This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/379529-f469-4363-8b87-421a99bdd78f/1/dbor2V1CZeSh-DsNvUTjnrohp5k.roa
File:                     dbor2V1CZeSh-DsNvUTjnrohp5k.roa (raw, json)
Hash identifier:          ThyL23NfAVtNK001dI1v2bX0HhRJe3heaSpGsGvlJC0=
Subject key identifier:   75:BA:2B:D9:5D:42:65:E4:A1:F8:3B:0D:BD:44:E3:9E:BA:21:A7:99
Certificate issuer:       /CN=6af9c540b146bb44c8219d01375c10124920ae9f
Certificate serial:       019B7C118D017EF8BC4B27171C5D9E3E6DA0
Authority key identifier: 6A:F9:C5:40:B1:46:BB:44:C8:21:9D:01:37:5C:10:12:49:20:AE:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/avnFQLFGu0TIIZ0BN1wQEkkgrp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/379529-f469-4363-8b87-421a99bdd78f/1/dbor2V1CZeSh-DsNvUTjnrohp5k.roa
Signing time:             Fri 02 Jan 2026 00:18:03 +0000
ROA not before:           Fri 02 Jan 2026 00:18:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3215
IP address blocks:        193.37.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/379529-f469-4363-8b87-421a99bdd78f/1/avnFQLFGu0TIIZ0BN1wQEkkgrp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/379529-f469-4363-8b87-421a99bdd78f/1/avnFQLFGu0TIIZ0BN1wQEkkgrp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/avnFQLFGu0TIIZ0BN1wQEkkgrp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:11:8d:01:7e:f8:bc:4b:27:17:1c:5d:9e:3e:6d:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6af9c540b146bb44c8219d01375c10124920ae9f
        Validity
            Not Before: Jan  2 00:18:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=75ba2bd95d4265e4a1f83b0dbd44e39eba21a799
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:d0:75:a9:58:4b:66:90:0b:6a:a0:d3:0e:a5:
                    41:8c:7c:16:51:cc:a2:03:b5:ca:3e:a4:ae:6e:cd:
                    1d:ef:ae:a2:cd:ce:4e:fd:24:31:d7:fa:5b:05:89:
                    02:13:4f:5a:1e:e1:e3:b6:aa:0c:8d:45:c8:91:ea:
                    10:2f:c7:f9:3d:a3:90:ba:f4:3e:2d:6c:37:a5:8f:
                    74:6c:87:2c:76:28:bb:c9:a5:47:cb:c1:3d:b1:f2:
                    5f:aa:50:c1:ca:76:5a:7f:a6:fb:31:c7:58:5b:cd:
                    1d:51:13:ec:34:f8:a4:44:46:eb:81:7c:28:81:3d:
                    11:a2:c2:21:ae:b2:3d:30:1c:25:9a:7d:58:98:6c:
                    80:f1:4b:7e:52:d5:c2:38:a4:5d:50:88:38:1e:65:
                    66:99:2d:86:ee:ca:7f:e8:ae:b3:b6:62:41:2b:fb:
                    e7:b9:87:b9:09:20:23:b6:c0:b0:cc:a8:e8:55:93:
                    3e:7d:fb:1f:99:e8:16:25:a3:43:8b:7e:8b:38:ab:
                    76:88:c7:ff:e8:90:36:7d:94:8c:3c:49:a3:66:99:
                    7a:90:24:5c:a5:3c:f3:b6:c7:26:46:b0:26:38:60:
                    f9:d6:e3:10:aa:c9:23:84:9b:1a:11:c7:14:16:42:
                    ae:3a:25:68:55:5d:89:74:35:6f:b3:49:02:1f:f3:
                    35:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:BA:2B:D9:5D:42:65:E4:A1:F8:3B:0D:BD:44:E3:9E:BA:21:A7:99
            X509v3 Authority Key Identifier:
                keyid:6A:F9:C5:40:B1:46:BB:44:C8:21:9D:01:37:5C:10:12:49:20:AE:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/avnFQLFGu0TIIZ0BN1wQEkkgrp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/379529-f469-4363-8b87-421a99bdd78f/1/dbor2V1CZeSh-DsNvUTjnrohp5k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/379529-f469-4363-8b87-421a99bdd78f/1/avnFQLFGu0TIIZ0BN1wQEkkgrp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.37.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:16:2b:5d:96:b8:0a:6b:04:d3:06:1b:9a:b9:2c:60:fb:df:
         f0:05:f9:00:d9:b7:e6:77:de:8b:52:12:8c:cc:97:df:4d:06:
         b6:fa:93:90:d0:38:33:0f:a6:ba:d4:8a:92:45:f6:69:6c:5a:
         ac:ec:91:93:e7:29:e8:f5:eb:31:f0:5e:4d:b1:7e:a4:40:98:
         05:0f:73:50:11:2e:26:d6:de:0d:7f:2b:c9:47:0f:17:05:94:
         dc:bf:b5:dd:64:b9:e7:4b:74:91:b3:a0:9a:e0:54:e0:6b:af:
         f7:5b:d1:91:b5:de:92:b8:34:af:fc:9e:93:65:0e:64:08:f1:
         04:08:7b:81:9d:6a:4d:82:b6:8a:de:c5:70:cc:cf:6a:6f:99:
         64:d7:8e:68:f6:94:2c:f9:68:bc:96:97:a7:0a:03:a8:ad:7e:
         17:05:8c:55:69:37:f6:67:b5:3e:23:f9:6f:49:35:4d:3e:ad:
         77:49:7f:ca:99:33:78:c4:e9:93:e0:dd:6c:f0:d4:b6:e7:17:
         45:39:d5:66:2c:fe:c9:f0:b3:01:eb:07:57:22:4b:3b:24:24:
         97:fe:4a:8b:39:d2:79:8f:4f:ce:88:8f:0c:2c:e1:86:fa:98:
         50:8c:a7:c5:e0:31:46:9b:4c:29:ff:76:d1:e7:71:97:58:ee:
         bb:d5:55:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EY0Bfvi8SycXHF2ePm2gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhZjljNTQwYjE0NmJiNDRjODIxOWQwMTM3NWMxMDEyNDky
MGFlOWYwHhcNMjYwMTAyMDAxODAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWJhMmJkOTVkNDI2NWU0YTFmODNiMGRiZDQ0ZTM5ZWJhMjFhNzk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk9B1qVhLZpALaqDTDqVBjHwWUcyi
A7XKPqSubs0d766izc5O/SQx1/pbBYkCE09aHuHjtqoMjUXIkeoQL8f5PaOQuvQ+
LWw3pY90bIcsdii7yaVHy8E9sfJfqlDBynZaf6b7McdYW80dURPsNPikREbrgXwo
gT0RosIhrrI9MBwlmn1YmGyA8Ut+UtXCOKRdUIg4HmVmmS2G7sp/6K6ztmJBK/vn
uYe5CSAjtsCwzKjoVZM+ffsfmegWJaNDi36LOKt2iMf/6JA2fZSMPEmjZpl6kCRc
pTzztscmRrAmOGD51uMQqskjhJsaEccUFkKuOiVoVV2JdDVvs0kCH/M1bwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHW6K9ldQmXkofg7Db1E4566IaeZMB8GA1UdIwQY
MBaAFGr5xUCxRrtEyCGdATdcEBJJIK6fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXZuRlFMRkd1MFRJSVowQk4xd1FFa2tncnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8zNzk1MjktZjQ2OS00MzYzLThiODct
NDIxYTk5YmRkNzhmLzEvZGJvcjJWMUNaZVNoLURzTnZVVGpucm9ocDVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8zNzk1MjktZjQ2OS00MzYzLThiODctNDIxYTk5YmRkNzhm
LzEvYXZuRlFMRkd1MFRJSVowQk4xd1FFa2tncnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSX6MA0G
CSqGSIb3DQEBCwUAA4IBAQCaFitdlrgKawTTBhuauSxg+9/wBfkA2bfmd96LUhKM
zJffTQa2+pOQ0DgzD6a61IqSRfZpbFqs7JGT5yno9esx8F5NsX6kQJgFD3NQES4m
1t4NfyvJRw8XBZTcv7XdZLnnS3SRs6Ca4FTga6/3W9GRtd6SuDSv/J6TZQ5kCPEE
CHuBnWpNgraK3sVwzM9qb5lk145o9pQs+Wi8lpenCgOorX4XBYxVaTf2Z7U+I/lv
STVNPq13SX/KmTN4xOmT4N1s8NS25xdFOdVmLP7J8LMB6wdXIks7JCSX/kqLOdJ5
j0/OiI8MLOGG+phQjKfF4DFGm0wp/3bR53GXWO671VVM
-----END CERTIFICATE-----