This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/dF9sPCEN_zHoOwfh4IOcs-1yTLs.roa
File:                     dF9sPCEN_zHoOwfh4IOcs-1yTLs.roa (raw, json)
Hash identifier:          3JIrXXGe/T2UAMIBqEouLulWgUj2qDcUjutd+HRZT2c=
Subject key identifier:   74:5F:6C:3C:21:0D:FF:31:E8:3B:07:E1:E0:83:9C:B3:ED:72:4C:BB
Certificate issuer:       /CN=32c78eeef7acb451fc37575feb9114dfccc1cdfb
Certificate serial:       019B79107E90ECDCBAC6FE2B4EE76AB079D9
Authority key identifier: 32:C7:8E:EE:F7:AC:B4:51:FC:37:57:5F:EB:91:14:DF:CC:C1:CD:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/dF9sPCEN_zHoOwfh4IOcs-1yTLs.roa
Signing time:             Thu 01 Jan 2026 10:18:02 +0000
ROA not before:           Thu 01 Jan 2026 10:18:02 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207974
IP address blocks:        146.19.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/MseO7vestFH8N1df65EU38zBzfs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/MseO7vestFH8N1df65EU38zBzfs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 19:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:7e:90:ec:dc:ba:c6:fe:2b:4e:e7:6a:b0:79:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32c78eeef7acb451fc37575feb9114dfccc1cdfb
        Validity
            Not Before: Jan  1 10:18:02 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=745f6c3c210dff31e83b07e1e0839cb3ed724cbb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:28:43:03:37:02:b7:0b:74:86:5c:e8:ea:73:
                    ac:7f:57:31:95:63:16:7e:50:e1:bd:e2:70:04:53:
                    1e:c0:a3:fd:85:08:43:34:59:65:96:71:f2:21:b2:
                    3b:80:d0:d8:d4:95:b3:6d:c5:3b:3d:7c:5b:62:92:
                    00:82:86:56:8d:64:6b:38:b5:ec:f1:e0:d5:26:08:
                    1c:7c:71:93:2c:8c:91:1e:dc:a7:6f:35:34:5a:e9:
                    31:29:0f:f8:ed:df:9a:34:96:32:bf:5d:bb:54:f6:
                    20:1d:a0:c7:2e:70:73:b1:71:74:e9:bc:69:af:43:
                    f3:79:61:f8:c2:8e:45:08:8b:1d:6d:f2:1a:02:43:
                    27:1a:16:0e:af:ca:ed:fd:22:dd:dd:a0:27:66:db:
                    14:6e:f9:35:d9:03:9c:f1:63:4a:f9:18:a3:04:0c:
                    9a:89:24:c2:f3:96:ae:18:1e:0a:65:56:e3:03:59:
                    83:16:50:a7:ec:1d:2b:5e:56:24:65:7c:d0:ef:76:
                    47:12:7d:d0:f6:72:5c:db:e5:13:74:0e:02:de:df:
                    42:c5:96:e0:3d:69:a5:59:4a:74:8c:3d:3e:5d:c0:
                    9f:c3:61:fe:af:c3:05:4f:de:42:2a:4c:ac:6d:f1:
                    b3:59:c4:fd:68:9c:ef:b0:11:c6:be:6c:97:14:9b:
                    fa:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:5F:6C:3C:21:0D:FF:31:E8:3B:07:E1:E0:83:9C:B3:ED:72:4C:BB
            X509v3 Authority Key Identifier:
                keyid:32:C7:8E:EE:F7:AC:B4:51:FC:37:57:5F:EB:91:14:DF:CC:C1:CD:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/dF9sPCEN_zHoOwfh4IOcs-1yTLs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/MseO7vestFH8N1df65EU38zBzfs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:aa:54:00:19:b1:7b:5b:40:2c:02:f2:21:c2:2e:b2:2b:ff:
         05:de:c6:fe:4c:20:a6:7c:39:e4:f6:35:1d:5b:95:d5:8a:aa:
         8f:7b:f7:ea:22:48:26:5a:52:1e:61:b7:2f:80:23:01:5c:62:
         48:34:44:7a:18:f7:63:9d:fc:e8:e0:98:75:26:0b:72:08:37:
         bd:46:0b:65:e4:96:49:b0:79:18:33:8b:af:44:fd:69:74:5d:
         b6:9a:17:9b:b1:55:eb:85:d8:38:0b:5b:56:81:93:73:f7:ec:
         6f:37:d9:b5:dd:96:fc:ad:a4:d4:8e:97:2a:44:ae:ce:0b:53:
         c0:45:b5:b7:3a:d9:32:45:13:9a:6f:43:4f:a0:68:46:74:d0:
         65:56:53:b4:4c:f1:e1:44:36:ef:0d:30:d4:5b:c5:9d:11:40:
         dd:be:a7:c3:a0:95:3d:71:16:b2:05:1b:89:4a:29:d7:f2:c7:
         e8:6e:99:27:00:aa:02:69:aa:8d:10:35:45:71:22:af:14:1f:
         d5:e4:59:11:21:ac:6d:42:1c:49:e3:67:29:0e:a6:52:8a:d6:
         ae:75:88:1c:d7:02:9d:7b:d2:05:ac:8c:cf:b4:2d:7c:d6:04:
         66:fd:cb:c7:3e:db:6c:07:8b:0a:b8:d9:f0:11:17:20:b0:de:
         2c:ae:57:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EH6Q7Ny6xv4rTudqsHnZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyYzc4ZWVlZjdhY2I0NTFmYzM3NTc1ZmViOTExNGRmY2Nj
MWNkZmIwHhcNMjYwMTAxMTAxODAyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDVmNmMzYzIxMGRmZjMxZTgzYjA3ZTFlMDgzOWNiM2VkNzI0Y2JiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArShDAzcCtwt0hlzo6nOsf1cxlWMW
flDhveJwBFMewKP9hQhDNFlllnHyIbI7gNDY1JWzbcU7PXxbYpIAgoZWjWRrOLXs
8eDVJggcfHGTLIyRHtynbzU0WukxKQ/47d+aNJYyv127VPYgHaDHLnBzsXF06bxp
r0PzeWH4wo5FCIsdbfIaAkMnGhYOr8rt/SLd3aAnZtsUbvk12QOc8WNK+RijBAya
iSTC85auGB4KZVbjA1mDFlCn7B0rXlYkZXzQ73ZHEn3Q9nJc2+UTdA4C3t9CxZbg
PWmlWUp0jD0+XcCfw2H+r8MFT95CKkysbfGzWcT9aJzvsBHGvmyXFJv6FwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHRfbDwhDf8x6DsH4eCDnLPtcky7MB8GA1UdIwQY
MBaAFDLHju73rLRR/DdXX+uRFN/Mwc37MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXNlTzd2ZXN0Rkg4TjFkZjY1RVUzOHpCemZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8yMjViY2ItNmQzZC00YzBlLTgyNGYt
MmYxYzhlNDA4YjY0LzEvZEY5c1BDRU5fekhvT3dmaDRJT2NzLTF5VExzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8yMjViY2ItNmQzZC00YzBlLTgyNGYtMmYxYzhlNDA4YjY0
LzEvTXNlTzd2ZXN0Rkg4TjFkZjY1RVUzOHpCemZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhN1MA0G
CSqGSIb3DQEBCwUAA4IBAQAyqlQAGbF7W0AsAvIhwi6yK/8F3sb+TCCmfDnk9jUd
W5XViqqPe/fqIkgmWlIeYbcvgCMBXGJINER6GPdjnfzo4Jh1JgtyCDe9Rgtl5JZJ
sHkYM4uvRP1pdF22mhebsVXrhdg4C1tWgZNz9+xvN9m13Zb8raTUjpcqRK7OC1PA
RbW3OtkyRROab0NPoGhGdNBlVlO0TPHhRDbvDTDUW8WdEUDdvqfDoJU9cRayBRuJ
SinX8sfobpknAKoCaaqNEDVFcSKvFB/V5FkRIaxtQhxJ42cpDqZSitaudYgc1wKd
e9IFrIzPtC181gRm/cvHPttsB4sKuNnwERcgsN4srle4
-----END CERTIFICATE-----