C6:38:7E:9B:78:E9
            X509v3 Authority Key Identifier:
                keyid:6B:41:37:C9:57:19:DE:3B:06:51:E4:4A:D0:68:35:01:AE:67:EB:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0E3yVcZ3jsGUeRK0Gg1Aa5n64g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/ab7f0d-dd30-48df-bb0c-85b26b3ed983/1/652lcuzT9PIhaSeP2avGOH6beOk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/ab7f0d-dd30-48df-bb0c-85b26b3ed983/1/a0E3yVcZ3jsGUeRK0Gg1Aa5n64g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.240.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:95:d4:46:78:73:45:df:79:c0:c0:50:cb:11:a8:39:c4:70:
         82:10:f0:50:aa:36:7a:b0:d7:30:8f:7e:30:2f:b8:c2:6e:32:
         00:c2:e4:ca:7b:8f:d2:d1:66:13:4c:48:6d:e6:1c:03:12:84:
         96:f9:6e:8b:1e:a6:10:2e:f0:3d:d2:48:b5:48:7c:c8:9f:f8:
         f6:a5:09:60:fd:5d:b7:d3:50:99:bd:24:a4:3d:dd:66:a6:58:
         be:8b:b6:07:3f:b7:c3:01:e4:91:e8:c9:76:65:74:77:1f:b8:
         f1:8d:20:87:da:ec:ff:51:d8:db:6f:e5:8a:d4:0c:8b:a0:0e:
         a3:66:a2:b1:25:39:6c:8c:f5:a3:fe:35:6e:90:1b:8e:7c:89:
         a2:ed:fc:cf:d6:6f:dc:b1:ea:08:81:a2:8f:c6:16:6d:07:79:
         03:c3:c1:85:a2:08:6a:eb:c7:2b:27:88:ec:87:44:30:a2:ec:
         71:00:98:ab:ee:5f:d3:7e:25:1f:cd:57:b9:27:02:48:ee:23:
         4d:51:53:b4:9b:57:f6:b1:f5:14:f1:e6:04:31:8e:b9:9e:b4:
         3b:a5:07:28:4f:21:fe:30:27:89:43:8b:5b:aa:57:5d:96:ea:
         82:d8:1b:d7:ee:8d:cc:27:9e:44:63:6b:4a:1b:c7:11:24:72:
         06:49:50:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4o0ShAgEEeRX1CEI+ePd7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNDEzN2M5NTcxOWRlM2IwNjUxZTQ0YWQwNjgzNTAxYWU2
N2ViODgwHhcNMjYwMTAxMDgxODQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjlkYTU3MmVjZDNmNGYyMjE2OTI3OGZkOWFiYzYzODdlOWI3OGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlmo89hDmIhT3ekPZyzzR8t28kUtB
ENmeivNUGXPkrZX5ovenR/NRhSEEHx1h03lms54W+GPFuY2mPyjCTaY0MzzCIMpI
vodjuU8xe8BKys8POHxL2YYpUR6XZoEO9fQbHdN2vl0FSBbX+anlaYM3uHgovI3s
Qt5J5R3aGaxT+YfJNCbyOyIQoXc1L6nY1+3RJ04sY+QqJ58dBV5C7I5k/Jg8M4mh
U+48PHlkXtTkWutihyI80mkjJviuZLaAVz6g+e8xz0QySG9cQq12tg26tLOMxeyB
iDDvF35XBaQU2XvOXh35dL3OJLku5Lgv940XdhcPlPkUcWvZVua/3QKknwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOudpXLs0/TyIWknj9mrxjh+m3jpMB8GA1UdIwQY
MBaAFGtBN8lXGd47BlHkStBoNQGuZ+uIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTBFM3lWY1ozanNHVWVSSzBHZzFBYTVuNjRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9hYjdmMGQtZGQzMC00OGRmLWJiMGMt
ODViMjZiM2VkOTgzLzEvNjUybGN1elQ5UEloYVNlUDJhdkdPSDZiZU9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9hYjdmMGQtZGQzMC00OGRmLWJiMGMtODViMjZiM2VkOTgz
LzEvYTBFM3lWY1ozanNHVWVSSzBHZzFBYTVuNjRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufDWMA0G
CSqGSIb3DQEBCwUAA4IBAQAQldRGeHNF33nAwFDLEag5xHCCEPBQqjZ6sNcwj34w
L7jCbjIAwuTKe4/S0WYTTEht5hwDEoSW+W6LHqYQLvA90ki1SHzIn/j2pQlg/V23
01CZvSSkPd1mpli+i7YHP7fDAeSR6Ml2ZXR3H7jxjSCH2uz/Udjbb+WK1AyLoA6j
ZqKxJTlsjPWj/jVukBuOfImi7fzP1m/cseoIgaKPxhZtB3kDw8GFoghq68crJ4js
h0QwouxxAJir7l/TfiUfzVe5JwJI7iNNUVO0m1f2sfUU8eYEMY65nrQ7pQcoTyH+
MCeJQ4tbqlddluqC2BvX7o3MJ55EY2tKG8cRJHIGSVD0
-----END CERTIFICATE-----